diff --git a/.orgids b/.orgids
index 64a0d099..d9fc8296 100644
--- a/.orgids
+++ b/.orgids
@@ -1,2 +1,2 @@
-(("../Library/Mobile Documents/iCloud~com~appsonthemove~beorg/Documents/org/notes/iroh_team_meeting_notes.org" "72772426-cd53-4f61-b584-7807d274c0ad") ("../Library/Mobile Documents/iCloud~com~appsonthemove~beorg/Documents/org/notes/rigid_vs_flexible.org" "a397da72-7731-4a69-9460-38f4a76fbfc1") ("../Library/Mobile Documents/iCloud~com~appsonthemove~beorg/Documents/org/notes/deploy_new_environment_staging.org" "7b35763c-84af-41fa-bad5-b407b33ff020") ("../Library/Mobile Documents/iCloud~com~appsonthemove~beorg/Documents/org/notes/chien_d_assistance.org" "c26339f6-e0bc-40e3-8fe3-94e4b41b61b0") ("../Library/Mobile Documents/iCloud~com~appsonthemove~beorg/Documents/org/notes/elegance.org" "f3e7b5bf-81a1-4592-89fa-f2094a8136d5") ("../Library/Mobile Documents/iCloud~com~appsonthemove~beorg/Documents/org/notes/gaia_2023_10_14_charge_rose.org" "7a256b49-ca75-4c7a-96fe-85c151f2b6ae") ("../Library/Mobile Documents/iCloud~com~appsonthemove~beorg/Documents/org/notes/radiation_chien_espoir_handicap.org" "882b81e7-14e1-40e7-b818-67320f760c59") ("../Library/Mobile Documents/iCloud~com~appsonthemove~beorg/Documents/org/notes/iroh_offsite_2023_notes.org" "437300b8-0f8e-4923-b6d2-d8c7a2db4b6d") ("../Library/Mobile Documents/iCloud~com~appsonthemove~beorg/Documents/org/notes/cisco_staging_environment_kick_off.org" "aa8ba7b5-d4e5-48c0-9e7a-2a5adb504d38") ("../Library/Mobile Documents/iCloud~com~appsonthemove~beorg/Documents/org/notes/cisco_custom_roles.org" "13070c29-3c00-43f2-a73d-dedc056fb503") ("../Library/Mobile Documents/iCloud~com~appsonthemove~beorg/Documents/org/notes/personal_retrospective_template.org" "f70bf00d-8bc8-445e-a65d-2b960b46f419") ("../Library/Mobile Documents/iCloud~com~appsonthemove~beorg/Documents/org/notes/cookie_clicker_save.org" "3d75e1da-3fc4-414d-90f8-c3266eed3ddc") ("../Library/Mobile Documents/iCloud~com~appsonthemove~beorg/Documents/org/notes/chien_espoir_handicap_ag.org" "7a934ca5-31c0-4cf8-8a86-1efa89904b31") ("../Library/Mobile Documents/iCloud~com~appsonthemove~beorg/Documents/org/notes/capt_website.org" "54f15fc7-8c85-4bde-a15a-ea9fe94e7c2f") ("../Library/Mobile Documents/iCloud~com~appsonthemove~beorg/Documents/org/notes/rbac_for_clients.org" "8f30dbd3-8c24-4fd6-b784-2753130453ec") ("../Library/Mobile Documents/iCloud~com~appsonthemove~beorg/Documents/org/notes/maintenance_questions.org" "b55abfad-ea21-4e81-8017-e99b8af33f9c") ("../Library/Mobile Documents/iCloud~com~appsonthemove~beorg/Documents/org/notes/brut_css.org" "cfd05ee0-488d-4b28-ab97-5fe6fe4a5cae") ("../Library/Mobile Documents/iCloud~com~appsonthemove~beorg/Documents/org/notes/one_one_v2.org" "9699f986-29ad-429f-9ca9-1080062ae11c") ("../Library/Mobile Documents/iCloud~com~appsonthemove~beorg/Documents/org/notes/duo.org" "e9d79b8d-3779-45b7-9360-7bb5558ffbeb") ("../Library/Mobile Documents/iCloud~com~appsonthemove~beorg/Documents/org/notes/amstrad.org" "a9971a5b-6565-4835-9c49-c968011bbc21") ("../Library/Mobile Documents/iCloud~com~appsonthemove~beorg/Documents/org/notes/positive_attitude.org" "8deaa4e4-a96c-4d3c-96df-8f23e0d90f1e") ("../Library/Mobile Documents/iCloud~com~appsonthemove~beorg/Documents/org/notes/weekly_platform.org" "1194cbe4-b31c-4b17-9e0a-f0ee8422292c") ("../Library/Mobile Documents/iCloud~com~appsonthemove~beorg/Documents/org/notes/weekly_iroh_auth_notes.org" "8ddf9276-6888-4502-9dd9-943769726ca1") ("../Library/Mobile Documents/iCloud~com~appsonthemove~beorg/Documents/org/notes/vigiglobe.org" "07412c20-49d3-4616-957f-5ddd246ed080") ("../Library/Mobile Documents/iCloud~com~appsonthemove~beorg/Documents/org/notes/presentation_leads.org" "22d031b5-ff8e-46df-a306-0ca30ab7358b") ("../Library/Mobile Documents/iCloud~com~appsonthemove~beorg/Documents/org/notes/characteristics_of_pseudoscience.org" "509cbe3e-cf95-4bcd-9f61-9cc74aa35a8c") ("../Library/Mobile Documents/iCloud~com~appsonthemove~beorg/Documents/org/notes/impots_2021.org" "8daf6185-ad0e-40c2-af79-0bb885505303") ("../Library/Mobile Documents/iCloud~com~appsonthemove~beorg/Documents/org/notes/deep_merge_exploration.org" "c1dbe471-a470-4d44-a91c-0bfda0d47d21") ("../Library/Mobile Documents/iCloud~com~appsonthemove~beorg/Documents/org/notes/cisco_securex_ips.org" "c9e0342f-f082-4c9b-9dcd-f1629124ac71") ("../Library/Mobile Documents/iCloud~com~appsonthemove~beorg/Documents/org/notes/new_iroh_auth_apis.org" "2c317dbe-4fca-444b-b0bc-f9174522e106") ("../Library/Mobile Documents/iCloud~com~appsonthemove~beorg/Documents/org/notes/remove_securex_tg_login_button.org" "3290e028-b7a6-4be3-a5d2-45bf89ff2f0d") ("../Library/Mobile Documents/iCloud~com~appsonthemove~beorg/Documents/org/notes/interview_shafiq.org" "094630db-95cf-416f-a147-ca5fdeddd902") ("../Library/Mobile Documents/iCloud~com~appsonthemove~beorg/Documents/org/notes/factorio_maps.org" "e5c17702-09d5-4d7d-97ff-95a8de353ea0") ("../Library/Mobile Documents/iCloud~com~appsonthemove~beorg/Documents/org/notes/artificial_life_game_approach.org" "8a37b5d3-8ee5-45cd-8c32-021b8d42210f") ("../Library/Mobile Documents/iCloud~com~appsonthemove~beorg/Documents/org/notes/customer_manager.org" "99fd9444-ae5d-4d51-a295-a936fc01928a") ("../Library/Mobile Documents/iCloud~com~appsonthemove~beorg/Documents/org/notes/cisco_team_history.org" "e3296579-2f2e-4f23-92e2-1ce9fef6fe04") ("../../../Applications/y/her.esy.fun/src/posts/0013-how-to-choose-your-tools/index.org" "c2e61938-8493-434a-9ffa-9fd4698d9863") ("../../../Applications/y/her.esy.fun/src/posts/0019-utopia-tv-show/index.org" "88e25182-ee54-4d2e-b373-b4e06fc292c8") ("../Library/Mobile Documents/iCloud~com~appsonthemove~beorg/Documents/org/notes/interview_certification.org" "93027c33-dcf8-4bda-8aee-60f507e0ff4a") ("../Library/Mobile Documents/iCloud~com~appsonthemove~beorg/Documents/org/notes/how_to_speak.org" "4ad5f64e-c330-4f36-8f8a-d82a1ae993a0") ("../Library/Mobile Documents/iCloud~com~appsonthemove~beorg/Documents/org/notes/cisco_ft_securex_registration.org" "1208f09c-d37d-4e6b-9110-151f3c6b7d34") ("../Library/Mobile Documents/iCloud~com~appsonthemove~beorg/Documents/org/notes/simplex_chat.org" "5a711803-6a92-40e3-817d-40f564ac5cf8") ("../Library/Mobile Documents/iCloud~com~appsonthemove~beorg/Documents/org/notes/security.org" "2351f4cb-85a3-45ca-9bb5-f13a559afcfe") ("../Library/Mobile Documents/iCloud~com~appsonthemove~beorg/Documents/org/notes/chat.org" "fb32a68e-b32c-4ce5-9c6a-cc141a122708") ("../Library/Mobile Documents/iCloud~com~appsonthemove~beorg/Documents/org/notes/encryption.org" "80630a59-70f2-435b-967b-abb162324be8") ("../Library/Mobile Documents/iCloud~com~appsonthemove~beorg/Documents/org/notes/redirect_to_new_page_with_useridentity_jwt.org" "f46a4a9e-6a06-4b9e-8764-30cd8c501d7e") ("../Library/Mobile Documents/iCloud~com~appsonthemove~beorg/Documents/org/notes/one_one_meetings.org" "cd101af9-2dd7-41b7-85d6-4de5c0c594df") ("../Library/Mobile Documents/iCloud~com~appsonthemove~beorg/Documents/org/notes/management.org" "719fabee-1094-4596-b26e-55fe7a512113") ("../Library/Mobile Documents/iCloud~com~appsonthemove~beorg/Documents/org/notes/high_iq_captcha.org" "b6402aa6-3315-4317-82a5-367af38f0ead") ("../Library/Mobile Documents/iCloud~com~appsonthemove~beorg/Documents/org/notes/cisco_user_data.org" "e6db475b-9ccc-43b2-bcfe-057215ddc1d1") ("../Library/Mobile Documents/iCloud~com~appsonthemove~beorg/Documents/org/notes/iroh_auth_ui_enhancements.org" "fe9118f2-3cf1-4a9c-b97d-d5d58f9d0769") ("../Library/Mobile Documents/iCloud~com~appsonthemove~beorg/Documents/org/notes/cisco.org" "ce893df9-32a4-44e0-9eb5-b9817141ee6a") ("../Library/Mobile Documents/iCloud~com~appsonthemove~beorg/Documents/org/notes/cisco_org_level_entities.org" "b30f9e63-e655-40e6-9a58-5a390a7921bb") ("../Library/Mobile Documents/iCloud~com~appsonthemove~beorg/Documents/org/notes/lgtm.org" "cc2e9340-1340-4d28-8f54-47080a569c7e") ("../Library/Mobile Documents/iCloud~com~appsonthemove~beorg/Documents/org/notes/one_hacker_way_by_erik_meijer_goto_2015.org" "02bd2e1e-cd10-4b29-bd03-611edf0c7eab") ("../Library/Mobile Documents/iCloud~com~appsonthemove~beorg/Documents/org/notes/hacker_culture.org" "0caa54f7-bbac-486c-855c-f299943f4226") ("../Library/Mobile Documents/iCloud~com~appsonthemove~beorg/Documents/org/notes/browserless_software_project_management_with_git.org" "13c23225-379a-45a8-bed1-24fb6a054454") ("../Library/Mobile Documents/iCloud~com~appsonthemove~beorg/Documents/org/notes/template_information_chien_d_assistance.org" "b0b0b46f-a11e-4c4b-8d1f-0d444847aeae") ("../Library/Mobile