@@ -0,0 +1,7 @@ 
+*.db
+*db-*
+*.out
+.hg
+memes
+emus
+honk

@@ -0,0 +1,4 @@ 
+.*\.db
+memes
+emus
+honk

@@ -0,0 +1,38 @@ 
+473c3dd6df6f1294362d9042ae5583a6e30d48c9 v0.1.0
+14d4623234ca623e9ae35a64d3f87c7d50e2b42f v0.1.1
+96d2e1dc6664d71ba67d896c32d8b50094305e0f v0.1.2
+a50adf10726dac300afeba9cfacb6db185157311 v0.2.0
+2c62e21731b375f81c57f00c709244ae8fc65d76 v0.2.1
+eba8ccf45b80e6f9523c55e55d937f10f9262cb1 v0.2.2
+4a5816b79e8787dea21c0addcd8ba62a4eaec318 v0.2.3
+7b38c7500ce067001c14b844eaf99f85887324da v0.2.4
+9e95200c9763966f3c8d13fd93771e3a68ac77aa v0.3.0
+12e113bb60481f2429ce053286e2e512520bd4ef v0.4.0
+e57c6026b9033af5649b31cce06b566206809367 v0.5.0
+57603c1049f68945c40e3c8e5c4486e367daade4 v0.6.0
+907c626de523fa2b055306a9385dfd569cf03f56 v0.7.0
+0baeee9aed87624499931ac5cf44f2ebdfd2ceb0 v0.7.1
+b1ec4c9c189d13d8c6dba0ab7e75e4533abebff2 v0.7.2
+efaae027527fad86cb584995305ee8dd2456a5d8 v0.7.3
+4f0ac04432d5cc18eaab139e8d3408219ca16ead v0.7.4
+65ea769c65bb0a5a9ae204537b5c1bff6261dec4 v0.7.5
+0f150eed70d5f92e69249f427b5bb921d8f0703e v0.7.6
+b2278292cce136cd9f5b7cd2ba7be04f887ab700 v0.7.7
+cc2ec3c8bf656f337919efddffd43634f1d9144c v0.8.0
+8e85621f4e62da9d6caf946ce65be90e6f49434e v0.8.1
+b140f7a3216b820aa13f982e45ff42781d7a8f4a v0.8.2
+b140f7a3216b820aa13f982e45ff42781d7a8f4a v0.8.2
+8a2a90379bf60d425fec114ff88f5fd9806a4965 v0.8.2
+808ef90260d5d81db1ec98fb8894588a3ac7b369 v0.8.3
+3ada67b721e7e4a478d0effacde14f36dc16e1de v0.8.4
+2e9969df06ddab8fa07999e91437dda28ec058ae v0.8.5
+3e41549dbc90f1d2ad246e4af72db9343021bc98 v0.8.6
+8e5c85fbcf02e61c9a2d12415f83d16f8afadba4 v0.9.0
+5218aee560879398288e009d8a426749bd172f40 v0.9.1
+a2f6f7bdfb6ea8cac68acdb952b2eed8a585749d v0.9.2
+dac64bc6a93cedeb6ae618cba8f8647af96d2ece v0.9.3
+28b92eaba37140a8a84a871d3f007b46fe66acb7 v0.9.4
+3ece33fb77800c027ecfd3b5100881732d68c9bb v0.9.5
+6a522536238fe25b6d048543f52ed406ccf720b2 v0.9.6
+bc1bcfb9c0cc86b3c63325b07e13a36b9d4500f0 v0.9.7
+916cefdc24363b6e7e193dbde82632c17f58adfd v0.9.8

@@ -0,0 +1,24 @@ 
+The license for honk and components is generally ISC or compatible.
+
+Individual source files are licensed per license at the top.
+
+Distributed components and dependenices in the vendor directory should have
+compatible licenses.
+
+Files without explicit licenses and the conglomeration as a whole is subject
+to the license below.
+
+// Copyright (c) 2019 Ted Unangst <tedu@tedunangst.com>
+//
+// Permission to use, copy, modify, and distribute this software for any
+// purpose with or without fee is hereby granted, provided that the above
+// copyright notice and this permission notice appear in all copies.
+//
+// THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
+// WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
+// MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
+// ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
+// WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
+// ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
+// OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
+

@@ -0,0 +1,14 @@ 
+
+all: honk
+
+honk: .preflightcheck schema.sql *.go go.mod
+	go build -mod=`ls -d vendor 2> /dev/null` -o honk
+
+.preflightcheck: preflight.sh
+	@sh ./preflight.sh
+
+clean:
+	rm -f honk
+
+test:
+	go test

@@ -0,0 +1,72 @@ 
+honk
+
+-- features
+
+Take control of your honks and join the federation.
+An ActivityPub server with minimal setup and support costs.
+Spend more time using the software and less time operating it.
+
+No attention mining.
+No likes, no faves, no polls, no stars, no claps, no counts.
+
+Purple color scheme. Custom emus. Memes too.
+Avatars automatically assigned by the NSA.
+
+The button to submit a new honk says "it's gonna be honked".
+
+The honk mission is to work well if it's what you want.
+This does not imply the goal is to be what you want.
+
+-- build
+
+It should be sufficient to type make after unpacking a release.
+You'll need a go compiler version 1.16 or later. And libsqlite3.
+
+Even on a fast machine, building from source can take several seconds.
+
+Development sources: hg clone https://humungus.tedunangst.com/r/honk
+
+-- setup
+
+honk expects to be fronted by a TLS terminating reverse proxy.
+
+First, create the database. This will ask four questions.
+./honk init
+username: (the username you want)
+password: (the password you want)
+listenaddr: (tcp or unix: 127.0.0.1:31337, /var/www/honk.sock, etc.)
+servername: (public DNS name: honk.example.com)
+
+Then run honk.
+./honk
+
+-- upgrade
+
+old-honk backup `date +backup-%F`
+./honk upgrade
+./honk
+
+-- documentation
+
+There is a more complete incomplete manual. This is just the README.
+
+-- guidelines
+
+One honk per day, or call it an "eighth-tenth" honk.
+If your honk frequency changes, so will the number of honks.
+
+The honk should be short, but not so short that you cannot identify it.
+
+The honk is an animal sign of respect and should be accompanied by a
+friendly greeting or a nod.
+
+The honk should be done from a seat and in a safe area.
+
+It is considered rude to make noise in a place of business.
+
+The honk may be made on public property only when the person doing
+the honk has the permission of the owner of that property.
+
+-- disclaimer
+
+Do not use honk to contact emergency services.

