layout tweaks

content/_index.md

@@ -9,4 +9,4 @@ paginate_by = 10
 
 * Want a quick overview of our advice for all comrades? [**See our recommendations**](/recommendations).
 * Don't know where to start? [**Tails for Anarchists**](/posts/tails/) is the guide with the most relevance to all anarchists. All incriminating digital activities should be accomplished with Tails (such as action research or writing communiques). 
-* You can also check out a [**series of articles**](/series) or pick a [**tag**](/tags) that interests you.
+* You can also check out a [**series of guides**](/series) or pick a [**tag**](/tags) that interests you.

content/posts/qubes/index.md

@@ -335,7 +335,7 @@ There is a lot more flexibility in how you configure Qubes OS than Tails, but mo
 * Reducing risks when using untrusted computers
 	* The [verification stage](https://www.qubes-os.org/security/verifying-signatures/) of the Qubes OS installation is equivalent to [GnuPG verification of Tails](https://tails.boum.org/install/expert/index.en.html).
 	* Only attach USBs and external drives to a qube that is disposable and offline. 
-	* To mitigate against physical attacks to the computer, buy a dedicated laptop from a refurbished store, make it [tamper-evident and store it in a tamper-evident safe](/posts/tamper/).
+	* To mitigate against physical attacks to the computer, buy a dedicated laptop from a refurbished store, make the laptop screws [tamper-evident and use tamper-evident storage](/posts/tamper/).
 	* To mitigate against remote attacks to the computer, you can use anonymous Wi-Fi, and replace the BIOS with [HEADS](https://osresearch.net/). It's not possible to remove the hard drive, and Qubes OS already isolates the Bluetooth interface, camera and microphone. USBs with secure firmware are less important thanks to the isolation that sys-usb provides, and a USB with a physical write-protect switch is unnecessary because the operating system files are stored on the hard drive (and App qubes don't have write access to their templates). 
 * Encryption
 	* Passwords: [See above](#password-management) 

content/posts/tails-best/index.md

@@ -62,10 +62,10 @@ This first issue is mitigated by [**Tor bridges**](https://tails.boum.org/doc/an
 
 * Tor Bridges are secret Tor relays that keep your connection to the Tor network hidden. However, this is only necessary where connections to Tor are blocked, for example in some countries with heavy censorship, by some public networks, or by some parental controls. This is because Tor and Tails don't protect you by making you look like any random Internet user, but by making all Tor and Tails users look the same. It becomes impossible to know who is who among them.
 
-> A powerful adversary, who could analyze the timing and shape of the traffic entering and exiting the Tor network, might be able to deanonymize Tor users. These attacks are called *end-to-end correlation* attacks, because the attacker has to observe both ends of a Tor circuit at the same time. [...] End-to-end correlation attacks have been studied in research papers, but we don't know of any actual use to deanonymize Tor users.
-
 ### Protecting against determined, skilled attackers
 
+> A powerful adversary, who could analyze the timing and shape of the traffic entering and exiting the Tor network, might be able to deanonymize Tor users. These attacks are called *end-to-end correlation* attacks, because the attacker has to observe both ends of a Tor circuit at the same time. [...] End-to-end correlation attacks have been studied in research papers, but we don't know of any actual use to deanonymize Tor users.
+
 This second issue is mitigated by **not using an Internet connection that could deanonymize you** and by **prioritizing .onion links when available**:
 
 * Wi-Fi adapters that work through SIM cards are not a good idea. The unique identification number of your SIM card (IMSI) and the unique serial number of your adapter (IMEI) are also transmitted to the mobile network provider every time you connect, allowing identification as well as geographical localization. The adapter works like a cell phone! If you do not want different research sessions to be associated with each other, do not use such an adapter or the SIM card more than once!

layout/anarsec_article.typ

@@ -12,12 +12,20 @@
   // format lists
   set list(marker: ([•], [--]))
 
+
   // front cover
   page()[
-    #set align(center + horizon)
+    #place(
-    
+      center + top,
-    #image(frontimage)
+      dy: 150pt,
+      image(frontimage)
+    )
     