Documents/iCloud~com~appsonthemove~beorg/Documents/org/notes/either_in_clojure.org" "b413e4db-1367-4936-8a46-cd5b86178e29") ("../Library/Mobile Documents/iCloud~com~appsonthemove~beorg/Documents/org/notes/html_css_web_techs.org" "7431e4a3-4359-4dcb-89e6-c1c700cd4355") ("../Library/Mobile Documents/iCloud~com~appsonthemove~beorg/Documents/org/notes/custom_routes.org" "0dceeeca-7c23-41a8-b9dc-4642a09618db") ("../Library/Mobile Documents/iCloud~com~appsonthemove~beorg/Documents/org/notes/what_i_forsee_about_the_future_of_developers.org" "16bbfe28-ea40-437f-861d-1eacb408d34f") ("../Library/Mobile Documents/iCloud~com~appsonthemove~beorg/Documents/org/notes/composable_shell_nix.org" "8c33ebae-bccf-4e73-837b-f52fa4c5e4c6") ("../Library/Mobile Documents/iCloud~com~appsonthemove~beorg/Documents/org/notes/permission_outside_scopes.org" "8c6d80b5-dc83-40ee-b187-4b0427c77f78") ("../Library/Mobile Documents/iCloud~com~appsonthemove~beorg/Documents/org/notes/cisco_qdd.org" "32684342-7935-41c3-b855-4a748662b15d") ("../Library/Mobile Documents/iCloud~com~appsonthemove~beorg/Documents/org/notes/maison_martigues.org" "bac1c907-5733-4837-83bb-747e189432b5") ("../Library/Mobile Documents/iCloud~com~appsonthemove~beorg/Documents/org/notes/full_integration_development_doc.org" "b073b659-19e2-4402-b3ef-087ee67aa201") ("../Library/Mobile Documents/iCloud~com~appsonthemove~beorg/Documents/org/notes/programming_langage_ideas.org" "31da574a-3a97-41e7-9513-764b55830ff1") ("../Library/Mobile Documents/iCloud~com~appsonthemove~beorg/Documents/org/notes/iroh_new_env_init.org" "4d0d86f1-1aba-4166-a61f-8b6199c02e57") ("../Library/Mobile Documents/iCloud~com~appsonthemove~beorg/Documents/org/notes/cisco_staging_environment_doc.org" "c33df84f-9b64-47a8-b716-fcadc0ec4f8c") ("../Library/Mobile Documents/iCloud~com~appsonthemove~beorg/Documents/org/archives/TODO.archive.org" "8163f2ed-7106-4b4a-93b0-7009fe316172" "797ba971-6ae3-49a1-9499-928572760d09" "B72E4288-E96B-4099-8684-37DDF3395C50" "96343FD2-E7A9-4AAA-A40A-8D048DA340E9") ("../Library/Mobile Documents/iCloud~com~appsonthemove~beorg/Documents/org/notes/events_circular_service_dependency_handlers_service.org" "d494276b-97a5-4415-be58-20e908a84f19") ("../Library/Mobile Documents/iCloud~com~appsonthemove~beorg/Documents/org/notes/dynamic_service_architecture_for_big_software.org" "cdf1dfad-99f0-42d6-9eda-7a04dd275c20"))
+(("../Library/Mobile Documents/iCloud~com~appsonthemove~beorg/Documents/org/notes/secure_client_and_orbital_sx_eol.org" "26867184-57cf-472d-b5db-d6349665184e") ("../Library/Mobile Documents/iCloud~com~appsonthemove~beorg/Documents/org/notes/protection_juridique.org" "a6cd5474-53e9-465e-8f49-f544199ccb40") ("../Library/Mobile Documents/iCloud~com~appsonthemove~beorg/Documents/org/notes/scc_integration_piam_option_1.org" "e32045d1-4f6b-491d-b83a-6fa1511e2229") ("../Library/Mobile Documents/iCloud~com~appsonthemove~beorg/Documents/org/notes/on_software_programming_evolution.org" "3acde895-6fb6-433a-a46c-3ebd0dedcdbe") ("../Library/Mobile Documents/iCloud~com~appsonthemove~beorg/Documents/org/notes/iroh_team_meeting_notes.org" "72772426-cd53-4f61-b584-7807d274c0ad") ("../Library/Mobile Documents/iCloud~com~appsonthemove~beorg/Documents/org/notes/rigid_vs_flexible.org" "a397da72-7731-4a69-9460-38f4a76fbfc1") ("../Library/Mobile Documents/iCloud~com~appsonthemove~beorg/Documents/org/notes/deploy_new_environment_staging.org" "7b35763c-84af-41fa-bad5-b407b33ff020") ("../Library/Mobile Documents/iCloud~com~appsonthemove~beorg/Documents/org/notes/chien_d_assistance.org" "c26339f6-e0bc-40e3-8fe3-94e4b41b61b0") ("../Library/Mobile Documents/iCloud~com~appsonthemove~beorg/Documents/org/notes/elegance.org" "f3e7b5bf-81a1-4592-89fa-f2094a8136d5") ("../Library/Mobile Documents/iCloud~com~appsonthemove~beorg/Documents/org/notes/gaia_2023_10_14_charge_rose.org" "7a256b49-ca75-4c7a-96fe-85c151f2b6ae") ("../Library/Mobile Documents/iCloud~com~appsonthemove~beorg/Documents/org/notes/radiation_chien_espoir_handicap.org" "882b81e7-14e1-40e7-b818-67320f760c59") ("../Library/Mobile Documents/iCloud~com~appsonthemove~beorg/Documents/org/notes/iroh_offsite_2023_notes.org" "437300b8-0f8e-4923-b6d2-d8c7a2db4b6d") ("../Library/Mobile Documents/iCloud~com~appsonthemove~beorg/Documents/org/notes/cisco_staging_environment_kick_off.org" "aa8ba7b5-d4e5-48c0-9e7a-2a5adb504d38") ("../Library/Mobile Documents/iCloud~com~appsonthemove~beorg/Documents/org/notes/cisco_custom_roles.org" "13070c29-3c00-43f2-a73d-dedc056fb503") ("../Library/Mobile Documents/iCloud~com~appsonthemove~beorg/Documents/org/notes/personal_retrospective_template.org" "f70bf00d-8bc8-445e-a65d-2b960b46f419") ("../Library/Mobile Documents/iCloud~com~appsonthemove~beorg/Documents/org/notes/cookie_clicker_save.org" "3d75e1da-3fc4-414d-90f8-c3266eed3ddc") ("../Library/Mobile Documents/iCloud~com~appsonthemove~beorg/Documents/org/notes/chien_espoir_handicap_ag.org" "7a934ca5-31c0-4cf8-8a86-1efa89904b31") ("../Library/Mobile Documents/iCloud~com~appsonthemove~beorg/Documents/org/notes/capt_website.org" "54f15fc7-8c85-4bde-a15a-ea9fe94e7c2f") ("../Library/Mobile Documents/iCloud~com~appsonthemove~beorg/Documents/org/notes/rbac_for_clients.org" "8f30dbd3-8c24-4fd6-b784-2753130453ec") ("../Library/Mobile Documents/iCloud~com~appsonthemove~beorg/Documents/org/notes/maintenance_questions.org" "b55abfad-ea21-4e81-8017-e99b8af33f9c") ("../Library/Mobile Documents/iCloud~com~appsonthemove~beorg/Documents/org/notes/brut_css.org" "cfd05ee0-488d-4b28-ab97-5fe6fe4a5cae") ("../Library/Mobile Documents/iCloud~com~appsonthemove~beorg/Documents/org/notes/one_one_v2.org" "9699f986-29ad-429f-9ca9-1080062ae11c") ("../Library/Mobile Documents/iCloud~com~appsonthemove~beorg/Documents/org/notes/duo.org" "e9d79b8d-3779-45b7-9360-7bb5558ffbeb") ("../Library/Mobile Documents/iCloud~com~appsonthemove~beorg/Documents/org/notes/amstrad.org" "a9971a5b-6565-4835-9c49-c968011bbc21") ("../Library/Mobile Documents/iCloud~com~appsonthemove~beorg/Documents/org/notes/positive_attitude.org" "8deaa4e4-a96c-4d3c-96df-8f23e0d90f1e") ("../Library/Mobile Documents/iCloud~com~appsonthemove~beorg/Documents/org/notes/weekly_platform.org" "1194cbe4-b31c-4b17-9e0a-f0ee8422292c") ("../Library/Mobile Documents/iCloud~com~appsonthemove~beorg/Documents/org/notes/weekly_iroh_auth_notes.org" "8ddf9276-6888-4502-9dd9-943769726ca1") ("../Library/Mobile Documents/iCloud~com~appsonthemove~beorg/Documents/org/notes/vigiglobe.org" "07412c20-49d3-4616-957f-5ddd246ed080") ("../Library/Mobile Documents/iCloud~com~appsonthemove~beorg/Documents/org/notes/presentation_leads.org" "22d031b5-ff8e-46df-a306-0ca30ab7358b") ("../Library/Mobile Documents/iCloud~com~appsonthemove~beorg/Documents/org/notes/characteristics_of_pseudoscience.org" "509cbe3e-cf95-4bcd-9f61-9cc74aa35a8c") ("../Library/Mobile Documents/iCloud~com~appsonthemove~beorg/Documents/org/notes/impots_2021.org" "8daf6185-ad0e-40c2-af79-0bb885505303") ("../Library/Mobile Documents/iCloud~com~appsonthemove~beorg/Documents/org/notes/deep_merge_exploration.org" "c1dbe471-a470-4d44-a91c-0bfda0d47d21") ("../Library/Mobile Documents/iCloud~com~appsonthemove~beorg/Documents/org/notes/cisco_securex_ips.org" "c9e0342f-f082-4c9b-9dcd-f1629124ac71") ("../Library/Mobile Documents/iCloud~com~appsonthemove~beorg/Documents/org/notes/new_iroh_auth_apis.org" "2c317dbe-4fca-444b-b0bc-f9174522e106") ("../Library/Mobile Documents/iCloud~com~appsonthemove~beorg/Documents/org/notes/remove_securex_tg_login_button.org" "3290e028-b7a6-4be3-a5d2-45bf89ff2f0d") ("../Library/Mobile Documents/iCloud~com~appsonthemove~beorg/Documents/org/notes/interview_shafiq.org" "094630db-95cf-416f-a147-ca5fdeddd902") ("../Library/Mobile Documents/iCloud~com~appsonthemove~beorg/Documents/org/notes/factorio_maps.org" "e5c17702-09d5-4d7d-97ff-95a8de353ea0") ("../Library/Mobile Documents/iCloud~com~appsonthemove~beorg/Documents/org/notes/artificial_life_game_approach.org" "8a37b5d3-8ee5-45cd-8c32-021b8d42210f") ("../Library/Mobile Documents/iCloud~com~appsonthemove~beorg/Documents/org/notes/customer_manager.org" "99fd9444-ae5d-4d51-a295-a936fc01928a") ("../Library/Mobile Documents/iCloud~com~appsonthemove~beorg/Documents/org/notes/cisco_team_history.org" "e3296579-2f2e-4f23-92e2-1ce9fef6fe04") ("../../../Applications/y/her.esy.fun/src/posts/0013-how-to-choose-your-tools/index.org" "c2e61938-8493-434a-9ffa-9fd4698d9863") ("../../../Applications/y/her.esy.fun/src/posts/0019-utopia-tv-show/index.org" "88e25182-ee54-4d2e-b373-b4e06fc292c8") ("../Library/Mobile