@@ -0,0 +1,1935 @@ 
+//
+// Copyright (c) 2019 Ted Unangst <tedu@tedunangst.com>
+//
+// Permission to use, copy, modify, and distribute this software for any
+// purpose with or without fee is hereby granted, provided that the above
+// copyright notice and this permission notice appear in all copies.
+//
+// THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
+// WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
+// MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
+// ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
+// WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
+// ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
+// OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
+
+package main
+
+import (
+	"bytes"
+	"context"
+	"crypto/tls"
+	"database/sql"
+	"fmt"
+	"html"
+	"io"
+	notrand "math/rand"
+	"net/http"
+	"net/url"
+	"os"
+	"strings"
+	"time"
+
+	"humungus.tedunangst.com/r/webs/cache"
+	"humungus.tedunangst.com/r/webs/gate"
+	"humungus.tedunangst.com/r/webs/httpsig"
+	"humungus.tedunangst.com/r/webs/junk"
+	"humungus.tedunangst.com/r/webs/templates"
+)
+
+var theonetruename = `application/ld+json; profile="https://www.w3.org/ns/activitystreams"`
+var thefakename = `application/activity+json`
+var falsenames = []string{
+	`application/ld+json`,
+	`application/activity+json`,
+}
+var itiswhatitis = "https://www.w3.org/ns/activitystreams"
+var thewholeworld = "https://www.w3.org/ns/activitystreams#Public"
+
+var fastTimeout time.Duration = 5
+var slowTimeout time.Duration = 30
+
+func friendorfoe(ct string) bool {
+	ct = strings.ToLower(ct)
+	for _, at := range falsenames {
+		if strings.HasPrefix(ct, at) {
+			return true
+		}
+	}
+	return false
+}
+
+var develClient = &http.Client{
+	Transport: &http.Transport{
+		TLSClientConfig: &tls.Config{
+			InsecureSkipVerify: true,
+		},
+	},
+}
+
+func PostJunk(keyname string, key httpsig.PrivateKey, url string, j junk.Junk) error {
+	return PostMsg(keyname, key, url, j.ToBytes())
+}
+
+func PostMsg(keyname string, key httpsig.PrivateKey, url string, msg []byte) error {
+	client := http.DefaultClient
+	if develMode {
+		client = develClient
+	}
+	req, err := http.NewRequest("POST", url, bytes.NewReader(msg))
+	if err != nil {
+		return err
+	}
+	req.Header.Set("User-Agent", "honksnonk/5.0; "+serverName)
+	req.Header.Set("Content-Type", theonetruename)
+	httpsig.SignRequest(keyname, key, req, msg)
+	ctx, cancel := context.WithTimeout(context.Background(), 2*slowTimeout*time.Second)
+	defer cancel()
+	req = req.WithContext(ctx)
+	resp, err := client.Do(req)
+	if err != nil {
+		return err
+	}
+	resp.Body.Close()
+	switch resp.StatusCode {
+	case 200:
+	case 201:
+	case 202:
+	default:
+		return fmt.Errorf("http post status: %d", resp.StatusCode)
+	}
+	ilog.Printf("successful post: %s %d", url, resp.StatusCode)
+	return nil
+}
+
+func GetJunk(userid int64, url string) (junk.Junk, error) {
+	return GetJunkTimeout(userid, url, slowTimeout*time.Second)
+}
+
+func GetJunkFast(userid int64, url string) (junk.Junk, error) {
+	return GetJunkTimeout(userid, url, fastTimeout*time.Second)
+}
+
+func GetJunkHardMode(userid int64, url string) (junk.Junk, error) {
+	j, err := GetJunk(userid, url)
+	if err != nil {
+		emsg := err.Error()
+		if emsg == "http get status: 502" || strings.Contains(emsg, "timeout") {
+			ilog.Printf("trying again after error: %s", emsg)
+			time.Sleep(time.Duration(60+notrand.Int63n(60)) * time.Second)
+			j, err = GetJunk(userid, url)
+			if err != nil {
+				ilog.Printf("still couldn't get it")
+			} else {
+				ilog.Printf("retry success!")
+			}
+		}
+	}
+	return j, err
+}
+
+var flightdeck = gate.NewSerializer()
+
+var signGets = true
+
+func junkGet(userid int64, url string, args junk.GetArgs) (junk.Junk, error) {
+	client := http.DefaultClient
+	if args.Client != nil {
+		client = args.Client
+	}
+	req, err := http.NewRequest("GET", url, nil)
+	if err != nil {
+		return nil, err
+	}
+	if args.Accept != "" {
+		req.Header.Set("Accept", args.Accept)
+	}
+	if args.Agent != "" {
+		req.Header.Set("User-Agent", args.Agent)
+	}
+	if signGets {
+		var ki *KeyInfo
+		ok := ziggies.Get(userid, &ki)
+		if ok {
+			httpsig.SignRequest(ki.keyname, ki.seckey, req, nil)
+		}
+	}
+	if args.Timeout != 0 {
+		ctx, cancel := context.WithTimeout(context.Background(), args.Timeout)
+		defer cancel()
+		req = req.WithContext(ctx)
+	}
+	resp, err := client.Do(req)
+	if err != nil {
+		return nil, err
+	}
+	defer resp.Body.Close()
+
+	if resp.StatusCode != 200 {
+		return nil, fmt.Errorf("http get status: %d", resp.StatusCode)
+	}
+	return junk.Read(resp.Body)
+}
+
+func GetJunkTimeout(userid int64, url string, timeout time.Duration) (junk.Junk, error) {
+	client := http.DefaultClient
+	if develMode {
+		client = develClient
+	}
+	fn := func() (interface{}, error) {
+		at := thefakename
+		if strings.Contains(url, ".well-known/webfinger?resource") {
+			at = "application/jrd+json"
+		}
+		j, err := junkGet(userid, url, junk.GetArgs{
+			Accept:  at,
+			Agent:   "honksnonk/5.0; " + serverName,
+			Timeout: timeout,
+			Client:  client,
+		})
+		return j, err
+	}
+
+	ji, err := flightdeck.Call(url, fn)
+	if err != nil {
+		return nil, err
+	}
+	j := ji.(junk.Junk)
+	return j, nil
+}
+
+func fetchsome(url string) ([]byte, error) {
+	client := http.DefaultClient
+	if develMode {
+		client = develClient
+	}
+	req, err := http.NewRequest("GET", url, nil)
+	if err != nil {
+		ilog.Printf("error fetching %s: %s", url, err)
+		return nil, err
+	}
+	req.Header.Set("User-Agent", "honksnonk/5.0; "+serverName)
+	ctx, cancel := context.WithTimeout(context.Background(), 1*time.Minute)
+	defer cancel()
+	req = req.WithContext(ctx)
+	resp, err := client.Do(req)
+	if err != nil {
+		ilog.Printf("error fetching %s: %s", url, err)
+		return nil, err
+	}
+	defer resp.Body.Close()
+	switch resp.StatusCode {
+	case 200:
+	case 201:
+	case 202:
+	default:
+		return nil, fmt.Errorf("http get not 200: %d %s", resp.StatusCode, url)
+	}
+	var buf bytes.Buffer
+	limiter := io.LimitReader(resp.Body, 10*1024*1024)
+	io.Copy(&buf, limiter)
+	return buf.Bytes(), nil
+}
+
+func savedonk(url string, name, desc, media string, localize bool) *Donk {
+	if url == "" {
+		return nil
+	}
+	if donk := finddonk(url); donk != nil {
+		return donk
+	}
+	ilog.Printf("saving donk: %s", url)
+	data := []byte{}
+	if localize {
+		fn := func() (interface{}, error) {
+			return fetchsome(url)
+		}
+		ii, err := flightdeck.Call(url, fn)
+		if err != nil {
+			ilog.Printf("error fetching donk: %s", err)
+			localize = false
+			goto saveit
+		}
+		data = ii.([]byte)
+
+		if len(data) == 10*1024*1024 {
+			ilog.Printf("truncation likely")
+		}
+		if strings.HasPrefix(media, "image") {
+			img, err := shrinkit(data)
+			if err != nil {
+				ilog.Printf("unable to decode image: %s", err)
+				localize = false
+				data = []byte{}
+				goto saveit
+			}
+			data = img.Data
+			media = "image/" + img.Format
+		} else if media == "application/pdf" {
+			if len(data) > 1000000 {
+				ilog.Printf("not saving large pdf")
+				localize = false
+				data = []byte{}
+			}
+		} else if len(data) > 100000 {
+			ilog.Printf("not saving large attachment")
+			localize = false
+			data = []byte{}
+		}
+	}
+saveit:
+	fileid, err := savefile(name, desc, url, media, localize, data)
+	if err != nil {
+		elog.Printf("error saving file %s: %s", url, err)
+		return nil
+	}
+	donk := new(Donk)
+	donk.FileID = fileid
+	return donk
+}
+
+func iszonked(userid int64, xid string) bool {
+	var id int64
+	row := stmtFindZonk.QueryRow(userid, xid)
+	err := row.Scan(&id)
+	if err == nil {
+		return true
+	}
+	if err != sql.ErrNoRows {
+		ilog.Printf("error querying zonk: %s", err)
+	}
+	return false
+}
+
+func needxonk(user *WhatAbout, x *Honk) bool {
+	if rejectxonk(x) {
+		return false
+	}
+	return needxonkid(user, x.XID)
+}
+func needbonkid(user *WhatAbout, xid string) bool {
+	return needxonkidX(user, xid, true)
+}
+func needxonkid(user *WhatAbout, xid string) bool {
+	return needxonkidX(user, xid, false)
+}
+func needxonkidX(user *WhatAbout, xid string, isannounce bool) bool {
+	if !strings.HasPrefix(xid, "https://") {
+		return false
+	}
+	if strings.HasPrefix(xid, user.URL+"/") {
+		return false
+	}
+	if rejectorigin(user.ID, xid, isannounce) {
+		ilog.Printf("rejecting origin: %s", xid)
+		return false
+	}
+	if iszonked(user.ID, xid) {
+		ilog.Printf("already zonked: %s", xid)
+		return false
+	}
+	var id int64
+	row := stmtFindXonk.QueryRow(user.ID, xid)
+	err := row.Scan(&id)
+	if err == nil {
+		return false
+	}
+	if err != sql.ErrNoRows {
+		ilog.Printf("error querying xonk: %s", err)
+	}
+	return true
+}
+
+func eradicatexonk(userid int64, xid string) {
+	xonk := getxonk(userid, xid)
+	if xonk != nil {
+		deletehonk(xonk.ID)
+	}
+	_, err := stmtSaveZonker.Exec(userid, xid, "zonk")
+	if err != nil {
+		elog.Printf("error eradicating: %s", err)
+	}
+}
+
+func savexonk(x *Honk) {
+	ilog.Printf("saving xonk: %s", x.XID)
+	go handles(x.Honker)
+	go handles(x.Oonker)
+	savehonk(x)
+}
+
+type Box struct {
+	In     string
+	Out    string
+	Shared string
+}
+
+var boxofboxes = cache.New(cache.Options{Filler: func(ident string) (*Box, bool) {
+	var info string
+	row := stmtGetXonker.QueryRow(ident, "boxes")
+	err := row.Scan(&info)
+	if err != nil {
+		dlog.Printf("need to get boxes for %s", ident)
+		var j junk.Junk
+		j, err = GetJunk(serverUID, ident)
+		if err != nil {
+			dlog.Printf("error getting boxes: %s", err)
+			return nil, false
+		}
+		allinjest(originate(ident), j)
+		row = stmtGetXonker.QueryRow(ident, "boxes")
+		err = row.Scan(&info)
+	}
+	if err == nil {
+		m := strings.Split(info, " ")
+		b := &Box{In: m[0], Out: m[1], Shared: m[2]}
+		return b, true
+	}
+	return nil, false
+}})
+
+func gimmexonks(user *WhatAbout, outbox string) {
+	dlog.Printf("getting outbox: %s", outbox)
+	j, err := GetJunk(user.ID, outbox)
+	if err != nil {
+		ilog.Printf("error getting outbox: %s", err)
+		return
+	}
+	t, _ := j.GetString("type")
+	origin := originate(outbox)
+	if t == "OrderedCollection" {
+		items, _ := j.GetArray("orderedItems")
+		if items == nil {
+			items, _ = j.GetArray("items")
+		}
+		if items == nil {
+			obj, ok := j.GetMap("first")
+			if ok {
+				items, _ = obj.GetArray("orderedItems")
+			} else {
+				page1, ok := j.GetString("first")
+				if ok {
+					j, err = GetJunk(user.ID, page1)
+					if err != nil {
+						ilog.Printf("error gettings page1: %s", err)
+						return
+					}
+					items, _ = j.GetArray("orderedItems")
+				}
+			}
+		}
+		if len(items) > 20 {
+			items = items[0:20]
+		}
+		for i, j := 0, len(items)-1; i < j; i, j = i+1, j-1 {
+			items[i], items[j] = items[j], items[i]
+		}
+		for _, item := range items {
+			obj, ok := item.(junk.Junk)
+			if ok {
+				xonksaver(user, obj, origin)
+				continue
+			}
+			xid, ok := item.(string)
+			if ok {
+				if !needxonkid(user, xid) {
+					continue
+				}
+				obj, err = GetJunk(user.ID, xid)
+				if err != nil {
+					ilog.Printf("error getting item: %s", err)
+					continue
+				}
+				xonksaver(user, obj, originate(xid))
+			}
+		}
+	}
+}
+
+func newphone(a []string, obj junk.Junk) []string {
+	for _, addr := range []string{"to", "cc", "attributedTo"} {
+		who, _ := obj.GetString(addr)
+		if who != "" {
+			a = append(a, who)
+		}
+		whos, _ := obj.GetArray(addr)
+		for _, w := range whos {
+			who, _ := w.(string)
+			if who != "" {
+				a = append(a, who)
+			}
+		}
+	}
+	return a
+}
+
+func extractattrto(obj junk.Junk) string {
+	who, _ := obj.GetString("attributedTo")
+	if who != "" {
+		return who
+	}
+	o, ok := obj.GetMap("attributedTo")
+	if ok {
+		id, ok := o.GetString("id")
+		if ok {
+			return id
+		}
+	}
+	arr, _ := obj.GetArray("attributedTo")
+	for _, a := range arr {
+		o, ok := a.(junk.Junk)
+		if ok {
+			t, _ := o.GetString("type")
+			id, _ := o.GetString("id")
+			if t == "Person" || t == "" {
+				return id
+			}
+		}
+		s, ok := a.(string)
+		if ok {
+			return s
+		}
+	}
+	return ""
+}
+
+func firstofmany(obj junk.Junk, key string) string {
+	if val, _ := obj.GetString(key); val != "" {
+		return val
+	}
+	if arr, _ := obj.GetArray(key); len(arr) > 0 {
+		val, ok := arr[0].(string)
+		if ok {
+			return val
+		}
+	}
+	return ""
+}
+
+func xonksaver(user *WhatAbout, item junk.Junk, origin string) *Honk {
+	depth := 0
+	maxdepth := 10
+	currenttid := ""
+	goingup := 0
+	var xonkxonkfn func(item junk.Junk, origin string, isUpdate bool) *Honk
+
+	saveonemore := func(xid string) {
+		dlog.Printf("getting onemore: %s", xid)
+		if depth >= maxdepth {
+			ilog.Printf("in too deep")
+			return
+		}
+		obj, err := GetJunkHardMode(user.ID, xid)
+		if err != nil {
+			ilog.Printf("error getting onemore: %s: %s", xid, err)
+			return
+		}
+		depth++
+		xonkxonkfn(obj, originate(xid), false)
+		depth--
+	}
+
+	xonkxonkfn = func(item junk.Junk, origin string, isUpdate bool) *Honk {
+		id, _ := item.GetString("id")
+		what := firstofmany(item, "type")
+		dt, ok := item.GetString("published")
+		if !ok {
+			dt = time.Now().Format(time.RFC3339)
+		}
+
+		var err error
+		var xid, rid, url, convoy string
+		var replies []string
+		var obj junk.Junk
+		switch what {
+		case "Delete":
+			obj, ok = item.GetMap("object")
+			if ok {
+				xid, _ = obj.GetString("id")
+			} else {
+				xid, _ = item.GetString("object")
+			}
+			if xid == "" {
+				return nil
+			}
+			if originate(xid) != origin {
+				ilog.Printf("forged delete: %s", xid)
+				return nil
+			}
+			ilog.Printf("eradicating %s", xid)
+			eradicatexonk(user.ID, xid)
+			return nil
+		case "Remove":
+			xid, _ = item.GetString("object")
+			targ, _ := obj.GetString("target")
+			ilog.Printf("remove %s from %s", obj, targ)
+			return nil
+		case "Tombstone":
+			xid, _ = item.GetString("id")
+			if xid == "" {
+				return nil
+			}
+			if originate(xid) != origin {
+				ilog.Printf("forged delete: %s", xid)
+				return nil
+			}
+			ilog.Printf("eradicating %s", xid)
+			eradicatexonk(user.ID, xid)
+			return nil
+		case "Announce":
+			obj, ok = item.GetMap("object")
+			if ok {
+				xid, _ = obj.GetString("id")
+			} else {
+				xid, _ = item.GetString("object")
+			}
+			if !needbonkid(user, xid) {
+				return nil
+			}
+			dlog.Printf("getting bonk: %s", xid)
+			obj, err = GetJunkHardMode(user.ID, xid)
+			if err != nil {
+				ilog.Printf("error getting bonk: %s: %s", xid, err)
+			}
+			origin = originate(xid)
+			what = "bonk"
+		case "Update":
+			isUpdate = true
+			fallthrough
+		case "Create":
+			obj, ok = item.GetMap("object")
+			if !ok {
+				xid, _ = item.GetString("object")
+				dlog.Printf("getting created honk: %s", xid)
+				if originate(xid) != origin {
+					ilog.Printf("out of bounds %s not from %s", xid, origin)
+					return nil
+				}
+				obj, err = GetJunkHardMode(user.ID, xid)
+				if err != nil {
+					ilog.Printf("error getting creation: %s", err)
+				}
+			}
+			if obj == nil {
+				ilog.Printf("no object for creation %s", id)
+				return nil
+			}
+			return xonkxonkfn(obj, origin, isUpdate)
+		case "Read":
+			xid, ok = item.GetString("object")
+			if ok {
+				if !needxonkid(user, xid) {
+					dlog.Printf("don't need read obj: %s", xid)
+					return nil
+				}
+				obj, err = GetJunkHardMode(user.ID, xid)
+				if err != nil {
+					ilog.Printf("error getting read: %s", err)
+					return nil
+				}
+				return xonkxonkfn(obj, originate(xid), false)
+			}
+			return nil
+		case "Add":
+			xid, ok = item.GetString("object")
+			if ok {
+				// check target...
+				if !needxonkid(user, xid) {
+					dlog.Printf("don't need added obj: %s", xid)
+					return nil
+				}
+				obj, err = GetJunkHardMode(user.ID, xid)
+				if err != nil {
+					ilog.Printf("error getting add: %s", err)
+					return nil
+				}
+				return xonkxonkfn(obj, originate(xid), false)
+			}
+			return nil
+		case "Move":
+			obj = item
+			what = "move"
+		case "GuessWord": // dealt with below
+			fallthrough
+		case "Audio":
+			fallthrough
+		case "Image":
+			fallthrough
+		case "Video":
+			fallthrough
+		case "Question":
+			fallthrough
+		case "Note":
+			fallthrough
+		case "Article":
+			fallthrough
+		case "Page":
+			obj = item
+			what = "honk"
+		case "Event":
+			obj = item
+			what = "event"
+		case "ChatMessage":
+			obj = item
+			what = "chonk"
+		default:
+			ilog.Printf("unknown activity: %s", what)
+			dumpactivity(item)
+			return nil
+		}
+
+		if obj != nil {
+			xid, _ = obj.GetString("id")
+		}
+
+		if xid == "" {
+			ilog.Printf("don't know what xid is")
+			item.Write(ilog.Writer())
+			return nil
+		}
+		if originate(xid) != origin {
+			ilog.Printf("original sin: %s not from %s", xid, origin)
+			item.Write(ilog.Writer())
+			return nil
+		}
+
+		var xonk Honk
+		// early init
+		xonk.XID = xid
+		xonk.UserID = user.ID
+		xonk.Honker, _ = item.GetString("actor")
+		if xonk.Honker == "" {
+			xonk.Honker, _ = item.GetString("attributedTo")
+		}
+		if obj != nil {
+			if xonk.Honker == "" {
+				xonk.Honker = extractattrto(obj)
+			}
+			xonk.Oonker = extractattrto(obj)
+			if xonk.Oonker == xonk.Honker {
+				xonk.Oonker = ""
+			}
+			xonk.Audience = newphone(nil, obj)
+		}
+		xonk.Audience = append(xonk.Audience, xonk.Honker)
+		xonk.Audience = oneofakind(xonk.Audience)
+		xonk.Public = loudandproud(xonk.Audience)
+
+		var mentions []Mention
+		if obj != nil {
+			ot, _ := obj.GetString("type")
+			url, _ = obj.GetString("url")
+			if dt2, ok := obj.GetString("published"); ok {
+				dt = dt2
+			}
+			content, _ := obj.GetString("content")
+			if !strings.HasPrefix(content, "<p>") {
+				content = "<p>" + content
+			}
+			precis, _ := obj.GetString("summary")
+			if name, ok := obj.GetString("name"); ok {
+				if precis != "" {
+					content = precis + "<p>" + content
+				}
+				precis = html.EscapeString(name)
+			}
+			if sens, _ := obj["sensitive"].(bool); sens && precis == "" {
+				precis = "unspecified horror"
+			}
+			rid, ok = obj.GetString("inReplyTo")
+			if !ok {
+				if robj, ok := obj.GetMap("inReplyTo"); ok {
+					rid, _ = robj.GetString("id")
+				}
+			}
+			convoy, _ = obj.GetString("context")
+			if convoy == "" {
+				convoy, _ = obj.GetString("conversation")
+			}
+			if ot == "Question" {
+				if what == "honk" {
+					what = "qonk"
+				}
+				content += "<ul>"
+				ans, _ := obj.GetArray("oneOf")
+				for _, ai := range ans {
+					a, ok := ai.(junk.Junk)
+					if !ok {
+						continue
+					}
+					as, _ := a.GetString("name")
+					content += "<li>" + as
+				}
+				ans, _ = obj.GetArray("anyOf")
+				for _, ai := range ans {
+					a, ok := ai.(junk.Junk)
+					if !ok {
+						continue
+					}
+					as, _ := a.GetString("name")
+					content += "<li>" + as
+				}
+				content += "</ul>"
+			}
+			if ot == "Move" {
+				targ, _ := obj.GetString("target")
+				content += string(templates.Sprintf(`<p>Moved to <a href="%s">%s</a>`, targ, targ))
+			}
+			if ot == "GuessWord" {
+				what = "wonk"
+				content, _ = obj.GetString("content")
+				xonk.Wonkles, _ = obj.GetString("wordlist")
+				go savewonkles(xonk.Wonkles)
+			}
+			if what == "honk" && rid != "" {
+				what = "tonk"
+			}
+			if len(content) > 90001 {
+				ilog.Printf("content too long. truncating")
+				content = content[:90001]
+			}
+
+			xonk.Noise = content
+			xonk.Precis = precis
+			if rejectxonk(&xonk) {
+				dlog.Printf("fast reject: %s", xid)
+				return nil
+			}
+
+			numatts := 0
+			procatt := func(att junk.Junk) {
+				at, _ := att.GetString("type")
+				mt, _ := att.GetString("mediaType")
+				u, ok := att.GetString("url")
+				if !ok {
+					if ua, ok := att.GetArray("url"); ok && len(ua) > 0 {
+						u, ok = ua[0].(string)
+						if !ok {
+							if uu, ok := ua[0].(junk.Junk); ok {
+								u, _ = uu.GetString("href")
+								if mt == "" {
+									mt, _ = uu.GetString("mediaType")
+								}
+							}
+						}
+					} else if uu, ok := att.GetMap("url"); ok {
+						u, _ = uu.GetString("href")
+						if mt == "" {
+							mt, _ = uu.GetString("mediaType")
+						}
+					}
+				}
+				name, _ := att.GetString("name")
+				desc, _ := att.GetString("summary")
+				desc = html.UnescapeString(desc)
+				if desc == "" {
+					desc = name
+				}
+				localize := false
+				if numatts > 4 {
+					ilog.Printf("excessive attachment: %s", at)
+				} else if at == "Document" || at == "Image" {
+					mt = strings.ToLower(mt)
+					dlog.Printf("attachment: %s %s", mt, u)
+					if mt == "text/plain" || mt == "application/pdf" ||
+						strings.HasPrefix(mt, "image") {
+						localize = true
+					}
+				} else {
+					ilog.Printf("unknown attachment: %s", at)
+				}
+				if skipMedia(&xonk) {
+					localize = false
+				}
+				donk := savedonk(u, name, desc, mt, localize)
+				if donk != nil {
+					xonk.Donks = append(xonk.Donks, donk)
+				}
+				numatts++
+			}
+			atts, _ := obj.GetArray("attachment")
+			for _, atti := range atts {
+				att, ok := atti.(junk.Junk)
+				if !ok {
+					ilog.Printf("attachment that wasn't map?")
+					continue
+				}
+				procatt(att)
+			}
+			if att, ok := obj.GetMap("attachment"); ok {
+				procatt(att)
+			}
+			tags, _ := obj.GetArray("tag")
+			for _, tagi := range tags {
+				tag, ok := tagi.(junk.Junk)
+				if !ok {
+					continue
+				}
+				tt, _ := tag.GetString("type")
+				name, _ := tag.GetString("name")
+				desc, _ := tag.GetString("summary")
+				desc = html.UnescapeString(desc)
+				if desc == "" {
+					desc = name
+				}
+				if tt == "Emoji" {
+					icon, _ := tag.GetMap("icon")
+					mt, _ := icon.GetString("mediaType")
+					if mt == "" {
+						mt = "image/png"
+					}
+					u, _ := icon.GetString("url")
+					donk := savedonk(u, name, desc, mt, true)
+					if donk != nil {
+						xonk.Donks = append(xonk.Donks, donk)
+					}
+				}
+				if tt == "Hashtag" {
+					if name == "" || name == "#" {
+						// skip it
+					} else {
+						if name[0] != '#' {
+							name = "#" + name
+						}
+						xonk.Onts = append(xonk.Onts, name)
+					}
+				}
+				if tt == "Place" {
+					p := new(Place)
+					p.Name = name
+					p.Latitude, _ = tag.GetNumber("latitude")
+					p.Longitude, _ = tag.GetNumber("longitude")
+					p.Url, _ = tag.GetString("url")
+					xonk.Place = p
+				}
+				if tt == "Mention" {
+					var m Mention
+					m.Who, _ = tag.GetString("name")
+					m.Where, _ = tag.GetString("href")
+					mentions = append(mentions, m)
+				}
+			}
+			if starttime, ok := obj.GetString("startTime"); ok {
+				if start, err := time.Parse(time.RFC3339, starttime); err == nil {
+					t := new(Time)
+					t.StartTime = start
+					endtime, _ := obj.GetString("endTime")
+					t.EndTime, _ = time.Parse(time.RFC3339, endtime)
+					dura, _ := obj.GetString("duration")
+					if strings.HasPrefix(dura, "PT") {
+						dura = strings.ToLower(dura[2:])
+						d, _ := time.ParseDuration(dura)
+						t.Duration = Duration(d)
+					}
+					xonk.Time = t
+				}
+			}
+			if loca, ok := obj.GetMap("location"); ok {
+				if tt, _ := loca.GetString("type"); tt == "Place" {
+					p := new(Place)
+					p.Name, _ = loca.GetString("name")
+					p.Latitude, _ = loca.GetNumber("latitude")
+					p.Longitude, _ = loca.GetNumber("longitude")
+					p.Url, _ = loca.GetString("url")
+					xonk.Place = p
+				}
+			}
+
+			xonk.Onts = oneofakind(xonk.Onts)
+			replyobj, ok := obj.GetMap("replies")
+			if ok {
+				items, ok := replyobj.GetArray("items")
+				if !ok {
+					first, ok := replyobj.GetMap("first")
+					if ok {
+						items, _ = first.GetArray("items")
+					}
+				}
+				for _, repl := range items {
+					s, ok := repl.(string)
+					if ok {
+						replies = append(replies, s)
+					}
+				}
+			}
+
+		}
+
+		if currenttid == "" {
+			currenttid = convoy
+		}
+
+		// init xonk
+		xonk.What = what
+		xonk.RID = rid
+		xonk.Date, _ = time.Parse(time.RFC3339, dt)
+		xonk.URL = url
+		xonk.Format = "html"
+		xonk.Convoy = convoy
+		xonk.Mentions = mentions
+		for _, m := range mentions {
+			if m.Where == user.URL {
+				xonk.Whofore = 1
+			}
+		}
+		imaginate(&xonk)
+
+		if what == "chonk" {
+			ch := Chonk{
+				UserID: xonk.UserID,
+				XID:    xid,
+				Who:    xonk.Honker,
+				Target: xonk.Honker,
+				Date:   xonk.Date,
+				Noise:  xonk.Noise,
+				Format: xonk.Format,
+				Donks:  xonk.Donks,
+			}
+			savechonk(&ch)
+			return nil
+		}
+
+		if isUpdate {
+			dlog.Printf("something has changed! %s", xonk.XID)
+			prev := getxonk(user.ID, xonk.XID)
+			if prev == nil {
+				ilog.Printf("didn't find old version for update: %s", xonk.XID)
+				isUpdate = false
+			} else {
+				xonk.ID = prev.ID
+				updatehonk(&xonk)
+			}
+		}
+		if !isUpdate && needxonk(user, &xonk) {
+			if rid != "" && xonk.Public {
+				if needxonkid(user, rid) {
+					goingup++
+					saveonemore(rid)
+					goingup--
+				}
+				if convoy == "" {
+					xx := getxonk(user.ID, rid)
+					if xx != nil {
+						convoy = xx.Convoy
+					}
+				}
+			}
+			if convoy == "" {
+				convoy = currenttid
+			}
+			if convoy == "" {
+				convoy = "data:,missing-" + xfiltrate()
+				currenttid = convoy
+			}
+			xonk.Convoy = convoy
+			savexonk(&xonk)
+		}
+		if goingup == 0 {
+			for _, replid := range replies {
+				if needxonkid(user, replid) {
+					dlog.Printf("missing a reply: %s", replid)
+					saveonemore(replid)
+				}
+			}
+		}
+		return &xonk
+	}
+
+	return xonkxonkfn(item, origin, false)
+}
+
+func dumpactivity(item junk.Junk) {
+	fd, err := os.OpenFile("savedinbox.json", os.O_CREATE|os.O_WRONLY|os.O_APPEND, 0666)
+	if err != nil {
+		elog.Printf("error opening inbox! %s", err)
+		return
+	}
+	defer fd.Close()
+	item.Write(fd)
+	io.WriteString(fd, "\n")
+}
+
+func rubadubdub(user *WhatAbout, req junk.Junk) {
+	actor, _ := req.GetString("actor")
+	j := junk.New()
+	j["@context"] = itiswhatitis
+	j["id"] = user.URL + "/dub/" + xfiltrate()
+	j["type"] = "Accept"
+	j["actor"] = user.URL
+	j["to"] = actor
+	j["published"] = time.Now().UTC().Format(time.RFC3339)
+	j["object"] = req
+
+	deliverate(0, user.ID, actor, j.ToBytes(), true)
+}
+
+func itakeitallback(user *WhatAbout, xid string, owner string, folxid string) {
+	j := junk.New()
+	j["@context"] = itiswhatitis
+	j["id"] = user.URL + "/unsub/" + folxid
+	j["type"] = "Undo"
+	j["actor"] = user.URL
+	j["to"] = owner
+	f := junk.New()
+	f["id"] = user.URL + "/sub/" + folxid
+	f["type"] = "Follow"
+	f["actor"] = user.URL
+	f["to"] = owner
+	f["object"] = xid
+	j["object"] = f
+	j["published"] = time.Now().UTC().Format(time.RFC3339)
+
+	deliverate(0, user.ID, owner, j.ToBytes(), true)
+}
+
+func subsub(user *WhatAbout, xid string, owner string, folxid string) {
+	if xid == "" {
+		ilog.Printf("can't subscribe to empty")
+		return
+	}
+	j := junk.New()
+	j["@context"] = itiswhatitis
+	j["id"] = user.URL + "/sub/" + folxid
+	j["type"] = "Follow"
+	j["actor"] = user.URL
+	j["to"] = owner
+	j["object"] = xid
+	j["published"] = time.Now().UTC().Format(time.RFC3339)
+
+	deliverate(0, user.ID, owner, j.ToBytes(), true)
+}
+
+func activatedonks(donks []*Donk) []junk.Junk {
+	var atts []junk.Junk
+	for _, d := range donks {
+		if re_emus.MatchString(d.Name) {
+			continue
+		}
+		jd := junk.New()
+		jd["mediaType"] = d.Media
+		jd["name"] = d.Name
+		jd["summary"] = html.EscapeString(d.Desc)
+		jd["type"] = "Document"
+		jd["url"] = d.URL
+		atts = append(atts, jd)
+	}
+	return atts
+}
+
+// returns activity, object
+func jonkjonk(user *WhatAbout, h *Honk) (junk.Junk, junk.Junk) {
+	dt := h.Date.Format(time.RFC3339)
+	var jo junk.Junk
+	j := junk.New()
+	j["id"] = user.URL + "/" + h.What + "/" + shortxid(h.XID)
+	j["actor"] = user.URL
+	j["published"] = dt
+	j["to"] = h.Audience[0]
+	if len(h.Audience) > 1 {
+		j["cc"] = h.Audience[1:]
+	}
+
+	switch h.What {
+	case "update":
+		fallthrough
+	case "tonk":
+		fallthrough
+	case "event":
+		fallthrough
+	case "wonk":
+		fallthrough
+	case "honk":
+		j["type"] = "Create"
+		jo = junk.New()
+		jo["id"] = h.XID
+		jo["type"] = "Note"
+		if h.What == "event" {
+			jo["type"] = "Event"
+		} else if h.What == "wonk" {
+			jo["type"] = "GuessWord"
+		}
+		if h.What == "update" {
+			j["type"] = "Update"
+			jo["updated"] = dt
+		}
+		jo["published"] = dt
+		jo["url"] = h.XID
+		jo["attributedTo"] = user.URL
+		if h.RID != "" {
+			jo["inReplyTo"] = h.RID
+		}
+		if h.Convoy != "" {
+			jo["context"] = h.Convoy
+			jo["conversation"] = h.Convoy
+		}
+		jo["to"] = h.Audience[0]
+		if len(h.Audience) > 1 {
+			jo["cc"] = h.Audience[1:]
+		}
+		if !h.Public {
+			jo["directMessage"] = true
+		}
+		translate(h)
+		redoimages(h)
+		if h.Precis != "" {
+			jo["sensitive"] = true
+		}
+
+		var replies []string
+		for _, reply := range h.Replies {
+			replies = append(replies, reply.XID)
+		}
+		if len(replies) > 0 {
+			jr := junk.New()
+			jr["type"] = "Collection"
+			jr["totalItems"] = len(replies)
+			jr["items"] = replies
+			jo["replies"] = jr
+		}
+
+		var tags []junk.Junk
+		for _, m := range h.Mentions {
+			t := junk.New()
+			t["type"] = "Mention"
+			t["name"] = m.Who
+			t["href"] = m.Where
+			tags = append(tags, t)
+		}
+		for _, o := range h.Onts {
+			t := junk.New()
+			t["type"] = "Hashtag"
+			o = strings.ToLower(o)
+			t["href"] = fmt.Sprintf("https://%s/o/%s", serverName, o[1:])
+			t["name"] = o
+			tags = append(tags, t)
+		}
+		for _, e := range herdofemus(h.Noise) {
+			t := junk.New()
+			t["id"] = e.ID
+			t["type"] = "Emoji"
+			t["name"] = e.Name
+			i := junk.New()
+			i["type"] = "Image"
+			i["mediaType"] = e.Type
+			i["url"] = e.ID
+			t["icon"] = i
+			tags = append(tags, t)
+		}
+		for _, e := range fixupflags(h) {
+			t := junk.New()
+			t["id"] = e.ID
+			t["type"] = "Emoji"
+			t["name"] = e.Name
+			i := junk.New()
+			i["type"] = "Image"
+			i["mediaType"] = "image/png"
+			i["url"] = e.ID
+			t["icon"] = i
+			tags = append(tags, t)
+		}
+		if len(tags) > 0 {
+			jo["tag"] = tags
+		}
+		if p := h.Place; p != nil {
+			t := junk.New()
+			t["type"] = "Place"
+			if p.Name != "" {
+				t["name"] = p.Name
+			}
+			if p.Latitude != 0 {
+				t["latitude"] = p.Latitude
+			}
+			if p.Longitude != 0 {
+				t["longitude"] = p.Longitude
+			}
+			if p.Url != "" {
+				t["url"] = p.Url
+			}
+			jo["location"] = t
+		}
+		if t := h.Time; t != nil {
+			jo["startTime"] = t.StartTime.Format(time.RFC3339)
+			if t.Duration != 0 {
+				jo["duration"] = "PT" + strings.ToUpper(t.Duration.String())
+			}
+		}
+		if w := h.Wonkles; w != "" {
+			jo["wordlist"] = w
+		}
+		atts := activatedonks(h.Donks)
+		if len(atts) > 0 {
+			jo["attachment"] = atts
+		}
+		jo["summary"] = html.EscapeString(h.Precis)
+		jo["content"] = h.Noise
+		j["object"] = jo
+	case "bonk":
+		j["type"] = "Announce"
+		if h.Convoy != "" {
+			j["context"] = h.Convoy
+		}
+		j["object"] = h.XID
+	case "unbonk":
+		b := junk.New()
+		b["id"] = user.URL + "/" + "bonk" + "/" + shortxid(h.XID)
+		b["type"] = "Announce"
+		b["actor"] = user.URL
+		if h.Convoy != "" {
+			b["context"] = h.Convoy
+		}
+		b["object"] = h.XID
+		j["type"] = "Undo"
+		j["object"] = b
+	case "zonk":
+		j["type"] = "Delete"
+		j["object"] = h.XID
+	case "ack":
+		j["type"] = "Read"
+		j["object"] = h.XID
+		if h.Convoy != "" {
+			j["context"] = h.Convoy
+		}
+	case "react":
+		j["type"] = "EmojiReact"
+		j["object"] = h.XID
+		if h.Convoy != "" {
+			j["context"] = h.Convoy
+		}
+		j["content"] = h.Noise
+	case "deack":
+		b := junk.New()
+		b["id"] = user.URL + "/" + "ack" + "/" + shortxid(h.XID)
+		b["type"] = "Read"
+		b["actor"] = user.URL
+		b["object"] = h.XID
+		if h.Convoy != "" {
+			b["context"] = h.Convoy
+		}
+		j["type"] = "Undo"
+		j["object"] = b
+	}
+
+	return j, jo
+}
+
+var oldjonks = cache.New(cache.Options{Filler: func(xid string) ([]byte, bool) {
+	row := stmtAnyXonk.QueryRow(xid)
+	honk := scanhonk(row)
+	if honk == nil || !honk.Public {
+		return nil, true
+	}
+	user, _ := butwhatabout(honk.Username)
+	rawhonks := gethonksbyconvoy(honk.UserID, honk.Convoy, 0)
+	reversehonks(rawhonks)
+	for _, h := range rawhonks {
+		if h.RID == honk.XID && h.Public && (h.Whofore == 2 || h.IsAcked()) {
+			honk.Replies = append(honk.Replies, h)
+		}
+	}
+	donksforhonks([]*Honk{honk})
+	_, j := jonkjonk(user, honk)
+	j["@context"] = itiswhatitis
+
+	return j.ToBytes(), true
+}, Limit: 128})
+
+func gimmejonk(xid string) ([]byte, bool) {
+	var j []byte
+	ok := oldjonks.Get(xid, &j)
+	return j, ok
+}
+
+func boxuprcpts(user *WhatAbout, addresses []string, useshared bool) map[string]bool {
+	rcpts := make(map[string]bool)
+	for _, a := range addresses {
+		if a == "" || a == thewholeworld || a == user.URL || strings.HasSuffix(a, "/followers") {
+			continue
+		}
+		if a[0] == '%' {
+			rcpts[a] = true
+			continue
+		}
+		var box *Box
+		ok := boxofboxes.Get(a, &box)
+		if ok && useshared && box.Shared != "" {
+			rcpts["%"+box.Shared] = true
+		} else {
+			rcpts[a] = true
+		}
+	}
+	return rcpts
+}
+
+func chonkifymsg(user *WhatAbout, ch *Chonk) []byte {
+	dt := ch.Date.Format(time.RFC3339)
+	aud := []string{ch.Target}
+
+	jo := junk.New()
+	jo["id"] = ch.XID
+	jo["type"] = "ChatMessage"
+	jo["published"] = dt
+	jo["attributedTo"] = user.URL
+	jo["to"] = aud
+	jo["content"] = ch.HTML
+	atts := activatedonks(ch.Donks)
+	if len(atts) > 0 {
+		jo["attachment"] = atts
+	}
+	var tags []junk.Junk
+	for _, e := range herdofemus(ch.Noise) {
+		t := junk.New()
+		t["id"] = e.ID
+		t["type"] = "Emoji"
+		t["name"] = e.Name
+		i := junk.New()
+		i["type"] = "Image"
+		i["mediaType"] = e.Type
+		i["url"] = e.ID
+		t["icon"] = i
+		tags = append(tags, t)
+	}
+	if len(tags) > 0 {
+		jo["tag"] = tags
+	}
+
+	j := junk.New()
+	j["@context"] = itiswhatitis
+	j["id"] = user.URL + "/" + "honk" + "/" + shortxid(ch.XID)
+	j["type"] = "Create"
+	j["actor"] = user.URL
+	j["published"] = dt
+	j["to"] = aud
+	j["object"] = jo
+
+	return j.ToBytes()
+}
+
+func sendchonk(user *WhatAbout, ch *Chonk) {
+	msg := chonkifymsg(user, ch)
+
+	rcpts := make(map[string]bool)
+	rcpts[ch.Target] = true
+	for a := range rcpts {
+		go deliverate(0, user.ID, a, msg, true)
+	}
+}
+
+func honkworldwide(user *WhatAbout, honk *Honk) {
+	jonk, _ := jonkjonk(user, honk)
+	jonk["@context"] = itiswhatitis
+	msg := jonk.ToBytes()
+
+	rcpts := boxuprcpts(user, honk.Audience, honk.Public)
+
+	if honk.Public {
+		for _, h := range getdubs(user.ID) {
+			if h.XID == user.URL {
+				continue
+			}
+			var box *Box
+			ok := boxofboxes.Get(h.XID, &box)
+			if ok && box.Shared != "" {
+				rcpts["%"+box.Shared] = true
+			} else {
+				rcpts[h.XID] = true
+			}
+		}
+		for _, f := range getbacktracks(honk.XID) {
+			if f[0] == '%' {
+				rcpts[f] = true
+			} else {
+				var box *Box
+				ok := boxofboxes.Get(f, &box)
+				if ok && box.Shared != "" {
+					rcpts["%"+box.Shared] = true
+				} else {
+					rcpts[f] = true
+				}
+			}
+		}
+	}
+	for a := range rcpts {
+		go deliverate(0, user.ID, a, msg, doesitmatter(honk.What))
+	}
+	if honk.Public && len(honk.Onts) > 0 {
+		collectiveaction(honk)
+	}
+}
+
+func doesitmatter(what string) bool {
+	switch what {
+	case "ack":
+		return false
+	case "react":
+		return false
+	case "deack":
+		return false
+	}
+	return true
+}
+
+func collectiveaction(honk *Honk) {
+	user := getserveruser()
+	for _, ont := range honk.Onts {
+		dubs := getnameddubs(serverUID, ont)
+		if len(dubs) == 0 {
+			continue
+		}
+		j := junk.New()
+		j["@context"] = itiswhatitis
+		j["type"] = "Add"
+		j["id"] = user.URL + "/add/" + shortxid(ont+honk.XID)
+		j["actor"] = user.URL
+		j["object"] = honk.XID
+		j["target"] = fmt.Sprintf("https://%s/o/%s", serverName, ont[1:])
+		rcpts := make(map[string]bool)
+		for _, dub := range dubs {
+			var box *Box
+			ok := boxofboxes.Get(dub.XID, &box)
+			if ok && box.Shared != "" {
+				rcpts["%"+box.Shared] = true
+			} else {
+				rcpts[dub.XID] = true
+			}
+		}
+		msg := j.ToBytes()
+		for a := range rcpts {
+			go deliverate(0, user.ID, a, msg, false)
+		}
+	}
+}
+
+func junkuser(user *WhatAbout) junk.Junk {
+	j := junk.New()
+	j["@context"] = itiswhatitis
+	j["id"] = user.URL
+	j["inbox"] = user.URL + "/inbox"
+	j["outbox"] = user.URL + "/outbox"
+	j["name"] = user.Display
+	j["preferredUsername"] = user.Name
+	j["summary"] = user.HTAbout
+	var tags []junk.Junk
+	for _, o := range user.Onts {
+		t := junk.New()
+		t["type"] = "Hashtag"
+		o = strings.ToLower(o)
+		t["href"] = fmt.Sprintf("https://%s/o/%s", serverName, o[1:])
+		t["name"] = o
+		tags = append(tags, t)
+	}
+	if len(tags) > 0 {
+		j["tag"] = tags
+	}
+
+	if user.ID > 0 {
+		j["type"] = "Person"
+		j["url"] = user.URL
+		j["followers"] = user.URL + "/followers"
+		j["following"] = user.URL + "/following"
+		a := junk.New()
+		a["type"] = "Image"
+		a["mediaType"] = "image/png"
+		if ava := user.Options.Avatar; ava != "" {
+			a["url"] = ava
+		} else {
+			u := fmt.Sprintf("https://%s/a?a=%s", serverName, url.QueryEscape(user.URL))
+			if user.Options.Avahex {
+				u += "&hex=1"
+			}
+			a["url"] = u
+		}
+		j["icon"] = a
+		if ban := user.Options.Banner; ban != "" {
+			a := junk.New()
+			a["type"] = "Image"
+			a["mediaType"] = "image/jpg"
+			a["url"] = ban
+			j["image"] = a
+		}
+	} else {
+		j["type"] = "Service"
+	}
+	k := junk.New()
+	k["id"] = user.URL + "#key"
+	k["owner"] = user.URL
+	k["publicKeyPem"] = user.Key
+	j["publicKey"] = k
+
+	return j
+}
+
+var oldjonkers = cache.New(cache.Options{Filler: func(name string) ([]byte, bool) {
+	user, err := butwhatabout(name)
+	if err != nil {
+		return nil, false
+	}
+	var buf bytes.Buffer
+	j := junkuser(user)
+	j.Write(&buf)
+	return buf.Bytes(), true
+}, Duration: 1 * time.Minute})
+
+func asjonker(name string) ([]byte, bool) {
+	var j []byte
+	ok := oldjonkers.Get(name, &j)
+	return j, ok
+}
+
+var handfull = cache.New(cache.Options{Filler: func(name string) (string, bool) {
+	m := strings.Split(name, "@")
+	if len(m) != 2 {
+		dlog.Printf("bad fish name: %s", name)
+		return "", true
+	}
+	var href string
+	row := stmtGetXonker.QueryRow(name, "fishname")
+	err := row.Scan(&href)
+	if err == nil {
+		return href, true
+	}
+	dlog.Printf("fishing for %s", name)
+	j, err := GetJunkFast(serverUID, fmt.Sprintf("https://%s/.well-known/webfinger?resource=acct:%s", m[1], name))
+	if err != nil {
+		ilog.Printf("failed to go fish %s: %s", name, err)
+		return "", true
+	}
+	links, _ := j.GetArray("links")
+	for _, li := range links {
+		l, ok := li.(junk.Junk)
+		if !ok {
+			continue
+		}
+		href, _ := l.GetString("href")
+		rel, _ := l.GetString("rel")
+		t, _ := l.GetString("type")
+		if rel == "self" && friendorfoe(t) {
+			when := time.Now().UTC().Format(dbtimeformat)
+			_, err := stmtSaveXonker.Exec(name, href, "fishname", when)
+			if err != nil {
+				elog.Printf("error saving fishname: %s", err)
+			}
+			return href, true
+		}
+	}
+	return href, true
+}, Duration: 1 * time.Minute})
+
+func gofish(name string) string {
+	if name[0] == '@' {
+		name = name[1:]
+	}
+	var href string
+	handfull.Get(name, &href)
+	return href
+}
+
+func investigate(name string) (*SomeThing, error) {
+	if name == "" {
+		return nil, fmt.Errorf("no name")
+	}
+	if name[0] == '@' {
+		name = gofish(name)
+	}
+	if name == "" {
+		return nil, fmt.Errorf("no name")
+	}
+	obj, err := GetJunkFast(serverUID, name)
+	if err != nil {
+		return nil, err
+	}
+	allinjest(originate(name), obj)
+	return somethingabout(obj)
+}
+
+func somethingabout(obj junk.Junk) (*SomeThing, error) {
+	info := new(SomeThing)
+	t, _ := obj.GetString("type")
+	switch t {
+	case "Person":
+		fallthrough
+	case "Organization":
+		fallthrough
+	case "Application":
+		fallthrough
+	case "Service":
+		info.What = SomeActor
+	case "OrderedCollection":
+		fallthrough
+	case "Collection":
+		info.What = SomeCollection
+	default:
+		return nil, fmt.Errorf("unknown object type")
+	}
+	info.XID, _ = obj.GetString("id")
+	info.Name, _ = obj.GetString("preferredUsername")
+	if info.Name == "" {
+		info.Name, _ = obj.GetString("name")
+	}
+	info.Owner, _ = obj.GetString("attributedTo")
+	if info.Owner == "" {
+		info.Owner = info.XID
+	}
+	return info, nil
+}
+
+func allinjest(origin string, obj junk.Junk) {
+	keyobj, ok := obj.GetMap("publicKey")
+	if ok {
+		ingestpubkey(origin, keyobj)
+	}
+	ingestboxes(origin, obj)
+	ingesthandle(origin, obj)
+}
+
+func ingestpubkey(origin string, obj junk.Junk) {
+	keyobj, ok := obj.GetMap("publicKey")
+	if ok {
+		obj = keyobj
+	}
+	keyname, ok := obj.GetString("id")
+	var data string
+	row := stmtGetXonker.QueryRow(keyname, "pubkey")
+	err := row.Scan(&data)
+	if err == nil {
+		return
+	}
+	if !ok || origin != originate(keyname) {
+		ilog.Printf("bad key origin %s <> %s", origin, keyname)
+		return
+	}
+	dlog.Printf("ingesting a needed pubkey: %s", keyname)
+	owner, ok := obj.GetString("owner")
+	if !ok {
+		ilog.Printf("error finding %s pubkey owner", keyname)
+		return
+	}
+	data, ok = obj.GetString("publicKeyPem")
+	if !ok {
+		ilog.Printf("error finding %s pubkey", keyname)
+		return
+	}
+	if originate(owner) != origin {
+		ilog.Printf("bad key owner: %s <> %s", owner, origin)
+		return
+	}
+	_, _, err = httpsig.DecodeKey(data)
+	if err != nil {
+		ilog.Printf("error decoding %s pubkey: %s", keyname, err)
+		return
+	}
+	when := time.Now().UTC().Format(dbtimeformat)
+	_, err = stmtSaveXonker.Exec(keyname, data, "pubkey", when)
+	if err != nil {
+		elog.Printf("error saving key: %s", err)
+	}
+}
+
+func ingestboxes(origin string, obj junk.Junk) {
+	ident, _ := obj.GetString("id")
+	if ident == "" {
+		return
+	}
+	if originate(ident) != origin {
+		return
+	}
+	var info string
+	row := stmtGetXonker.QueryRow(ident, "boxes")
+	err := row.Scan(&info)
+	if err == nil {
+		return
+	}
+	dlog.Printf("ingesting boxes: %s", ident)
+	inbox, _ := obj.GetString("inbox")
+	outbox, _ := obj.GetString("outbox")
+	sbox, _ := obj.GetString("endpoints", "sharedInbox")
+	if inbox != "" {
+		when := time.Now().UTC().Format(dbtimeformat)
+		m := strings.Join([]string{inbox, outbox, sbox}, " ")
+		_, err = stmtSaveXonker.Exec(ident, m, "boxes", when)
+		if err != nil {
+			elog.Printf("error saving boxes: %s", err)
+		}
+	}
+}
+
+func ingesthandle(origin string, obj junk.Junk) {
+	xid, _ := obj.GetString("id")
+	if xid == "" {
+		return
+	}
+	if originate(xid) != origin {
+		return
+	}
+	var handle string
+	row := stmtGetXonker.QueryRow(xid, "handle")
+	err := row.Scan(&handle)
+	if err == nil {
+		return
+	}
+	handle, _ = obj.GetString("preferredUsername")
+	if handle != "" {
+		when := time.Now().UTC().Format(dbtimeformat)
+		_, err = stmtSaveXonker.Exec(xid, handle, "handle", when)
+		if err != nil {
+			elog.Printf("error saving handle: %s", err)
+		}
+	}
+}
+
+func updateMe(username string) {
+	var user *WhatAbout
+	somenamedusers.Get(username, &user)
+	dt := time.Now().UTC().Format(time.RFC3339)
+	j := junk.New()
+	j["@context"] = itiswhatitis
+	j["id"] = fmt.Sprintf("%s/upme/%s/%d", user.URL, user.Name, time.Now().Unix())
+	j["actor"] = user.URL
+	j["published"] = dt
+	j["to"] = thewholeworld
+	j["type"] = "Update"
+	j["object"] = junkuser(user)
+
+	msg := j.ToBytes()
+
+	rcpts := make(map[string]bool)
+	for _, f := range getdubs(user.ID) {
+		if f.XID == user.URL {
+			continue
+		}
+		var box *Box
+		boxofboxes.Get(f.XID, &box)
+		if box != nil && box.Shared != "" {
+			rcpts["%"+box.Shared] = true
+		} else {
+			rcpts[f.XID] = true
+		}
+	}
+	for a := range rcpts {
+		go deliverate(0, user.ID, a, msg, false)
+	}
+}
+
+func followme(user *WhatAbout, who string, name string, j junk.Junk) {
+	folxid, _ := j.GetString("id")
+
+	ilog.Printf("updating honker follow: %s %s", who, folxid)
+
+	var x string
+	db := opendatabase()
+	row := db.QueryRow("select xid from honkers where name = ? and xid = ? and userid = ? and flavor in ('dub', 'undub')", name, who, user.ID)
+	err := row.Scan(&x)
+	if err != sql.ErrNoRows {
+		ilog.Printf("duplicate follow request: %s", who)
+		_, err = stmtUpdateFlavor.Exec("dub", folxid, user.ID, name, who, "undub")
+		if err != nil {
+			elog.Printf("error updating honker: %s", err)
+		}
+	} else {
+		stmtSaveDub.Exec(user.ID, name, who, "dub", folxid)
+	}
+	go rubadubdub(user, j)
+}
+
+func unfollowme(user *WhatAbout, who string, name string, j junk.Junk) {
+	var folxid string
+	if who == "" {
+		folxid, _ = j.GetString("object")
+
+		db := opendatabase()
+		row := db.QueryRow("select xid, name from honkers where userid = ? and folxid = ? and flavor in ('dub', 'undub')", user.ID, folxid)
+		err := row.Scan(&who, &name)
+		if err != nil {
+			if err != sql.ErrNoRows {
+				elog.Printf("error scanning honker: %s", err)
+			}
+			return
+		}
+	}
+
+	ilog.Printf("updating honker undo: %s %s", who, folxid)
+	_, err := stmtUpdateFlavor.Exec("undub", folxid, user.ID, name, who, "dub")
+	if err != nil {
+		elog.Printf("error updating honker: %s", err)
+		return
+	}
+}
+
+func followyou(user *WhatAbout, honkerid int64) {
+	var url, owner string
+	db := opendatabase()
+	row := db.QueryRow("select xid, owner from honkers where honkerid = ? and userid = ? and flavor in ('unsub', 'peep', 'presub', 'sub')",
+		honkerid, user.ID)
+	err := row.Scan(&url, &owner)
+	if err != nil {
+		elog.Printf("can't get honker xid: %s", err)
+		return
+	}
+	folxid := xfiltrate()
+	ilog.Printf("subscribing to %s", url)
+	_, err = db.Exec("update honkers set flavor = ?, folxid = ? where honkerid = ?", "presub", folxid, honkerid)
+	if err != nil {
+		elog.Printf("error updating honker: %s", err)
+		return
+	}
+	go subsub(user, url, owner, folxid)
+
+}
+func unfollowyou(user *WhatAbout, honkerid int64) {
+	db := opendatabase()
+	row := db.QueryRow("select xid, owner, folxid from honkers where honkerid = ? and userid = ? and flavor in ('sub')",
+		honkerid, user.ID)
+	var url, owner, folxid string
+	err := row.Scan(&url, &owner, &folxid)
+	if err != nil {
+		elog.Printf("can't get honker xid: %s", err)
+		return
+	}
+	ilog.Printf("unsubscribing from %s", url)
+	_, err = db.Exec("update honkers set flavor = ? where honkerid = ?", "unsub", honkerid)
+	if err != nil {
+		elog.Printf("error updating honker: %s", err)
+		return
+	}
+	go itakeitallback(user, url, owner, folxid)
+}
+
+func followyou2(user *WhatAbout, j junk.Junk) {
+	who, _ := j.GetString("actor")
+
+	ilog.Printf("updating honker accept: %s", who)
+	db := opendatabase()
+	row := db.QueryRow("select name, folxid from honkers where userid = ? and xid = ? and flavor in ('presub')",
+		user.ID, who)
+	var name, folxid string
+	err := row.Scan(&name, &folxid)
+	if err != nil {
+		elog.Printf("can't get honker name: %s", err)
+		return
+	}
+	_, err = stmtUpdateFlavor.Exec("sub", folxid, user.ID, name, who, "presub")
+	if err != nil {
+		elog.Printf("error updating honker: %s", err)
+		return
+	}
+}
+
+func nofollowyou2(user *WhatAbout, j junk.Junk) {
+	who, _ := j.GetString("actor")
+
+	ilog.Printf("updating honker reject: %s", who)
+	db := opendatabase()
+	row := db.QueryRow("select name, folxid from honkers where userid = ? and xid = ? and flavor in ('presub', 'sub')",
+		user.ID, who)
+	var name, folxid string
+	err := row.Scan(&name, &folxid)
+	if err != nil {
+		elog.Printf("can't get honker name: %s", err)
+		return
+	}
+	_, err = stmtUpdateFlavor.Exec("unsub", folxid, user.ID, name, who, "presub")
+	_, err = stmtUpdateFlavor.Exec("unsub", folxid, user.ID, name, who, "sub")
+	if err != nil {
+		elog.Printf("error updating honker: %s", err)
+		return
+	}
+}