+    #place(
+      center + horizon,
+      dy: 40pt,
+    )[
+      #set text(font: "Jost")
       #text(25pt, title)
 
       #{ 
@@ -25,10 +33,14 @@
           text(18pt, subtitle)
         }
       }
+    ]
     
-    #set align(center + bottom)
+    #place(
-
+      center + bottom
+    )[
+      #set text(font: "Jost")
       #text(18pt)[Series: #category]
+    ]
 
   ]
 
@@ -41,10 +53,29 @@
     #text()[The dagger symbol #super[†] on a word means that there is a glossary entry for it. Ai ferri corti.]
   ]
   
-  // table of contents
+  // set headings
-  page()[
+  show heading.where(level: 1): it => {
-    #outline(indent: 20pt, depth: 3)
+    pagebreak(weak: true)
+    block(width: 100%)[
+      #set align(center)
+      #set text(size: 22pt, font: "Jost")
+      #text(it.body)
+      #v(10pt)
     ]
+  }
+  show heading.where(level: 2): it => block(width: 100%)[
+    #set text(size: 16pt, font: "Jost")
+    #text(it.body)
+    #v(10pt)
+  ]
+  show heading.where(level: 3): it => block(width: 100%)[
+    #set text(size: 14pt, font: "Jost", weight: "bold")
+    #text(it.body)
+    #v(10pt)
+  ]
+
+  // table of contents
+  outline(indent: 20pt, depth: 3)
 
   // format links
   show link: it => {
@@ -86,26 +117,6 @@
   
   pagebreak(weak: true)
   
-  show heading.where(level: 1): it => {
-    pagebreak(weak: true)
-    block(width: 100%)[
-      #set align(center)
-      #set text(26pt)
-      #smallcaps(it.body)
-      #v(10pt)
-    ]
-  }
-  show heading.where(level: 2): it => block(width: 100%)[
-    #set text(19pt)
-    #text(it.body)
-    #v(10pt)
-  ]
-  show heading.where(level: 3): it => block(width: 100%)[
-    #set text(14pt, weight: "bold")
-    #text(it.body)
-    #v(10pt)
-  ]
-  
   content
   
   set page(numbering: none)
@@ -113,13 +124,12 @@
   // back cover
   page()[
     #text()[
-        #set align(center + horizon)
+        #place(center + horizon, dy: -100pt, block(width: 100%, align(left, par(justify: true, description))))
         
-        #block(width: 100%, align(left, par(justify: true, description)))
+        #place(center + bottom, dy: 20pt, image(height: 250pt, backimage))
-        
-        #image(height: 250pt, backimage)
     ]
   ]
+  
 }
 
 // blockquote function ; TODO: remove when typst has a native blockquote function (see https://github.com/typst/typst/issues/105)

layout/python/anarsec_article_to_pdf.py

@@ -109,6 +109,10 @@ class Converter:
                 back_image = pathlib.Path(workingDirectory) / "back_image.png"
                 shutil.copy(self.anarsec_root / "static" / "images" / "gay.png", back_image)
 
+                # Copy the header font
+                header_font = pathlib.Path(workingDirectory) / "Jost-Medium.ttf"
+                shutil.copy(self.anarsec_root / "static" / "fonts" / "Jost-Medium.ttf", header_font)
+                
                 # Add recommendations to the Markdown content
                 recommendations = re.search(r'\+{3}.*?\+{3}(.*)', recommendations_file.open().read(), re.MULTILINE | re.DOTALL).group(1)
                 markdown_content += f"\n\n# Recommendations\n\n{recommendations}\n\n"
@@ -170,6 +174,9 @@ class Converter:
                     
                 # Convert the full typst file to PDF
                 pdf_path = pathlib.Path(workingDirectory) / f"{self.post_id}.pdf"
+
+                os.environ["TYPST_FONT_PATHS"] = str(workingDirectory)
+
                 subprocess.check_call(
                     [str(self.typst_binary), "--root", workingDirectory, "compile", full_typst_path, pdf_path],
                     stderr = subprocess.STDOUT