Documents/iCloud~com~appsonthemove~beorg/Documents/org/notes/interview_certification.org" "93027c33-dcf8-4bda-8aee-60f507e0ff4a") ("../Library/Mobile Documents/iCloud~com~appsonthemove~beorg/Documents/org/notes/how_to_speak.org" "4ad5f64e-c330-4f36-8f8a-d82a1ae993a0") ("../Library/Mobile Documents/iCloud~com~appsonthemove~beorg/Documents/org/notes/cisco_ft_securex_registration.org" "1208f09c-d37d-4e6b-9110-151f3c6b7d34") ("../Library/Mobile Documents/iCloud~com~appsonthemove~beorg/Documents/org/notes/simplex_chat.org" "5a711803-6a92-40e3-817d-40f564ac5cf8") ("../Library/Mobile Documents/iCloud~com~appsonthemove~beorg/Documents/org/notes/security.org" "2351f4cb-85a3-45ca-9bb5-f13a559afcfe") ("../Library/Mobile Documents/iCloud~com~appsonthemove~beorg/Documents/org/notes/chat.org" "fb32a68e-b32c-4ce5-9c6a-cc141a122708") ("../Library/Mobile Documents/iCloud~com~appsonthemove~beorg/Documents/org/notes/encryption.org" "80630a59-70f2-435b-967b-abb162324be8") ("../Library/Mobile Documents/iCloud~com~appsonthemove~beorg/Documents/org/notes/redirect_to_new_page_with_useridentity_jwt.org" "f46a4a9e-6a06-4b9e-8764-30cd8c501d7e") ("../Library/Mobile Documents/iCloud~com~appsonthemove~beorg/Documents/org/notes/one_one_meetings.org" "cd101af9-2dd7-41b7-85d6-4de5c0c594df") ("../Library/Mobile Documents/iCloud~com~appsonthemove~beorg/Documents/org/notes/management.org" "719fabee-1094-4596-b26e-55fe7a512113") ("../Library/Mobile Documents/iCloud~com~appsonthemove~beorg/Documents/org/notes/high_iq_captcha.org" "b6402aa6-3315-4317-82a5-367af38f0ead") ("../Library/Mobile Documents/iCloud~com~appsonthemove~beorg/Documents/org/notes/cisco_user_data.org" "e6db475b-9ccc-43b2-bcfe-057215ddc1d1") ("../Library/Mobile Documents/iCloud~com~appsonthemove~beorg/Documents/org/notes/iroh_auth_ui_enhancements.org" "fe9118f2-3cf1-4a9c-b97d-d5d58f9d0769") ("../Library/Mobile Documents/iCloud~com~appsonthemove~beorg/Documents/org/notes/cisco.org" "ce893df9-32a4-44e0-9eb5-b9817141ee6a") ("../Library/Mobile Documents/iCloud~com~appsonthemove~beorg/Documents/org/notes/cisco_org_level_entities.org" "b30f9e63-e655-40e6-9a58-5a390a7921bb") ("../Library/Mobile Documents/iCloud~com~appsonthemove~beorg/Documents/org/notes/lgtm.org" "cc2e9340-1340-4d28-8f54-47080a569c7e") ("../Library/Mobile Documents/iCloud~com~appsonthemove~beorg/Documents/org/notes/one_hacker_way_by_erik_meijer_goto_2015.org" "02bd2e1e-cd10-4b29-bd03-611edf0c7eab") ("../Library/Mobile Documents/iCloud~com~appsonthemove~beorg/Documents/org/notes/hacker_culture.org" "0caa54f7-bbac-486c-855c-f299943f4226") ("../Library/Mobile Documents/iCloud~com~appsonthemove~beorg/Documents/org/notes/browserless_software_project_management_with_git.org" "13c23225-379a-45a8-bed1-24fb6a054454") ("../Library/Mobile Documents/iCloud~com~appsonthemove~beorg/Documents/org/notes/template_information_chien_d_assistance.org" "b0b0b46f-a11e-4c4b-8d1f-0d444847aeae") ("../Library/Mobile Documents/iCloud~com~appsonthemove~beorg/Documents/org/notes/either_in_clojure.org" "b413e4db-1367-4936-8a46-cd5b86178e29") ("../Library/Mobile Documents/iCloud~com~appsonthemove~beorg/Documents/org/notes/html_css_web_techs.org" "7431e4a3-4359-4dcb-89e6-c1c700cd4355") ("../Library/Mobile Documents/iCloud~com~appsonthemove~beorg/Documents/org/notes/custom_routes.org" "0dceeeca-7c23-41a8-b9dc-4642a09618db") ("../Library/Mobile Documents/iCloud~com~appsonthemove~beorg/Documents/org/notes/what_i_forsee_about_the_future_of_developers.org" "16bbfe28-ea40-437f-861d-1eacb408d34f") ("../Library/Mobile Documents/iCloud~com~appsonthemove~beorg/Documents/org/notes/composable_shell_nix.org" "8c33ebae-bccf-4e73-837b-f52fa4c5e4c6") ("../Library/Mobile Documents/iCloud~com~appsonthemove~beorg/Documents/org/notes/permission_outside_scopes.org" "8c6d80b5-dc83-40ee-b187-4b0427c77f78") ("../Library/Mobile Documents/iCloud~com~appsonthemove~beorg/Documents/org/notes/cisco_qdd.org" "32684342-7935-41c3-b855-4a748662b15d") ("../Library/Mobile Documents/iCloud~com~appsonthemove~beorg/Documents/org/notes/maison_martigues.org" "bac1c907-5733-4837-83bb-747e189432b5") ("../Library/Mobile Documents/iCloud~com~appsonthemove~beorg/Documents/org/notes/full_integration_development_doc.org" "b073b659-19e2-4402-b3ef-087ee67aa201") ("../Library/Mobile Documents/iCloud~com~appsonthemove~beorg/Documents/org/notes/programming_langage_ideas.org" "31da574a-3a97-41e7-9513-764b55830ff1") ("../Library/Mobile Documents/iCloud~com~appsonthemove~beorg/Documents/org/notes/iroh_new_env_init.org" "4d0d86f1-1aba-4166-a61f-8b6199c02e57") ("../Library/Mobile Documents/iCloud~com~appsonthemove~beorg/Documents/org/notes/cisco_staging_environment_doc.org" "c33df84f-9b64-47a8-b716-fcadc0ec4f8c") ("../Library/Mobile Documents/iCloud~com~appsonthemove~beorg/Documents/org/notes/events_circular_service_dependency_handlers_service.org" "d494276b-97a5-4415-be58-20e908a84f19") ("../Library/Mobile Documents/iCloud~com~appsonthemove~beorg/Documents/org/notes/dynamic_service_architecture_for_big_software.org" "cdf1dfad-99f0-42d6-9eda-7a04dd275c20") ("../Library/Mobile Documents/iCloud~com~appsonthemove~beorg/Documents/org/notes/retrieve_tokens_for_ai_assistant.org" "7d934841-a145-4833-8389-18ba449a6de7") ("../Library/Mobile Documents/iCloud~com~appsonthemove~beorg/Documents/org/notes/sx_eol_phase_1.org" "c60e01f9-9513-46f7-85f8-994f90989b2f") ("../Library/Mobile Documents/iCloud~com~appsonthemove~beorg/Documents/org/notes/sx_eol_phase_1_presentation.org" "7ddbbc9f-a3a9-4ef3-b751-3f12be315482") ("../Library/Mobile Documents/iCloud~com~appsonthemove~beorg/Documents/org/notes/ai_and_death_of_the_web_as_we_know_it.org" "1f142832-05f9-4280-a8ca-aa6f35209f91") ("../Library/Mobile Documents/iCloud~com~appsonthemove~beorg/Documents/org/notes/budget_famille.org" "6899703d-51cb-49e6-a16b-30ae460ed055") ("../Library/Mobile Documents/iCloud~com~appsonthemove~beorg/Documents/org/notes/impots_2023.org" "9952b8ac-59df-442c-b3aa-64e78e47d9b1") ("../Library/Mobile Documents/iCloud~com~appsonthemove~beorg/Documents/org/notes/cisco_iroh_client_data_retention.org" "b129bbc2-43c7-4ba6-bcba-23fcc45add4f") ("../Library/Mobile Documents/iCloud~com~appsonthemove~beorg/Documents/org/archives/TODO.archive.org" "8163f2ed-7106-4b4a-93b0-7009fe316172" "797ba971-6ae3-49a1-9499-928572760d09" "B72E4288-E96B-4099-8684-37DDF3395C50" "96343FD2-E7A9-4AAA-A40A-8D048DA340E9"))
diff --git a/Cisco.org.gpg b/Cisco.org.gpg
index 3bbc1ce9..46370266 100644
Binary files a/Cisco.org.gpg and b/Cisco.org.gpg differ
diff --git a/SE_Orbital_provisioning.png b/SE_Orbital_provisioning.png
new file mode 100644
index 00000000..2b8dcfba
Binary files /dev/null and b/SE_Orbital_provisioning.png differ
diff --git a/archives/Cisco.archive.org.gpg b/archives/Cisco.archive.org.gpg
index 4d43fd03..807837de 100644
Binary files a/archives/Cisco.archive.org.gpg and b/archives/Cisco.archive.org.gpg differ
diff --git a/archives/TODO.archive.org b/archives/TODO.archive.org
index 2b07776e..1916b421 100644
--- a/archives/TODO.archive.org
+++ b/archives/TODO.archive.org
@@ -12746,3 +12746,459 @@ SCHEDULED: <2024-01-31 Wed 10:07>
:ARCHIVE_TODO: DONE
:END:
[2024-01-31 Wed 07:07]
+
+* DONE answer webexteams://im?space=06fcf5e0-9dca-11ee-baad-23b6ab543fdf&message=da31b7f0-c12b-11ee-ac23-e7bfffb2503c
+SCHEDULED: <2024-02-02 Fri 10:51>
+:PROPERTIES:
+:ARCHIVE_TIME: 2024-02-15 Thu 10:00
+:ARCHIVE_FILE: ~/Library/Mobile Documents/iCloud~com~appsonthemove~beorg/Documents/org/inbox.org
+:ARCHIVE_CATEGORY: inbox
+:ARCHIVE_TODO: DONE
+:END:
+[2024-02-01 Thu 20:50]
+
+* DONE Appeler assurance Toyota
+SCHEDULED: <2024-02-14 Wed 10:23>
+:PROPERTIES:
+:ARCHIVE_TIME: 2024-02-15 Thu 10:00
+:ARCHIVE_FILE: ~/Library/Mobile Documents/iCloud~com~appsonthemove~beorg/Documents/org/inbox.org
+:ARCHIVE_CATEGORY: inbox
+:ARCHIVE_TODO: DONE
+:END:
+[2024-02-13 Tue 19:23]
+
+* DONE [#B] Payer Farina
+DEADLINE: <2024-02-01 Thu 10:00>
+:PROPERTIES:
+:ARCHIVE_TIME: 2024-02-15 Thu 10:01
+:ARCHIVE_FILE: ~/Library/Mobile Documents/iCloud~com~appsonthemove~beorg/Documents/org/inbox.org
+:ARCHIVE_OLPATH: Inbox
+:ARCHIVE_CATEGORY: inbox
+:ARCHIVE_TODO: DONE
+:END:
+[2024-01-31 Wed 21:03]
+
+* DONE Carrosserie
+SCHEDULED: <2024-01-18 Thu 10:00>
+:PROPERTIES:
+:ARCHIVE_TIME: 2024-02-15 Thu 10:01
+:ARCHIVE_FILE: ~/Library/Mobile Documents/iCloud~com~appsonthemove~beorg/Documents/org/inbox.org
+:ARCHIVE_OLPATH: Inbox
+:ARCHIVE_CATEGORY: inbox
+:ARCHIVE_TODO: DONE
+:END:
+[2024-01-17 Wed 17:14]
+
+* DONE Decision crédit Toyota 17k
+SCHEDULED: <2024-01-14 Sun 14:00>