@@ -0,0 +1,299 @@ 
+//
+// Copyright (c) 2019 Ted Unangst <tedu@tedunangst.com>
+//
+// Permission to use, copy, modify, and distribute this software for any
+// purpose with or without fee is hereby granted, provided that the above
+// copyright notice and this permission notice appear in all copies.
+//
+// THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
+// WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
+// MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
+// ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
+// WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
+// ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
+// OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
+
+package main
+
+/*
+#include <termios.h>
+void
+clearecho(struct termios *tio)
+{
+	tio->c_lflag = tio->c_lflag & ~(ECHO|ICANON);
+}
+*/
+import "C"
+import (
+	"bufio"
+	"fmt"
+	"os"
+	"os/signal"
+	"strings"
+
+	"humungus.tedunangst.com/r/webs/log"
+)
+
+func adminscreen() {
+	log.Init(log.Options{Progname: "honk", Alllogname: "null"})
+	stdout := bufio.NewWriter(os.Stdout)
+	esc := "\x1b"
+	smcup := esc + "[?1049h"
+	rmcup := esc + "[?1049l"
+
+	var avatarColors string
+	getconfig("avatarcolors", &avatarColors)
+	loadLingo()
+
+	type adminfield struct {
+		name    string
+		label   string
+		text    string
+		oneline bool
+	}
+
+	messages := []*adminfield{
+		{
+			name:  "servermsg",
+			label: "server",
+			text:  string(serverMsg),
+		},
+		{
+			name:  "aboutmsg",
+			label: "about",
+			text:  string(aboutMsg),
+		},
+		{
+			name:  "loginmsg",
+			label: "login",
+			text:  string(loginMsg),
+		},
+		{
+			name:    "avatarcolors",
+			label:   "avatar colors (4 RGBA hex numbers)",
+			text:    string(avatarColors),
+			oneline: true,
+		},
+	}
+	for _, l := range []string{"honked", "bonked", "honked back", "qonked", "evented"} {
+		messages = append(messages, &adminfield{
+			name:    "lingo-" + strings.ReplaceAll(l, " ", ""),
+			label:   "lingo for " + l,
+			text:    relingo[l],
+			oneline: true,
+		})
+	}
+	cursel := 0
+
+	hidecursor := func() {
+		stdout.WriteString(esc + "[?25l")
+	}
+	showcursor := func() {
+		stdout.WriteString(esc + "[?12;25h")
+	}
+	movecursor := func(x, y int) {
+		stdout.WriteString(fmt.Sprintf(esc+"[%d;%dH", y, x))
+	}
+	moveleft := func() {
+		stdout.WriteString(esc + "[1D")
+	}
+	clearscreen := func() {
+		stdout.WriteString(esc + "[2J")
+	}
+	//clearline := func() { stdout.WriteString(esc + "[2K") }
+	colorfn := func(code int) func(string) string {
+		return func(s string) string {
+			return fmt.Sprintf(esc+"[%dm"+"%s"+esc+"[0m", code, s)
+		}
+	}
+	reverse := colorfn(7)
+	magenta := colorfn(35)
+	readchar := func() byte {
+		var buf [1]byte
+		os.Stdin.Read(buf[:])
+		c := buf[0]
+		return c
+	}
+
+	savedtio := new(C.struct_termios)
+	C.tcgetattr(1, savedtio)
+	restore := func() {
+		stdout.WriteString(rmcup)
+		showcursor()
+		stdout.Flush()
+		C.tcsetattr(1, C.TCSAFLUSH, savedtio)
+	}
+	defer restore()
+	go func() {
+		sig := make(chan os.Signal)
+		signal.Notify(sig, os.Interrupt)
+		<-sig
+		restore()
+		os.Exit(0)
+	}()
+
+	init := func() {
+		tio := new(C.struct_termios)
+		C.tcgetattr(1, tio)
+		C.clearecho(tio)
+		C.tcsetattr(1, C.TCSADRAIN, tio)
+
+		hidecursor()
+		stdout.WriteString(smcup)
+		clearscreen()
+		movecursor(1, 1)
+		stdout.Flush()
+	}
+
+	editing := false
+
+	linecount := func(s string) int {
+		lines := 1
+		for i := range s {
+			if s[i] == '\n' {
+				lines++
+			}
+		}
+		return lines
+	}
+
+	msglineno := func(idx int) int {
+		off := 1
+		if idx == -1 {
+			return off
+		}
+		for i, m := range messages {
+			off += 1
+			if i == idx {
+				return off
+			}
+			if !m.oneline {
+				off += 1
+				off += linecount(m.text)
+			}
+		}
+		off += 2
+		return off
+	}
+
+	forscreen := func(s string) string {
+		return strings.Replace(s, "\n", "\n   ", -1)
+	}
+
+	drawmessage := func(idx int) {
+		line := msglineno(idx)
+		movecursor(4, line)
+		label := messages[idx].label
+		if idx == cursel {
+			label = reverse(label)
+		}
+		label = magenta(label)
+		text := forscreen(messages[idx].text)
+		if messages[idx].oneline {
+			stdout.WriteString(fmt.Sprintf("%s\t   %s", label, text))
+		} else {
+			stdout.WriteString(fmt.Sprintf("%s\n   %s", label, text))
+		}
+	}
+
+	drawscreen := func() {
+		clearscreen()
+		movecursor(4, msglineno(-1))
+		stdout.WriteString(magenta(serverName + " admin panel"))
+		for i := range messages {
+			if !editing || i != cursel {
+				drawmessage(i)
+			}
+		}
+		movecursor(4, msglineno(len(messages)))
+		dir := "j/k to move - q to quit - enter to edit"
+		if editing {
+			dir = "esc to end"
+		}
+		stdout.WriteString(magenta(dir))
+		if editing {
+			drawmessage(cursel)
+		}
+		stdout.Flush()
+	}
+
+	selectnext := func() {
+		if cursel < len(messages)-1 {
+			movecursor(4, msglineno(cursel))
+			stdout.WriteString(magenta(messages[cursel].label))
+			cursel++
+			movecursor(4, msglineno(cursel))
+			stdout.WriteString(reverse(magenta(messages[cursel].label)))
+			stdout.Flush()
+		}
+	}
+	selectprev := func() {
+		if cursel > 0 {
+			movecursor(4, msglineno(cursel))
+			stdout.WriteString(magenta(messages[cursel].label))
+			cursel--
+			movecursor(4, msglineno(cursel))
+			stdout.WriteString(reverse(magenta(messages[cursel].label)))
+			stdout.Flush()
+		}
+	}
+	editsel := func() {
+		editing = true
+		showcursor()
+		drawscreen()
+		m := messages[cursel]
+	loop:
+		for {
+			c := readchar()
+			switch c {
+			case '\x1b':
+				break loop
+			case '\n':
+				if m.oneline {
+					break loop
+				}
+				m.text += "\n"
+				drawscreen()
+			case 127:
+				if len(m.text) > 0 {
+					last := m.text[len(m.text)-1]
+					m.text = m.text[:len(m.text)-1]
+					if last == '\n' {
+						drawscreen()
+					} else {
+						moveleft()
+						stdout.WriteString(" ")
+						moveleft()
+					}
+				}
+			default:
+				m.text += string(c)
+				stdout.WriteString(string(c))
+			}
+			stdout.Flush()
+		}
+		editing = false
+		setconfig(m.name, m.text)
+		hidecursor()
+		drawscreen()
+	}
+
+	init()
+	drawscreen()
+
+	for {
+		c := readchar()
+		switch c {
+		case 'q':
+			return
+		case 'j':
+			selectnext()
+		case 'k':
+			selectprev()
+		case '\n':
+			editsel()
+		default:
+
+		}
+	}
+}

@@ -0,0 +1,205 @@ 
+//
+// Copyright (c) 2019 Ted Unangst <tedu@tedunangst.com>
+//
+// Permission to use, copy, modify, and distribute this software for any
+// purpose with or without fee is hereby granted, provided that the above
+// copyright notice and this permission notice appear in all copies.
+//
+// THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
+// WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
+// MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
+// ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
+// WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
+// ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
+// OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
+
+package main
+
+import (
+	"bufio"
+	"bytes"
+	"crypto/sha512"
+	"fmt"
+	"image"
+	"image/png"
+	"net/http"
+	"regexp"
+	"strconv"
+	"strings"
+
+	"github.com/gorilla/mux"
+)
+
+var avatarcolors = [4][4]byte{
+	{16, 0, 48, 255},
+	{48, 0, 96, 255},
+	{72, 0, 144, 255},
+	{96, 0, 192, 255},
+}
+
+func loadAvatarColors() {
+	var colors string
+	getconfig("avatarcolors", &colors)
+	if colors == "" {
+		return
+	}
+	r := bufio.NewReader(strings.NewReader(colors))
+	for i := 0; i < 4; i++ {
+		l, _ := r.ReadString(' ')
+		for l == " " {
+			l, _ = r.ReadString(' ')
+		}
+		l = strings.Trim(l, "# \n")
+		if len(l) == 6 {
+			l = l + "ff"
+		}
+		c, err := strconv.ParseUint(l, 16, 32)
+		if err != nil {
+			elog.Printf("error reading avatar color %d: %s", i, err)
+			continue
+		}
+		avatarcolors[i][0] = byte(c >> 24 & 0xff)
+		avatarcolors[i][1] = byte(c >> 16 & 0xff)
+		avatarcolors[i][2] = byte(c >> 8 & 0xff)
+		avatarcolors[i][3] = byte(c >> 0 & 0xff)
+	}
+}
+
+func genAvatar(name string, hex bool) []byte {
+	h := sha512.New()
+	h.Write([]byte(name))
+	s := h.Sum(nil)
+	img := image.NewNRGBA(image.Rect(0, 0, 64, 64))
+	for i := 0; i < 64; i++ {
+		for j := 0; j < 64; j++ {
+			p := i*img.Stride + j*4
+			if hex {
+				tan := 0.577
+				if i < 32 {
+					if j < 17-int(float64(i)*tan) || j > 46+int(float64(i)*tan) {
+						img.Pix[p+0] = 0
+						img.Pix[p+1] = 0
+						img.Pix[p+2] = 0
+						img.Pix[p+3] = 255
+						continue
+					}
+				} else {
+					if j < 17-int(float64(64-i)*tan) || j > 46+int(float64(64-i)*tan) {
+						img.Pix[p+0] = 0
+						img.Pix[p+1] = 0
+						img.Pix[p+2] = 0
+						img.Pix[p+3] = 255
+						continue
+
+					}
+				}
+			}
+			xx := i/16*16 + j/16
+			x := s[xx]
+			if x < 64 {
+				img.Pix[p+0] = avatarcolors[0][0]
+				img.Pix[p+1] = avatarcolors[0][1]
+				img.Pix[p+2] = avatarcolors[0][2]
+				img.Pix[p+3] = avatarcolors[0][3]
+			} else if x < 128 {
+				img.Pix[p+0] = avatarcolors[1][0]
+				img.Pix[p+1] = avatarcolors[1][1]
+				img.Pix[p+2] = avatarcolors[1][2]
+				img.Pix[p+3] = avatarcolors[1][3]
+			} else if x < 192 {
+				img.Pix[p+0] = avatarcolors[2][0]
+				img.Pix[p+1] = avatarcolors[2][1]
+				img.Pix[p+2] = avatarcolors[2][2]
+				img.Pix[p+3] = avatarcolors[2][3]
+			} else {
+				img.Pix[p+0] = avatarcolors[3][0]
+				img.Pix[p+1] = avatarcolors[3][1]
+				img.Pix[p+2] = avatarcolors[3][2]
+				img.Pix[p+3] = avatarcolors[3][3]
+			}
+		}
+	}
+	var buf bytes.Buffer
+	png.Encode(&buf, img)
+	return buf.Bytes()
+}
+
+func showflag(writer http.ResponseWriter, req *http.Request) {
+	code := mux.Vars(req)["code"]
+	colors := strings.Split(code, ",")
+	numcolors := len(colors)
+	vert := false
+	if colors[0] == "vert" {
+		vert = true
+		colors = colors[1:]
+		numcolors--
+		if numcolors == 0 {
+			http.Error(writer, "bad flag", 400)
+			return
+		}
+	}
+	pixels := make([][4]byte, numcolors)
+	for i := 0; i < numcolors; i++ {
+		hex := colors[i]
+		if len(hex) == 3 {
+			hex = fmt.Sprintf("%c%c%c%c%c%c",
+				hex[0], hex[0], hex[1], hex[1], hex[2], hex[2])
+		}
+		c, _ := strconv.ParseUint(hex, 16, 32)
+		r := byte(c >> 16 & 0xff)
+		g := byte(c >> 8 & 0xff)
+		b := byte(c >> 0 & 0xff)
+		pixels[i][0] = r
+		pixels[i][1] = g
+		pixels[i][2] = b
+		pixels[i][3] = 255
+	}
+
+	h := 128
+	w := h * 3 / 2
+	img := image.NewRGBA(image.Rect(0, 0, w, h))
+	if vert {
+		for j := 0; j < w; j++ {
+			pix := pixels[j*numcolors/w][:]
+			for i := 0; i < h; i++ {
+				p := i*img.Stride + j*4
+				copy(img.Pix[p:], pix)
+			}
+		}
+	} else {
+		for i := 0; i < h; i++ {
+			pix := pixels[i*numcolors/h][:]
+			for j := 0; j < w; j++ {
+				p := i*img.Stride + j*4
+				copy(img.Pix[p:], pix)
+			}
+		}
+	}
+
+	writer.Header().Set("Cache-Control", "max-age="+somedays())
+	png.Encode(writer, img)
+}
+
+var re_flags = regexp.MustCompile("flag:[[:alnum:],]+")
+
+func fixupflags(h *Honk) []Emu {
+	var emus []Emu
+	count := 0
+	h.Noise = re_flags.ReplaceAllStringFunc(h.Noise, func(m string) string {
+		count++
+		var e Emu
+		e.Name = fmt.Sprintf(":flag%d:", count)
+		e.ID = fmt.Sprintf("https://%s/flag/%s", serverName, m[5:])
+		emus = append(emus, e)
+		return e.Name
+	})
+	return emus
+}
+
+func renderflags(h *Honk) {
+	h.Noise = re_flags.ReplaceAllStringFunc(h.Noise, func(m string) string {
+		code := m[5:]
+		src := fmt.Sprintf("https://%s/flag/%s", serverName, code)
+		return fmt.Sprintf(`<img class="emu" title="%s" src="%s">`, "flag", src)
+	})
+}

@@ -0,0 +1,132 @@ 
+//
+// Copyright (c) 2019 Ted Unangst <tedu@tedunangst.com>
+//
+// Permission to use, copy, modify, and distribute this software for any
+// purpose with or without fee is hereby granted, provided that the above
+// copyright notice and this permission notice appear in all copies.
+//
+// THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
+// WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
+// MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
+// ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
+// WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
+// ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
+// OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
+
+package main
+
+import (
+	"bytes"
+	"net"
+	"net/rpc"
+	"os"
+	"os/exec"
+
+	"humungus.tedunangst.com/r/webs/gate"
+	"humungus.tedunangst.com/r/webs/image"
+)
+
+type Shrinker struct {
+}
+
+type ShrinkerArgs struct {
+	Buf    []byte
+	Params image.Params
+}
+
+type ShrinkerResult struct {
+	Image *image.Image
+}
+
+var shrinkgate = gate.NewLimiter(4)
+
+func (s *Shrinker) Shrink(args *ShrinkerArgs, res *ShrinkerResult) error {
+	shrinkgate.Start()
+	defer shrinkgate.Finish()
+	img, err := image.Vacuum(bytes.NewReader(args.Buf), args.Params)
+	if err != nil {
+		return err
+	}
+	res.Image = img
+	return nil
+}
+
+func backendSockname() string {
+	return dataDir + "/backend.sock"
+}
+
+func shrinkit(data []byte) (*image.Image, error) {
+	cl, err := rpc.Dial("unix", backendSockname())
+	if err != nil {
+		return nil, err
+	}
+	defer cl.Close()
+	var res ShrinkerResult
+	err = cl.Call("Shrinker.Shrink", &ShrinkerArgs{
+		Buf:    data,
+		Params: image.Params{LimitSize: 4200 * 4200, MaxWidth: 2048, MaxHeight: 2048},
+	}, &res)
+	if err != nil {
+		return nil, err
+	}
+	return res.Image, nil
+}
+
+var backendhooks []func()
+
+func orphancheck() {
+	var b [1]byte
+	os.Stdin.Read(b[:])
+	dlog.Printf("backend shutting down")
+	os.Exit(0)
+}
+
+func backendServer() {
+	dlog.Printf("backend server running")
+	go orphancheck()
+	shrinker := new(Shrinker)
+	srv := rpc.NewServer()
+	err := srv.Register(shrinker)
+	if err != nil {
+		elog.Panicf("unable to register shrinker: %s", err)
+	}
+
+	sockname := backendSockname()
+	err = os.Remove(sockname)
+	if err != nil && !os.IsNotExist(err) {
+		elog.Panicf("unable to unlink socket: %s", err)
+	}
+
+	lis, err := net.Listen("unix", sockname)
+	if err != nil {
+		elog.Panicf("unable to register shrinker: %s", err)
+	}
+	err = setLimits()
+	if err != nil {
+		elog.Printf("error setting backend limits: %s", err)
+	}
+	for _, h := range backendhooks {
+		h()
+	}
+	srv.Accept(lis)
+}
+
+func runBackendServer() {
+	r, w, err := os.Pipe()
+	if err != nil {
+		elog.Panicf("can't pipe: %s", err)
+	}
+	proc := exec.Command(os.Args[0], reexecArgs("backend")...)
+	proc.Stdout = os.Stdout
+	proc.Stderr = os.Stderr
+	proc.Stdin = r
+	err = proc.Start()
+	if err != nil {
+		elog.Panicf("can't exec backend: %s", err)
+	}
+	go func() {
+		proc.Wait()
+		elog.Printf("lost the backend: %s", err)
+		w.Close()
+	}()
+}

@@ -0,0 +1,196 @@ 
+package main
+
+import (
+	"database/sql"
+	"fmt"
+	"os"
+	"time"
+
+	"strings"
+)
+
+func qordie(db *sql.DB, s string, args ...interface{}) *sql.Rows {
+	rows, err := db.Query(s, args...)
+	if err != nil {
+		elog.Fatalf("can't query %s: %s", s, err)
+	}
+	return rows
+}
+
+func scanordie(rows *sql.Rows, args ...interface{}) {
+	err := rows.Scan(args...)
+	if err != nil {
+		elog.Fatalf("can't scan: %s", err)
+	}
+}
+
+func svalbard(dirname string) {
+	err := os.Mkdir(dirname, 0700)
+	if err != nil && !os.IsExist(err) {
+		elog.Fatalf("can't create directory: %s", dirname)
+	}
+	now := time.Now().Unix()
+	backupdbname := fmt.Sprintf("%s/honk-%d.db", dirname, now)
+	backup, err := sql.Open("sqlite3", backupdbname)
+	if err != nil {
+		elog.Fatalf("can't open backup database")
+	}
+	for _, line := range strings.Split(sqlSchema, ";") {
+		_, err = backup.Exec(line)
+		if err != nil {
+			elog.Fatal(err)
+			return
+		}
+	}
+	tx, err := backup.Begin()
+	if err != nil {
+		elog.Fatal(err)
+	}
+	orig := opendatabase()
+	rows := qordie(orig, "select userid, username, hash, displayname, about, pubkey, seckey, options from users")
+	for rows.Next() {
+		var userid int64
+		var username, hash, displayname, about, pubkey, seckey, options string
+		scanordie(rows, &userid, &username, &hash, &displayname, &about, &pubkey, &seckey, &options)
+		doordie(tx, "insert into users (userid, username, hash, displayname, about, pubkey, seckey, options) values (?, ?, ?, ?, ?, ?, ?, ?)", userid, username, hash, displayname, about, pubkey, seckey, options)
+	}
+	rows.Close()
+
+	rows = qordie(orig, "select honkerid, userid, name, xid, flavor, combos, owner, meta, folxid from honkers")
+	for rows.Next() {
+		var honkerid, userid int64
+		var name, xid, flavor, combos, owner, meta, folxid string
+		scanordie(rows, &honkerid, &userid, &name, &xid, &flavor, &combos, &owner, &meta, &folxid)
+		doordie(tx, "insert into honkers (honkerid, userid, name, xid, flavor, combos, owner, meta, folxid) values (?, ?, ?, ?, ?, ?, ?, ?, ?)", honkerid, userid, name, xid, flavor, combos, owner, meta, folxid)
+	}
+	rows.Close()
+
+	rows = qordie(orig, "select convoy from honks where flags & 4 or whofore = 2 or whofore = 3")
+	convoys := make(map[string]bool)
+	for rows.Next() {
+		var convoy string
+		scanordie(rows, &convoy)
+		convoys[convoy] = true
+	}
+	rows.Close()
+
+	honkids := make(map[int64]bool)
+	for c := range convoys {
+		rows = qordie(orig, "select honkid, userid, what, honker, xid, rid, dt, url, audience, noise, convoy, whofore, format, precis, oonker, flags from honks where convoy = ?", c)
+		for rows.Next() {
+			var honkid, userid int64
+			var what, honker, xid, rid, dt, url, audience, noise, convoy string
+			var whofore int64
+			var format, precis, oonker string
+			var flags int64
+			scanordie(rows, &honkid, &userid, &what, &honker, &xid, &rid, &dt, &url, &audience, &noise, &convoy, &whofore, &format, &precis, &oonker, &flags)
+			honkids[honkid] = true
+			doordie(tx, "insert into honks (honkid, userid, what, honker, xid, rid, dt, url, audience, noise, convoy, whofore, format, precis, oonker, flags) values (?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?)", honkid, userid, what, honker, xid, rid, dt, url, audience, noise, convoy, whofore, format, precis, oonker, flags)
+		}
+		rows.Close()
+	}
+	fileids := make(map[int64]bool)
+	for h := range honkids {
+		rows = qordie(orig, "select honkid, chonkid, fileid from donks where honkid = ?", h)
+		for rows.Next() {
+			var honkid, chonkid, fileid int64
+			scanordie(rows, &honkid, &chonkid, &fileid)
+			fileids[fileid] = true
+			doordie(tx, "insert into donks (honkid, chonkid, fileid) values (?, ?, ?)", honkid, chonkid, fileid)
+		}
+		rows.Close()
+		rows = qordie(orig, "select ontology, honkid from onts where honkid = ?", h)
+		for rows.Next() {
+			var ontology string
+			var honkid int64
+			scanordie(rows, &ontology, &honkid)
+			doordie(tx, "insert into onts (ontology, honkid) values (?, ?)", ontology, honkid)
+		}
+		rows.Close()
+		rows = qordie(orig, "select honkid, genus, json from honkmeta where honkid = ?", h)
+		for rows.Next() {
+			var honkid int64
+			var genus, json string
+			scanordie(rows, &honkid, &genus, &json)
+			doordie(tx, "insert into honkmeta (honkid, genus, json) values (?, ?, ?)", honkid, genus, json)
+		}
+		rows.Close()
+	}
+	chonkids := make(map[int64]bool)
+	rows = qordie(orig, "select chonkid, userid, xid, who, target, dt, noise, format from chonks")
+	for rows.Next() {
+		var chonkid, userid int64
+		var xid, who, target, dt, noise, format string
+		scanordie(rows, &chonkid, &userid, &xid, &who, &target, &dt, &noise, &format)
+		chonkids[chonkid] = true
+		doordie(tx, "insert into chonks (chonkid, userid, xid, who, target, dt, noise, format) values (?, ?, ?, ?, ?, ?, ?, ?)", chonkid, userid, xid, who, target, dt, noise, format)
+	}
+	rows.Close()
+	for c := range chonkids {
+		rows = qordie(orig, "select honkid, chonkid, fileid from donks where chonkid = ?", c)
+		for rows.Next() {
+			var honkid, chonkid, fileid int64
+			scanordie(rows, &honkid, &chonkid, &fileid)
+			fileids[fileid] = true
+			doordie(tx, "insert into donks (honkid, chonkid, fileid) values (?, ?, ?)", honkid, chonkid, fileid)
+		}
+		rows.Close()
+	}
+	filexids := make(map[string]bool)
+	for f := range fileids {
+		rows = qordie(orig, "select fileid, xid, name, description, url, media, local from filemeta where fileid = ?", f)
+		for rows.Next() {
+			var fileid int64
+			var xid, name, description, url, media string
+			var local int64
+			scanordie(rows, &fileid, &xid, &name, &description, &url, &media, &local)
+			filexids[xid] = true
+			doordie(tx, "insert into filemeta (fileid, xid, name, description, url, media, local) values (?, ?, ?, ?, ?, ?, ?)", fileid, xid, name, description, url, media, local)
+		}
+		rows.Close()
+	}
+
+	rows = qordie(orig, "select key, value from config")
+	for rows.Next() {
+		var key string
+		var value interface{}
+		scanordie(rows, &key, &value)
+		doordie(tx, "insert into config (key, value) values (?, ?)", key, value)
+	}
+
+	err = tx.Commit()
+	if err != nil {
+		elog.Fatalf("can't commit backp: %s", err)
+	}
+	backup.Close()
+
+	backupblobname := fmt.Sprintf("%s/blob-%d.db", dirname, now)
+	blob, err := sql.Open("sqlite3", backupblobname)
+	if err != nil {
+		elog.Fatalf("can't open backup blob database")
+	}
+	doordie(blob, "create table filedata (xid text, media text, hash text, content blob)")
+	doordie(blob, "create index idx_filexid on filedata(xid)")
+	doordie(blob, "create index idx_filehash on filedata(hash)")
+	tx, err = blob.Begin()
+	if err != nil {
+		elog.Fatalf("can't start transaction: %s", err)
+	}
+	origblob := openblobdb()
+	for x := range filexids {
+		rows = qordie(origblob, "select xid, media, hash, content from filedata where xid = ?", x)
+		for rows.Next() {
+			var xid, media, hash string
+			var content sql.RawBytes
+			scanordie(rows, &xid, &media, &hash, &content)
+			doordie(tx, "insert into filedata (xid, media, hash, content) values (?, ?, ?, ?)", xid, media, hash, content)
+		}
+		rows.Close()
+	}
+
+	err = tx.Commit()
+	if err != nil {
+		elog.Fatalf("can't commit blobs: %s", err)
+	}
+	blob.Close()
+}