+:PROPERTIES:
+:ARCHIVE_TIME: 2024-02-15 Thu 10:01
+:ARCHIVE_FILE: ~/Library/Mobile Documents/iCloud~com~appsonthemove~beorg/Documents/org/inbox.org
+:ARCHIVE_OLPATH: Inbox
+:ARCHIVE_CATEGORY: inbox
+:ARCHIVE_TODO: DONE
+:END:
+[2024-01-12 Fri 09:54]
+
+* DONE Lire le wiki vos-finances [[https://www.reddit.com/r/vosfinances/wiki/index][wiki]]
+SCHEDULED: <2024-02-03 Sat 19:10>
+:PROPERTIES:
+:ARCHIVE_TIME: 2024-02-15 Thu 10:01
+:ARCHIVE_FILE: ~/Library/Mobile Documents/iCloud~com~appsonthemove~beorg/Documents/org/inbox.org
+:ARCHIVE_OLPATH: Inbox
+:ARCHIVE_CATEGORY: inbox
+:ARCHIVE_TODO: DONE
+:END:
+[2023-10-29 Sun 15:35]
+
+* DONE Réessayer [[https://www.mamedev.org/?p=530][MAME]]
+SCHEDULED: <2024-01-27 Sat 11:00>
+:PROPERTIES:
+:ARCHIVE_TIME: 2024-02-15 Thu 10:01
+:ARCHIVE_FILE: ~/Library/Mobile Documents/iCloud~com~appsonthemove~beorg/Documents/org/inbox.org
+:ARCHIVE_OLPATH: Inbox
+:ARCHIVE_CATEGORY: inbox
+:ARCHIVE_TODO: DONE
+:END:
+[2023-10-25 Wed 08:03]
+
+* DONE AI Assistant Token @Prerna :work:
+SCHEDULED: <2024-02-02 Fri 11:00>
+:PROPERTIES:
+:ARCHIVE_TIME: 2024-02-15 Thu 10:01
+:ARCHIVE_FILE: ~/Library/Mobile Documents/iCloud~com~appsonthemove~beorg/Documents/org/inbox.org
+:ARCHIVE_OLPATH: Inbox
+:ARCHIVE_CATEGORY: inbox
+:ARCHIVE_TODO: DONE
+:END:
+[2024-02-01 Thu 23:04]
+
+* DONE SCA re-onboard
+SCHEDULED: <2024-02-29 Thu 10:00>
+:PROPERTIES:
+:ARCHIVE_TIME: 2024-03-10 Sun 18:24
+:ARCHIVE_FILE: ~/Library/Mobile Documents/iCloud~com~appsonthemove~beorg/Documents/org/inbox.org
+:ARCHIVE_OLPATH: Inbox
+:ARCHIVE_CATEGORY: inbox
+:ARCHIVE_TODO: DONE
+:END:
+[2024-02-28 Wed 20:03]
+
+* DONE Check [[https://github.com/juspay/services-flake][flake compose service]]
+SCHEDULED: <2024-02-19 Mon 10:00>
+:PROPERTIES:
+:ARCHIVE_TIME: 2024-03-10 Sun 18:24
+:ARCHIVE_FILE: ~/Library/Mobile Documents/iCloud~com~appsonthemove~beorg/Documents/org/inbox.org
+:ARCHIVE_OLPATH: Inbox
+:ARCHIVE_CATEGORY: inbox
+:ARCHIVE_TODO: DONE
+:END:
+[2024-02-17 Sat 23:37]
+
+* CANCELED Compléter dossier MDPH best practices
+SCHEDULED: <2024-02-09 Fri 15:00>
+:PROPERTIES:
+:ARCHIVE_TIME: 2024-03-10 Sun 18:24
+:ARCHIVE_FILE: ~/Library/Mobile Documents/iCloud~com~appsonthemove~beorg/Documents/org/inbox.org
+:ARCHIVE_OLPATH: Inbox
+:ARCHIVE_CATEGORY: inbox
+:ARCHIVE_TODO: CANCELED
+:END:
+:LOGBOOK:
+- State "CANCELED" from "TODO" [2024-02-22 Thu 17:58]
+:END:
+[2024-01-21 Sun 11:38]
+
+* DONE Check lettre Matthieu à Val
+:PROPERTIES:
+:ARCHIVE_TIME: 2024-03-10 Sun 18:25
+:ARCHIVE_FILE: ~/Library/Mobile Documents/iCloud~com~appsonthemove~beorg/Documents/org/inbox.org
+:ARCHIVE_OLPATH: Inbox
+:ARCHIVE_CATEGORY: inbox
+:ARCHIVE_TODO: DONE
+:END:
+[2023-10-03 Tue 19:16]
+
+Raison de la radiation:
+- manque de suivi
+
+* DONE Envoyer un message a Joannie
+SCHEDULED: <2024-03-22 Fri 10:33>
+:PROPERTIES:
+:ARCHIVE_TIME: 2024-04-15 Mon 12:47
+:ARCHIVE_FILE: ~/Library/Mobile Documents/iCloud~com~appsonthemove~beorg/Documents/org/inbox.org
+:ARCHIVE_CATEGORY: inbox
+:ARCHIVE_TODO: DONE
+:END:
+[2024-02-23 Fri 22:32]
+
+* DONE [[https://fr.m.wikipedia.org/wiki/Ma_Loute][Ma Loute — Wikipédia]]
+SCHEDULED: <2024-03-16 Sat>
+:PROPERTIES:
+:ARCHIVE_TIME: 2024-04-15 Mon 12:47
+:ARCHIVE_FILE: ~/Library/Mobile Documents/iCloud~com~appsonthemove~beorg/Documents/org/inbox.org
+:ARCHIVE_CATEGORY: inbox
+:ARCHIVE_TODO: DONE
+:END:
+[2024-03-16 Sat 13:42]
+
+* DONE Update Meraki clients webexteams://im?space=b5844a30-2e19-11ee-b0bb-8575ace105f3&message=26fed6b0-eaf0-11ee-a113-5fa39a3c7afe
+SCHEDULED: <2024-03-26 Tue 11:42>
+:PROPERTIES:
+:ARCHIVE_TIME: 2024-04-15 Mon 12:47
+:ARCHIVE_FILE: ~/Library/Mobile Documents/iCloud~com~appsonthemove~beorg/Documents/org/inbox.org
+:ARCHIVE_CATEGORY: inbox
+:ARCHIVE_TODO: DONE
+:END:
+[2024-03-26 Tue 07:42]
+
+* DONE Telecharger FROM
+SCHEDULED: <2024-04-01 Mon 19:31>
+:PROPERTIES:
+:ARCHIVE_TIME: 2024-04-15 Mon 12:47
+:ARCHIVE_FILE: ~/Library/Mobile Documents/iCloud~com~appsonthemove~beorg/Documents/org/inbox.org
+:ARCHIVE_CATEGORY: inbox
+:ARCHIVE_TODO: DONE
+:END:
+[2024-04-01 Mon 13:31]
+
+* DONE Payer 60€ Psy Krystelle
+SCHEDULED: <2024-03-28 Thu 09:39>
+:PROPERTIES:
+:ARCHIVE_TIME: 2024-04-15 Mon 12:47
+:ARCHIVE_FILE: ~/Library/Mobile Documents/iCloud~com~appsonthemove~beorg/Documents/org/inbox.org
+:ARCHIVE_CATEGORY: inbox
+:ARCHIVE_TODO: DONE
+:END:
+[2024-03-28 Thu 07:39]
+
+* DONE télécharger la guerre des mondes
+SCHEDULED: <2024-04-08 Mon 10:00>
+:PROPERTIES:
+:ARCHIVE_TIME: 2024-04-15 Mon 12:47
+:ARCHIVE_FILE: ~/Library/Mobile Documents/iCloud~com~appsonthemove~beorg/Documents/org/inbox.org
+:ARCHIVE_CATEGORY: inbox
+:ARCHIVE_TODO: DONE
+:END:
+[2024-04-06 Sat 19:53]
+
+* DONE Commander gateaux aux perles de l'étang
+SCHEDULED: <2024-04-25 Thu 14:00>
+:PROPERTIES:
+:ARCHIVE_TIME: 2024-04-29 Mon 10:34
+:ARCHIVE_FILE: ~/Library/Mobile Documents/iCloud~com~appsonthemove~beorg/Documents/org/inbox.org
+:ARCHIVE_OLPATH: Inbox
+:ARCHIVE_CATEGORY: inbox
+:ARCHIVE_TODO: DONE
+:END:
+[2024-04-25 Thu 12:13]
+
+* DONE Appeler la MDPH!
+SCHEDULED: <2024-04-22 Mon 14:30>
+:PROPERTIES:
+:ARCHIVE_TIME: 2024-04-29 Mon 10:34
+:ARCHIVE_FILE: ~/Library/Mobile Documents/iCloud~com~appsonthemove~beorg/Documents/org/inbox.org
+:ARCHIVE_OLPATH: Inbox
+:ARCHIVE_CATEGORY: inbox
+:ARCHIVE_TODO: DONE
+:END:
+[2024-04-18 Thu 17:59]
+
+Madame Lagarde Sandrine pour la demande de compensation.
+
+Num Dossier: 500992
+Num Individu: 3362710
+NIR: 2040313056049 97
+
+Mercredi 15 au matin, vers 10h30.
+
+* DONE Faire un virment de 3900+2600 vers Banque Pop
+SCHEDULED: <2024-04-18 Thu 18:00>
+:PROPERTIES:
+:ARCHIVE_TIME: 2024-04-29 Mon 10:34
+:ARCHIVE_FILE: ~/Library/Mobile Documents/iCloud~com~appsonthemove~beorg/Documents/org/inbox.org
+:ARCHIVE_OLPATH: Inbox
+:ARCHIVE_CATEGORY: inbox
+:ARCHIVE_TODO: DONE
+:END:
+[2024-04-05 Fri 10:06]
+
+* DONE Mettre les rideaux
+SCHEDULED: <2024-03-28 Thu 14:00>
+:PROPERTIES:
+:ARCHIVE_TIME: 2024-04-29 Mon 10:34
+:ARCHIVE_FILE: ~/Library/Mobile Documents/iCloud~com~appsonthemove~beorg/Documents/org/inbox.org
+:ARCHIVE_OLPATH: Inbox
+:ARCHIVE_CATEGORY: inbox
+:ARCHIVE_TODO: DONE
+:END:
+[2024-03-28 Thu 12:15]
+
+* DONE Commander les brises vues
+SCHEDULED: <2024-03-26 Tue 10:30>
+:PROPERTIES:
+:ARCHIVE_TIME: 2024-04-29 Mon 10:34
+:ARCHIVE_FILE: ~/Library/Mobile Documents/iCloud~com~appsonthemove~beorg/Documents/org/inbox.org
+:ARCHIVE_OLPATH: Inbox
+:ARCHIVE_CATEGORY: inbox
+:ARCHIVE_TODO: DONE
+:END:
+[2024-03-25 Mon 17:10]
+
+- Route du haut: 1m x 23
+- Voisins: 180x500 x1 + 150x300 x1
+- Terrasse: 90x300 x3 + 90x500 x1
+
+* DONE Appeler Farina
+SCHEDULED: <2024-03-26 Tue 10:20>
+:PROPERTIES:
+:ARCHIVE_TIME: 2024-04-29 Mon 10:34
+:ARCHIVE_FILE: ~/Library/Mobile Documents/iCloud~com~appsonthemove~beorg/Documents/org/inbox.org
+:ARCHIVE_OLPATH: Inbox
+:ARCHIVE_CATEGORY: inbox
+:ARCHIVE_TODO: DONE
+:END:
+[2024-03-25 Mon 17:09]
+
+* CANCELED Appeler Diagonale Carrelage
+SCHEDULED: <2024-03-26 Tue 10:10>
+:PROPERTIES:
+:ARCHIVE_TIME: 2024-04-29 Mon 10:34
+:ARCHIVE_FILE: ~/Library/Mobile Documents/iCloud~com~appsonthemove~beorg/Documents/org/inbox.org
+:ARCHIVE_OLPATH: Inbox
+:ARCHIVE_CATEGORY: inbox
+:ARCHIVE_TODO: CANCELED
+:END:
+:LOGBOOK:
+- State "CANCELED" from "TODO" [2024-03-26 Tue 15:50] \\
+ Il nous ont contactés en premier
+:END:
+[2024-03-25 Mon 17:09]
+
+* DONE Appeler Violet 06.19.84.29.28
+SCHEDULED: <2024-03-26 Tue 10:00>
+:PROPERTIES:
+:ARCHIVE_TIME: 2024-04-29 Mon 10:34
+:ARCHIVE_FILE: ~/Library/Mobile Documents/iCloud~com~appsonthemove~beorg/Documents/org/inbox.org
+:ARCHIVE_OLPATH: Inbox
+:ARCHIVE_CATEGORY: inbox
+:ARCHIVE_TODO: DONE
+:END:
+[2024-03-25 Mon 17:09]
+
+* DONE Envoyer email escaliers
+SCHEDULED: <2024-03-20 Wed 10:00>
+:PROPERTIES:
+:ARCHIVE_TIME: 2024-04-29 Mon 10:34
+:ARCHIVE_FILE: ~/Library/Mobile Documents/iCloud~com~appsonthemove~beorg/Documents/org/inbox.org
+:ARCHIVE_OLPATH: Inbox
+:ARCHIVE_CATEGORY: inbox
+:ARCHIVE_TODO: DONE
+:END:
+[2024-03-19 Tue 22:21]
+
+* DONE Envoyer documents
+:PROPERTIES:
+:ARCHIVE_TIME: 2024-04-29 Mon 10:34
+:ARCHIVE_FILE: ~/Library/Mobile Documents/iCloud~com~appsonthemove~beorg/Documents/org/inbox.org
+:ARCHIVE_OLPATH: Inbox
+:ARCHIVE_CATEGORY: inbox
+:ARCHIVE_TODO: DONE
+:END:
+[2024-03-19 Tue 14:23]
+
+gestion@toyota-assurances.fr
+
+- photocopie du permis de conduire recto/verso
+- manda SEPA
+- photocopie de la carte grise du véhicule
+- signature des conditions
+- chèque du premier paiement 62.24€
+
+* DONE Systeme pour voir un des 32 conseils de temps en temps (mothership?)
+SCHEDULED: <2024-03-18 Mon 14:30>
+:PROPERTIES:
+:ARCHIVE_TIME: 2024-04-29 Mon 10:34
+:ARCHIVE_FILE: ~/Library/Mobile Documents/iCloud~com~appsonthemove~beorg/Documents/org/inbox.org
+:ARCHIVE_OLPATH: Inbox
+:ARCHIVE_CATEGORY: inbox
+:ARCHIVE_TODO: DONE
+:END:
+[2024-03-18 Mon 12:55]
+
+* CANCELED Use Caddy to fix Let's encrypt with nginx
+SCHEDULED: <2024-03-21 Thu 10:00> DEADLINE: <2024-07-01 Mon>
+:PROPERTIES:
+:ARCHIVE_TIME: 2024-04-29 Mon 10:34
+:ARCHIVE_FILE: ~/Library/Mobile Documents/iCloud~com~appsonthemove~beorg/Documents/org/inbox.org
+:ARCHIVE_OLPATH: Inbox
+:ARCHIVE_CATEGORY: inbox
+:ARCHIVE_TODO: CANCELED
+:END:
+:LOGBOOK:
+- State "CANCELED" from "TODO" [2024-03-26 Tue 19:03] \\
+ Maybe not necessary
+:END:
+[2024-03-15 Fri 16:18]
+
+* DONE Appeler Toyota
+SCHEDULED: <2024-03-11 Mon 15:00>
+:PROPERTIES:
+:ARCHIVE_TIME: 2024-04-29 Mon 10:35
+:ARCHIVE_FILE: ~/Library/Mobile Documents/iCloud~com~appsonthemove~beorg/Documents/org/inbox.org
+:ARCHIVE_OLPATH: Inbox
+:ARCHIVE_CATEGORY: inbox
+:ARCHIVE_TODO: DONE
+:END:
+[2024-03-11 Mon 10:52]
+
+* DONE Appeler Diagonale Carrelage
+SCHEDULED: <2024-03-11 Mon 10:00>
+:PROPERTIES:
+:ARCHIVE_TIME: 2024-04-29 Mon 10:35
+:ARCHIVE_FILE: ~/Library/Mobile Documents/iCloud~com~appsonthemove~beorg/Documents/org/inbox.org
+:ARCHIVE_OLPATH: Inbox
+:ARCHIVE_CATEGORY: inbox
+:ARCHIVE_TODO: DONE
+:END:
+[2024-03-10 Sun 18:23]
+
+* DONE Appeler Devis Isolation
+SCHEDULED: <2024-03-11 Mon 10:00>
+:PROPERTIES:
+:ARCHIVE_TIME: 2024-04-29 Mon 10:35
+:ARCHIVE_FILE: ~/Library/Mobile Documents/iCloud~com~appsonthemove~beorg/Documents/org/inbox.org
+:ARCHIVE_OLPATH: Inbox
+:ARCHIVE_CATEGORY: inbox
+:ARCHIVE_TODO: DONE
+:END:
+[2024-03-10 Sun 18:23]
+
+* DONE Appeler Farina
+SCHEDULED: <2024-03-11 Mon 10:00>
+:PROPERTIES:
+:ARCHIVE_TIME: 2024-04-29 Mon 10:35
+:ARCHIVE_FILE: ~/Library/Mobile Documents/iCloud~com~appsonthemove~beorg/Documents/org/inbox.org
+:ARCHIVE_OLPATH: Inbox
+:ARCHIVE_CATEGORY: inbox
+:ARCHIVE_TODO: DONE
+:END:
+[2024-03-10 Sun 18:22]
+
+* DONE Appeler Hydropolis
+SCHEDULED: <2024-03-11 Mon 10:00>
+:PROPERTIES:
+:ARCHIVE_TIME: 2024-04-29 Mon 10:35
+:ARCHIVE_FILE: ~/Library/Mobile Documents/iCloud~com~appsonthemove~beorg/Documents/org/inbox.org
+:ARCHIVE_OLPATH: Inbox
+:ARCHIVE_CATEGORY: inbox
+:ARCHIVE_TODO: DONE
+:END:
+
+Tel: 04 83 88 16 70
+Pas de contrat depuis 1 an.
+
+[2024-03-10 Sun 18:14]
+
+* DONE Aller chercher du vin et champagne pour demain
+SCHEDULED: <2024-04-26 Fri 14:00>
+:PROPERTIES:
+:ARCHIVE_TIME: 2024-04-29 Mon 10:35
+:ARCHIVE_FILE: ~/Library/Mobile Documents/iCloud~com~appsonthemove~beorg/Documents/org/inbox.org
+:ARCHIVE_OLPATH: Inbox
+:ARCHIVE_CATEGORY: inbox
+:ARCHIVE_TODO: DONE
+:END:
+[2024-04-25 Thu 12:16]
+
+* DONE Update Meraki clients [[webexteams://im?space=b5844a30-2e19-11ee-b0bb-8575ace105f3&message=885f3ba0-0334-11ef-9d9b-4309461a14ff][msg]]
+SCHEDULED: <2024-04-26 Fri 10:00>
+:PROPERTIES:
+:ARCHIVE_TIME: 2024-04-29 Mon 10:35
+:ARCHIVE_FILE: ~/Library/Mobile Documents/iCloud~com~appsonthemove~beorg/Documents/org/inbox.org
+:ARCHIVE_OLPATH: Inbox
+:ARCHIVE_CATEGORY: inbox
+:ARCHIVE_TODO: DONE
+:END:
+[2024-04-26 Fri 09:02]
+
+* DONE Add a mitre flag to an EU org
+SCHEDULED: <2024-04-26 Fri 10:00>
+:PROPERTIES:
+:ARCHIVE_TIME: 2024-04-29 Mon 10:35
+:ARCHIVE_FILE: ~/Library/Mobile Documents/iCloud~com~appsonthemove~beorg/Documents/org/inbox.org
+:ARCHIVE_OLPATH: Inbox
+:ARCHIVE_CATEGORY: inbox
+:ARCHIVE_TODO: DONE
+:END:
+[2024-04-26 Fri 09:03]
+
+* DONE Appeler carte grise Antibe urgent !
+SCHEDULED: <2024-04-17 Wed 10:00>
+:PROPERTIES:
+:ARCHIVE_TIME: 2024-04-29 Mon 10:37
+:ARCHIVE_FILE: ~/Library/Mobile Documents/iCloud~com~appsonthemove~beorg/Documents/org/inbox.org
+:ARCHIVE_CATEGORY: inbox
+:ARCHIVE_TODO: DONE
+:END:
+[2024-04-08 Mon 18:26]
diff --git a/inbox.org b/inbox.org
index 40386cc6..1e29aed1 100644
--- a/inbox.org
+++ b/inbox.org
@@ -10,49 +10,87 @@
SPC y o c => DISPLAY org columns
#+end_comment
* Inbox
-** DONE [#B] Payer Farina
-DEADLINE: <2024-02-01 Thu 10:00>
-[2024-01-31 Wed 21:03]
-** TODO Compléter dossier MDPH best practices
-SCHEDULED: <2024-01-30 Tue 10:00>
-[2024-01-21 Sun 11:38]
-** DONE Carrosserie
-SCHEDULED: <2024-01-18 Thu 10:00>
-[2024-01-17 Wed 17:14]
-** DONE Decision crédit Toyota 17k
-SCHEDULED: <2024-01-14 Sun 14:00>
-[2024-01-12 Fri 09:54]
-** TODO Lire le wiki vos-finances [[https://www.reddit.com/r/vosfinances/wiki/index][wiki]]
-SCHEDULED: <2024-02-03 Sat 19:10>
-[2023-10-29 Sun 15:35]
-** DONE Réessayer [[https://www.mamedev.org/?p=530][MAME]]
-SCHEDULED: <2024-01-27 Sat 11:00>
-[2023-10-25 Wed 08:03]
-** TODO Check lettre Matthieu à Val
-[2023-10-03 Tue 19:16]
+** DONE Appeler carte grise Aygo
+SCHEDULED: <2024-04-29 Mon 14:40>
+[2024-04-09 Tue 22:13]
+** TODO Mail banque populaire interdiction copy/paste de l'identifiant sur iOS
+[2024-04-05 Fri 09:55]
+** DONE [#A] Documents Appartement Impots
+SCHEDULED: <2024-05-30 Thu 10:00>
+[2024-04-04 Thu 18:56]
+** TODO Commander le matelas 140x190x16cm
+SCHEDULED: <2024-06-28 Fri 19:00>
+[2024-04-02 Tue 17:34]
+** TODO https://github.com//incident-manager/issues/2408
+[2024-03-11 Mon 16:41]
+** TODO Envoyer documents hydropolis
+[2024-03-11 Mon 15:52]
-Raison de la radiation:
-- manque de suivi
+Numero de contrat: 152002674
+
+- [ ] document de vente
+- [ ] nouvelle addresse
** TODO [#B] [[file:death.org.gpg][Post Mortem]] pour la famille :family:
-SCHEDULED: <2024-03-05 Tue 11:00 +1m>
+SCHEDULED: <2024-07-07 Sun 11:00 +1m>
+:PROPERTIES:
+:LAST_REPEAT: [2024-06-10 Mon 12:07]
+:END:
+:LOGBOOK:
+- State "DONE" from "TODO" [2024-06-10 Mon 12:07]
+- State "DONE" from "TODO" [2024-04-18 Thu 14:43]
+:END:
[2023-04-30 Sun 09:06]
1. Fermer mes serveurs
2. Trouver mes comptes
3. Récupérer mes access (mots de passe, keychain, etc…)
-** TODO Voitures (addresses, Crit'Air)
-SCHEDULED: <2024-01-29 Mon 11:00>
-*** TODO Acheter vignette Crit'air Aygo
-**** TODO Changer l'addresse du Aygo
-***** TODO Joindre Toyota (Aygo)
-*** TODO Acheter vignette Crit'air CHR
-**** TODO Changer l'addresse du CHR
-***** TODO Joindre Toyota (CHR)
-*** TODO Décider choix Voiture CHR
-**** TODO Continuer nouvelle LOA
-***** TODO Aller chez le [[https://www.carrosserie-rca.fr/contact.php][carrossier]] 0481684549
-***** TODO Changer les pneus
-**** TODO Rachat + Crédit
+** DONE Voitures (addresses, Crit'Air)
+SCHEDULED: <2024-03-20 Wed 11:00>
+*** DONE Acheter vignette Crit'air Aygo
+**** DONE Changer l'addresse du Aygo
+***** DONE Joindre Toyota (Aygo)
+*** DONE Acheter vignette Crit'air CHR
+**** CANCELED Changer l'addresse du CHR
+:LOGBOOK:
+- State "CANCELED" from "TODO" [2024-02-08 Thu 08:38]
+:END:
+***** CANCELED Joindre Toyota (CHR)
+:LOGBOOK:
+- State "CANCELED" from "TODO" [2024-02-08 Thu 08:38]
+:END:
+*** DONE Décider choix Voiture CHR
+**** DONE Continuer nouvelle LOA
+***** DONE Aller chez le [[https://www.carrosserie-rca.fr/contact.php][carrossier]] 0481684549
+***** DONE Changer les pneus
+**** DONE Rachat + Crédit
+** DONE Acheter croquettes Oslo
+SCHEDULED: <2024-04-29 Mon 10:00>
+[2024-04-29 Mon 13:57]
+** DONE Check de la durée de l'abonnement Pô
+SCHEDULED: <2024-04-29 Mon 10:00>
+[2024-04-29 Mon 13:58]
+** DONE Faire les impots
+SCHEDULED: <2024-05-18 Sat 10:00>
+[2024-05-18 Sat 08:53]
+** DONE Appeler et annuler l'assurance Toyota
+SCHEDULED: <2024-05-23 Thu 10:00>
+[2024-05-18 Sat 09:29]
+** DONE [#A] Envoyer le certificat de cession du CHR FX-123-BS
+SCHEDULED: <2024-05-30 Thu 10:00>
+[2024-05-24 Fri 17:45]
+** DONE [#A] Envoyer courrier recommandé à Toyota Antibes
+SCHEDULED: <2024-05-29 Wed 10:00>
+[2024-05-29 Wed 10:25]
+** TODO Movie: The One I Love (2014)
+SCHEDULED: <2024-06-27 Thu 10:00>
+[2024-06-13 Thu 21:56]
+** CANCELED Film "The Humt"
+SCHEDULED: <2024-06-24 Mon 19:00>
+:LOGBOOK:
+- State "CANCELED" from "TODO" [2024-06-25 Tue 10:06] \\
+ Cannot find "The Hunt"
+:END:
+[2024-06-21 Fri 23:59]
* Perso :perso:
** Habits :habit:
** Maybe :maybe:
@@ -64,11 +102,32 @@ explcit constraints. doc type system, tests
* Famille :family:
** Daily :daily:
*** TODO Attention gentille
-SCHEDULED: <2024-01-30 Tue .+1d>
+SCHEDULED: <2024-06-25 Tue .+1d>
:PROPERTIES:
-:LAST_REPEAT: [2024-01-29 Mon 09:20]
+:LAST_REPEAT: [2024-06-24 Mon 09:16]
:END:
:LOGBOOK:
+- State "DONE" from "TODO" [2024-06-24 Mon 09:16]
+- State "DONE" from "TODO" [2024-06-18 Tue 08:35]
+- State "DONE" from "TODO" [2024-06-17 Mon 07:36]
+- State "DONE" from "TODO" [2024-06-10 Mon 12:05]
+- State "DONE" from "TODO" [2024-05-22 Wed 18:43]
+- State "DONE" from "TODO" [2024-05-18 Sat 08:52]
+- State "DONE" from "TODO" [2024-04-28 Sun 20:48]
+- State "DONE" from "TODO" [2024-04-28 Sun 20:48]
+- State "DONE" from "TODO" [2024-04-25 Thu 14:50]
+- State "DONE" from "TODO" [2024-04-24 Wed 18:16]
+- State "DONE" from "TODO" [2024-04-23 Tue 09:06]