@@ -0,0 +1,67 @@ 
+//
+// Copyright (c) 2019 Ted Unangst <tedu@tedunangst.com>
+//
+// Permission to use, copy, modify, and distribute this software for any
+// purpose with or without fee is hereby granted, provided that the above
+// copyright notice and this permission notice appear in all copies.
+//
+// THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
+// WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
+// MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
+// ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
+// WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
+// ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
+// OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
+
+package main
+
+import (
+	"net/http"
+	"strings"
+
+	"humungus.tedunangst.com/r/webs/junk"
+)
+
+func servewonkles(w http.ResponseWriter, r *http.Request) {
+	url := r.FormValue("w")
+	dlog.Printf("getting wordlist: %s", url)
+	wonkles := getxonker(url, "wonkles")
+	if wonkles == "" {
+		wonkles = savewonkles(url)
+		if wonkles == "" {
+			http.NotFound(w, r)
+			return
+		}
+	}
+	var words []string
+	for _, l := range strings.Split(wonkles, "\n") {
+		words = append(words, l)
+	}
+	if !develMode {
+		w.Header().Set("Cache-Control", "max-age=7776000")
+	}
+
+	j := junk.New()
+	j["wordlist"] = words
+	j.Write(w)
+}
+
+func savewonkles(url string) string {
+	w := getxonker(url, "wonkles")
+	if w != "" {
+		return w
+	}
+	ilog.Printf("fetching wonkles: %s", url)
+	res, err := fetchsome(url)
+	if err != nil {
+		ilog.Printf("error fetching wonkles: %s", err)
+		return ""
+	}
+	w = getxonker(url, "wonkles")
+	if w != "" {
+		return w
+	}
+	w = string(res)
+	savexonker(url, w, "wonkles", "")
+	return w
+}

@@ -0,0 +1,1197 @@ 
+//
+// Copyright (c) 2019 Ted Unangst <tedu@tedunangst.com>
+//
+// Permission to use, copy, modify, and distribute this software for any
+// purpose with or without fee is hereby granted, provided that the above
+// copyright notice and this permission notice appear in all copies.
+//
+// THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
+// WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
+// MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
+// ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
+// WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
+// ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
+// OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
+
+package main
+
+import (
+	"bytes"
+	"crypto/sha512"
+	"database/sql"
+	_ "embed"
+	"encoding/json"
+	"fmt"
+	"html/template"
+	"sort"
+	"strconv"
+	"strings"
+	"sync"
+	"time"
+
+	"humungus.tedunangst.com/r/webs/cache"
+	"humungus.tedunangst.com/r/webs/httpsig"
+	"humungus.tedunangst.com/r/webs/login"
+	"humungus.tedunangst.com/r/webs/mz"
+)
+
+//go:embed schema.sql
+var sqlSchema string
+
+func userfromrow(row *sql.Row) (*WhatAbout, error) {
+	user := new(WhatAbout)
+	var seckey, options string
+	err := row.Scan(&user.ID, &user.Name, &user.Display, &user.About, &user.Key, &seckey, &options)
+	if err == nil {
+		user.SecKey, _, err = httpsig.DecodeKey(seckey)
+	}
+	if err != nil {
+		return nil, err
+	}
+	if user.ID > 0 {
+		user.URL = fmt.Sprintf("https://%s/%s/%s", serverName, userSep, user.Name)
+		err = unjsonify(options, &user.Options)
+		if err != nil {
+			elog.Printf("error processing user options: %s", err)
+		}
+	} else {
+		user.URL = fmt.Sprintf("https://%s/%s", serverName, user.Name)
+	}
+	if user.Options.Reaction == "" {
+		user.Options.Reaction = "none"
+	}
+
+	return user, nil
+}
+
+var somenamedusers = cache.New(cache.Options{Filler: func(name string) (*WhatAbout, bool) {
+	row := stmtUserByName.QueryRow(name)
+	user, err := userfromrow(row)
+	if err != nil {
+		return nil, false
+	}
+	var marker mz.Marker
+	marker.HashLinker = ontoreplacer
+	marker.AtLinker = attoreplacer
+	user.HTAbout = template.HTML(marker.Mark(user.About))
+	user.Onts = marker.HashTags
+	return user, true
+}})
+
+var somenumberedusers = cache.New(cache.Options{Filler: func(userid int64) (*WhatAbout, bool) {
+	row := stmtUserByNumber.QueryRow(userid)
+	user, err := userfromrow(row)
+	if err != nil {
+		return nil, false
+	}
+	// don't touch attoreplacer, which introduces a loop
+	// finger -> getjunk -> keys -> users
+	return user, true
+}})
+
+func getserveruser() *WhatAbout {
+	var user *WhatAbout
+	ok := somenumberedusers.Get(serverUID, &user)
+	if !ok {
+		elog.Panicf("lost server user")
+	}
+	return user
+}
+
+func butwhatabout(name string) (*WhatAbout, error) {
+	var user *WhatAbout
+	ok := somenamedusers.Get(name, &user)
+	if !ok {
+		return nil, fmt.Errorf("no user: %s", name)
+	}
+	return user, nil
+}
+
+var honkerinvalidator cache.Invalidator
+
+func gethonkers(userid int64) []*Honker {
+	rows, err := stmtHonkers.Query(userid)
+	if err != nil {
+		elog.Printf("error querying honkers: %s", err)
+		return nil
+	}
+	defer rows.Close()
+	var honkers []*Honker
+	for rows.Next() {
+		h := new(Honker)
+		var combos, meta string
+		err = rows.Scan(&h.ID, &h.UserID, &h.Name, &h.XID, &h.Flavor, &combos, &meta)
+		if err == nil {
+			err = unjsonify(meta, &h.Meta)
+		}
+		if err != nil {
+			elog.Printf("error scanning honker: %s", err)
+			continue
+		}
+		h.Combos = strings.Split(strings.TrimSpace(combos), " ")
+		honkers = append(honkers, h)
+	}
+	return honkers
+}
+
+func getdubs(userid int64) []*Honker {
+	rows, err := stmtDubbers.Query(userid)
+	return dubsfromrows(rows, err)
+}
+
+func getnameddubs(userid int64, name string) []*Honker {
+	rows, err := stmtNamedDubbers.Query(userid, name)
+	return dubsfromrows(rows, err)
+}
+
+func dubsfromrows(rows *sql.Rows, err error) []*Honker {
+	if err != nil {
+		elog.Printf("error querying dubs: %s", err)
+		return nil
+	}
+	defer rows.Close()
+	var honkers []*Honker
+	for rows.Next() {
+		h := new(Honker)
+		err = rows.Scan(&h.ID, &h.UserID, &h.Name, &h.XID, &h.Flavor)
+		if err != nil {
+			elog.Printf("error scanning honker: %s", err)
+			return nil
+		}
+		honkers = append(honkers, h)
+	}
+	return honkers
+}
+
+func allusers() []login.UserInfo {
+	var users []login.UserInfo
+	rows, _ := opendatabase().Query("select userid, username from users where userid > 0")
+	defer rows.Close()
+	for rows.Next() {
+		var u login.UserInfo
+		rows.Scan(&u.UserID, &u.Username)
+		users = append(users, u)
+	}
+	return users
+}
+
+func getxonk(userid int64, xid string) *Honk {
+	row := stmtOneXonk.QueryRow(userid, xid)
+	return scanhonk(row)
+}
+
+func getbonk(userid int64, xid string) *Honk {
+	row := stmtOneBonk.QueryRow(userid, xid)
+	return scanhonk(row)
+}
+
+func getpublichonks() []*Honk {
+	dt := time.Now().Add(-7 * 24 * time.Hour).UTC().Format(dbtimeformat)
+	rows, err := stmtPublicHonks.Query(dt, 100)
+	return getsomehonks(rows, err)
+}
+func geteventhonks(userid int64) []*Honk {
+	rows, err := stmtEventHonks.Query(userid, 25)
+	honks := getsomehonks(rows, err)
+	sort.Slice(honks, func(i, j int) bool {
+		var t1, t2 time.Time
+		if honks[i].Time == nil {
+			t1 = honks[i].Date
+		} else {
+			t1 = honks[i].Time.StartTime
+		}
+		if honks[j].Time == nil {
+			t2 = honks[j].Date
+		} else {
+			t2 = honks[j].Time.StartTime
+		}
+		return t1.After(t2)
+	})
+	now := time.Now().Add(-24 * time.Hour)
+	for i, h := range honks {
+		t := h.Date
+		if tm := h.Time; tm != nil {
+			t = tm.StartTime
+		}
+		if t.Before(now) {
+			honks = honks[:i]
+			break
+		}
+	}
+	reversehonks(honks)
+	return honks
+}
+func gethonksbyuser(name string, includeprivate bool, wanted int64) []*Honk {
+	dt := time.Now().Add(-7 * 24 * time.Hour).UTC().Format(dbtimeformat)
+	limit := 50
+	whofore := 2
+	if includeprivate {
+		whofore = 3
+	}
+	rows, err := stmtUserHonks.Query(wanted, whofore, name, dt, limit)
+	return getsomehonks(rows, err)
+}
+func gethonksforuser(userid int64, wanted int64) []*Honk {
+	dt := time.Now().Add(-7 * 24 * time.Hour).UTC().Format(dbtimeformat)
+	rows, err := stmtHonksForUser.Query(wanted, userid, dt, userid, userid)
+	return getsomehonks(rows, err)
+}
+func gethonksforuserfirstclass(userid int64, wanted int64) []*Honk {
+	dt := time.Now().Add(-7 * 24 * time.Hour).UTC().Format(dbtimeformat)
+	rows, err := stmtHonksForUserFirstClass.Query(wanted, userid, dt, userid, userid)
+	return getsomehonks(rows, err)
+}
+
+func gethonksforme(userid int64, wanted int64) []*Honk {
+	dt := time.Now().Add(-7 * 24 * time.Hour).UTC().Format(dbtimeformat)
+	rows, err := stmtHonksForMe.Query(wanted, userid, dt, userid)
+	return getsomehonks(rows, err)
+}
+func gethonksfromlongago(userid int64, wanted int64) []*Honk {
+	now := time.Now()
+	var honks []*Honk
+	for i := 1; i <= 3; i++ {
+		dt := time.Date(now.Year()-i, now.Month(), now.Day(), now.Hour(), now.Minute(),
+			now.Second(), 0, now.Location())
+		dt1 := dt.Add(-36 * time.Hour).UTC().Format(dbtimeformat)
+		dt2 := dt.Add(12 * time.Hour).UTC().Format(dbtimeformat)
+		rows, err := stmtHonksFromLongAgo.Query(wanted, userid, dt1, dt2, userid)
+		honks = append(honks, getsomehonks(rows, err)...)
+	}
+	return honks
+}
+func getsavedhonks(userid int64, wanted int64) []*Honk {
+	rows, err := stmtHonksISaved.Query(wanted, userid)
+	return getsomehonks(rows, err)
+}
+func gethonksbyhonker(userid int64, honker string, wanted int64) []*Honk {
+	rows, err := stmtHonksByHonker.Query(wanted, userid, honker, userid)
+	return getsomehonks(rows, err)
+}
+func gethonksbyxonker(userid int64, xonker string, wanted int64) []*Honk {
+	rows, err := stmtHonksByXonker.Query(wanted, userid, xonker, xonker, userid)
+	return getsomehonks(rows, err)
+}
+func gethonksbycombo(userid int64, combo string, wanted int64) []*Honk {
+	combo = "% " + combo + " %"
+	rows, err := stmtHonksByCombo.Query(wanted, userid, userid, combo, userid, wanted, userid, combo, userid)
+	return getsomehonks(rows, err)
+}
+func gethonksbyconvoy(userid int64, convoy string, wanted int64) []*Honk {
+	rows, err := stmtHonksByConvoy.Query(wanted, userid, userid, convoy)
+	honks := getsomehonks(rows, err)
+	return honks
+}
+func gethonksbysearch(userid int64, q string, wanted int64) []*Honk {
+	var queries []string
+	var params []interface{}
+	queries = append(queries, "honks.honkid > ?")
+	params = append(params, wanted)
+	queries = append(queries, "honks.userid = ?")
+	params = append(params, userid)
+
+	terms := strings.Split(q, " ")
+	for _, t := range terms {
+		if t == "" {
+			continue
+		}
+		negate := " "
+		if t[0] == '-' {
+			t = t[1:]
+			negate = " not "
+		}
+		if t == "" {
+			continue
+		}
+		if strings.HasPrefix(t, "site:") {
+			site := t[5:]
+			site = "%" + site + "%"
+			queries = append(queries, "xid"+negate+"like ?")
+			params = append(params, site)
+			continue
+		}
+		if strings.HasPrefix(t, "honker:") {
+			honker := t[7:]
+			xid := fullname(honker, userid)
+			if xid != "" {
+				honker = xid
+			}
+			queries = append(queries, negate+"(honks.honker = ? or honks.oonker = ?)")
+			params = append(params, honker)
+			params = append(params, honker)
+			continue
+		}
+		t = "%" + t + "%"
+		queries = append(queries, "noise"+negate+"like ?")
+		params = append(params, t)
+	}
+
+	selecthonks := "select honks.honkid, honks.userid, username, what, honker, oonker, honks.xid, rid, dt, url, audience, noise, precis, format, convoy, whofore, flags from honks join users on honks.userid = users.userid "
+	where := "where " + strings.Join(queries, " and ")
+	butnotthose := " and convoy not in (select name from zonkers where userid = ? and wherefore = 'zonvoy' order by zonkerid desc limit 100)"
+	limit := " order by honks.honkid desc limit 250"
+	params = append(params, userid)
+	rows, err := opendatabase().Query(selecthonks+where+butnotthose+limit, params...)
+	honks := getsomehonks(rows, err)
+	return honks
+}
+func gethonksbyontology(userid int64, name string, wanted int64) []*Honk {
+	rows, err := stmtHonksByOntology.Query(wanted, name, userid, userid)
+	honks := getsomehonks(rows, err)
+	return honks
+}
+
+func reversehonks(honks []*Honk) {
+	for i, j := 0, len(honks)-1; i < j; i, j = i+1, j-1 {
+		honks[i], honks[j] = honks[j], honks[i]
+	}
+}
+
+func getsomehonks(rows *sql.Rows, err error) []*Honk {
+	if err != nil {
+		elog.Printf("error querying honks: %s", err)
+		return nil
+	}
+	defer rows.Close()
+	var honks []*Honk
+	for rows.Next() {
+		h := scanhonk(rows)
+		if h != nil {
+			honks = append(honks, h)
+		}
+	}
+	rows.Close()
+	donksforhonks(honks)
+	return honks
+}
+
+type RowLike interface {
+	Scan(dest ...interface{}) error
+}
+
+func scanhonk(row RowLike) *Honk {
+	h := new(Honk)
+	var dt, aud string
+	err := row.Scan(&h.ID, &h.UserID, &h.Username, &h.What, &h.Honker, &h.Oonker, &h.XID, &h.RID,
+		&dt, &h.URL, &aud, &h.Noise, &h.Precis, &h.Format, &h.Convoy, &h.Whofore, &h.Flags)
+	if err != nil {
+		if err != sql.ErrNoRows {
+			elog.Printf("error scanning honk: %s", err)
+		}
+		return nil
+	}
+	h.Date, _ = time.Parse(dbtimeformat, dt)
+	h.Audience = strings.Split(aud, " ")
+	h.Public = loudandproud(h.Audience)
+	return h
+}
+
+func donksforhonks(honks []*Honk) {
+	db := opendatabase()
+	var ids []string
+	hmap := make(map[int64]*Honk)
+	for _, h := range honks {
+		ids = append(ids, fmt.Sprintf("%d", h.ID))
+		hmap[h.ID] = h
+	}
+	idset := strings.Join(ids, ",")
+	// grab donks
+	q := fmt.Sprintf("select honkid, donks.fileid, xid, name, description, url, media, local from donks join filemeta on donks.fileid = filemeta.fileid where honkid in (%s)", idset)
+	rows, err := db.Query(q)
+	if err != nil {
+		elog.Printf("error querying donks: %s", err)
+		return
+	}
+	defer rows.Close()
+	for rows.Next() {
+		var hid int64
+		d := new(Donk)
+		err = rows.Scan(&hid, &d.FileID, &d.XID, &d.Name, &d.Desc, &d.URL, &d.Media, &d.Local)
+		if err != nil {
+			elog.Printf("error scanning donk: %s", err)
+			continue
+		}
+		d.External = !strings.HasPrefix(d.URL, serverPrefix)
+		h := hmap[hid]
+		h.Donks = append(h.Donks, d)
+	}
+	rows.Close()
+
+	// grab onts
+	q = fmt.Sprintf("select honkid, ontology from onts where honkid in (%s)", idset)
+	rows, err = db.Query(q)
+	if err != nil {
+		elog.Printf("error querying onts: %s", err)
+		return
+	}
+	defer rows.Close()
+	for rows.Next() {
+		var hid int64
+		var o string
+		err = rows.Scan(&hid, &o)
+		if err != nil {
+			elog.Printf("error scanning donk: %s", err)
+			continue
+		}
+		h := hmap[hid]
+		h.Onts = append(h.Onts, o)
+	}
+	rows.Close()
+
+	// grab meta
+	q = fmt.Sprintf("select honkid, genus, json from honkmeta where honkid in (%s)", idset)
+	rows, err = db.Query(q)
+	if err != nil {
+		elog.Printf("error querying honkmeta: %s", err)
+		return
+	}
+	defer rows.Close()
+	for rows.Next() {
+		var hid int64
+		var genus, j string
+		err = rows.Scan(&hid, &genus, &j)
+		if err != nil {
+			elog.Printf("error scanning honkmeta: %s", err)
+			continue
+		}
+		h := hmap[hid]
+		switch genus {
+		case "place":
+			p := new(Place)
+			err = unjsonify(j, p)
+			if err != nil {
+				elog.Printf("error parsing place: %s", err)
+				continue
+			}
+			h.Place = p
+		case "time":
+			t := new(Time)
+			err = unjsonify(j, t)
+			if err != nil {
+				elog.Printf("error parsing time: %s", err)
+				continue
+			}
+			h.Time = t
+		case "mentions":
+			err = unjsonify(j, &h.Mentions)
+			if err != nil {
+				elog.Printf("error parsing mentions: %s", err)
+				continue
+			}
+		case "badonks":
+			err = unjsonify(j, &h.Badonks)
+			if err != nil {
+				elog.Printf("error parsing badonks: %s", err)
+				continue
+			}
+		case "wonkles":
+			h.Wonkles = j
+		case "guesses":
+			h.Guesses = template.HTML(j)
+		case "oldrev":
+		default:
+			elog.Printf("unknown meta genus: %s", genus)
+		}
+	}
+	rows.Close()
+}
+
+func donksforchonks(chonks []*Chonk) {
+	db := opendatabase()
+	var ids []string
+	chmap := make(map[int64]*Chonk)
+	for _, ch := range chonks {
+		ids = append(ids, fmt.Sprintf("%d", ch.ID))
+		chmap[ch.ID] = ch
+	}
+	idset := strings.Join(ids, ",")
+	// grab donks
+	q := fmt.Sprintf("select chonkid, donks.fileid, xid, name, description, url, media, local from donks join filemeta on donks.fileid = filemeta.fileid where chonkid in (%s)", idset)
+	rows, err := db.Query(q)
+	if err != nil {
+		elog.Printf("error querying donks: %s", err)
+		return
+	}
+	defer rows.Close()
+	for rows.Next() {
+		var chid int64
+		d := new(Donk)
+		err = rows.Scan(&chid, &d.FileID, &d.XID, &d.Name, &d.Desc, &d.URL, &d.Media, &d.Local)
+		if err != nil {
+			elog.Printf("error scanning donk: %s", err)
+			continue
+		}
+		ch := chmap[chid]
+		ch.Donks = append(ch.Donks, d)
+	}
+}
+
+func savefile(name string, desc string, url string, media string, local bool, data []byte) (int64, error) {
+	fileid, _, err := savefileandxid(name, desc, url, media, local, data)
+	return fileid, err
+}
+
+func hashfiledata(data []byte) string {
+	h := sha512.New512_256()
+	h.Write(data)
+	return fmt.Sprintf("%x", h.Sum(nil))
+}
+
+func savefileandxid(name string, desc string, url string, media string, local bool, data []byte) (int64, string, error) {
+	var xid string
+	if local {
+		hash := hashfiledata(data)
+		row := stmtCheckFileData.QueryRow(hash)
+		err := row.Scan(&xid)
+		if err == sql.ErrNoRows {
+			xid = xfiltrate()
+			switch media {
+			case "image/png":
+				xid += ".png"
+			case "image/jpeg":
+				xid += ".jpg"
+			case "application/pdf":
+				xid += ".pdf"
+			case "text/plain":
+				xid += ".txt"
+			}
+			_, err = stmtSaveFileData.Exec(xid, media, hash, data)
+			if err != nil {
+				return 0, "", err
+			}
+		} else if err != nil {
+			elog.Printf("error checking file hash: %s", err)
+			return 0, "", err
+		}
+		if url == "" {
+			url = fmt.Sprintf("https://%s/d/%s", serverName, xid)
+		}
+	}
+
+	res, err := stmtSaveFile.Exec(xid, name, desc, url, media, local)
+	if err != nil {
+		return 0, "", err
+	}
+	fileid, _ := res.LastInsertId()
+	return fileid, xid, nil
+}
+
+func finddonk(url string) *Donk {
+	donk := new(Donk)
+	row := stmtFindFile.QueryRow(url)
+	err := row.Scan(&donk.FileID, &donk.XID)
+	if err == nil {
+		return donk
+	}
+	if err != sql.ErrNoRows {
+		elog.Printf("error finding file: %s", err)
+	}
+	return nil
+}
+
+func savechonk(ch *Chonk) error {
+	dt := ch.Date.UTC().Format(dbtimeformat)
+	db := opendatabase()
+	tx, err := db.Begin()
+	if err != nil {
+		elog.Printf("can't begin tx: %s", err)
+		return err
+	}
+
+	res, err := tx.Stmt(stmtSaveChonk).Exec(ch.UserID, ch.XID, ch.Who, ch.Target, dt, ch.Noise, ch.Format)
+	if err == nil {
+		ch.ID, _ = res.LastInsertId()
+		for _, d := range ch.Donks {
+			_, err := tx.Stmt(stmtSaveDonk).Exec(-1, ch.ID, d.FileID)
+			if err != nil {
+				elog.Printf("error saving donk: %s", err)
+				break
+			}
+		}
+		chatplusone(tx, ch.UserID)
+		err = tx.Commit()
+	} else {
+		tx.Rollback()
+	}
+	return err
+}
+
+func chatplusone(tx *sql.Tx, userid int64) {
+	var user *WhatAbout
+	ok := somenumberedusers.Get(userid, &user)
+	if !ok {
+		return
+	}
+	options := user.Options
+	options.ChatCount += 1
+	j, err := jsonify(options)
+	if err == nil {
+		_, err = tx.Exec("update users set options = ? where username = ?", j, user.Name)
+	}
+	if err != nil {
+		elog.Printf("error plussing chat: %s", err)
+	}
+	somenamedusers.Clear(user.Name)
+	somenumberedusers.Clear(user.ID)
+}
+
+func chatnewnone(userid int64) {
+	var user *WhatAbout
+	ok := somenumberedusers.Get(userid, &user)
+	if !ok || user.Options.ChatCount == 0 {
+		return
+	}
+	options := user.Options
+	options.ChatCount = 0
+	j, err := jsonify(options)
+	if err == nil {
+		db := opendatabase()
+		_, err = db.Exec("update users set options = ? where username = ?", j, user.Name)
+	}
+	if err != nil {
+		elog.Printf("error noneing chat: %s", err)
+	}
+	somenamedusers.Clear(user.Name)
+	somenumberedusers.Clear(user.ID)
+}
+
+func meplusone(tx *sql.Tx, userid int64) {
+	var user *WhatAbout
+	ok := somenumberedusers.Get(userid, &user)
+	if !ok {
+		return
+	}
+	options := user.Options
+	options.MeCount += 1
+	j, err := jsonify(options)
+	if err == nil {
+		_, err = tx.Exec("update users set options = ? where username = ?", j, user.Name)
+	}
+	if err != nil {
+		elog.Printf("error plussing me: %s", err)
+	}
+	somenamedusers.Clear(user.Name)
+	somenumberedusers.Clear(user.ID)
+}
+
+func menewnone(userid int64) {
+	var user *WhatAbout
+	ok := somenumberedusers.Get(userid, &user)
+	if !ok || user.Options.MeCount == 0 {
+		return
+	}
+	options := user.Options
+	options.MeCount = 0
+	j, err := jsonify(options)
+	if err == nil {
+		db := opendatabase()
+		_, err = db.Exec("update users set options = ? where username = ?", j, user.Name)
+	}
+	if err != nil {
+		elog.Printf("error noneing me: %s", err)
+	}
+	somenamedusers.Clear(user.Name)
+	somenumberedusers.Clear(user.ID)
+}
+
+func loadchatter(userid int64) []*Chatter {
+	duedt := time.Now().Add(-3 * 24 * time.Hour).UTC().Format(dbtimeformat)
+	rows, err := stmtLoadChonks.Query(userid, duedt)
+	if err != nil {
+		elog.Printf("error loading chonks: %s", err)
+		return nil
+	}
+	defer rows.Close()
+	chonks := make(map[string][]*Chonk)
+	var allchonks []*Chonk
+	for rows.Next() {
+		ch := new(Chonk)
+		var dt string
+		err = rows.Scan(&ch.ID, &ch.UserID, &ch.XID, &ch.Who, &ch.Target, &dt, &ch.Noise, &ch.Format)
+		if err != nil {
+			elog.Printf("error scanning chonk: %s", err)
+			continue
+		}
+		ch.Date, _ = time.Parse(dbtimeformat, dt)
+		chonks[ch.Target] = append(chonks[ch.Target], ch)
+		allchonks = append(allchonks, ch)
+	}
+	donksforchonks(allchonks)
+	rows.Close()
+	rows, err = stmtGetChatters.Query(userid)
+	if err != nil {
+		elog.Printf("error getting chatters: %s", err)
+		return nil
+	}
+	for rows.Next() {
+		var target string
+		err = rows.Scan(&target)
+		if err != nil {
+			elog.Printf("error scanning chatter: %s", target)
+			continue
+		}
+		if _, ok := chonks[target]; !ok {
+			chonks[target] = []*Chonk{}
+
+		}
+	}
+	var chatter []*Chatter
+	for target, chonks := range chonks {
+		chatter = append(chatter, &Chatter{
+			Target: target,
+			Chonks: chonks,
+		})
+	}
+	sort.Slice(chatter, func(i, j int) bool {
+		a, b := chatter[i], chatter[j]
+		if len(a.Chonks) == 0 || len(b.Chonks) == 0 {
+			if len(a.Chonks) == len(b.Chonks) {
+				return a.Target < b.Target
+			}
+			return len(a.Chonks) > len(b.Chonks)
+		}
+		return a.Chonks[len(a.Chonks)-1].Date.After(b.Chonks[len(b.Chonks)-1].Date)
+	})
+
+	return chatter
+}
+
+func savehonk(h *Honk) error {
+	dt := h.Date.UTC().Format(dbtimeformat)
+	aud := strings.Join(h.Audience, " ")
+
+	db := opendatabase()
+	tx, err := db.Begin()
+	if err != nil {
+		elog.Printf("can't begin tx: %s", err)
+		return err
+	}
+
+	res, err := tx.Stmt(stmtSaveHonk).Exec(h.UserID, h.What, h.Honker, h.XID, h.RID, dt, h.URL,
+		aud, h.Noise, h.Convoy, h.Whofore, h.Format, h.Precis,
+		h.Oonker, h.Flags)
+	if err == nil {
+		h.ID, _ = res.LastInsertId()
+		err = saveextras(tx, h)
+	}
+	if err == nil {
+		if h.Whofore == 1 {
+			meplusone(tx, h.UserID)
+		}
+		err = tx.Commit()
+	} else {
+		tx.Rollback()
+	}
+	if err != nil {
+		elog.Printf("error saving honk: %s", err)
+	}
+	honkhonkline()
+	return err
+}
+
+func updatehonk(h *Honk) error {
+	old := getxonk(h.UserID, h.XID)
+	oldrev := OldRevision{Precis: old.Precis, Noise: old.Noise}
+	dt := h.Date.UTC().Format(dbtimeformat)
+
+	db := opendatabase()
+	tx, err := db.Begin()
+	if err != nil {
+		elog.Printf("can't begin tx: %s", err)
+		return err
+	}
+
+	err = deleteextras(tx, h.ID, false)
+	if err == nil {
+		_, err = tx.Stmt(stmtUpdateHonk).Exec(h.Precis, h.Noise, h.Format, h.Whofore, dt, h.ID)
+	}
+	if err == nil {
+		err = saveextras(tx, h)
+	}
+	if err == nil {
+		var j string
+		j, err = jsonify(&oldrev)
+		if err == nil {
+			_, err = tx.Stmt(stmtSaveMeta).Exec(old.ID, "oldrev", j)
+		}
+		if err != nil {
+			elog.Printf("error saving oldrev: %s", err)
+		}
+	}
+	if err == nil {
+		err = tx.Commit()
+	} else {
+		tx.Rollback()
+	}
+	if err != nil {
+		elog.Printf("error updating honk %d: %s", h.ID, err)
+	}
+	return err
+}
+
+func deletehonk(honkid int64) error {
+	db := opendatabase()
+	tx, err := db.Begin()
+	if err != nil {
+		elog.Printf("can't begin tx: %s", err)
+		return err
+	}
+
+	err = deleteextras(tx, honkid, true)
+	if err == nil {
+		_, err = tx.Stmt(stmtDeleteHonk).Exec(honkid)
+	}
+	if err == nil {
+		err = tx.Commit()
+	} else {
+		tx.Rollback()
+	}
+	if err != nil {
+		elog.Printf("error deleting honk %d: %s", honkid, err)
+	}
+	return err
+}
+
+func saveextras(tx *sql.Tx, h *Honk) error {
+	for _, d := range h.Donks {
+		_, err := tx.Stmt(stmtSaveDonk).Exec(h.ID, -1, d.FileID)
+		if err != nil {
+			elog.Printf("error saving donk: %s", err)
+			return err
+		}
+	}
+	for _, o := range h.Onts {
+		_, err := tx.Stmt(stmtSaveOnt).Exec(strings.ToLower(o), h.ID)
+		if err != nil {
+			elog.Printf("error saving ont: %s", err)
+			return err
+		}
+	}
+	if p := h.Place; p != nil {
+		j, err := jsonify(p)
+		if err == nil {
+			_, err = tx.Stmt(stmtSaveMeta).Exec(h.ID, "place", j)
+		}
+		if err != nil {
+			elog.Printf("error saving place: %s", err)
+			return err
+		}
+	}
+	if t := h.Time; t != nil {
+		j, err := jsonify(t)
+		if err == nil {
+			_, err = tx.Stmt(stmtSaveMeta).Exec(h.ID, "time", j)
+		}
+		if err != nil {
+			elog.Printf("error saving time: %s", err)
+			return err
+		}
+	}
+	if m := h.Mentions; len(m) > 0 {
+		j, err := jsonify(m)
+		if err == nil {
+			_, err = tx.Stmt(stmtSaveMeta).Exec(h.ID, "mentions", j)
+		}
+		if err != nil {
+			elog.Printf("error saving mentions: %s", err)
+			return err
+		}
+	}
+	if w := h.Wonkles; w != "" {
+		_, err := tx.Stmt(stmtSaveMeta).Exec(h.ID, "wonkles", w)
+		if err != nil {
+			elog.Printf("error saving wonkles: %s", err)
+			return err
+		}
+	}
+	if g := h.Guesses; g != "" {
+		_, err := tx.Stmt(stmtSaveMeta).Exec(h.ID, "guesses", g)
+		if err != nil {
+			elog.Printf("error saving guesses: %s", err)
+			return err
+		}
+	}
+	return nil
+}
+
+var baxonker sync.Mutex
+
+func addreaction(user *WhatAbout, xid string, who, react string) {
+	baxonker.Lock()
+	defer baxonker.Unlock()
+	h := getxonk(user.ID, xid)
+	if h == nil {
+		return
+	}
+	h.Badonks = append(h.Badonks, Badonk{Who: who, What: react})
+	j, _ := jsonify(h.Badonks)
+	db := opendatabase()
+	tx, _ := db.Begin()
+	_, _ = tx.Stmt(stmtDeleteOneMeta).Exec(h.ID, "badonks")
+	_, _ = tx.Stmt(stmtSaveMeta).Exec(h.ID, "badonks", j)
+	tx.Commit()
+}
+
+func deleteextras(tx *sql.Tx, honkid int64, everything bool) error {
+	_, err := tx.Stmt(stmtDeleteDonks).Exec(honkid)
+	if err != nil {
+		return err
+	}
+	_, err = tx.Stmt(stmtDeleteOnts).Exec(honkid)
+	if err != nil {
+		return err
+	}
+	if everything {
+		_, err = tx.Stmt(stmtDeleteAllMeta).Exec(honkid)
+	} else {
+		_, err = tx.Stmt(stmtDeleteSomeMeta).Exec(honkid)
+	}
+	if err != nil {
+		return err
+	}
+	return nil
+}
+
+func jsonify(what interface{}) (string, error) {
+	var buf bytes.Buffer
+	e := json.NewEncoder(&buf)
+	e.SetEscapeHTML(false)
+	e.SetIndent("", "")
+	err := e.Encode(what)
+	return buf.String(), err
+}
+
+func unjsonify(s string, dest interface{}) error {
+	d := json.NewDecoder(strings.NewReader(s))
+	err := d.Decode(dest)
+	return err
+}
+
+func getxonker(what, flav string) string {
+	var res string
+	row := stmtGetXonker.QueryRow(what, flav)
+	row.Scan(&res)
+	return res
+}
+
+func savexonker(what, value, flav, when string) {
+	stmtSaveXonker.Exec(what, value, flav, when)
+}
+
+func savehonker(user *WhatAbout, url, name, flavor, combos, mj string) error {
+	var owner string
+	if url[0] == '#' {
+		flavor = "peep"
+		if name == "" {
+			name = url[1:]
+		}
+		owner = url
+	} else {
+		info, err := investigate(url)
+		if err != nil {
+			ilog.Printf("failed to investigate honker: %s", err)
+			return err
+		}
+		url = info.XID
+		if name == "" {
+			name = info.Name
+		}
+		owner = info.Owner
+	}
+
+	var x string
+	db := opendatabase()
+	row := db.QueryRow("select xid from honkers where xid = ? and userid = ? and flavor in ('sub', 'unsub', 'peep')", url, user.ID)
+	err := row.Scan(&x)
+	if err != sql.ErrNoRows {
+		if err != nil {
+			elog.Printf("honker scan err: %s", err)
+		} else {
+			err = fmt.Errorf("it seems you are already subscribed to them")
+		}
+		return err
+	}
+
+	res, err := stmtSaveHonker.Exec(user.ID, name, url, flavor, combos, owner, mj)
+	if err != nil {
+		elog.Print(err)
+		return err
+	}
+	honkerid, _ := res.LastInsertId()
+	if flavor == "presub" {
+		followyou(user, honkerid)
+	}
+	return nil
+}
+
+func cleanupdb(arg string) {
+	db := opendatabase()
+	days, err := strconv.Atoi(arg)
+	var sqlargs []interface{}
+	var where string
+	if err != nil {
+		honker := arg
+		expdate := time.Now().Add(-3 * 24 * time.Hour).UTC().Format(dbtimeformat)
+		where = "dt < ? and honker = ?"
+		sqlargs = append(sqlargs, expdate)
+		sqlargs = append(sqlargs, honker)
+	} else {
+		expdate := time.Now().Add(-time.Duration(days) * 24 * time.Hour).UTC().Format(dbtimeformat)
+		where = "dt < ? and convoy not in (select convoy from honks where flags & 4 or whofore = 2 or whofore = 3)"
+		sqlargs = append(sqlargs, expdate)
+	}
+	doordie(db, "delete from honks where flags & 4 = 0 and whofore = 0 and "+where, sqlargs...)
+	doordie(db, "delete from donks where honkid > 0 and honkid not in (select honkid from honks)")
+	doordie(db, "delete from onts where honkid not in (select honkid from honks)")
+	doordie(db, "delete from honkmeta where honkid not in (select honkid from honks)")
+
+	doordie(db, "delete from filemeta where fileid not in (select fileid from donks)")
+	for _, u := range allusers() {
+		doordie(db, "delete from zonkers where userid = ? and wherefore = 'zonvoy' and zonkerid < (select zonkerid from zonkers where userid = ? and wherefore = 'zonvoy' order by zonkerid desc limit 1 offset 200)", u.UserID, u.UserID)
+	}
+
+	filexids := make(map[string]bool)
+	blobdb := openblobdb()
+	rows, err := blobdb.Query("select xid from filedata")
+	if err != nil {
+		elog.Fatal(err)
+	}
+	for rows.Next() {
+		var xid string
+		err = rows.Scan(&xid)
+		if err != nil {
+			elog.Fatal(err)
+		}
+		filexids[xid] = true
+	}
+	rows.Close()
+	rows, err = db.Query("select xid from filemeta")
+	for rows.Next() {
+		var xid string
+		err = rows.Scan(&xid)
+		if err != nil {
+			elog.Fatal(err)
+		}
+		delete(filexids, xid)
+	}
+	rows.Close()
+	tx, err := blobdb.Begin()
+	if err != nil {
+		elog.Fatal(err)
+	}
+	for xid, _ := range filexids {
+		_, err = tx.Exec("delete from filedata where xid = ?", xid)
+		if err != nil {
+			elog.Fatal(err)
+		}
+	}
+	err = tx.Commit()
+	if err != nil {
+		elog.Fatal(err)
+	}
+}
+
+var stmtHonkers, stmtDubbers, stmtNamedDubbers, stmtSaveHonker, stmtUpdateFlavor, stmtUpdateHonker *sql.Stmt
+var stmtDeleteHonker *sql.Stmt
+var stmtAnyXonk, stmtOneXonk, stmtPublicHonks, stmtUserHonks, stmtHonksByCombo, stmtHonksByConvoy *sql.Stmt
+var stmtHonksByOntology, stmtHonksForUser, stmtHonksForMe, stmtSaveDub, stmtHonksByXonker *sql.Stmt
+var stmtHonksFromLongAgo *sql.Stmt
+var stmtHonksByHonker, stmtSaveHonk, stmtUserByName, stmtUserByNumber *sql.Stmt
+var stmtEventHonks, stmtOneBonk, stmtFindZonk, stmtFindXonk, stmtSaveDonk *sql.Stmt
+var stmtFindFile, stmtGetFileData, stmtSaveFileData, stmtSaveFile *sql.Stmt
+var stmtCheckFileData *sql.Stmt
+var stmtAddDoover, stmtGetDoovers, stmtLoadDoover, stmtZapDoover, stmtOneHonker *sql.Stmt
+var stmtUntagged, stmtDeleteHonk, stmtDeleteDonks, stmtDeleteOnts, stmtSaveZonker *sql.Stmt
+var stmtGetZonkers, stmtRecentHonkers, stmtGetXonker, stmtSaveXonker, stmtDeleteXonker, stmtDeleteOldXonkers *sql.Stmt
+var stmtAllOnts, stmtSaveOnt, stmtUpdateFlags, stmtClearFlags *sql.Stmt
+var stmtHonksForUserFirstClass *sql.Stmt
+var stmtSaveMeta, stmtDeleteAllMeta, stmtDeleteOneMeta, stmtDeleteSomeMeta, stmtUpdateHonk *sql.Stmt
+var stmtHonksISaved, stmtGetFilters, stmtSaveFilter, stmtDeleteFilter *sql.Stmt
+var stmtGetTracks *sql.Stmt
+var stmtSaveChonk, stmtLoadChonks, stmtGetChatters *sql.Stmt
+
+func preparetodie(db *sql.DB, s string) *sql.Stmt {
+	stmt, err := db.Prepare(s)
+	if err != nil {
+		elog.Fatalf("error %s: %s", err, s)
+	}
+	return stmt
+}
+
+func prepareStatements(db *sql.DB) {
+	stmtHonkers = preparetodie(db, "select honkerid, userid, name, xid, flavor, combos, meta from honkers where userid = ? and (flavor = 'presub' or flavor = 'sub' or flavor = 'peep' or flavor = 'unsub') order by name")
+	stmtSaveHonker = preparetodie(db, "insert into honkers (userid, name, xid, flavor, combos, owner, meta, folxid) values (?, ?, ?, ?, ?, ?, ?, '')")
+	stmtUpdateFlavor = preparetodie(db, "update honkers set flavor = ?, folxid = ? where userid = ? and name = ? and xid = ? and flavor = ?")
+	stmtUpdateHonker = preparetodie(db, "update honkers set name = ?, combos = ?, meta = ? where honkerid = ? and userid = ?")
+	stmtDeleteHonker = preparetodie(db, "delete from honkers where honkerid = ?")
+	stmtOneHonker = preparetodie(db, "select xid from honkers where name = ? and userid = ?")
+	stmtDubbers = preparetodie(db, "select honkerid, userid, name, xid, flavor from honkers where userid = ? and flavor = 'dub'")
+	stmtNamedDubbers = preparetodie(db, "select honkerid, userid, name, xid, flavor from honkers where userid = ? and name = ? and flavor = 'dub'")
+
+	selecthonks := "select honks.honkid, honks.userid, username, what, honker, oonker, honks.xid, rid, dt, url, audience, noise, precis, format, convoy, whofore, flags from honks join users on honks.userid = users.userid "
+	limit := " order by honks.honkid desc limit 250"
+	smalllimit := " order by honks.honkid desc limit ?"
+	butnotthose := " and convoy not in (select name from zonkers where userid = ? and wherefore = 'zonvoy' order by zonkerid desc limit 100)"
+	stmtOneXonk = preparetodie(db, selecthonks+"where honks.userid = ? and xid = ?")
+	stmtAnyXonk = preparetodie(db, selecthonks+"where xid = ? order by honks.honkid asc")
+	stmtOneBonk = preparetodie(db, selecthonks+"where honks.userid = ? and xid = ? and what = 'bonk' and whofore = 2")
+	stmtPublicHonks = preparetodie(db, selecthonks+"where whofore = 2 and dt > ?"+smalllimit)
+	stmtEventHonks = preparetodie(db, selecthonks+"where (whofore = 2 or honks.userid = ?) and what = 'event'"+smalllimit)
+	stmtUserHonks = preparetodie(db, selecthonks+"where honks.honkid > ? and (whofore = 2 or whofore = ?) and username = ? and dt > ?"+smalllimit)
+	myhonkers := " and honker in (select xid from honkers where userid = ? and (flavor = 'sub' or flavor = 'peep' or flavor = 'presub') and combos not like '% - %')"
+	stmtHonksForUser = preparetodie(db, selecthonks+"where honks.honkid > ? and honks.userid = ? and dt > ?"+myhonkers+butnotthose+limit)
+	stmtHonksForUserFirstClass = preparetodie(db, selecthonks+"where honks.honkid > ? and honks.userid = ? and dt > ? and (what <> 'tonk')"+myhonkers+butnotthose+limit)
+	stmtHonksForMe = preparetodie(db, selecthonks+"where honks.honkid > ? and honks.userid = ? and dt > ? and whofore = 1"+butnotthose+limit)
+	stmtHonksFromLongAgo = preparetodie(db, selecthonks+"where honks.honkid > ? and honks.userid = ? and dt > ? and dt < ? and whofore = 2"+butnotthose+limit)
+	stmtHonksISaved = preparetodie(db, selecthonks+"where honks.honkid > ? and honks.userid = ? and flags & 4 order by honks.honkid desc")
+	stmtHonksByHonker = preparetodie(db, selecthonks+"join honkers on (honkers.xid = honks.honker or honkers.xid = honks.oonker) where honks.honkid > ? and honks.userid = ? and honkers.name = ?"+butnotthose+limit)
+	stmtHonksByXonker = preparetodie(db, selecthonks+" where honks.honkid > ? and honks.userid = ? and (honker = ? or oonker = ?)"+butnotthose+limit)
+	stmtHonksByCombo = preparetodie(db, selecthonks+" where honks.honkid > ? and honks.userid = ? and honks.honker in (select xid from honkers where honkers.userid = ? and honkers.combos like ?) "+butnotthose+" union "+selecthonks+"join onts on honks.honkid = onts.honkid where honks.honkid > ? and honks.userid = ? and onts.ontology in (select xid from honkers where combos like ?)"+butnotthose+limit)
+	stmtHonksByConvoy = preparetodie(db, selecthonks+"where honks.honkid > ? and (honks.userid = ? or (? = -1 and whofore = 2)) and convoy = ?"+limit)
+	stmtHonksByOntology = preparetodie(db, selecthonks+"join onts on honks.honkid = onts.honkid where honks.honkid > ? and onts.ontology = ? and (honks.userid = ? or (? = -1 and honks.whofore = 2))"+limit)
+
+	stmtSaveMeta = preparetodie(db, "insert into honkmeta (honkid, genus, json) values (?, ?, ?)")
+	stmtDeleteAllMeta = preparetodie(db, "delete from honkmeta where honkid = ?")
+	stmtDeleteSomeMeta = preparetodie(db, "delete from honkmeta where honkid = ? and genus not in ('oldrev')")
+	stmtDeleteOneMeta = preparetodie(db, "delete from honkmeta where honkid = ? and genus = ?")
+	stmtSaveHonk = preparetodie(db, "insert into honks (userid, what, honker, xid, rid, dt, url, audience, noise, convoy, whofore, format, precis, oonker, flags) values (?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?)")
+	stmtDeleteHonk = preparetodie(db, "delete from honks where honkid = ?")
+	stmtUpdateHonk = preparetodie(db, "update honks set precis = ?, noise = ?, format = ?, whofore = ?, dt = ? where honkid = ?")
+	stmtSaveOnt = preparetodie(db, "insert into onts (ontology, honkid) values (?, ?)")
+	stmtDeleteOnts = preparetodie(db, "delete from onts where honkid = ?")
+	stmtSaveDonk = preparetodie(db, "insert into donks (honkid, chonkid, fileid) values (?, ?, ?)")
+	stmtDeleteDonks = preparetodie(db, "delete from donks where honkid = ?")
+	stmtSaveFile = preparetodie(db, "insert into filemeta (xid, name, description, url, media, local) values (?, ?, ?, ?, ?, ?)")
+	blobdb := openblobdb()
+	stmtSaveFileData = preparetodie(blobdb, "insert into filedata (xid, media, hash, content) values (?, ?, ?, ?)")
+	stmtCheckFileData = preparetodie(blobdb, "select xid from filedata where hash = ?")
+	stmtGetFileData = preparetodie(blobdb, "select media, content from filedata where xid = ?")
+	stmtFindXonk = preparetodie(db, "select honkid from honks where userid = ? and xid = ?")
+	stmtFindFile = preparetodie(db, "select fileid, xid from filemeta where url = ? and local = 1")
+	stmtUserByName = preparetodie(db, "select userid, username, displayname, about, pubkey, seckey, options from users where username = ? and userid > 0")
+	stmtUserByNumber = preparetodie(db, "select userid, username, displayname, about, pubkey, seckey, options from users where userid = ?")
+	stmtSaveDub = preparetodie(db, "insert into honkers (userid, name, xid, flavor, combos, owner, meta, folxid) values (?, ?, ?, ?, '', '', '', ?)")
+	stmtAddDoover = preparetodie(db, "insert into doovers (dt, tries, userid, rcpt, msg) values (?, ?, ?, ?, ?)")
+	stmtGetDoovers = preparetodie(db, "select dooverid, dt from doovers")
+	stmtLoadDoover = preparetodie(db, "select tries, userid, rcpt, msg from doovers where dooverid = ?")
+	stmtZapDoover = preparetodie(db, "delete from doovers where dooverid = ?")
+	stmtUntagged = preparetodie(db, "select xid, rid, flags from (select honkid, xid, rid, flags from honks where userid = ? order by honkid desc limit 10000) order by honkid asc")
+	stmtFindZonk = preparetodie(db, "select zonkerid from zonkers where userid = ? and name = ? and wherefore = 'zonk'")
+	stmtGetZonkers = preparetodie(db, "select zonkerid, name, wherefore from zonkers where userid = ? and wherefore <> 'zonk'")
+	stmtSaveZonker = preparetodie(db, "insert into zonkers (userid, name, wherefore) values (?, ?, ?)")
+	stmtGetXonker = preparetodie(db, "select info from xonkers where name = ? and flavor = ?")
+	stmtSaveXonker = preparetodie(db, "insert into xonkers (name, info, flavor, dt) values (?, ?, ?, ?)")
+	stmtDeleteXonker = preparetodie(db, "delete from xonkers where name = ? and flavor = ? and dt < ?")
+	stmtDeleteOldXonkers = preparetodie(db, "delete from xonkers where flavor = ? and dt < ?")
+	stmtRecentHonkers = preparetodie(db, "select distinct(honker) from honks where userid = ? and honker not in (select xid from honkers where userid = ? and flavor = 'sub') order by honkid desc limit 100")
+	stmtUpdateFlags = preparetodie(db, "update honks set flags = flags | ? where honkid = ?")
+	stmtClearFlags = preparetodie(db, "update honks set flags = flags & ~ ? where honkid = ?")
+	stmtAllOnts = preparetodie(db, "select ontology, count(ontology) from onts join honks on onts.honkid = honks.honkid where (honks.userid = ? or honks.whofore = 2) group by ontology")
+	stmtGetFilters = preparetodie(db, "select hfcsid, json from hfcs where userid = ?")
+	stmtSaveFilter = preparetodie(db, "insert into hfcs (userid, json) values (?, ?)")
+	stmtDeleteFilter = preparetodie(db, "delete from hfcs where userid = ? and hfcsid = ?")
+	stmtGetTracks = preparetodie(db, "select fetches from tracks where xid = ?")
+	stmtSaveChonk = preparetodie(db, "insert into chonks (userid, xid, who, target, dt, noise, format) values (?, ?, ?, ?, ?, ?, ?)")
+	stmtLoadChonks = preparetodie(db, "select chonkid, userid, xid, who, target, dt, noise, format from chonks where userid = ? and dt > ? order by chonkid asc")
+	stmtGetChatters = preparetodie(db, "select distinct(target) from chonks where userid = ?")
+}