+- State "DONE" from "TODO" [2024-04-19 Fri 09:50]
+- State "DONE" from "TODO" [2024-03-29 Fri 08:47]
+- State "DONE" from "TODO" [2024-03-26 Tue 19:03]
+- State "DONE" from "TODO" [2024-03-20 Wed 10:26]
+- State "DONE" from "TODO" [2024-03-15 Fri 18:20]
+- State "DONE" from "TODO" [2024-03-13 Wed 18:38]
+- State "CANCELED" from "TODO" [2024-02-22 Thu 17:58]
+- State "DONE" from "TODO" [2024-02-15 Thu 09:58]
+- State "DONE" from "TODO" [2024-02-14 Wed 16:34]
+- State "DONE" from "TODO" [2024-02-09 Fri 09:13]
- State "DONE" from "TODO" [2024-01-29 Mon 09:20]
- State "DONE" from "TODO" [2024-01-22 Mon 17:40]
- State "DONE" from "TODO" [2024-01-20 Sat 10:51]
@@ -87,12 +146,16 @@ SCHEDULED: <2024-01-30 Tue .+1d>
:END:
** Weekly :weekly:
*** TODO Appeler Papa
-SCHEDULED: <2023-12-05 Tue 12:30 .+1w>
+SCHEDULED: <2024-06-25 Tue 12:30 .+1w>
:PROPERTIES:
:STYLE: habit
-:LAST_REPEAT: [2023-11-28 Tue 09:56]
+:LAST_REPEAT: [2024-06-18 Tue 08:35]
:END:
:LOGBOOK:
+- State "DONE" from "TODO" [2024-06-18 Tue 08:35]
+- State "DONE" from "TODO" [2024-05-18 Sat 08:52]
+- State "DONE" from "TODO" [2024-04-08 Mon 15:38]
+- State "DONE" from "TODO" [2024-02-14 Wed 16:34]
- State "DONE" from "TODO" [2023-11-28 Tue 09:56]
- State "DONE" from "TODO" [2023-11-05 Sun 19:19]
- State "DONE" from "TODO" [2023-10-29 Sun 19:22]
@@ -106,12 +169,17 @@ SCHEDULED: <2023-12-05 Tue 12:30 .+1w>
- State "DONE" from "TODO" [2022-12-02 Fri 19:10]
:END:
*** TODO Appeler Maman
-SCHEDULED: <2024-02-05 Mon 12:00 .+1w>
+SCHEDULED: <2024-07-01 Mon 12:00 .+1w>
:PROPERTIES:
:STYLE: habit
-:LAST_REPEAT: [2024-01-29 Mon 09:20]
+:LAST_REPEAT: [2024-06-24 Mon 09:18]
:END:
:LOGBOOK:
+- State "DONE" from "TODO" [2024-06-24 Mon 09:18]
+- State "DONE" from "TODO" [2024-05-18 Sat 08:52]
+- State "DONE" from "TODO" [2024-04-23 Tue 09:06]
+- State "DONE" from "TODO" [2024-02-14 Wed 16:34]
+- State "DONE" from "TODO" [2024-02-05 Mon 11:38]
- State "DONE" from "TODO" [2024-01-29 Mon 09:20]
- State "DONE" from "TODO" [2024-01-22 Mon 17:40]
- State "DONE" from "TODO" [2024-01-08 Mon 15:43]
@@ -166,11 +234,12 @@ SCHEDULED: <2024-11-18 Mon 10:30 +1y>
:END:
[2020-05-23 Sat 10:32]
*** TODO [#A] Cadeau Rencontre Krystelle (1995) :yearly:
-DEADLINE: <2024-04-08 Mon +1y -2w>
+DEADLINE: <2025-04-08 Tue +1y -2w>
:PROPERTIES:
-:LAST_REPEAT: [2023-04-04 Tue 22:57]
+:LAST_REPEAT: [2024-04-08 Mon 15:38]
:END:
:LOGBOOK:
+- State "DONE" from "TODO" [2024-04-08 Mon 15:38]
- State "DONE" from "TODO" [2023-04-04 Tue 22:57]
- State "DONE" from "TODO" [2022-04-07 Thu 11:56]
:END:
@@ -186,11 +255,12 @@ DEADLINE: <2024-08-12 Mon +1y -2w>
- State "DONE" from "TODO" [2020-08-10 Mon 12:19]
:END:
*** TODO [#A] Cadeau Anniversaire Krystelle :yearly:
-DEADLINE: <2024-04-26 Fri +1y -2w>
+DEADLINE: <2025-04-26 Sat +1y -2w>
:PROPERTIES:
-:LAST_REPEAT: [2023-04-20 Thu 15:42]
+:LAST_REPEAT: [2024-04-26 Fri 09:03]
:END:
:LOGBOOK:
+- State "DONE" from "TODO" [2024-04-26 Fri 09:03]
- State "DONE" from "TODO" [2023-04-20 Thu 15:42]
- State "DONE" from "TODO" [2022-04-26 Tue 18:53]
:END:
@@ -211,22 +281,30 @@ DEADLINE: <2025-01-04 Sat +1y>
** Krystelle :krystelle:
** Anna :anna:
*** TODO Trouver un établissement – DAEU
-SCHEDULED: <2024-02-24 Sat 12:00>
+SCHEDULED: <2024-07-02 Tue 12:00>
[2023-08-02 Wed 12:39]
https://www.daeu.fr/sinscrire-au-daeu/trouver-un-etablissement/
** Bastien :bastien:
** Monthly :monthly:
*** TODO Nettoyer la fontaine des animaux
-SCHEDULED: <2024-02-19 Mon 12:00 .+3w>
+SCHEDULED: <2024-07-08 Mon 12:00 .+3w>
:PROPERTIES:
-:LAST_REPEAT: [2024-01-29 Mon 09:20]
+:LAST_REPEAT: [2024-06-17 Mon 07:36]
:END:
:LOGBOOK:
+- State "DONE" from "TODO" [2024-06-17 Mon 07:36]
+- State "DONE" from "TODO" [2024-05-22 Wed 18:43]
+- State "DONE" from "TODO" [2024-04-23 Tue 09:04]
+- State "DONE" from "TODO" [2024-03-29 Fri 08:46]
+- State "CANCELED" from "TODO" [2024-02-29 Thu 18:53]
- State "DONE" from "TODO" [2024-01-29 Mon 09:20]
- State "DONE" from "TODO" [2024-01-08 Mon 15:42]
- State "DONE" from "TODO" [2023-12-04 Mon 15:04]
:END:
[2023-10-05 Thu 21:09]
+** DONE [#A] Payer Farina :work:
+SCHEDULED: <2024-04-16 Tue 10:00>
+[2024-04-15 Mon 21:02]
* Memory
** TODO client TG dans le config.edn :spaced:cisco:
:LOGBOOK:
@@ -235,22 +313,22 @@ SCHEDULED: <2024-02-19 Mon 12:00 .+3w>
:END:
Ne pas oublier le client de TG est dans le config.edn
** TODO Search within org notes :spaced:org:
-SCHEDULED: <2024-02-05 Mon>
+SCHEDULED: <2024-10-05 Sat>
:PROPERTIES:
-:SPACED_REPETITION: 4
+:SPACED_REPETITION: 5
:END:
=helm-org-rifle= (~SPC y o s~)
** TODO update ~[/]~ and ~[%]~ in org mode ~SPC m #~ :spaced:org:
-SCHEDULED: <2024-02-05 Mon>
+SCHEDULED: <2024-07-05 Fri>
:PROPERTIES:
-:SPACED_REPETITION: 4
+:SPACED_REPETITION: 3
:END:
use (~org-update-statistics-cookies~)
-** TODO projectile toggle from implementation to test file =SPC p y= :spaced:
-SCHEDULED: <2024-02-06 Tue>
+** DONE projectile toggle from implementation to test file =SPC p y= :spaced:
+SCHEDULED: <2024-06-06 Thu>
:PROPERTIES:
-:SPACED_REPETITION: 4
+:SPACED_REPETITION: 5
:END:
:LOGBOOK:
- State "DELEGATED" from "HOLD" [2023-10-23 Mon 11:40]
@@ -260,16 +338,16 @@ SCHEDULED: <2024-02-06 Tue>
|----------+------+-----+----------+----------------------|
| front | 2.65 | 7 | 287.31 | 2021-11-08T21:22:55Z |
:END:
-** TODO Create inactive Timestamp: ~SPC m d T~ :spaced:org:doom:
-SCHEDULED: <2024-02-05 Mon>
+** DONE Create inactive Timestamp: ~SPC m d T~ :spaced:org:doom:
+SCHEDULED: <2024-06-05 Wed>
:PROPERTIES:
-:SPACED_REPETITION: 4
+:SPACED_REPETITION: 5
:END:
[2020-09-01 Tue 12:13]
-** TODO Clone sub tree with time shift :spaced:
-SCHEDULED: <2024-02-04 Sun>
+** DONE Clone sub tree with time shift :spaced:
+SCHEDULED: <2024-06-04 Tue>
:PROPERTIES:
-:SPACED_REPETITION: 4
+:SPACED_REPETITION: 5
:END:
=org-clone-subtree-with-time-shift=
* Work :work:
@@ -279,3 +357,262 @@ SCHEDULED: <2024-02-04 Sun>
- =SPC m s c=
=- org-clone-subtree-with-time-shift=
#+end_comment
+** W11
+*** Friday
+**** DONE Morning Tour write down tasks for the day
+SCHEDULED: <2024-03-15 Fri 09:00>
+** W12
+*** DONE Morning Tour write down tasks for the day
+SCHEDULED: <2024-03-18 Mon 09:00>
+*** DONE Morning Tour write down tasks for the day
+SCHEDULED: <2024-03-19 Tue 09:00>
+*** DONE Morning Tour write down tasks for the day
+SCHEDULED: <2024-03-20 Wed 09:00>
+*** DONE Morning Tour write down tasks for the day
+SCHEDULED: <2024-03-21 Thu 09:00>
+*** DONE Morning Tour write down tasks for the day
+SCHEDULED: <2024-03-22 Fri 09:00>
+** W13
+*** DONE Morning Tour write down tasks for the day
+SCHEDULED: <2024-03-25 Mon 09:00>
+*** DONE Morning Tour write down tasks for the day
+SCHEDULED: <2024-03-26 Tue 09:00>
+*** DONE Morning Tour write down tasks for the day
+SCHEDULED: <2024-03-27 Wed 09:00>
+*** DONE Morning Tour write down tasks for the day
+SCHEDULED: <2024-03-28 Thu 09:00>
+*** DONE Morning Tour write down tasks for the day
+SCHEDULED: <2024-03-29 Fri 09:00>
+** W14
+*** CANCELED Morning Tour write down tasks for the day
+SCHEDULED: <2024-04-01 Mon 09:00>
+:LOGBOOK:
+- State "CANCELED" from "TODO" [2024-04-02 Tue 15:16]
+:END:
+*** DONE Morning Tour write down tasks for the day
+SCHEDULED: <2024-04-02 Tue 09:00>
+*** DONE Morning Tour write down tasks for the day
+SCHEDULED: <2024-04-03 Wed 09:00>
+*** CANCELED Morning Tour write down tasks for the day
+SCHEDULED: <2024-04-04 Thu 09:00>
+:LOGBOOK:
+- State "CANCELED" from "TODO" [2024-04-04 Thu 18:28]
+:END:
+*** DONE Morning Tour write down tasks for the day
+SCHEDULED: <2024-04-05 Fri 09:00>
+** W15
+*** DONE Morning Tour write down tasks for the day
+SCHEDULED: <2024-04-08 Mon 09:00>
+*** DONE Morning Tour write down tasks for the day
+SCHEDULED: <2024-04-09 Tue 09:00>
+*** DONE Morning Tour write down tasks for the day
+SCHEDULED: <2024-04-10 Wed 09:00>
+*** DONE Morning Tour write down tasks for the day
+SCHEDULED: <2024-04-11 Thu 09:00>
+*** DONE Morning Tour write down tasks for the day
+SCHEDULED: <2024-04-12 Fri 09:00>
+** W16
+*** DONE Morning Tour write down tasks for the day
+SCHEDULED: <2024-04-15 Mon 09:00>
+*** DONE Morning Tour write down tasks for the day
+SCHEDULED: <2024-04-16 Tue 09:00>
+*** DONE Morning Tour write down tasks for the day
+SCHEDULED: <2024-04-17 Wed 09:00>
+*** DONE Morning Tour write down tasks for the day
+SCHEDULED: <2024-04-18 Thu 09:00>
+*** DONE Morning Tour write down tasks for the day
+SCHEDULED: <2024-04-19 Fri 09:00>
+** W17
+*** DONE Morning Tour write down tasks for the day
+SCHEDULED: <2024-04-22 Mon 09:00>
+*** DONE Morning Tour write down tasks for the day
+SCHEDULED: <2024-04-23 Tue 09:00>
+*** DONE Morning Tour write down tasks for the day
+SCHEDULED: <2024-04-24 Wed 09:00>
+*** DONE Morning Tour write down tasks for the day
+SCHEDULED: <2024-04-25 Thu 09:00>
+*** DONE Morning Tour write down tasks for the day
+SCHEDULED: <2024-04-26 Fri 09:00>
+** W18