@@ -0,0 +1,178 @@ 
+//
+// Copyright (c) 2019 Ted Unangst <tedu@tedunangst.com>
+//
+// Permission to use, copy, modify, and distribute this software for any
+// purpose with or without fee is hereby granted, provided that the above
+// copyright notice and this permission notice appear in all copies.
+//
+// THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
+// WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
+// MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
+// ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
+// WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
+// ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
+// OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
+
+package main
+
+import (
+	"fmt"
+	notrand "math/rand"
+	"time"
+
+	"humungus.tedunangst.com/r/webs/gate"
+)
+
+type Doover struct {
+	ID   int64
+	When time.Time
+}
+
+func sayitagain(goarounds int64, userid int64, rcpt string, msg []byte) {
+	var drift time.Duration
+	switch goarounds {
+	case 1:
+		drift = 5 * time.Minute
+	case 2:
+		drift = 1 * time.Hour
+	case 3:
+		drift = 4 * time.Hour
+	case 4:
+		drift = 12 * time.Hour
+	case 5:
+		drift = 24 * time.Hour
+	default:
+		ilog.Printf("he's dead jim: %s", rcpt)
+		clearoutbound(rcpt)
+		return
+	}
+	drift += time.Duration(notrand.Int63n(int64(drift / 10)))
+	when := time.Now().Add(drift)
+	_, err := stmtAddDoover.Exec(when.UTC().Format(dbtimeformat), goarounds, userid, rcpt, msg)
+	if err != nil {
+		elog.Printf("error saving doover: %s", err)
+	}
+	select {
+	case pokechan <- 0:
+	default:
+	}
+}
+
+func clearoutbound(rcpt string) {
+	hostname := originate(rcpt)
+	if hostname == "" {
+		return
+	}
+	xid := fmt.Sprintf("%%https://%s/%%", hostname)
+	ilog.Printf("clearing outbound for %s", xid)
+	db := opendatabase()
+	db.Exec("delete from doovers where rcpt like ?", xid)
+}
+
+var garage = gate.NewLimiter(40)
+
+func deliverate(goarounds int64, userid int64, rcpt string, msg []byte, prio bool) {
+	garage.Start()
+	defer garage.Finish()
+
+	var ki *KeyInfo
+	ok := ziggies.Get(userid, &ki)
+	if !ok {
+		elog.Printf("lost key for delivery")
+		return
+	}
+	var inbox string
+	// already did the box indirection
+	if rcpt[0] == '%' {
+		inbox = rcpt[1:]
+	} else {
+		var box *Box
+		ok := boxofboxes.Get(rcpt, &box)
+		if !ok {
+			ilog.Printf("failed getting inbox for %s", rcpt)
+			sayitagain(goarounds+1, userid, rcpt, msg)
+			return
+		}
+		inbox = box.In
+	}
+	err := PostMsg(ki.keyname, ki.seckey, inbox, msg)
+	if err != nil {
+		ilog.Printf("failed to post json to %s: %s", inbox, err)
+		if prio {
+			sayitagain(goarounds+1, userid, rcpt, msg)
+		}
+		return
+	}
+}
+
+var pokechan = make(chan int, 1)
+
+func getdoovers() []Doover {
+	rows, err := stmtGetDoovers.Query()
+	if err != nil {
+		elog.Printf("wat?")
+		time.Sleep(1 * time.Minute)
+		return nil
+	}
+	defer rows.Close()
+	var doovers []Doover
+	for rows.Next() {
+		var d Doover
+		var dt string
+		err := rows.Scan(&d.ID, &dt)
+		if err != nil {
+			elog.Printf("error scanning dooverid: %s", err)
+			continue
+		}
+		d.When, _ = time.Parse(dbtimeformat, dt)
+		doovers = append(doovers, d)
+	}
+	return doovers
+}
+
+func redeliverator() {
+	sleeper := time.NewTimer(5 * time.Second)
+	for {
+		select {
+		case <-pokechan:
+			if !sleeper.Stop() {
+				<-sleeper.C
+			}
+			time.Sleep(5 * time.Second)
+		case <-sleeper.C:
+		}
+
+		doovers := getdoovers()
+
+		now := time.Now()
+		nexttime := now.Add(24 * time.Hour)
+		for _, d := range doovers {
+			if d.When.Before(now) {
+				var goarounds, userid int64
+				var rcpt string
+				var msg []byte
+				row := stmtLoadDoover.QueryRow(d.ID)
+				err := row.Scan(&goarounds, &userid, &rcpt, &msg)
+				if err != nil {
+					elog.Printf("error scanning doover: %s", err)
+					continue
+				}
+				_, err = stmtZapDoover.Exec(d.ID)
+				if err != nil {
+					elog.Printf("error deleting doover: %s", err)
+					continue
+				}
+				ilog.Printf("redeliverating %s try %d", rcpt, goarounds)
+				deliverate(goarounds, userid, rcpt, msg, true)
+			} else if d.When.Before(nexttime) {
+				nexttime = d.When
+			}
+		}
+		now = time.Now()
+		dur := 5 * time.Second
+		if now.Before(nexttime) {
+			dur += nexttime.Sub(now).Round(time.Second)
+		}
+		sleeper.Reset(dur)
+	}
+}

@@ -0,0 +1,175 @@ 
+.\"
+.\" Copyright (c) 2019 Ted Unangst
+.\"
+.\" Permission to use, copy, modify, and distribute this software for any
+.\" purpose with or without fee is hereby granted, provided that the above
+.\" copyright notice and this permission notice appear in all copies.
+.\"
+.\" THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
+.\" WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
+.\" MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
+.\" ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
+.\" WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
+.\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
+.\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
+.\"
+.Dd $Mdocdate$
+.Dt ACTIVITYPUB 7
+.Os
+.Sh NAME
+.Nm activitypub
+.Nd notes about the honk implementation
+.Sh DESCRIPTION
+The
+.Xr honk 1
+utility processes status updates and other microblog activities using the
+.Nm ActivityPub
+protocol to exchange messages with other servers.
+The specification is subject to interpretation, and not all implementations
+behave in the same way.
+This document attempts to clarify honk's behavior.
+It is not intended to be a complete description of
+.Nm ActivityPub ,
+but may be useful as a guide to other implementors looking to interoperate.
+.Ss OBJECTS
+The following object or document types are supported.
+.Bl -tag -width tenletters
+.It Vt Note
+Fully supported.
+The default object type for honk.
+.It Vt Article
+Fully supported.
+.It Vt Page
+Supported.
+.It Vt Question
+Read only support.
+Appears similar to a Note.
+.It Vt Event
+Supported.
+Appears similar to a Note.
+Can be both created and received, but
+.Vt Invite
+activities are ignored.
+.It Vt Video
+Limited support.
+.It Vt Audio
+Limited Support.
+.It Vt GuessWord
+Guess the word game.
+(Unofficial extension.)
+The solution is stored in
+.Fa content
+with the possible words, one per line, in a file located at
+.Fa wordlist .
+.El
+.Pp
+Honk primarily supports HTML content, not markdown or other formats,
+with a wide range of permitted HTML tags in object
+.Fa content
+fields.
+The following tags are supported.
+.Bd -literal -offset indent
+a, img, span,
+div, h1, h2, h3, h4, h5, h6, hr,
+table, thead, tbody, tfoot, th, tr, td, colgroup, col,
+p, br, pre, code, blockquote, q,
+caption, kbd, time, wbr, aside,
+ruby, rtc, rb, rt, details, summary,
+samp, mark, ins, dfn, cite, abbr, address,
+strong, em, b, i, s, u, sub, sup, del, tt, small,
+ol, ul, li, dl, dt, dd
+.Ed
+.Pp
+The following tag attributes are permitted.
+.Bd -literal -offset indent
+href, src, alt, colspan, rowspan
+.Ed
+.Pp
+The following class names are used for syntax highlighting code blocks.
+.Bd -literal -offset indent
+kw, bi, st, nm, tp, op, cm, al, dl
+.Ed
+.Ss ACTIVITIES
+The following activities are supported.
+.Bl -tag -width tenletters
+.It Vt Create
+Fully supported.
+.It Vt Announce
+Supported with share semantics.
+.It Vt Read
+Supported.
+Primarily used to acknowledge replies and complete threads.
+Can be interpreted to mean reply is approved, if not endorsed.
+.It Vt Add
+Works with collections.
+.It Vt Follow
+Supported.
+Can follow both actors and collections.
+.It Vt Update
+Supported.
+Honk sends and receives
+.Vt Update
+activities.
+.It Vt Delete
+Does what it can.
+.It Vt Like
+Don't be ridiculous.
+.It Vt EmojiReact
+Be ridiculous.
+.El
+.Ss METADATA
+The following additional object types are supported, typically as
+.Fa tag
+or
+.Fa attachment .
+.Bl -tag -width tenletters
+.It Mention
+Pretty @ machine.
+.It Emoji
+Inline text :emoji: with image replacement.
+.It Place
+Included as a
+.Fa location .
+Supports
+.Fa name ,
+.Fa url ,
+.Fa latitude ,
+and
+.Fa longitude .
+.It Document
+Plain text and images in jpeg, gif, png, and webp formats are supported.
+Other formats are linked to origin.
+.El
+.Pp
+The
+.Fa replies
+array will be populated with a list of acknowledged replies.
+.Ss EXTENSIONS
+Honk also supports a
+.Vt Ping
+activity and will respond with a
+.Vt Pong
+activity.
+This is useful for debugging networking connectivity issues without
+visible side effects.
+See ping.txt for details.
+.Ss SECURITY
+Honk uses http signatures.
+.Ss WEBFINGER
+Honk implements the
+.Vt webfinger
+end point and will use it for @mention resolution.
+It is not required for federation.
+.Ss LD-JSON
+Not really.
+.Sh SEE ALSO
+.Xr intro 1 ,
+.Xr honk 1
+.Sh STANDARDS
+.Pp
+.Lk https://www.w3.org/TR/activitypub/ "ActivityPub"
+.Pp
+.Lk https://www.w3.org/TR/activitystreams-vocabulary/ "Activity Vocabulary"
+.Sh CAVEATS
+The ActivityPub standard is subject to interpretation, and not all
+implementations are as enlightened as honk.

@@ -0,0 +1,378 @@ 
+changelog
+
+=== next
+
++ Add a default icon.png.
+
++ Try to fix hoot again because Twitter did a Twitter.
+
+=== 0.9.8 Tentative Tentacle
+
++ Switch database to WAL mode.
+
+- go version 1.16 required.
+
++ Specify banner: image in profile.
+
++ Update activity compatibility with mastodon.
+
+- Signed fetch.
+
++ Better unicode hashtags.
+
++ Some more configuration options.
+
++ Some UI improvements to web interface.
+
++ Add atme class to mentions
+
++ Improvements to the mastodon importer.
+
++ More hydration capable pages.
+
++ Support for local.js.
+
++ Better error messages for timeouts.
+
++ Some improved html and markdown.
+
+=== 0.9.7 Witless Weekender
+
++++ Word guessing game. Wonk wonk!
+
++ Flexible logging, to file, syslog, null, etc.
+
++ Low key unread counters.
+
++ Images in the hooter.
+
++ More flexible hashtag characters.
+
++ Fix the memetizer to work in more environments.
+
++ Printing is prettier than ever before.
+
+=== 0.9.6 Virile Vigorous and Potent
+
++ A bug, a fix, a bug fix, a fix bug.
+
++ Fix Update processing.
+
++ Better cookie rotation with weekly refresh.
+
++ A new follow button in a surprise location.
+
++ Fix mastodon import.
+
++ Filters work better with hashtags.
+
++ Fix hoot to work with Twitter's latest crap.
+
+=== 0.9.5 Emergency Ejection
+
++ Fix honk init user creation.
+
+=== 0.9.4 Collegiate Colloquialism
+
++ Add validation to some more user inputs to prevent mistakes.
+
++ Easier to use ping command.
+
+=== 0.9.3 Notacanthous Nutshell
+
+++ backup command.
+
++ Relax requirement for multipart/form-data posts in API.
+
++ Dedupe blob file data.
+
++ Better support for rich text bios.
+
++ Follow and unfollow should work a little better.
+
++ Option to mention all in replies.
+
++ Reduce interference between various text substitution rules.
+
++ Fix crash in search with extra space.
+
++ Fix pubkey issue with domain only keys.
+
+- Custom lingo for those who don't like honking.
+
+=== 0.9.2 Malleable Maltote
+
++ Fix compilation on mac.
+
+=== 0.9.1 Late Stage Lusciousness
+
+++ Boing boom tschak chonky chatter. Chat messages with Pleroma.
+
++ Custom rgb flag: emoji.
+
++ Slightly better ActivityPub compat
+
++ ## headings for markdown
+
++ Workaround js only twitter for hoot: feature.
+
++ Quote unquote reliability improvements.
+
++ Much better omit images handling.
+
++ Fix update activity.
+
++ A few API refinements and additions.
+
+=== 0.9.0 Monitor vs Merrimack
+
+--- Add Reactions.
+
++++ Rename react to badonk.
+
++ Quick fix to hide all images.
+
++ Allow resending follow requests.
+
++ Improved search query parsing.
+
++ Tables
+
++ Reduce retries talking to dumb servers.
+
++ Maybe possible to use @user@example.com wihtout subdomain.
+
+=== 0.8.6 Sartorial Headpiece
+
+++ Import command now supports the elephant in the room.
+
++ Minimal support for Move activity.
+
++ deluser command.
+
++ Configurable avatar colors.
+
++ Optional pleroma color scheme for the home sick...
+
++ Rebalance colors slightly. Looks a little fresher now?
+
++ Add unplug command for servers that have dropped off the net.
+
++ Add notes field to honkers to document their downfall.
+
++ Add notes field to filters for record keeping.
+
++ Negated search -terms.
+
++ A raw sendactivity API action for the bold.
+
++ More flexible meme names.
+
+=== 0.8.5 Turnkey Blaster
+
++ Codenames in changelog.
+
++ Fix some bugs that may have interfered with federation.
+
++ Add some re: re: re: to replies.
+
++ Set an avatar. If you must.
+
++ Try a little harder to recover from httpsig failures.
+
++ Add cite tag for block quote attributions.
+
++ @media print styles.
+
++ Disable overscroll (pull down) refresh.
+
++ Can never seem to version the changelog correctly.
+
+=== 0.8.4
+
++ Fix bug preventing import of keys
+
++ Option to switch map links to Apple.
+
+=== 0.8.3
+
+- mistag.
+
+=== 0.8.2 Game Warden
+
+++ Import command to preserve those embarssassing old posts from Twitter.
+
+++ Add a limited /api for the robotrons.
+
++ Resource usage stats on about page.
+
++ Unveil and pledge restrictions on OpenBSD.
+
++ Lists supported in markdown.
+
++ Rewrite admin console to avoid large dependencies.
+
++ "Bug" fixes.
+
+=== 0.8.1
+
+++ Make it easier to upgrade by decoupling data dir from ".".
+
++ Timestamps displayed in server time with TZ.
+
++ version command to print current version.
+
++ Amend changelog for 0.8.0 to include omitted elements:
+	Syntax highlighting for code blocks.
+	Something resembling an actual manual.
+
+=== 0.8.0 Ordinary Octology
+
++++ Add Honk Filtering and Censorship System (HFCS).
+
++++ Editing honks (Update activity).
+
+++ Subscribe to hashtags.
+
+++ Search. I hate it already.
+
+++ Hashtags that work?
+
+++ Dynamic refresh and page switching without reloads.
+
+++ Reply control. Ack replies to show them on the site.
+
++ Allow PDF attachments. For serious business only.
+
++ "untag me" button to mute part of a thread.
+
++ Inline images in posts. Send and receive.
+
++ Somewhat functional admin console (TTY).
+
++ More JS free fallbacks for some basic functions.
+
++ Add chpass command.
+
++ Improved honker management.
+
++ Better markdown output.
+
++ Times for events.
+
++ Split media database into separate blob.db.
+
++ Location checkin. Welcome to the... danger zone!
+
++ Quick mention @alias.
+
++ Image descriptions.
+
++ Unbonking.
+
++ More robust retries for fetching objects.
+
++ Don't decode excessively large images and run out of memory.
+
++ Syntax highlighting for code blocks.
+
++ Something resembling an actual manual.
+
+- Sometimes the cached state of the @me feed becomes unsynced.
+	Acked status may display incorrectly.
+
+=== 0.7.7 More 7 Than Ever
+
++ Add another retry to workaround pixelfed's general unreliability.
+
++ Attached images are not lost when previewing.
+
+- Remove sensitivity to spicy peppers.
+
++ Keep reply to setting during preview.
+
++ Increase max thread retrieval depth to 10.
+
+=== 0.7.6
+
++ Fix a bug where upgrades would not complete in one step.
+
+=== 0.7.5
+
++ Fix a bug (introdcued 0.7.4) preventing new user creation from working.
+
++ Semi flexible URL patterns to allow transition from other software.
+
++ Improved ActivityPub parsing conformance for better compat with others.
+
++ Add server name to user agent.
+
++ What may be considered UI improvements.
+
+=== 0.7.4
+
++ Ever more bug fixes.
+
++ Collapse posts based on custom regex match.
+
++ Tonks are now honk backs.
+
++ Show both avatars for bonks. Other minor refinements to UI.
+
++ Minimal support for Video activity and PeerTube compat.
+
++ Support for some user selectable styling. Currently, skinny column mode.
+
++ webp image transcoding.
+
+=== 0.7.3
+
++ Better fedicompat so bonks are visible to pleroma followers.
+
+=== 0.7.2
+
++ Add the funzone. Minor other UI tweaks.
+
+=== 0.7.1
+
++ Fix bug preventing unfollow from working.
+
+=== 0.7.0 Father Mother Maiden Crone Honker Bonker Zonker
+
++++ Auto fetching and inlining of hoots.
+
+++ A new xzone to view and import data not otherwise visible.
+
+++ Preview before honking.
+
+++ Some extra commands for better database retention management.
+
+++ A changelog.
+
++ Default robots.txt.
+
++ Misc UI touchups.
+
++ Read only support for qonks.
+
++ About page.
+
++ More reliable (retries) meta messages such as follow requests.
+
++ Better thread support for missing context.
+
++ Upgrade image library for cleaner screenshots.
+
++ Not all summaries need labels.
+
++ Add max-width for video tag.
+
+=== 0.6.0 Sixy Delights
+
+Most records from this time of primitive development have been lost.
+
+=== 0.5.0 Halfway to Heaven
+
+=== 0.4.0 Fore Score
+
+=== 0.3.0 Valorous Varaha

@@ -0,0 +1,100 @@ 
+.\"
+.\" Copyright (c) 2019 Ted Unangst
+.\"
+.\" Permission to use, copy, modify, and distribute this software for any
+.\" purpose with or without fee is hereby granted, provided that the above
+.\" copyright notice and this permission notice appear in all copies.
+.\"
+.\" THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
+.\" WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
+.\" MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
+.\" ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
+.\" WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
+.\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
+.\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
+.\"
+.Dd $Mdocdate$
+.Dt HFCS 1
+.Os
+.Sh NAME
+.Nm hfcs
+.Nd honk filtering and censorship system
+.Sh DESCRIPTION
+The honk filtering and censorship system,
+.Nm hfcs ,
+controls what messages are seen and how they are presented to the user.
+Filter rules are based on a series of matches and actions.
+It is accessed via the
+.Pa filters
+menu item.
+.Pp
+Each filter has an optional
+.Ar name
+and
+.Ar notes
+for user defined purposes.
+.Pp
+The following match types are possible.
+All nonempty criteria must match.
+.Bl -tag -width include-audience
+.It Ar who
+Match an actor or domain name.
+Matches against
+.Fa Ar actor
+property.
+.It Ar include audience
+Previous match is applied against
+.Fa to
+and
+.Fa cc
+fields as well.
+.It Ar text
+Regular expression match against the post
+.Fa content .
+.It Ar is announce
+Is announced (shared).
+.It Ar announce of
+Limit prevous match to only specified actor or domain name.
+.El
+.Pp
+The following actions may be applied.
+Multiple actions may be applied, but some are subsumed by others.
+.Bl -tag -width tenletters
+.It Ar reject
+Reject this message entirely.
+.It Ar skip media
+Don't include images or attachments.
+.It Ar hide
+Remove this message from most feeds.
+.It Ar collapse
+Show only a short summary with click to view content.
+.It Ar rewrite
+Rewrite message content, using
+.Ar replace
+replacement text.
+.El
+.Pp
+The
+.Ar text
+and
+.Ar rewrite
+fields are case insensitive word anchored regular expressions.
+Specifically, an argument
+.Ql re
+will be automatically rewritten as
+.Ql \\\b(?i:re)\\\b .
+The
+.Ar replace
+text may refer to submatches using $1, etc.
+.Pp
+A post marked sensitive that does not otherwise contain a summary will
+have an invisible summary of
+.Dq unspecified horror
+that can be matched against and will appear if the post is collapsed.
+.Pp
+An optional expiration may be specified as a duration.
+XdYhZm for X days, Y hours, and Z minutes.
+.Sh SEE ALSO
+.Xr honk 1
+.Sh CAVEATS
+Not seeing is not erasing.

@@ -0,0 +1,230 @@ 
+.\"
+.\" Copyright (c) 2019 Ted Unangst
+.\"
+.\" Permission to use, copy, modify, and distribute this software for any
+.\" purpose with or without fee is hereby granted, provided that the above
+.\" copyright notice and this permission notice appear in all copies.
+.\"
+.\" THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
+.\" WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
+.\" MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
+.\" ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
+.\" WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
+.\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
+.\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
+.\"
+.Dd $Mdocdate$
+.Dt HONK 1
+.Os
+.Sh NAME
+.Nm honk
+.Nd federated status conveyance
+.Sh DESCRIPTION
+The
+.Nm
+utility processes federated status updates and other microblog activities.
+This is the user manual.
+For administration, see
+.Xr honk 8 .
+For other documentation, refer to the
+.Xr intro 1 .
+.Pp
+This manual is still incomplete.
+It'll get there eventually.
+.Ss Honkers
+Initially, there won't be much to see after logging in.
+In order to receive regular updates from other users, they must first
+be added to one's honker collection.
+Begin at the
+.Pa honkers
+tab.
+The
+.Ar url
+field is required.
+Either of two forms are accepted, the user's handle (or webfinger) or their
+ActivityPub actor URL.
+.Pp
+.Dl @user@example.social
+.Dl https://example.social/users/user
+.Pp
+The
+.Ar name
+field is optional and will be automatically inferred.
+The
+.Ar notes
+field is reserved for user remarks.
+Fellow honkers may be added to one or more
+.Ar combos
+to suit one's organizational preferences.
+These are accessed via the
+.Pa combos
+tab and allow easy access to particular groupings.
+The special combo name of one hyphen
+.Sq -
+will exclude a honker's posts from the primary feed.
+.Pp
+It is also possible to skip subscribing.
+In this case, regular posts are not received, but replies and posts fetched
+via other means will appear in the relevant combos.
+.Pp
+In addition to honkers, it is possible to subscribe to a hashtag collection.
+(Where supported.)
+Enter the collection URL for
+.Ar url .
+.Pp
+Separately, hashtags may be added to a combo by creating a honker with a
+.Ar url
+of the desired hashtag (including #).
+Several hashtags may thus be collected in a single combo.
+.Ss Viewing
+The primary feed is accessed via the
+.Pa home
+tab.
+It will contain posts from all honkers except those specifically excluded.
+Posts mentioning the user, both followed and not, are collected under the
+.Pa @me
+tab.
+Other feeds include
+.Pa first
+which excludes replies, the user defined options under the
+.Pa combos
+subheading, and the
+.Pa events
+page which lists only events.
+.Pp
+Individual honks contain a visual representation of the honker's ID,
+their name, the activity (with a link back to origin), a link to the
+parent post if applicable, and the convoy (thread) identifier.
+A red border indicates the honk is not public.
+Screenshot below.
+.Pp
+.Lk screenshot-honk.png screenshot of one honk
+.Pp
+Available actions are:
+.Bl -tag -width tenletters
+.It Ic bonk
+Share with followers.
+Not available for nonpublic honks.
+.It Ic honk back
+Reply.
+.It Ic mute
+Mute this entire thread.
+Existing posts are hidden, and future posts will not appear in any feed.
+.It Ic zonk
+Delete this post.
+When deleting one's own post, other servers will be requested to remove it,
+but this is unreliable.
+.It Ic ack
+Acknowledge reading this post.
+Typically if it's a reply to one's own post.
+.It Ic save
+Save this honk to the
+.Pa saved
+tab to find later.
+.It Ic untag me
+Sometimes a thread goes on entirely too long.
+Untag will hide further replies to the selected post, but without muting the
+entire thread.
+Replies higher in the tree are still received.
+.It Ic badonk
+Please no.
+.It Ic edit
+Change it up.
+Alas, Update activities do not federate reliably.
+.Ss Refresh
+Clicking the refresh button will load new honks, if any.
+New honks will be subtly highlighted.
+.El
+.Ss Honking
+Refer to the
+.Xr honk 5
+section of the manual for details of honk composition.
+.Ss Search
+Find old honks.
+It's basic substring match with a few extensions.
+The following keywords are supported:
+.Bl -tag -width honker
+.It site
+Substring match on the post domain name.
+.It honker
+Exact match, either AP actor or honker nickname.
+.It -
+Negate term.
+.El
+.Pp
+Example:
+.Dl honker:goose big moose -footloose
+This query will find honks by the goose about the big moose, but excluding
+those about footloose.
+.Ss Filtering
+Sometimes other users of the federation can get unruly.
+The honk filtering and censorship system,
+.Xr hfcs 1 ,
+can be of great use to restore order to one's timeline.
+Accessed via the
+.Pa filters
+menu item.
+.Ss Xzone
+The
+.Pa xzone
+page lists recently seen honkers that are not otherwise tracked.
+It also allows the import of external objects via URL, either individual
+posts or actor URLs, in which case their recent outbox is imported.
+.Ss Account
+It's all about you.
+An avatar may be selected from the
+.Pa funzone
+meme collection by adding
+.Dq avatar: filename.png
+to one's profile info.
+If truly necessary.
+A banner may be set by specifying
+.Dq banner: image.jpg .
+See
+.Xr honk 8
+for more about the funzone.
+.Pp
+Some options to customize the site appearance:
+.Bl -tag -width skinny
+.It skinny
+Use a narrower column for the main display.
+.It omit images
+Omit img tags, to lighten page loads on slow connections.
+.It apple
+Prefer Apple links for maps.
+The default is OpenStreetMap.
+.It reaction
+Pick an emoji for reacting to posts.
+.El
+.Sh ENVIRONMENT
+.Nm
+is designed to work with most browsers, but for optimal results it is
+recommended to use a
+2015 or later Thinkpad X1 Carbon with 2560x1440 screen running
+.Ox
+and chromium at 150% scaling with the dwm window manager.
+This will enable the main menu to line up just right.
+.Sh SEE ALSO
+.Xr intro 1 ,
+.Xr honk 8
+.Sh STANDARDS
+.Pp
+.Lk https://www.w3.org/TR/activitypub/ "ActivityPub"
+.Pp
+.Lk https://www.w3.org/TR/activitystreams-vocabulary/ "Activity Vocabulary"
+.Sh HISTORY
+Started March 2019.
+.Sh AUTHORS
+.An Ted Unangst Lk https://honk.tedunangst.com/u/tedu @tedu@honk.tedunangst.com
+.Sh CAVEATS
+Completing some operations, such as subscribing to new honkers, requires an
+aptitude for clipboard use and tab switching along with a steady hand.
+For the most part, these are infrequent operations, but they are also the
+first operations new users encounter.
+This is not ideal.
+.Pp
+The ActivityPub standard is subject to interpretation, and not all
+implementations are as enlightened as
+.Nm .
+.Sh BUGS
+It's a feature.

@@ -0,0 +1,180 @@ 
+.\"
+.\" Copyright (c) 2019 Ted Unangst
+.\"
+.\" Permission to use, copy, modify, and distribute this software for any
+.\" purpose with or without fee is hereby granted, provided that the above
+.\" copyright notice and this permission notice appear in all copies.
+.\"
+.\" THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
+.\" WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
+.\" MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
+.\" ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
+.\" WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
+.\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
+.\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
+.\"
+.Dd $Mdocdate$
+.Dt HONK 3
+.Os
+.Sh NAME
+.Nm honk
+.Nd API access
+.Sh DESCRIPTION
+In addition to the standard web interface, some functionality is
+available via the
+.Nm
+HTTP API.
+.Pp
+With the exception of login, all requests should contain
+the following form values.
+.Bl -tag -width action
+.It Fa action
+The desired action.
+See below.
+.It Fa token
+An authorization token.
+Alternatively, may be passed in the
+.Dq Authorization
+HTTP header.
+.El
+.Pp
+The API URL for all actions other than login and logout is
+.Pa /api .
+.Ss login
+Send a POST request to
+.Pa /dologin
+with the following form values.
+.Bl -tag -width username
+.It Fa username
+User name.
+.It Fa password
+Pass phrase.
+.It Fa gettoken
+Must be
+.Dq 1 .
+.El
+.Pp
+This will return a token to be used for future requests.
+The token is valid for one year.
+.Ss logout
+Send a request to
+.Pa /logout
+with the
+.Fa token
+to be expired.
+.Ss honk
+The
+.Fa action
+value should be
+.Dq honk .
+Content type should be multipart/form-data if an attachment is included.
+The following values are recognized:
+.Bl -tag -width placename
+.It Fa noise
+The contents of the honk.
+.It Fa format
+The format of noise.
+Defaults to markdown.
+May also be html.
+.It Fa donk
+A file to attach.
+.It Fa donkdesc
+A description for the attached file.
+.It Fa donkxid
+The XID of a previously uploaded attachment.
+.It Fa placename
+The name of an associated location.
+.It Fa placeurl
+The url of an associated location.
+.It Fa placelat
+The latitude of an associated location.
+.It Fa placelong
+The longitude of an associated location.
+.It Fa timestart
+The start time of an event.
+.It Fa rid
+The ActivityPub ID that this honk is in reply to.
+.El
+.Pp
+Upon success, the honk action will return the URL for the created honk.
+.Ss donk
+Upload just an attachment using
+.Fa donk
+and
+.Fa donkdesc .
+Content type must be multipart/form-data.
+Will return the XID.
+.Ss gethonks
+The
+.Dq gethonks
+.Fa action
+can be used to query for honks.
+The following parameters are used.
+.Bl -tag -width placename
+.It Fa page
+Should be one of
+.Dq home
+or
+.Dq atme .
+.It Fa after
+Only return honks after the specified ID.
+.It Fa wait
+If there are no results, wait this many seconds for something to appear.
+.El
+.Pp
+The result will be returned as json.
+.Ss zonkit
+The
+.Dq zonkit
+action began life as a delete function, but has since evolved some other
+powers as specified by the
+.Fa wherefore
+parameter.
+The target of the action is specified by the
+.Fa what
+parameter and is generally the XID of a honk.
+.Pp
+Wherefore must be one of the following.
+.Bl -tag -width zonvoy
+.It bonk
+Share honk with others.
+.It unbonk
+Undo share.
+.It save
+Mark honk as saved.
+.It unsave
+Unmark honk as saved.
+.It react
+Post an emoji reaction.
+A custom reaction may be specified with
+.Fa reaction .
+.It ack
+Mark honk as read.
+.It deack
+Unmark honk as read.
+.It zonk
+Delete this honk.
+.It zonvoy
+Mute this thread.
+What should identify a convoy.
+.El
+.Ss sendactivity
+Send anything.
+No limits, no error checking.
+.Bl -tag -width public
+.It Fa rcpt
+An actor to deliver the message to to.
+May be specified more than once.
+An inbox may be specified directly by prefixing with %.
+.It Fa msg
+The message.
+It should be a valid json activity, but yolo.
+.It Fa public
+Set to 1 to use shared inboxes for delivery.
+.El
+.Sh EXAMPLES
+Refer to the sample code in the
+.Pa toys
+directory.
+.Sh SEE ALSO
+.Xr vim 3

@@ -0,0 +1,159 @@ 
+.\"
+.\" Copyright (c) 2019 Ted Unangst
+.\"
+.\" Permission to use, copy, modify, and distribute this software for any
+.\" purpose with or without fee is hereby granted, provided that the above
+.\" copyright notice and this permission notice appear in all copies.
+.\"
+.\" THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
+.\" WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
+.\" MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
+.\" ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
+.\" WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
+.\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
+.\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
+.\"
+.Dd $Mdocdate$
+.Dt HONK 5
+.Os
+.Sh NAME
+.Nm honk
+.Nd status composition
+.Sh DESCRIPTION
+Status updates composed in
+.Nm
+have many features beyond just plain text.
+.Pp
+The process begins by pressing the button marked
+.Dq it's honking time
+to activate the honk form.
+.Pp
+Honks are posted publicly.
+.Ss Basics
+A subset of markdown is supported.
+.Bl -tag -width tenletters
+.It bold
+**bold text**
+.It italics
+*italicized text*
+.It quotes
+> This text is quoted.
+.It code
+Inline `code fragments` with single ticks.
+.Bd -literal
+```c
+/* triple tick code blocks support syntax highlighting */
+int main() { return 0; }
+```
+.Ed
+.It headings
+Heading lines starting with #.
+.It lists
+Lists of items starting with either
+.Sq +
+or
+.Sq - .
+.It tables
+Table cells separated by |.
+.It images
+Inline images with img tags.
+.Bd -literal
+<img alt="Lifecycle of a honk" src="https://example.com/diagram.png">
+.Ed
+.It links
+URLs beginning with
+.Dq http
+or
+.Dq https
+will be autolinked.
+.It rules
+Exactly three dashes on a line,
+.Dq --- ,
+will become a horizontal rule.
+.El
+.Pp
+If the first line of a honk begins with
+.Dq DZ:
+(danger zone) it will be used a summary and the post marked sensitive. 
+.Pp
+Mentioning a specfic user such as
+.Pq @user@example.social
+will send a copy of the message to them.
+Several forms are supported.
+.Ql @name
+will work using the short name from the
+.Pa honkers
+table and be expanded automatically.
+.Ql @handle@domain
+will work for anyone.
+.Ql @https://example.com
+works as well.
+When honking back, the author of the parent post is automatically mentioned.
+.Ss Extras
+Threads from the tiny bird site may be included as quotes in a post via the
+.Ar hoot
+operator followed by the URL.
+.Dl hoot: https://twitter.com/tedunangst/status/850379741492367360
+.Pp
+Custom emoji may be included by colon wrapping the image name.
+.Pq :hellsyeah:
+A meme (sticker, reaction gif) may be included with the
+.Ar meme
+operator followed by the file name.
+.Dl meme: honk.mp4
+A full list of emoji and memes may be found in the
+.Pa funzone .
+See
+.Xr honk 8
+for more about the funzone.
+.Pp
+Custom flag emoji may be generated on the fly by specifying comma separated
+hexadecimal RGB values, one for each stripe.
+.Dl flag:306,002,dcf
+Vertical stripes may be selected by specfying "vert" for the first value.
+.Pp
+There are no length restrictions, but remember, somebody is going to have
+to read this noise.
+.Pp
+One may attach a file to a post.
+Images are automatically rescaled and reduced in size for federation.
+A description, or caption, is encouraged.
+Text files and PDFs are also supported as attachments.
+Other formats are not supported.
+.Pp
+One may also check in to a location.
+The available fields, all optional, are
+.Ar name ,
+.Ar url ,
+.Ar latitude ,
+and
+.Ar longitude .
+By default, location data is rounded to approximately 1/100 decimal degree
+accuracy.
+Pressing the check in button a second time will refine this to more a
+precise location.
+.Pp
+Adding a time to a post turns it into an event.
+Supported formats for start time are HH:MM or YYYY-MM-DD HH:MM.
+A 24 hour clock is assumed, unless am or pm are specified.
+The duration is optional and may be specified as XdYhZm for X days, Y hours,
+and Z minutes (1d12h would be a 36 hour event).
+.Pp
+When everything is at last ready to go, press the
+.Dq it's gonna be honked
+button.
+.Sh EXAMPLES
+(Slightly dated screenshots.)
+.Pp
+Composing a new honk with an attached image and location.
+.Pp
+.Lk screenshot-compose.png screenshot of honk composition
+.Pp
+After posting.
+.Pp
+.Lk screenshot-afterpost.jpg screenshot of honk after posting
+.Sh SEE ALSO
+.Xr honk 1
+.Sh CAVEATS
+Markdown support is implemented with regexes.
+Preview is recommended.