+*** DONE Morning Tour write down tasks for the day
+SCHEDULED: <2024-04-29 Mon 09:00>
+*** DONE Morning Tour write down tasks for the day
+SCHEDULED: <2024-04-30 Tue 09:00>
+*** DONE Morning Tour write down tasks for the day
+SCHEDULED: <2024-05-01 Wed 09:00>
+*** DONE Morning Tour write down tasks for the day
+SCHEDULED: <2024-05-02 Thu 09:00>
+*** DONE Morning Tour write down tasks for the day
+SCHEDULED: <2024-05-03 Fri 09:00>
+** W20
+*** DONE Morning Tour write down tasks for the day
+SCHEDULED: <2024-05-13 Mon 09:00>
+*** DONE Morning Tour write down tasks for the day
+SCHEDULED: <2024-05-14 Tue 09:00>
+*** DONE Morning Tour write down tasks for the day
+SCHEDULED: <2024-05-15 Wed 09:00>
+*** DONE Morning Tour write down tasks for the day
+SCHEDULED: <2024-05-16 Thu 09:00>
+*** DONE Morning Tour write down tasks for the day
+SCHEDULED: <2024-05-17 Fri 09:00>
+** W21
+*** DONE Morning Tour write down tasks for the day
+SCHEDULED: <2024-05-22 Wed 09:00>
+*** DONE Morning Tour write down tasks for the day
+SCHEDULED: <2024-05-23 Thu 09:00>
+*** DONE Morning Tour write down tasks for the day
+SCHEDULED: <2024-05-24 Fri 09:00>
+** W22
+*** DONE Morning Tour write down tasks for the day
+SCHEDULED: <2024-05-27 Mon 09:00>
+*** DONE Morning Tour write down tasks for the day
+SCHEDULED: <2024-05-28 Tue 09:00>
+*** DONE Morning Tour write down tasks for the day
+SCHEDULED: <2024-05-29 Wed 09:00>
+*** CANCELED Morning Tour write down tasks for the day
+SCHEDULED: <2024-05-30 Thu 09:00>
+:LOGBOOK:
+- State "CANCELED" from "TODO" [2024-05-31 Fri 10:07]
+:END:
+*** CANCELED Morning Tour write down tasks for the day
+SCHEDULED: <2024-05-31 Fri 09:00>
+:LOGBOOK:
+- State "CANCELED" from "TODO" [2024-05-31 Fri 10:07]
+:END:
+** W23
+*** DONE Morning Tour write down tasks for the day
+SCHEDULED: <2024-06-03 Mon 09:00>
+*** DONE Morning Tour write down tasks for the day
+SCHEDULED: <2024-06-04 Tue 09:00>
+*** DONE Morning Tour write down tasks for the day
+SCHEDULED: <2024-06-05 Wed 09:00>
+*** DONE Morning Tour write down tasks for the day
+SCHEDULED: <2024-06-06 Thu 09:00>
+*** DONE Morning Tour write down tasks for the day
+SCHEDULED: <2024-06-07 Fri 09:00>
+** W24
+*** DONE Morning Tour write down tasks for the day
+SCHEDULED: <2024-06-10 Mon 09:00>
+*** DONE Morning Tour write down tasks for the day
+SCHEDULED: <2024-06-11 Tue 09:00>
+*** DONE Morning Tour write down tasks for the day
+SCHEDULED: <2024-06-12 Wed 09:00>
+*** DONE Morning Tour write down tasks for the day
+SCHEDULED: <2024-06-13 Thu 09:00>
+*** DONE Morning Tour write down tasks for the day
+SCHEDULED: <2024-06-14 Fri 09:00>
+** W25
+*** DONE Morning Tour write down tasks for the day
+SCHEDULED: <2024-06-17 Mon 09:00>
+*** DONE Morning Tour write down tasks for the day
+SCHEDULED: <2024-06-18 Tue 09:00>
+*** DONE Morning Tour write down tasks for the day
+SCHEDULED: <2024-06-19 Wed 09:00>
+*** DONE Morning Tour write down tasks for the day
+SCHEDULED: <2024-06-20 Thu 09:00>
+*** DONE Morning Tour write down tasks for the day
+SCHEDULED: <2024-06-21 Fri 09:00>
+** W26
+*** DONE Morning Tour write down tasks for the day
+SCHEDULED: <2024-06-24 Mon 09:00>
+*** DONE Morning Tour write down tasks for the day
+SCHEDULED: <2024-06-25 Tue 09:00>
+*** TODO Morning Tour write down tasks for the day
+SCHEDULED: <2024-06-26 Wed 09:00>
+*** TODO Morning Tour write down tasks for the day
+SCHEDULED: <2024-06-27 Thu 09:00>
+*** TODO Morning Tour write down tasks for the day
+SCHEDULED: <2024-06-28 Fri 09:00>
+** W27
+*** TODO Morning Tour write down tasks for the day
+SCHEDULED: <2024-07-01 Mon 09:00>
+*** TODO Morning Tour write down tasks for the day
+SCHEDULED: <2024-07-02 Tue 09:00>
+*** TODO Morning Tour write down tasks for the day
+SCHEDULED: <2024-07-03 Wed 09:00>
+*** TODO Morning Tour write down tasks for the day
+SCHEDULED: <2024-07-04 Thu 09:00>
+*** TODO Morning Tour write down tasks for the day
+SCHEDULED: <2024-07-05 Fri 09:00>
+** W28
+*** TODO Morning Tour write down tasks for the day
+SCHEDULED: <2024-07-08 Mon 09:00>
+*** TODO Morning Tour write down tasks for the day
+SCHEDULED: <2024-07-09 Tue 09:00>
+*** TODO Morning Tour write down tasks for the day
+SCHEDULED: <2024-07-10 Wed 09:00>
+*** TODO Morning Tour write down tasks for the day
+SCHEDULED: <2024-07-11 Thu 09:00>
+*** TODO Morning Tour write down tasks for the day
+SCHEDULED: <2024-07-12 Fri 09:00>
+** W29
+*** TODO Morning Tour write down tasks for the day
+SCHEDULED: <2024-07-15 Mon 09:00>
+*** TODO Morning Tour write down tasks for the day
+SCHEDULED: <2024-07-16 Tue 09:00>
+*** TODO Morning Tour write down tasks for the day
+SCHEDULED: <2024-07-17 Wed 09:00>
+*** TODO Morning Tour write down tasks for the day
+SCHEDULED: <2024-07-18 Thu 09:00>
+*** TODO Morning Tour write down tasks for the day
+SCHEDULED: <2024-07-19 Fri 09:00>
+** W30
+*** TODO Morning Tour write down tasks for the day
+SCHEDULED: <2024-07-22 Mon 09:00>
+*** TODO Morning Tour write down tasks for the day
+SCHEDULED: <2024-07-23 Tue 09:00>
+*** TODO Morning Tour write down tasks for the day
+SCHEDULED: <2024-07-24 Wed 09:00>
+*** TODO Morning Tour write down tasks for the day
+SCHEDULED: <2024-07-25 Thu 09:00>
+*** TODO Morning Tour write down tasks for the day
+SCHEDULED: <2024-07-26 Fri 09:00>
+** W31
+*** TODO Morning Tour write down tasks for the day
+SCHEDULED: <2024-07-29 Mon 09:00>
+*** TODO Morning Tour write down tasks for the day
+SCHEDULED: <2024-07-30 Tue 09:00>
+*** TODO Morning Tour write down tasks for the day
+SCHEDULED: <2024-07-31 Wed 09:00>
+*** TODO Morning Tour write down tasks for the day
+SCHEDULED: <2024-08-01 Thu 09:00>
+*** TODO Morning Tour write down tasks for the day
+SCHEDULED: <2024-08-02 Fri 09:00>
+** W32
+*** TODO Morning Tour write down tasks for the day
+SCHEDULED: <2024-08-05 Mon 09:00>
+*** TODO Morning Tour write down tasks for the day
+SCHEDULED: <2024-08-06 Tue 09:00>
+*** TODO Morning Tour write down tasks for the day
+SCHEDULED: <2024-08-07 Wed 09:00>
+*** TODO Morning Tour write down tasks for the day
+SCHEDULED: <2024-08-08 Thu 09:00>
+*** TODO Morning Tour write down tasks for the day
+SCHEDULED: <2024-08-09 Fri 09:00>
+* TODO [#A] Annuler contrat Roole
+SCHEDULED: <2025-01-16 Thu 10:28> DEADLINE: <2025-02-14 Fri 10:27>
+[2024-02-16 Fri 15:27]
+* TODO Acheter bois
+SCHEDULED: <2024-06-27 Thu 10:00>
+[2024-04-07 Sun 19:55]
+* DONE Histoire de fantômes chinois
+SCHEDULED: <2024-05-09 Thu 09:51>
+[2024-05-08 Wed 22:50]
+* DONE Appeler les poubelles
+SCHEDULED: <2024-05-13 Mon 09:30>
+[2024-05-11 Sat 20:06]
+* DONE Chris Duane JWT
+SCHEDULED: <2024-05-14 Tue 10:01>
+[2024-05-13 Mon 23:01]
+* DONE anime blood c
+SCHEDULED: <2024-06-17 Mon 10:13>
+[2024-06-16 Sun 13:13]
+* [[https://nlnetlabs.nl/projects/unbound/support/][NLnet Labs - Unbound - Support]]
+SCHEDULED: <2024-06-27 Thu 10:00>
+[2024-06-16 Sun 19:22]
+* TODO Élastique de piscine
+SCHEDULED: <2024-06-25 Tue 11:27>
+[2024-06-21 Fri 11:27]
+* DONE Msg Abhiram
+SCHEDULED: <2024-06-24 Mon 10:00>
+[2024-06-24 Mon 08:42]
diff --git a/notes.org.gpg b/notes.org.gpg
index aae0eee5..5e82527f 100644
Binary files a/notes.org.gpg and b/notes.org.gpg differ
diff --git a/notes/72yo_life_advices.org b/notes/72yo_life_advices.org
new file mode 100644
index 00000000..9de2710b
--- /dev/null
+++ b/notes/72yo_life_advices.org
@@ -0,0 +1,53 @@
+:PROPERTIES:
+:ID: 5ba2342c-b65c-49e4-b362-5cc3a28f0d14
+:END:
+#+Title: 72yo life advices
+#+Author: Yann Esposito
+#+Date: [2024-03-18]
+
+- tags ::
+- source :: https://old.reddit.com/r/lifehacks/comments/1bgw44k/i_turned_72_today/
+
+Here’s 32 things I’ve learned that I hope help you in your journey:
+
+- It’s usually better to be nice than right.
+- Nothing worthwhile comes easy.
+- Work on a passion project, even just 30 minutes a day. It compounds.
+- Become a lifelong learner (best tip).
+- Working from 7am to 7pm isn’t productivity. It’s guilt.
+- To be really successful become useful.
+- Like houses in need of repair, problems usually don’t fix themselves.
+- Envy is like drinking poison expecting the other person to die.
+- Don’t hold onto your “great idea” until it’s too late.
+- People aren’t thinking about you as much as you think.
+- Being grateful is a cheat sheet for happiness. (Especially today.)
+- Write your life plan with a pencil that has an eraser.
+- Choose your own path or someone will choose it for you.
+- Never say, I’ll never…
+- Not all advice is created equal.
+- Be the first one to smile.
+- The expense of something special is forgotten quickly. The experience lasts a lifetime. Do it.
+- Don’t say something to yourself that you wouldn’t say to someone else.
+- It’s not how much money you make. It’s how much you take home.
+- Feeling good is better than that “third” slice of pizza.
+- Who you become is more important than what you accomplish.