@@ -0,0 +1,281 @@ 
+.\"
+.\" Copyright (c) 2019 Ted Unangst
+.\"
+.\" Permission to use, copy, modify, and distribute this software for any
+.\" purpose with or without fee is hereby granted, provided that the above
+.\" copyright notice and this permission notice appear in all copies.
+.\"
+.\" THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
+.\" WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
+.\" MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
+.\" ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
+.\" WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
+.\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
+.\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
+.\"
+.Dd $Mdocdate$
+.Dt HONK 8
+.Os
+.Sh NAME
+.Nm honk
+.Nd honk administration
+.Sh DESCRIPTION
+The
+.Nm
+daemon processes messages from other federated servers.
+This is the admin manual.
+For user operation, see
+.Xr honk 1 .
+.Ss Setup
+.Pp
+Set up a TLS reverse proxy.
+.Nm
+can listen on TCP or unix sockets, but will not terminate TLS.
+https is a required component for federation.
+Also, http signature verification requires accurate time keeping.
+.Pp
+Make sure to pass the Host header, if necessary (as for nginx).
+.Bd -literal -offset indent
+proxy_set_header Host $http_host;
+.Ed
+.Ss Build
+Building
+.Nm
+requires a go compiler 1.13 and libsqlite.
+On
+.Ox
+this is the go and sqlite3 packages.
+Other platforms may require additional development libraries or headers
+to be installed.
+Run make.
+Please be patient.
+Even on fast machines, building from source can take several seconds.
+.Ss Options
+The following options control where
+.Nm
+looks for data.
+.Bl -tag -width datadirxdirx
+.It Fl datadir Ar dir
+The root data directory, where the database and other user data are stored.
+This directory contains all user data that persists across upgrades.
+Requires write access.
+Defaults to ".".
+.It Fl viewdir Ar dir
+The root view directory, where html and other templates are stored.
+The contents of this directory are generally replaced with each release.
+Read only.
+Defaults to ".".
+.El
+.Pp
+The following options control log output.
+Acceptable values include "stderr" (the default), "stdout", "null", "syslog",
+or a file name.
+syslog messages will be sent to the UUCP facility.
+.Bl -tag -width errorlogxlogx
+.It Fl errorlog Ar log
+The error log.
+Something bad has happened.
+.It Fl infolog Ar log
+The informative messages log.
+Something has happened, but probably not too bad.
+.It Fl debuglog Ar log
+The debug log.
+There's probably no reason to care.
+.It Fl log Ar log
+Set all three logs.
+.El
+.Ss Init
+Run the
+.Ic init
+command.
+This will create the database and ask four questions, as well as creating
+the initial user.
+See below about importing existing data.
+.Ss Operation
+Run honk.
+.Ss Customization
+The funzone contains fun flair that users may add to posts and profiles.
+Add custom memes (stickers) to the
+.Pa memes
+data directory.
+Image and video files are supported.
+Add custom emus (emoji) to the
+.Pa emus
+data directory.
+PNG and GIF files are supported.
+.Pp
+Site CSS may be overridden by creating a
+.Pa views/local.css
+file in the data directory.
+Site JS may similarly be included by creating
+.Pa views/local.js .
+A restart is required after changes.
+A site icon.png and favicon.ico will be served from the views directory
+in the data directory, if present.
+.Pp
+Custom HTML messages may be added to select pages by using the
+.Ic admin
+command.
+This interface is a little rough.
+A restart is required after changes.
+.Bl -tag -width tenletters
+.It server
+Displayed on the home page.
+.It about
+Displayed on the about page.
+.It login
+Displayed on the login form.
+.It avatar colors
+Four 32-bit hex colors (RGBA).
+.El
+.Pp
+.Ss User Admin
+New users can be added with the
+.Ic adduser
+command.
+This is discouraged.
+.Pp
+Passwords may be reset with the
+.Ic chpass Ar username
+command.
+.Pp
+Users may be deleted with the
+.Ic deluser Ar username
+command.
+.Ss Maintenance
+The database may grow large over time.
+The
+.Ic cleanup Op Ar days
+command exists to purge old external data, by default 30 days.
+This removes unreferenced, unsaved posts and attachments.
+It does not remove any original content.
+.Pp
+Backups may be performed by running
+.Ic backup dirname .
+Backups only include the minimal necessary information, such as user posts
+and follower information, but not external posts.
+.Pp
+Sometimes servers simply disappear, resulting in many errors trying to deliver
+undeliverable messages.
+Running
+.Ic unplug Ar hostname
+will delete all subscriptions and pending deliveries.
+.Ss Upgrade
+Stop the old honk process.
+Backup the database.
+Perform the upgrade with the
+.Ic upgrade
+command.
+Restart.
+.Pp
+The current version of the honk binary may be printed with the
+.Ic version
+command.
+.Ss Security
+.Nm
+is not currently hardened against SSRF, server side request forgery.
+Be mindful of what other services may be exposed via localhost or the
+local network.
+.Ss Development
+Development mode may be enabled or disabled by running
+.Ic devel Ar on|off .
+In devel mode, secure cookies are disabled, TLS certs are not verified,
+and templates are reloaded every request.
+.Ss Import
+Data may be imported and converted from other services using the
+.Ic import
+command.
+Currently supports Mastodon and Twitter exported data.
+Posts are imported and backdated to appear as old honks.
+The Mastodon following list is imported, but must be refollowed.
+.Pp
+To prepare a Mastodon data archive, extract the archive-longhash.tar.gz file.
+.Dl ./honk import username mastodon source-directory
+.Pp
+To prepare a Twitter data archive, extract the twitter-longhash.zip file.
+After unzipping the data archive, navigate to the tweet_media directory
+and unzip any zip files contained within.
+.Dl ./honk import username twitter source-directory
+.Ss Advanced Options
+Advanced configuration values may be set by running the
+.Ic setconfig Ar key value
+command.
+For example, to increase the fast timeout value from 5 seconds to 10:
+.Dl ./honk setconfig fasttimeout 10
+.Pp
+To support separate mentions without a subdomain,
+e.g. @user@example.com and https://honk.example.com/u/user,
+set config key 'masqname' to 'example.com'.
+Route
+.Pa /.well-known/webfinger
+from the top domain to honk.
+.Pp
+Custom URL seperators (not "u" and "h") may be specified by adding
+"usersep" and "honksep" options to the config table.
+e.g. example.com/users/username/honk/somehonk instead of
+example.com/u/username/h/somehonk.
+.Sh FILES
+.Nm
+files are split between the data directory and the view directory.
+Both default to "." but may be specified by command line options.
+.Pp
+The data directory contains:
+.Bl -tag -width views/local.css
+.It Pa honk.db
+The main database.
+.It Pa blob.db
+Media and attachment storage.
+.It Pa emus
+Custom emoji.
+.It Pa memes
+Stickers and such.
+.It Pa views/local.js
+Locally customized JS.
+.It Pa views/local.css
+Locally customized CSS.
+.El
+.Pp
+The view directory contains:
+.Bl -tag -width views
+.It Pa views
+HTML templates and CSS files.
+.El
+.Sh EXAMPLES
+This series of commands creates a new database, sets a friendly
+welcome message, and runs honk.
+.Bd -literal -offset indent
+honk-v98> make
+honk-v98> ./honk -datadir ../honkdata init
+username: puffy
+password: OxychromaticBlowfishSwatDynamite
+listen address: /var/www/honk.sock
+server name: honk.example.com
+honk-v98> ./honk -datadir ../honkdata admin
+honk-v98> date; ./honk -log honk.log -datadir ../honkdata
+.Ed
+.Pp
+The views directory includes a sample pleroma.css to change color scheme.
+.Bd -literal -offset indent
+honk-v98> mkdir ../honkdata/views
+honk-v98> cp views/pleroma.css ../honkdata/views/local.css
+.Ed
+.Pp
+Upgrade to the next version.
+Clean things up a bit.
+.Bd -literal -offset indent
+datadir> cp honk.db backup.db
+datadir> cd ../honk-v99
+honk-v99> make
+honk-v99> ./honk -datadir ../honkdata upgrade
+honk-v99> ./honk -datadir ../honkdata cleanup
+honk-v99> date; ./honk -log honk.log -datadir ../honkdata
+.Ed
+.Sh ENVIRONMENT
+Image processing and scaling requires considerable memory.
+It is recommended to adjust the datasize ulimit to at least 1GB.
+.Sh SEE ALSO
+.Xr intro 1 ,
+.Xr honk 1
+.Sh CAVEATS
+There's no online upgrade capability.
+Upgrades may result in minutes of downtime.

@@ -0,0 +1,45 @@ 
+.\"
+.\" Copyright (c) 2019 Ted Unangst
+.\"
+.\" Permission to use, copy, modify, and distribute this software for any
+.\" purpose with or without fee is hereby granted, provided that the above
+.\" copyright notice and this permission notice appear in all copies.
+.\"
+.\" THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
+.\" WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
+.\" MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
+.\" ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
+.\" WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
+.\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
+.\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
+.\"
+.Dd $Mdocdate$
+.Dt INTRO 1
+.Os
+.Sh NAME
+.Nm intro
+.Nd introduction to honk documentation
+.Sh DESCRIPTION
+Honk processes federated status updates and other microblog activities.
+This is the index for the honk manual.
+.Pp
+.Bl -tag -width activitypubxxr
+.It Xr honk 1
+User manual.
+.It Xr honk 8
+Administration manual.
+.It Xr honk 5
+Honk composition.
+.It Xr hfcs 1
+Honk Filtering and Censorship System.
+.It Xr activitypub 7
+ActivityPub implementation notes.
+.It Xr honk 3
+API access for robotrons.
+.It Xr vim 3
+Modifying honk.
+.El
+.Sh HISTORY
+Started March 2019.
+.Sh AUTHORS
+.An Ted Unangst Lk https://honk.tedunangst.com/u/tedu @tedu@honk.tedunangst.com

@@ -0,0 +1,291 @@ 
+/* $OpenBSD: mandoc.css,v 1.33 2019/06/02 16:50:46 schwarze Exp $ */
+/*
+ * Standard style sheet for mandoc(1) -Thtml and man.cgi(8).
+ *
+ * Written by Ingo Schwarze <schwarze@openbsd.org>.
+ * I place this file into the public domain.
+ * Permission to use, copy, modify, and distribute it for any purpose
+ * with or without fee is hereby granted, without any conditions.
+ */
+
+/* Global defaults. */
+
+html {		max-width: 65em;
+		background: #305;
+		--bg: #002;
+		--fg: #dde; }
+body {		background: var(--bg);
+		color: var(--fg);
+		margin: 2em;
+		padding: 1em;
+		font-size: 18px;
+		font-family: Helvetica,Arial,sans-serif; }
+a { color: var(--fg); }
+h1 {		font-size: 110%; }
+table {		margin-top: 0em;
+		margin-bottom: 0em;
+		border-collapse: collapse; }
+/* Some browsers set border-color in a browser style for tbody,
+ * but not for table, resulting in inconsistent border styling. */
+tbody {		border-color: inherit; }
+tr {		border-color: inherit; }
+td {		vertical-align: top;
+		padding-left: 0.2em;
+		padding-right: 0.2em;
+		border-color: inherit; }
+ul, ol, dl {	margin-top: 0em;
+		margin-bottom: 0em; }
+li, dt {	margin-top: 1em; }
+
+.permalink {	border-bottom: thin dotted;
+		color: inherit;
+		font: inherit;
+		text-decoration: inherit; }
+* {		clear: both }
+
+/* Search form and search results. */
+
+fieldset {	border: thin solid silver;
+		border-radius: 1em;
+		text-align: center; }
+input[name=expr] {
+		width: 25%; }
+
+table.results {	margin-top: 1em;
+		margin-left: 2em;
+		font-size: smaller; }
+
+img { max-width: 100%; }
+code, pre {
+	word-break: break-word;
+}
+pre {
+	white-space: pre-wrap;
+}
+
+
+/* Header and footer lines. */
+
+table.head {	width: 100%;
+		border-bottom: 1px dotted #808080;
+		margin-bottom: 1em;
+		font-size: smaller; }
+td.head-vol {	text-align: center; }
+td.head-rtitle {
+		text-align: right; }
+
+table.foot {	width: 100%;
+		border-top: 1px dotted #808080;
+		margin-top: 1em;
+		font-size: smaller; }
+td.foot-os {	text-align: right; }
+
+/* Sections and paragraphs. */
+
+.manual-text {
+		margin-left: 3.8em; }
+.Nd { }
+section.Sh { }
+h1.Sh {		margin-top: 1.2em;
+		margin-bottom: 0.6em;
+		margin-left: -3.2em; }
+section.Ss { }
+h2.Ss {		margin-top: 1.2em;
+		margin-bottom: 0.6em;
+		margin-left: -1.2em;
+		font-size: 105%; }
+.Pp {		margin: 0.6em 0em; }
+.Sx { }
+.Xr { }
+
+/* Displays and lists. */
+
+.Bd { }
+.Bd-indent {	margin-left: 3.8em; }
+
+.Bl-bullet {	list-style-type: disc;
+		padding-left: 1em; }
+.Bl-bullet > li { }
+.Bl-dash {	list-style-type: none;
+		padding-left: 0em; }
+.Bl-dash > li:before {
+		content: "\2014  "; }
+.Bl-item {	list-style-type: none;
+		padding-left: 0em; }
+.Bl-item > li { }
+.Bl-compact > li {
+		margin-top: 0em; }
+
+.Bl-enum {	padding-left: 2em; }
+.Bl-enum > li { }
+.Bl-compact > li {
+		margin-top: 0em; }
+
+.Bl-diag { }
+.Bl-diag > dt {
+		font-style: normal;
+		font-weight: bold; }
+.Bl-diag > dd {
+		margin-left: 0em; }
+.Bl-hang { }
+.Bl-hang > dt { }
+.Bl-hang > dd {
+		margin-left: 5.5em; }
+.Bl-inset { }
+.Bl-inset > dt { }
+.Bl-inset > dd {
+		margin-left: 0em; }
+.Bl-ohang { }
+.Bl-ohang > dt { }
+.Bl-ohang > dd {
+		margin-left: 0em; }
+.Bl-tag {	margin-top: 0.6em;
+		margin-left: 5.5em; }
+.Bl-tag > dt {
+		float: left;
+		margin-top: 0em;
+		margin-left: -5.5em;
+		padding-right: 0.5em;
+		vertical-align: top; }
+.Bl-tag > dd {
+		clear: right;
+		width: 100%;
+		margin-top: 0em;
+		margin-left: 0em;
+		margin-bottom: 0.6em;
+		vertical-align: top;
+		overflow: auto; }
+.Bl-compact {	margin-top: 0em; }
+.Bl-compact > dd {
+		margin-bottom: 0em; }
+.Bl-compact > dt {
+		margin-top: 0em; }
+
+.Bl-column { }
+.Bl-column > tbody > tr { }
+.Bl-column > tbody > tr > td {
+		margin-top: 1em; }
+.Bl-compact > tbody > tr > td {
+		margin-top: 0em; }
+
+.Rs {		font-style: normal;
+		font-weight: normal; }
+.RsA { }
+.RsB {		font-style: italic;
+		font-weight: normal; }
+.RsC { }
+.RsD { }
+.RsI {		font-style: italic;
+		font-weight: normal; }
+.RsJ {		font-style: italic;
+		font-weight: normal; }
+.RsN { }
+.RsO { }
+.RsP { }
+.RsQ { }
+.RsR { }
+.RsT {		text-decoration: underline; }
+.RsU { }
+.RsV { }
+
+.eqn { }
+.tbl td {	vertical-align: middle; }
+
+.HP {		margin-left: 3.8em;
+		text-indent: -3.8em; }
+
+/* Semantic markup for command line utilities. */
+
+table.Nm { }
+code.Nm {	font-style: normal;
+		font-weight: bold;
+		font-family: inherit; }
+.Fl {		font-style: normal;
+		font-weight: bold;
+		font-family: inherit; }
+.Cm {		font-style: normal;
+		font-weight: bold;
+		font-family: inherit; }
+.Ar {		font-style: italic;
+		font-weight: normal; }
+.Op {		display: inline; }
+.Ic {		font-style: normal;
+		font-weight: bold;
+		font-family: inherit; }
+.Ev {		font-style: normal;
+		font-weight: normal;
+		font-family: monospace; }
+.Pa {		font-style: italic;
+		font-weight: normal; }
+
+/* Semantic markup for function libraries. */
+
+.Lb { }
+code.In {	font-style: normal;
+		font-weight: bold;
+		font-family: inherit; }
+a.In { }
+.Fd {		font-style: normal;
+		font-weight: bold;
+		font-family: inherit; }
+.Ft {		font-style: italic;
+		font-weight: normal; }
+.Fn {		font-style: normal;
+		font-weight: bold;
+		font-family: inherit; }
+.Fa {		font-style: italic;
+		font-weight: normal; }
+.Vt {		font-style: italic;
+		font-weight: normal; }
+.Va {		font-style: italic;
+		font-weight: normal; }
+.Dv {		font-style: normal;
+		font-weight: normal;
+		font-family: monospace; }
+.Er {		font-style: normal;
+		font-weight: normal;
+		font-family: monospace; }
+
+/* Various semantic markup. */
+
+.An { }
+.Lk { }
+.Mt { }
+.Cd {		font-style: normal;
+		font-weight: bold;
+		font-family: inherit; }
+.Ad {		font-style: italic;
+		font-weight: normal; }
+.Ms {		font-style: normal;
+		font-weight: bold; }
+.St { }
+.Ux { }
+
+/* Physical markup. */
+
+.Bf {		display: inline; }
+.No {		font-style: normal;
+		font-weight: normal; }
+.Em {		font-style: italic;
+		font-weight: normal; }
+.Sy {		font-style: normal;
+		font-weight: bold; }
+.Li {		font-style: normal;
+		font-weight: normal;
+		font-family: monospace; }
+
+/* Overrides to avoid excessive margins on small devices. */
+
+@media (max-width: 37.5em) {
+.manual-text {
+		margin-left: 0.5em; }
+h1.Sh, h2.Ss {	margin-left: 0em; }
+.Bd-indent {	margin-left: 2em; }
+.Bl-hang > dd {
+		margin-left: 2em; }
+.Bl-tag {	margin-left: 2em; }
+.Bl-tag > dt {
+		margin-left: -2em; }
+.HP {		margin-left: 2em;
+		text-indent: -2em; }
+}

@@ -0,0 +1,86 @@ 
+
+A Ping extension for ActivityPub
+
+This is merely a draft.
+
+-- rationale
+
+Diagnosing communication failures between federated servers often requires
+sending test messages. There is no dedicated activity type for this purpose,
+however, and thus many operators use normal notes. This creates unnecessary
+noise. It would be better to have a side effect free message that can be
+triggered and sent on demand.
+
+The proposed Ping and corresponding Pong activities are similar to the ICMP
+echo request and echo reply messages. (c.f. the familiar ping tool.)
+
+Other online social contexts often use the term ping to refer to a variety
+of activities. The activity here is unrelated to any user visible activity or
+action.
+
+-- message format
+
+The ping message has a type of Ping. Here, user pinger on server
+h1.example.com is sending a Ping to testrcpt on h2.example.com.
+
+{
+	"@context": "https://www.w3.org/ns/activitystreams",
+	"type": "Ping",
+	"id": "https://h1.example.com/u/pinger/ping/r4nd0m1d",
+	"actor": "https://h1.example.com/u/pinger",
+	"to": "https://h2.example.com/u/testrcpt"
+}
+
+The Pong message is similar, but includes an object field quoting the Ping id
+field.
+
+{
+	"@context": "https://www.w3.org/ns/activitystreams",
+	"type": "Pong",
+	"id": "https://h2.example.com/u/testrcpt/pong/0pp0s1t3",
+	"actor": "https://h2.example.com/u/testrcpt",
+	"to": "https://h1.example.com/u/pinger",
+	"object": "https://h1.example.com/u/pinger/ping/r4nd0m1d"
+}
+
+Ping and Pong id fields look like URLs, but need not be fetchable. They are
+only intended as transient messages.
+
+-- semantics
+
+The Ping message should be sent from one actor to another, delivered to their
+inbox. Upon receipt of a Ping message, a server should reply with a Pong
+message. The Pong reply should quote the id of the Ping (just the id, not the
+whole message) in the object field.
+
+Random ids may used. They should be probabilistically unique.
+
+The usual access and verification checks performed for other messages should
+be performed for Ping and Pong as well. (If HTTP signatures are in use,
+messages should be signed by senders and verified by receivers.)
+
+Ping and Pong messages should be queued using the normal facilities. (Don't
+fast track.) Messages should not be retried. After one failure, drop the
+message.
+
+As these messages are intended as administrator aids, they should not be
+displayed to end users. They should not cause any lasting change in the state
+of either the sending or receiving server.
+
+Rate limiting and abuse controls apply as usual. Servers may choose to impose
+length restrictions on maximum id length. A minimum of 256 bytes should be
+supported.
+
+Servers which do not understand the Ping activity will hopefully ignore it.
+
+-- usage
+
+It is unspecified how one initiates a ping, but it is expected to be a manual
+operation performed by a system administrator. This will generate traffic,
+which may then be logged. The admin reads the logs and solves the problem.
+Specific problem solving instructions are not provided here.
+
+-- future
+
+It may be helpful to have a variant of Ping that does perform retries to test
+recovery after disconnect.

@@ -0,0 +1,81 @@ 
+.\"
+.\" Copyright (c) 2019 Ted Unangst
+.\"
+.\" Permission to use, copy, modify, and distribute this software for any
+.\" purpose with or without fee is hereby granted, provided that the above
+.\" copyright notice and this permission notice appear in all copies.
+.\"
+.\" THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
+.\" WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
+.\" MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
+.\" ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
+.\" WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
+.\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
+.\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
+.\"
+.Dd $Mdocdate$
+.Dt VIM 3
+.Os
+.Sh NAME
+.Nm vim
+.Nd vital improvements module
+.Sh DESCRIPTION
+The vital improvements module,
+.Nm ,
+is used to customize and extend honk in such rare cases as the
+existing functionality proves insufficient.
+.Ss Files
+.Bl -tag -width deliverator.go
+.It activity.go
+Conversion to and from ActivityPub format and interop with other
+implementations.
+.It admin.go
+The console admin interface.
+.It avatar.go
+Code to generate blocky avatar images.
+.It backend.go
+Interface to the image resizing backend helper process.
+.It bloat.go
+Bad stuff.
+.It database.go
+Loading and saving things to database.
+.It deliverator.go
+Sending messages and handling retries.
+.It fun.go
+All sorts of fun stuff.
+.It hfcs.go
+Filtering framework.
+.It honk.go
+Just a few data types.
+.It hoot.go
+Twitter scraper.
+.It import.go
+Importers from other service data dumps.
+.It markitzero.go
+Markdown converter.
+.It schema.go
+Generated from schema.sql.
+.It sensors.go
+Monitor memory and CPU.
+.It skulduggery.go
+Reduce some stupidity.
+.It unveil.go
+OpenBSD pledge and unveil.
+.It upgradedb.go
+Upgrade between schema versions.
+.It util.go
+Boring code.
+.It web.go
+The web interface.
+.El
+.Ss Schema
+The current schema is stored in
+.Pa schema.sql .
+.Pp
+After changing the schema, edit
+.Pa upgradedb.go
+to update
+.Va myVersion
+and add relevant update statements to the bottom of the large switch.
+.Sh SEE ALSO
+.Xr honk 3

@@ -0,0 +1,695 @@ 
+//
+// Copyright (c) 2019 Ted Unangst <tedu@tedunangst.com>
+//
+// Permission to use, copy, modify, and distribute this software for any
+// purpose with or without fee is hereby granted, provided that the above
+// copyright notice and this permission notice appear in all copies.
+//
+// THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
+// WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
+// MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
+// ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
+// WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
+// ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
+// OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
+
+package main
+
+import (
+	"crypto/rand"
+	"crypto/sha512"
+	"fmt"
+	"html/template"
+	"io"
+	"net/http"
+	"net/url"
+	"os"
+	"regexp"
+	"strings"
+	"time"
+
+	"golang.org/x/net/html"
+	"humungus.tedunangst.com/r/webs/cache"
+	"humungus.tedunangst.com/r/webs/htfilter"
+	"humungus.tedunangst.com/r/webs/httpsig"
+	"humungus.tedunangst.com/r/webs/mz"
+	"humungus.tedunangst.com/r/webs/templates"
+)
+
+var allowedclasses = make(map[string]bool)
+
+func init() {
+	allowedclasses["kw"] = true
+	allowedclasses["bi"] = true
+	allowedclasses["st"] = true
+	allowedclasses["nm"] = true
+	allowedclasses["tp"] = true
+	allowedclasses["op"] = true
+	allowedclasses["cm"] = true
+	allowedclasses["al"] = true
+	allowedclasses["dl"] = true
+}
+
+var relingo = make(map[string]string)
+
+func loadLingo() {
+	for _, l := range []string{"honked", "bonked", "honked back", "qonked", "evented"} {
+		v := l
+		k := "lingo-" + strings.ReplaceAll(l, " ", "")
+		getconfig(k, &v)
+		relingo[l] = v
+	}
+}
+
+func reverbolate(userid int64, honks []*Honk) {
+	var user *WhatAbout
+	somenumberedusers.Get(userid, &user)
+	for _, h := range honks {
+		h.What += "ed"
+		if h.What == "tonked" {
+			h.What = "honked back"
+			h.Style += " subtle"
+		}
+		if !h.Public {
+			h.Style += " limited"
+		}
+		if h.Whofore == 1 {
+			h.Style += " atme"
+		}
+		translate(h)
+		local := false
+		if h.Whofore == 2 || h.Whofore == 3 {
+			local = true
+		}
+		if local && h.What != "bonked" {
+			h.Noise = re_memes.ReplaceAllString(h.Noise, "")
+		}
+		h.Username, h.Handle = handles(h.Honker)
+		if !local {
+			short := shortname(userid, h.Honker)
+			if short != "" {
+				h.Username = short
+			} else {
+				h.Username = h.Handle
+				if len(h.Username) > 20 {
+					h.Username = h.Username[:20] + ".."
+				}
+			}
+		}
+		if user != nil {
+			if user.Options.MentionAll {
+				hset := []string{"@" + h.Handle}
+				for _, a := range h.Audience {
+					if a == h.Honker || a == user.URL {
+						continue
+					}
+					_, hand := handles(a)
+					if hand != "" {
+						hand = "@" + hand
+						hset = append(hset, hand)
+					}
+				}
+				h.Handles = strings.Join(hset, " ")
+			} else if h.Honker != user.URL {
+				h.Handles = "@" + h.Handle
+			}
+		}
+		if h.URL == "" {
+			h.URL = h.XID
+		}
+		if h.Oonker != "" {
+			_, h.Oondle = handles(h.Oonker)
+		}
+		h.Precis = demoji(h.Precis)
+		h.Noise = demoji(h.Noise)
+		h.Open = "open"
+		for _, m := range h.Mentions {
+			if m.Where != h.Honker && !m.IsPresent(h.Noise) {
+				h.Noise = "(" + m.Who + ")" + h.Noise
+			}
+		}
+
+		zap := make(map[string]bool)
+		{
+			var htf htfilter.Filter
+			htf.Imager = replaceimgsand(zap, false)
+			htf.SpanClasses = allowedclasses
+			htf.BaseURL, _ = url.Parse(h.XID)
+			emuxifier := func(e string) string {
+				for _, d := range h.Donks {
+					if d.Name == e {
+						zap[d.XID] = true
+						if d.Local {
+							return fmt.Sprintf(`<img class="emu" title="%s" src="/d/%s">`, d.Name, d.XID)
+						}
+					}
+				}
+				if local && h.What != "bonked" {
+					var emu Emu
+					emucache.Get(e, &emu)
+					if emu.ID != "" {
+						return fmt.Sprintf(`<img class="emu" title="%s" src="%s">`, emu.Name, emu.ID)
+					}
+				}
+				return e
+			}
+			htf.FilterText = func(w io.Writer, data string) {
+				data = htfilter.EscapeText(data)
+				data = re_emus.ReplaceAllStringFunc(data, emuxifier)
+				io.WriteString(w, data)
+			}
+			p, _ := htf.String(h.Precis)
+			n, _ := htf.String(h.Noise)
+			h.Precis = string(p)
+			h.Noise = string(n)
+		}
+		j := 0
+		for i := 0; i < len(h.Donks); i++ {
+			if !zap[h.Donks[i].XID] {
+				h.Donks[j] = h.Donks[i]
+				j++
+			}
+		}
+		h.Donks = h.Donks[:j]
+	}
+
+	unsee(honks, userid)
+
+	for _, h := range honks {
+		renderflags(h)
+
+		h.HTPrecis = template.HTML(h.Precis)
+		h.HTML = template.HTML(h.Noise)
+		if h.What == "wonked" {
+			h.HTML = "? wonk ?"
+		}
+		if redo := relingo[h.What]; redo != "" {
+			h.What = redo
+		}
+	}
+}
+
+func replaceimgsand(zap map[string]bool, absolute bool) func(node *html.Node) string {
+	return func(node *html.Node) string {
+		src := htfilter.GetAttr(node, "src")
+		alt := htfilter.GetAttr(node, "alt")
+		//title := GetAttr(node, "title")
+		if htfilter.HasClass(node, "Emoji") && alt != "" {
+			return alt
+		}
+		d := finddonk(src)
+		if d != nil {
+			zap[d.XID] = true
+			base := ""
+			if absolute {
+				base = "https://" + serverName
+			}
+			return string(templates.Sprintf(`<img alt="%s" title="%s" src="%s/d/%s">`, alt, alt, base, d.XID))
+		}
+		return string(templates.Sprintf(`&lt;img alt="%s" src="<a href="%s">%s</a>"&gt;`, alt, src, src))
+	}
+}
+
+func translatechonk(ch *Chonk) {
+	noise := ch.Noise
+	if ch.Format == "markdown" {
+		noise = markitzero(noise)
+	}
+	var htf htfilter.Filter
+	htf.SpanClasses = allowedclasses
+	htf.BaseURL, _ = url.Parse(ch.XID)
+	ch.HTML, _ = htf.String(noise)
+}
+
+func filterchonk(ch *Chonk) {
+	translatechonk(ch)
+
+	noise := string(ch.HTML)
+
+	local := originate(ch.XID) == serverName
+
+	zap := make(map[string]bool)
+	emuxifier := func(e string) string {
+		for _, d := range ch.Donks {
+			if d.Name == e {
+				zap[d.XID] = true
+				if d.Local {
+					return fmt.Sprintf(`<img class="emu" title="%s" src="/d/%s">`, d.Name, d.XID)
+				}
+			}
+		}
+		if local {
+			var emu Emu
+			emucache.Get(e, &emu)
+			if emu.ID != "" {
+				return fmt.Sprintf(`<img class="emu" title="%s" src="%s">`, emu.Name, emu.ID)
+			}
+		}
+		return e
+	}
+	noise = re_emus.ReplaceAllStringFunc(noise, emuxifier)
+	j := 0
+	for i := 0; i < len(ch.Donks); i++ {
+		if !zap[ch.Donks[i].XID] {
+			ch.Donks[j] = ch.Donks[i]
+			j++
+		}
+	}
+	ch.Donks = ch.Donks[:j]
+
+	if strings.HasPrefix(noise, "<p>") {
+		noise = noise[3:]
+	}
+	ch.HTML = template.HTML(noise)
+	if short := shortname(ch.UserID, ch.Who); short != "" {
+		ch.Handle = short
+	} else {
+		ch.Handle, _ = handles(ch.Who)
+	}
+
+}
+
+func inlineimgsfor(honk *Honk) func(node *html.Node) string {
+	return func(node *html.Node) string {
+		src := htfilter.GetAttr(node, "src")
+		alt := htfilter.GetAttr(node, "alt")
+		d := savedonk(src, "image", alt, "image", true)
+		if d != nil {
+			honk.Donks = append(honk.Donks, d)
+		}
+		dlog.Printf("inline img with src: %s", src)
+		return ""
+	}
+}
+
+func imaginate(honk *Honk) {
+	var htf htfilter.Filter
+	htf.Imager = inlineimgsfor(honk)
+	htf.BaseURL, _ = url.Parse(honk.XID)
+	htf.String(honk.Noise)
+}
+
+func translate(honk *Honk) {
+	if honk.Format == "html" {
+		return
+	}
+	noise := honk.Noise
+	if strings.HasPrefix(noise, "DZ:") {
+		idx := strings.Index(noise, "\n")
+		if idx == -1 {
+			honk.Precis = noise
+			noise = ""
+		} else {
+			honk.Precis = noise[:idx]
+			noise = noise[idx+1:]
+		}
+	}
+	honk.Precis = markitzero(strings.TrimSpace(honk.Precis))
+
+	var marker mz.Marker
+	marker.HashLinker = ontoreplacer
+	marker.AtLinker = attoreplacer
+	noise = strings.TrimSpace(noise)
+	noise = marker.Mark(noise)
+	honk.Noise = noise
+	honk.Onts = oneofakind(marker.HashTags)
+	honk.Mentions = bunchofgrapes(marker.Mentions)
+}
+
+func redoimages(honk *Honk) {
+	zap := make(map[string]bool)
+	{
+		var htf htfilter.Filter
+		htf.Imager = replaceimgsand(zap, true)
+		htf.SpanClasses = allowedclasses
+		p, _ := htf.String(honk.Precis)
+		n, _ := htf.String(honk.Noise)
+		honk.Precis = string(p)
+		honk.Noise = string(n)
+	}
+	j := 0
+	for i := 0; i < len(honk.Donks); i++ {
+		if !zap[honk.Donks[i].XID] {
+			honk.Donks[j] = honk.Donks[i]
+			j++
+		}
+	}
+	honk.Donks = honk.Donks[:j]
+
+	honk.Noise = re_memes.ReplaceAllString(honk.Noise, "")
+	honk.Noise = strings.Replace(honk.Noise, "<a href=", "<a class=\"mention u-url\" href=", -1)
+}
+
+func xcelerate(b []byte) string {
+	letters := "BCDFGHJKLMNPQRSTVWXYZbcdfghjklmnpqrstvwxyz1234567891234567891234"
+	for i, c := range b {
+		b[i] = letters[c&63]
+	}
+	s := string(b)
+	return s
+}
+
+func shortxid(xid string) string {
+	h := sha512.New512_256()
+	io.WriteString(h, xid)
+	return xcelerate(h.Sum(nil)[:20])
+}
+
+func xfiltrate() string {
+	var b [18]byte
+	rand.Read(b[:])
+	return xcelerate(b[:])
+}
+
+func grapevine(mentions []Mention) []string {
+	var s []string
+	for _, m := range mentions {
+		s = append(s, m.Where)
+	}
+	return s
+}
+
+func bunchofgrapes(m []string) []Mention {
+	var mentions []Mention
+	for i := range m {
+		where := gofish(m[i])
+		if where != "" {
+			mentions = append(mentions, Mention{Who: m[i], Where: where})
+		}
+	}
+	return mentions
+}
+
+type Emu struct {
+	ID   string
+	Name string
+	Type string
+}
+
+var re_emus = regexp.MustCompile(`:[[:alnum:]_-]+:`)
+
+var emucache = cache.New(cache.Options{Filler: func(ename string) (Emu, bool) {
+	fname := ename[1 : len(ename)-1]
+	exts := []string{".png", ".gif"}
+	for _, ext := range exts {
+		_, err := os.Stat(dataDir + "/emus/" + fname + ext)
+		if err != nil {
+			continue
+		}
+		url := fmt.Sprintf("https://%s/emu/%s%s", serverName, fname, ext)
+		return Emu{ID: url, Name: ename, Type: "image/" + ext[1:]}, true
+	}
+	return Emu{Name: ename, ID: "", Type: "image/png"}, true
+}, Duration: 10 * time.Second})
+
+func herdofemus(noise string) []Emu {
+	m := re_emus.FindAllString(noise, -1)
+	m = oneofakind(m)
+	var emus []Emu
+	for _, e := range m {
+		var emu Emu
+		emucache.Get(e, &emu)
+		if emu.ID == "" {
+			continue
+		}
+		emus = append(emus, emu)
+	}
+	return emus
+}
+
+var re_memes = regexp.MustCompile("meme: ?([^\n]+)")
+var re_avatar = regexp.MustCompile("avatar: ?([^\n]+)")
+var re_banner = regexp.MustCompile("banner: ?([^\n]+)")
+
+func memetize(honk *Honk) {
+	repl := func(x string) string {
+		name := x[5:]
+		if name[0] == ' ' {
+			name = name[1:]
+		}
+		fd, err := os.Open(dataDir + "/memes/" + name)
+		if err != nil {
+			ilog.Printf("no meme for %s", name)
+			return x
+		}
+		var peek [512]byte
+		n, _ := fd.Read(peek[:])
+		ct := http.DetectContentType(peek[:n])
+		fd.Close()
+
+		url := fmt.Sprintf("https://%s/meme/%s", serverName, name)
+		fileid, err := savefile(name, name, url, ct, false, nil)
+		if err != nil {
+			elog.Printf("error saving meme: %s", err)
+			return x
+		}
+		d := &Donk{
+			FileID: fileid,
+			Name:   name,
+			Media:  ct,
+			URL:    url,
+			Local:  false,
+		}
+		honk.Donks = append(honk.Donks, d)
+		return ""
+	}
+	honk.Noise = re_memes.ReplaceAllStringFunc(honk.Noise, repl)
+}
+
+var re_quickmention = regexp.MustCompile("(^|[ \n])@[[:alnum:]]+([ \n.]|$)")
+
+func quickrename(s string, userid int64) string {
+	nonstop := true
+	for nonstop {
+		nonstop = false
+		s = re_quickmention.ReplaceAllStringFunc(s, func(m string) string {
+			prefix := ""
+			if m[0] == ' ' || m[0] == '\n' {
+				prefix = m[:1]
+				m = m[1:]
+			}
+			prefix += "@"
+			m = m[1:]
+			tail := ""
+			if last := m[len(m)-1]; last == ' ' || last == '\n' || last == '.' {
+				tail = m[len(m)-1:]
+				m = m[:len(m)-1]
+			}
+
+			xid := fullname(m, userid)
+
+			if xid != "" {
+				_, name := handles(xid)
+				if name != "" {
+					nonstop = true
+					m = name
+				}
+			}
+			return prefix + m + tail
+		})
+	}
+	return s
+}
+
+var shortnames = cache.New(cache.Options{Filler: func(userid int64) (map[string]string, bool) {
+	honkers := gethonkers(userid)
+	m := make(map[string]string)
+	for _, h := range honkers {
+		m[h.XID] = h.Name
+	}
+	return m, true
+}, Invalidator: &honkerinvalidator})
+
+func shortname(userid int64, xid string) string {
+	var m map[string]string
+	ok := shortnames.Get(userid, &m)
+	if ok {
+		return m[xid]
+	}
+	return ""
+}
+
+var fullnames = cache.New(cache.Options{Filler: func(userid int64) (map[string]string, bool) {
+	honkers := gethonkers(userid)
+	m := make(map[string]string)
+	for _, h := range honkers {
+		m[h.Name] = h.XID
+	}
+	return m, true
+}, Invalidator: &honkerinvalidator})
+
+func fullname(name string, userid int64) string {
+	var m map[string]string
+	ok := fullnames.Get(userid, &m)
+	if ok {
+		return m[name]
+	}
+	return ""
+}
+
+func attoreplacer(m string) string {
+	fill := `<span class="h-card"><a class="u-url mention" href="%s">%s</a></span>`
+	where := gofish(m)
+	if where == "" {
+		return m
+	}
+	who := m[0 : 1+strings.IndexByte(m[1:], '@')]
+	return fmt.Sprintf(fill, html.EscapeString(where), html.EscapeString(who))
+}
+
+func ontoreplacer(h string) string {
+	return fmt.Sprintf(`<a href="https://%s/o/%s">%s</a>`, serverName,
+		strings.ToLower(h[1:]), h)
+}
+
+var re_unurl = regexp.MustCompile("https://([^/]+).*/([^/]+)")
+var re_urlhost = regexp.MustCompile("https://([^/ #)]+)")
+
+func originate(u string) string {
+	m := re_urlhost.FindStringSubmatch(u)
+	if len(m) > 1 {
+		return m[1]
+	}
+	return ""
+}
+
+var allhandles = cache.New(cache.Options{Filler: func(xid string) (string, bool) {
+	handle := getxonker(xid, "handle")
+	if handle == "" {
+		dlog.Printf("need to get a handle: %s", xid)
+		info, err := investigate(xid)
+		if err != nil {
+			m := re_unurl.FindStringSubmatch(xid)
+			if len(m) > 2 {
+				handle = m[2]
+			} else {
+				handle = xid
+			}
+		} else {
+			handle = info.Name
+		}
+	}
+	return handle, true
+}})
+
+// handle, handle@host
+func handles(xid string) (string, string) {
+	if xid == "" || xid == thewholeworld || strings.HasSuffix(xid, "/followers") {
+		return "", ""
+	}
+	var handle string
+	allhandles.Get(xid, &handle)
+	if handle == xid {
+		return xid, xid
+	}
+	return handle, handle + "@" + originate(xid)
+}
+
+func butnottooloud(aud []string) {
+	for i, a := range aud {
+		if strings.HasSuffix(a, "/followers") {
+			aud[i] = ""
+		}
+	}
+}
+
+func loudandproud(aud []string) bool {
+	for _, a := range aud {
+		if a == thewholeworld {
+			return true
+		}
+	}
+	return false
+}
+
+func firstclass(honk *Honk) bool {
+	return honk.Audience[0] == thewholeworld
+}
+
+func oneofakind(a []string) []string {
+	seen := make(map[string]bool)
+	seen[""] = true
+	j := 0
+	for _, s := range a {
+		if !seen[s] {
+			seen[s] = true
+			a[j] = s
+			j++
+		}
+	}
+	return a[:j]
+}
+
+var ziggies = cache.New(cache.Options{Filler: func(userid int64) (*KeyInfo, bool) {
+	var user *WhatAbout
+	ok := somenumberedusers.Get(userid, &user)
+	if !ok {
+		return nil, false
+	}
+	ki := new(KeyInfo)
+	ki.keyname = user.URL + "#key"
+	ki.seckey = user.SecKey
+	return ki, true
+}})
+
+func ziggy(userid int64) *KeyInfo {
+	var ki *KeyInfo
+	ziggies.Get(userid, &ki)
+	return ki
+}
+
+var zaggies = cache.New(cache.Options{Filler: func(keyname string) (httpsig.PublicKey, bool) {
+	data := getxonker(keyname, "pubkey")
+	if data == "" {
+		dlog.Printf("hitting the webs for missing pubkey: %s", keyname)
+		j, err := GetJunk(serverUID, keyname)
+		if err != nil {
+			ilog.Printf("error getting %s pubkey: %s", keyname, err)
+			when := time.Now().UTC().Format(dbtimeformat)
+			stmtSaveXonker.Exec(keyname, "failed", "pubkey", when)
+			return httpsig.PublicKey{}, true
+		}
+		allinjest(originate(keyname), j)
+		data = getxonker(keyname, "pubkey")
+		if data == "" {
+			ilog.Printf("key not found after ingesting")
+			when := time.Now().UTC().Format(dbtimeformat)
+			stmtSaveXonker.Exec(keyname, "failed", "pubkey", when)
+			return httpsig.PublicKey{}, true
+		}
+	}
+	if data == "failed" {
+		ilog.Printf("lookup previously failed key %s", keyname)
+		return httpsig.PublicKey{}, true
+	}
+	_, key, err := httpsig.DecodeKey(data)
+	if err != nil {
+		ilog.Printf("error decoding %s pubkey: %s", keyname, err)
+		return key, true
+	}
+	return key, true
+}, Limit: 512})
+
+func zaggy(keyname string) (httpsig.PublicKey, error) {
+	var key httpsig.PublicKey
+	zaggies.Get(keyname, &key)
+	return key, nil
+}
+
+func savingthrow(keyname string) {
+	when := time.Now().Add(-30 * time.Minute).UTC().Format(dbtimeformat)
+	stmtDeleteXonker.Exec(keyname, "pubkey", when)
+	zaggies.Clear(keyname)
+}
+
+func keymatch(keyname string, actor string) string {
+	hash := strings.IndexByte(keyname, '#')
+	if hash == -1 {
+		hash = len(keyname)
+	}
+	owner := keyname[0:hash]
+	if owner == actor {
+		return originate(actor)
+	}
+	return ""
+}

@@ -0,0 +1,6 @@ 
+echo "package main" > schema.go
+echo "var sqlSchema = \`" >> schema.go
+cat schema.sql >> schema.go
+echo "\`" >> schema.go
+go fmt schema.go
+

@@ -0,0 +1,13 @@ 
+module humungus.tedunangst.com/r/honk
+
+go 1.16
+
+require (
+	github.com/andybalholm/cascadia v1.3.1
+	github.com/gorilla/mux v1.8.0
+	github.com/mattn/go-runewidth v0.0.13
+	golang.org/x/crypto v0.0.0-20220411220226-7b82a4e95df4
+	golang.org/x/net v0.0.0-20220425223048-2871e0cb64e4
+	humungus.tedunangst.com/r/go-sqlite3 v1.1.3
+	humungus.tedunangst.com/r/webs v0.6.56
+)

@@ -0,0 +1,29 @@ 
+github.com/andybalholm/cascadia v1.3.1 h1:nhxRkql1kdYCc8Snf7D5/D3spOX+dBgjA6u8x004T2c=
+github.com/andybalholm/cascadia v1.3.1/go.mod h1:R4bJ1UQfqADjvDa4P6HZHLh/3OxWWEqc0Sk8XGwHqvA=
+github.com/gorilla/mux v1.8.0 h1:i40aqfkR1h2SlN9hojwV5ZA91wcXFOvkdNIeFDP5koI=
+github.com/gorilla/mux v1.8.0/go.mod h1:DVbg23sWSpFRCP0SfiEN6jmj59UnW/n46BH5rLB71So=
+github.com/mattn/go-runewidth v0.0.13 h1:lTGmDsbAYt5DmK6OnoV7EuIF1wEIFAcxld6ypU4OSgU=
+github.com/mattn/go-runewidth v0.0.13/go.mod h1:Jdepj2loyihRzMpdS35Xk/zdY8IAYHsh153qUoGf23w=
+github.com/rivo/uniseg v0.2.0 h1:S1pD9weZBuJdFmowNwbpi7BJ8TNftyUImj/0WQi72jY=
+github.com/rivo/uniseg v0.2.0/go.mod h1:J6wj4VEh+S6ZtnVlnTBMWIodfgj8LQOQFoIToxlJtxc=
+golang.org/x/crypto v0.0.0-20220411220226-7b82a4e95df4 h1:kUhD7nTDoI3fVd9G4ORWrbV5NY0liEs/Jg2pv5f+bBA=
+golang.org/x/crypto v0.0.0-20220411220226-7b82a4e95df4/go.mod h1:IxCIyHEi3zRg3s0A5j5BB6A9Jmi73HwBIUl50j+osU4=
+golang.org/x/image v0.0.0-20220413100746-70e8d0d3baa9 h1:LRtI4W37N+KFebI/qV0OFiLUv4GLOWeEW5hn/KEJvxE=
+golang.org/x/image v0.0.0-20220413100746-70e8d0d3baa9/go.mod h1:023OzeP/+EPmXeapQh35lcL3II3LrY8Ic+EFFKVhULM=
+golang.org/x/net v0.0.0-20210916014120-12bc252f5db8/go.mod h1:9nx3DQGgdP8bBQD5qxJ1jj9UTztislL4KSBs9R2vV5Y=
+golang.org/x/net v0.0.0-20211112202133-69e39bad7dc2/go.mod h1:9nx3DQGgdP8bBQD5qxJ1jj9UTztislL4KSBs9R2vV5Y=
+golang.org/x/net v0.0.0-20220425223048-2871e0cb64e4 h1:HVyaeDAYux4pnY+D/SiwmLOR36ewZ4iGQIIrtnuCjFA=
+golang.org/x/net v0.0.0-20220425223048-2871e0cb64e4/go.mod h1:CfG3xpIq0wQ8r1q4Su4UZFWDARRcnwPjda9FqA0JpMk=
+golang.org/x/sys v0.0.0-20201119102817-f84b799fce68/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
+golang.org/x/sys v0.0.0-20210423082822-04245dca01da/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
+golang.org/x/sys v0.0.0-20210615035016-665e8c7367d1/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
+golang.org/x/sys v0.0.0-20211216021012-1d35b9e2eb4e/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
+golang.org/x/term v0.0.0-20201126162022-7de9c90e9dd1/go.mod h1:bj7SfCRtBDWHUb9snDiAeCFNEtKQo2Wmx5Cou7ajbmo=
+golang.org/x/term v0.0.0-20210927222741-03fcf44c2211/go.mod h1:jbD1KX2456YbFQfuXm/mYQcufACuNUgVhRMnK/tPxf8=
+golang.org/x/text v0.3.6/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ=
+golang.org/x/text v0.3.7/go.mod h1:u+2+/6zg+i71rQMx5EYifcz6MCKuco9NR6JIITiCfzQ=
+golang.org/x/tools v0.0.0-20180917221912-90fa682c2a6e/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ=
+humungus.tedunangst.com/r/go-sqlite3 v1.1.3 h1:G2N4wzDS0NbuvrZtQJhh4F+3X+s7BF8b9ga8k38geUI=
+humungus.tedunangst.com/r/go-sqlite3 v1.1.3/go.mod h1:FtEEmQM7U2Ey1TuEEOyY1BmphTZnmiEjPsNLEAkpf/M=
+humungus.tedunangst.com/r/webs v0.6.56 h1:knrLMQ8vwcHjkPo//zXUm5IuRFMfYcnJgMuWuqy8BOA=
+humungus.tedunangst.com/r/webs v0.6.56/go.mod h1:03R0N9BcT49HB4TDd1YmarpbiPvPzVDm74Mk4h1hYPc=

@@ -0,0 +1,465 @@ 
+//
+// Copyright (c) 2019 Ted Unangst <tedu@tedunangst.com>
+//
+// Permission to use, copy, modify, and distribute this software for any
+// purpose with or without fee is hereby granted, provided that the above
+// copyright notice and this permission notice appear in all copies.
+//
+// THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
+// WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
+// MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
+// ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
+// WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
+// ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
+// OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
+
+package main
+
+import (
+	"net/http"
+	"regexp"
+	"sort"
+	"time"
+
+	"humungus.tedunangst.com/r/webs/cache"
+)
+
+type Filter struct {
+	ID              int64      `json:"-"`
+	Actions         []filtType `json:"-"`
+	Name            string
+	Date            time.Time
+	Actor           string `json:",omitempty"`
+	IncludeAudience bool   `json:",omitempty"`
+	Text            string `json:",omitempty"`
+	re_text         *regexp.Regexp
+	IsAnnounce      bool   `json:",omitempty"`
+	AnnounceOf      string `json:",omitempty"`
+	Reject          bool   `json:",omitempty"`
+	SkipMedia       bool   `json:",omitempty"`
+	Hide            bool   `json:",omitempty"`
+	Collapse        bool   `json:",omitempty"`
+	Rewrite         string `json:",omitempty"`
+	re_rewrite      *regexp.Regexp
+	Replace         string `json:",omitempty"`
+	Expiration      time.Time
+	Notes           string
+}
+
+type filtType uint
+
+const (
+	filtNone filtType = iota
+	filtAny
+	filtReject
+	filtSkipMedia
+	filtHide
+	filtCollapse
+	filtRewrite
+)
+
+var filtNames = []string{"None", "Any", "Reject", "SkipMedia", "Hide", "Collapse", "Rewrite"}
+
+func (ft filtType) String() string {
+	return filtNames[ft]
+}
+
+type afiltermap map[filtType][]*Filter
+
+var filtInvalidator cache.Invalidator
+var filtcache *cache.Cache
+
+func init() {
+	// resolve init loop
+	filtcache = cache.New(cache.Options{Filler: filtcachefiller, Invalidator: &filtInvalidator})
+}
+
+func filtcachefiller(userid int64) (afiltermap, bool) {
+	rows, err := stmtGetFilters.Query(userid)
+	if err != nil {
+		elog.Printf("error querying filters: %s", err)
+		return nil, false
+	}
+	defer rows.Close()
+
+	now := time.Now()
+
+	var expflush time.Time
+
+	filtmap := make(afiltermap)
+	for rows.Next() {
+		filt := new(Filter)
+		var j string
+		var filterid int64
+		err = rows.Scan(&filterid, &j)
+		if err == nil {
+			err = unjsonify(j, filt)
+		}
+		if err != nil {
+			elog.Printf("error scanning filter: %s", err)
+			continue
+		}
+		if !filt.Expiration.IsZero() {
+			if filt.Expiration.Before(now) {
+				continue
+			}
+			if expflush.IsZero() || filt.Expiration.Before(expflush) {
+				expflush = filt.Expiration
+			}
+		}
+		if t := filt.Text; t != "" {
+			wordfront := t[0] != '#'
+			wordtail := true
+			t = "(?i:" + t + ")"
+			if wordfront {
+				t = "\\b" + t
+			}
+			if wordtail {
+				t = t + "\\b"
+			}
+			filt.re_text, err = regexp.Compile(t)
+			if err != nil {
+				elog.Printf("error compiling filter text: %s", err)
+				continue
+			}
+		}
+		if t := filt.Rewrite; t != "" {
+			wordfront := t[0] != '#'
+			wordtail := true
+			t = "(?i:" + t + ")"
+			if wordfront {
+				t = "\\b" + t
+			}
+			if wordtail {
+				t = t + "\\b"
+			}
+			filt.re_rewrite, err = regexp.Compile(t)
+			if err != nil {
+				elog.Printf("error compiling filter rewrite: %s", err)
+				continue
+			}
+		}
+		filt.ID = filterid
+		if filt.Reject {
+			filt.Actions = append(filt.Actions, filtReject)
+			filtmap[filtReject] = append(filtmap[filtReject], filt)
+		}
+		if filt.SkipMedia {
+			filt.Actions = append(filt.Actions, filtSkipMedia)
+			filtmap[filtSkipMedia] = append(filtmap[filtSkipMedia], filt)
+		}
+		if filt.Hide {
+			filt.Actions = append(filt.Actions, filtHide)
+			filtmap[filtHide] = append(filtmap[filtHide], filt)
+		}
+		if filt.Collapse {
+			filt.Actions = append(filt.Actions, filtCollapse)
+			filtmap[filtCollapse] = append(filtmap[filtCollapse], filt)
+		}
+		if filt.Rewrite != "" {
+			filt.Actions = append(filt.Actions, filtRewrite)
+			filtmap[filtRewrite] = append(filtmap[filtRewrite], filt)
+		}
+		filtmap[filtAny] = append(filtmap[filtAny], filt)
+	}
+	sorting := filtmap[filtAny]
+	sort.Slice(filtmap[filtAny], func(i, j int) bool {
+		return sorting[i].Name < sorting[j].Name
+	})
+	if !expflush.IsZero() {
+		dur := expflush.Sub(now)
+		go filtcacheclear(userid, dur)
+	}
+	return filtmap, true
+}
+
+func filtcacheclear(userid int64, dur time.Duration) {
+	time.Sleep(dur + time.Second)
+	filtInvalidator.Clear(userid)
+}
+
+func getfilters(userid int64, scope filtType) []*Filter {
+	var filtmap afiltermap
+	ok := filtcache.Get(userid, &filtmap)
+	if ok {
+		return filtmap[scope]
+	}
+	return nil
+}
+
+type arejectmap map[string][]*Filter
+
+var rejectAnyKey = "..."
+
+var rejectcache = cache.New(cache.Options{Filler: func(userid int64) (arejectmap, bool) {
+	m := make(arejectmap)
+	filts := getfilters(userid, filtReject)
+	for _, f := range filts {
+		if f.Text != "" {
+			key := rejectAnyKey
+			m[key] = append(m[key], f)
+			continue
+		}
+		if f.IsAnnounce && f.AnnounceOf != "" {
+			key := f.AnnounceOf
+			m[key] = append(m[key], f)
+		}
+		if f.Actor != "" {
+			key := f.Actor
+			m[key] = append(m[key], f)
+		}
+	}
+	return m, true
+}, Invalidator: &filtInvalidator})
+
+func rejectfilters(userid int64, name string) []*Filter {
+	var m arejectmap
+	rejectcache.Get(userid, &m)
+	return m[name]
+}
+
+func rejectorigin(userid int64, origin string, isannounce bool) bool {
+	if o := originate(origin); o != "" {
+		origin = o
+	}
+	filts := rejectfilters(userid, origin)
+	for _, f := range filts {
+		if isannounce && f.IsAnnounce {
+			if f.AnnounceOf == origin {
+				return true
+			}
+		}
+		if f.Actor == origin {
+			return true
+		}
+	}
+	return false
+}
+
+func rejectactor(userid int64, actor string) bool {
+	filts := rejectfilters(userid, actor)
+	for _, f := range filts {
+		if f.IsAnnounce {
+			continue
+		}
+		if f.Actor == actor {
+			ilog.Printf("rejecting actor: %s", actor)
+			return true
+		}
+	}
+	origin := originate(actor)
+	if origin == "" {
+		return false
+	}
+	filts = rejectfilters(userid, origin)
+	for _, f := range filts {
+		if f.IsAnnounce {
+			continue
+		}
+		if f.Actor == origin {
+			ilog.Printf("rejecting actor: %s", actor)
+			return true
+		}
+	}
+	return false
+}
+
+func stealthmode(userid int64, r *http.Request) bool {
+	agent := r.UserAgent()
+	agent = originate(agent)
+	if agent != "" {
+		fake := rejectorigin(userid, agent, false)
+		if fake {
+			ilog.Printf("faking 404 for %s", agent)
+			return true
+		}
+	}
+	return false
+}
+
+func matchfilter(h *Honk, f *Filter) bool {
+	return matchfilterX(h, f) != ""
+}
+
+func matchfilterX(h *Honk, f *Filter) string {
+	rv := ""
+	match := true
+	if match && f.Actor != "" {
+		match = false
+		if f.Actor == h.Honker || f.Actor == h.Oonker {
+			match = true
+			rv = f.Actor
+		}
+		if !match && (f.Actor == originate(h.Honker) ||
+			f.Actor == originate(h.Oonker) ||
+			f.Actor == originate(h.XID)) {
+			match = true
+			rv = f.Actor
+		}
+		if !match && f.IncludeAudience {
+			for _, a := range h.Audience {
+				if f.Actor == a || f.Actor == originate(a) {
+					match = true
+					rv = f.Actor
+					break
+				}
+			}
+		}
+	}
+	if match && f.IsAnnounce {
+		match = false
+		if (f.AnnounceOf == "" && h.Oonker != "") || f.AnnounceOf == h.Oonker ||
+			f.AnnounceOf == originate(h.Oonker) {
+			match = true
+			rv += " announce"
+		}
+	}
+	if match && f.Text != "" {
+		match = false
+		re := f.re_text
+		m := re.FindString(h.Precis)
+		if m == "" {
+			m = re.FindString(h.Noise)
+		}
+		if m == "" {
+			for _, d := range h.Donks {
+				m = re.FindString(d.Desc)
+				if m != "" {
+					break
+				}
+			}
+		}
+		if m != "" {
+			match = true
+			rv = m
+		}
+	}
+	if match {
+		return rv
+	}
+	return ""
+}
+
+func rejectxonk(xonk *Honk) bool {
+	var m arejectmap
+	rejectcache.Get(xonk.UserID, &m)
+	filts := m[rejectAnyKey]
+	filts = append(filts, m[xonk.Honker]...)
+	filts = append(filts, m[originate(xonk.Honker)]...)
+	filts = append(filts, m[xonk.Oonker]...)
+	filts = append(filts, m[originate(xonk.Oonker)]...)
+	for _, a := range xonk.Audience {
+		filts = append(filts, m[a]...)
+		filts = append(filts, m[originate(a)]...)
+	}
+	for _, f := range filts {
+		if cause := matchfilterX(xonk, f); cause != "" {
+			ilog.Printf("rejecting %s because %s", xonk.XID, cause)
+			return true
+		}
+	}
+	return false
+}
+
+func skipMedia(xonk *Honk) bool {
+	filts := getfilters(xonk.UserID, filtSkipMedia)
+	for _, f := range filts {
+		if matchfilter(xonk, f) {
+			return true
+		}
+	}
+	return false
+}
+
+func unsee(honks []*Honk, userid int64) {
+	if userid != -1 {
+		colfilts := getfilters(userid, filtCollapse)
+		rwfilts := getfilters(userid, filtRewrite)
+		for _, h := range honks {
+			for _, f := range colfilts {
+				if bad := matchfilterX(h, f); bad != "" {
+					if h.Precis == "" {
+						h.Precis = bad
+					}
+					h.Open = ""
+					break
+				}
+			}
+			if h.Open == "open" && h.Precis == "unspecified horror" {
+				h.Precis = ""
+			}
+			for _, f := range rwfilts {
+				if matchfilter(h, f) {
+					h.Noise = f.re_rewrite.ReplaceAllString(h.Noise, f.Replace)
+				}
+			}
+			if len(h.Noise) > 6000 && h.Open == "open" {
+				if h.Precis == "" {
+					h.Precis = "really freaking long"
+				}
+				h.Open = ""
+			}
+		}
+	}
+}
+
+var untagged = cache.New(cache.Options{Filler: func(userid int64) (map[string]bool, bool) {
+	rows, err := stmtUntagged.Query(userid)
+	if err != nil {
+		elog.Printf("error query untagged: %s", err)
+		return nil, false
+	}
+	defer rows.Close()
+	bad := make(map[string]bool)
+	for rows.Next() {
+		var xid, rid string
+		var flags int64
+		err = rows.Scan(&xid, &rid, &flags)
+		if err != nil {
+			elog.Printf("error scanning untag: %s", err)
+			continue
+		}
+		if flags&flagIsUntagged != 0 {
+			bad[xid] = true
+		}
+		if bad[rid] {
+			bad[xid] = true
+		}
+	}
+	return bad, true
+}})
+
+func osmosis(honks []*Honk, userid int64, withfilt bool) []*Honk {
+	var badparents map[string]bool
+	untagged.GetAndLock(userid, &badparents)
+	j := 0
+	reversehonks(honks)
+	for _, h := range honks {
+		if badparents[h.RID] {
+			badparents[h.XID] = true
+			continue
+		}
+		honks[j] = h
+		j++
+	}
+	untagged.Unlock()
+	honks = honks[0:j]
+	reversehonks(honks)
+	if !withfilt {
+		return honks
+	}
+	filts := getfilters(userid, filtHide)
+	j = 0
+outer:
+	for _, h := range honks {
+		for _, f := range filts {
+			if matchfilter(h, f) {
+				continue outer
+			}
+		}
+		honks[j] = h
+		j++
+	}
+	honks = honks[0:j]
+	return honks
+}