+- Nobody gets to their death bed and says, I’m sorry for trying so many things.
+- There are always going to be obstacles in your life. Especially if you go after big things.
+- The emptiest head rattles the loudest.
+- If you don’t let some things go, they eat you alive.
+- Try to spend 12 minutes a day in quiet reflection, meditation, or prayer.
+- Try new things. If it doesn’t work out, stop. At least you tried.
+- NEVER criticize, blame, or complain.
+- You can’t control everything. Focus on what you can control.
+- If you think you have it tough, look around.
+- It's only over when you say it is.
+- One hand washes the other and together they get clean. Help someone else.
+
+If you're lucky enough to get up to my age, the view becomes more clear.
+It may seem like nothing good is happening to you, or just the opposite.
+Both will probably change over time.
+I'm still working (fractionally), and posting here, because business and people
+are my mojo.
+I hope you find yours.
+Onward!
+Louie
diff --git a/notes/ai_and_death_of_the_web_as_we_know_it.org b/notes/ai_and_death_of_the_web_as_we_know_it.org
new file mode 100644
index 00000000..056ad2a5
--- /dev/null
+++ b/notes/ai_and_death_of_the_web_as_we_know_it.org
@@ -0,0 +1,107 @@
+:PROPERTIES:
+:ID: 1f142832-05f9-4280-a8ca-aa6f35209f91
+:END:
+#+title: AI and Death of the web as we know it
+#+Author: Yann Esposito
+#+Date: [2024-05-16]
+
+- tags ::
+- source ::
+
+* Constat
+
+First, since a few years now, we are experiencing a huge acceleration of the
+"enshitification" of the web.
+Most of us relied on services and soon, most of these servies will be worse or
+completely will not provide the same benefits as before.
+
+A typical example, as a software engineer we often searched technical knowledge
+using google. Quite often we ended up on Stack Overflow, or reddit, or twitter, etc…
+Now with the promise of infinite AI Generated +Spam+ SEO content. Most search will
+point to a terrible website full of ads, with the additional cost that the
+content could not be trusted as it was not just copied from a reliable source,
+no, worse, it will be invented by the AI that has a tendency to hallucinate its
+answer and pretty often return wrong and even potentially dangerous ones.
+Typically, imagine generated recipes, people made some experimentation and the
+generated recipe are good to put you to the Hospital if you follow these advises.
+
+So now, that's it. We are loosing our ability to more or less, trust random
+content from the web.
+Is this the end?
+
+Perhaps.
+
+Is there something we could do about it?
+
+I think so yes :)
+And this problem already is mostly solved using the notion of "Web of Trust".
+
+Web of Trust is a decentralized system that help you trust resources.
+But you have you word to say. For example, if you trust someone for a while and
+they change, they start to put horrible ads, AI generated content on their
+content. You simply "downvote" or "block" them. All your direct connection of
+the network of trust will be impacted by your decision, and if enough people
+like you start to dislike the new content. The content of this user will
+disappear forever.
+
+This is a bit like Reddit karma, but instead of the mechanism being centralized
+and controlled by a single source. This is distributed on the customers. Some
+might enjoy a user, for them that user will have a big note, for other it will
+be not enjoyable and his note will be very low. So low, you will almost never be
+exposed to the content produced by this user.
+
+That will probably solve a first issue. Remove from our collective sight all the
+SEO spam website/content, etc…
+
+Now, what about discoverability? Being able to search for content using this new knowledge?
+Here we have different multiple solutions:
+
+1. Still rely on classical search engines but use a browser plugin to filter the
+ results with only website with a trust value that is high enough
+2. Use the "Web of Trust" to the rescue. We could have servers taking care of
+ downloading the website from the most trusted websites (starting from a few
+ trusted people) and open source the algorithm so people could spawn that
+ system on their local computer or host it and provide their server to their friends.
+ And we will have a very small web at first, but with a quality value that
+ should be very high as compared to the "Big Web".
+
+* BONUS
+
+I think one issue with the "Web of Trust" is the ability for attacker to "steal
+an identity" of a trusted producer and produce in its name.
+In particular, if the "Web of Trust" simply uses domain names, these are know to
+rot easily, and could be taken.
+
+For this, one simple but efficient mechanism will simply be to cryptographically
+sign your content.
+So instead of having a "web of trust" that is using domain name, we could
+additionally add GPG signatures. This could be added in the header of the HTML
+pages, this way a browser that will be "Web of Trust"-friendly could display a
+green mark saying "Hey this content was really produced by this user with this
+value of trust".
+
+This would probably change how we use the web, because it will forces us to
+"vote" time to time. Probably with more and more subtleties. For example with
+different level of like/dislike in order to be able to completely block some
+sources, and not just make them less prominent.
+
+* Last but not least some wise words from Socrates
+
+Don't forget what Socrates has to say about the invention of writing:
+
+"For this invention will produce forgetfulness in the minds of those who learn
+to use it, because they will not practice their memory.
+Their trust in writing, produced by external characters which are no part of
+themselves, will discourage the use of their own memory within them.
+You have invented an elixir not of memory, but of reminding; and you offer your
+pupils the appearance of wisdom, not true wisdom, for they will read many things
+without instruction and will therefore seem [275b] to know many things, when
+they are for the most part ignorant and hard to get along with, since they are
+not wise, but only appear wise."
+
+We put our confidence in a shared memory, it was great knowledge sharing.
+And with the recent changes it appears we will need to regress and use our
+memory, read books, read man pages, go to official documentation website at
+best.
+
+I feel the potentially single way to solve this issue is perhaps with a "Web of Trust" that will drastically reduce the size of our shared memory.
diff --git a/notes/assets/Déclaration/2020-05-30_10-32-18_2020-05-19_13-37-48_cisco_systems_france__-_pre__sentation_rsu-so_-_v.13.05.19.pdf b/notes/assets/Déclaration/2020-05-30_10-32-18_2020-05-19_13-37-48_cisco_systems_france__-_pre__sentation_rsu-so_-_v.13.05.19.pdf
deleted file mode 100644
index d9473d0b..00000000
Binary files a/notes/assets/Déclaration/2020-05-30_10-32-18_2020-05-19_13-37-48_cisco_systems_france__-_pre__sentation_rsu-so_-_v.13.05.19.pdf and /dev/null differ
diff --git a/notes/assets/Déclaration/2020-05-30_10-32-44_2020-05-19_13-37-48_cisco_systems_france__-_pre__sentation_rsu-so_-_v.13.05.19.pdf b/notes/assets/Déclaration/2020-05-30_10-32-44_2020-05-19_13-37-48_cisco_systems_france__-_pre__sentation_rsu-so_-_v.13.05.19.pdf
deleted file mode 100644
index d9473d0b..00000000
Binary files a/notes/assets/Déclaration/2020-05-30_10-32-44_2020-05-19_13-37-48_cisco_systems_france__-_pre__sentation_rsu-so_-_v.13.05.19.pdf and /dev/null differ
diff --git a/notes/assets/Déclaration/2020-06-01_15-57-56_article-83-PreRetraite.pdf b/notes/assets/Déclaration/2020-06-01_15-57-56_article-83-PreRetraite.pdf
deleted file mode 100644
index 599b7ea3..00000000
Binary files a/notes/assets/Déclaration/2020-06-01_15-57-56_article-83-PreRetraite.pdf and /dev/null differ
diff --git a/notes/blog.org b/notes/blog.org
new file mode 100644
index 00000000..015f103f
--- /dev/null
+++ b/notes/blog.org
@@ -0,0 +1,10 @@
+:PROPERTIES:
+:ID: a5be1daf-1010-428f-a30f-8faf95c1a42f
+:END:
+#+title: blog
+#+Author: Yann Esposito
+#+Date: [2024-06-27]
+
+- tags ::
+- source ::
+
diff --git a/notes/budget_famille.org b/notes/budget_famille.org
new file mode 100644
index 00000000..61c0b799
--- /dev/null
+++ b/notes/budget_famille.org
@@ -0,0 +1,22 @@
+:PROPERTIES:
+:ID: 6899703d-51cb-49e6-a16b-30ae460ed055
+:END:
+#+title: Budget Famille
+#+Author: Yann Esposito
+#+Date: [2024-05-18]
+
+- tags ::
+- source ::
+
+* 2024-05-18
+
+Courant: LCL 200
+ BP 920
+Epargne: LA: 5780
+ PEL: 9310
+ LA: f420
+RSU/ESPP: Dispo; 6020 (136 x 48$)
+ A venir: 75k
+
+Credits: maison 429k
+ appart 110k
diff --git a/notes/chien_espoir_handicap_ag.org b/notes/chien_espoir_handicap_ag.org
index 3602c578..04a5f6cf 100644
--- a/notes/chien_espoir_handicap_ag.org
+++ b/notes/chien_espoir_handicap_ag.org
@@ -1,24 +1,30 @@
:PROPERTIES:
:ID: 7a934ca5-31c0-4cf8-8a86-1efa89904b31
:END:
-#+title: Chien Espoir Handicap AG
+#+title: Chien Espoir Handicap AG/Reunions
#+Author: Yann Esposito
-#+Date: [2023-06-13]
+#+Lang: fr
- tags :: [[id:c26339f6-e0bc-40e3-8fe3-94e4b41b61b0][chien d'assistance]]
- source ::
* Contacts
+:PROPERTIES:
+:EXPORT_FILE_NAME: Contacts
+:END:
-| Nom | email | telephone | addresse |
-|-----------------------------+---------------------------------+------------+--------------------------------------------|
-| Matthieu Delpeuch | chien.espoir.handicap@gmail.com | 0651597922 | Antibes |
-| Mélodie Durand | melody.durandbernard@gmail.com | 0664335877 | 138 impasse Camatte 06410 Biot |
-| Claire Mainguené Costa-Foru | claire.mainguene@wanadoo.fr | 0661092711 | 11 route du Mont Agel, 06320, La Turbie |
-| Lionel Rebière | lrebi@yahoo.com | 0686263291 | 13320, Bouc-bel-Air |
-| Joëlle Rebière | | 0637629720 | |
-| Krystelle Esposito | krystelle.esposito@gmail.com | 0662203951 | 12, allée du Fer à Cheval, 13500 Martigues |
-| Yann Esposito | yann@esposito.host | 0650845271 | 12, allée du Fer à Cheval, 13500 Martigues |
+| Nom | email | telephone | addresse |
+|-----------------------------+---------------------------------+----------------+--------------------------------------------|
+| Matthieu Delpeuch | chien.espoir.handicap@gmail.com | 0651597922 | Antibes |
+| Mélodie Durand | melody.durandbernard@gmail.com | 0664335877 | 138 impasse Camatte 06410 Biot |
+| Claire Mainguené Costa-Foru | claire.mainguene@wanadoo.fr | 0661092711 | 11 route du Mont Agel, 06320, La Turbie |
+| Lionel Rebière | lrebi@yahoo.com | 0686263291 | 13320, Bouc-bel-Air |
+| Joëlle Rebière | | 0637629720 | |
+| Krystelle Esposito | krystelle.esposito@gmail.com | 0662203951 | 12, allée du Fer à Cheval, 13500 Martigues |
+| Yann Esposito | yann@esposito.host | 0650845271 | 12, allée du Fer à Cheval, 13500 Martigues |
+| Clara Toti | cynoschool06@outlook.fr | 0665636981 | 2 ruelle du soleil, 06830, Gilette |
+| Milena Molesini | milenamolesini@gmail.com | | |
+| Céline Dragon | celine.dragon@free.fr | 0622404831 | |
| username | password |
@@ -30,21 +36,25 @@
| joelle | anleika |
| yann | annapo |
| krystelle | annapo |
+| clara | ceh2024 |
#+begin_comment
htpasswd -b -c htpasswd_chien.tmp.1 matthieu ginette
htpasswd -b -c htpasswd_chien.tmp.2 melodie flondine
htpasswd -b -c htpasswd_chien.tmp.3 claire lacie
-htpasswd -b -c htpasswd_chien.tmp.4 lionel anleika
-htpasswd -b -c htpasswd_chien.tmp.5 joelle anleika
+htpasswd -b -c htpasswd_chien.tmp.4 lionel leika
+htpasswd -b -c htpasswd_chien.tmp.5 joelle leika
htpasswd -b -c htpasswd_chien.tmp.6 yann annapo
htpasswd -b -c htpasswd_chien.tmp.7 krystelle annapo
+htpasswd -b -c htpasswd_chien.tmp.8 clara ceh2024
cat htpasswd_chien.tmp.* > htpasswd_chien
-rm
+rm htpasswd_chien.tmp.*
#+end_comment
-
* [2023-06-13 Tue]
+:PROPERTIES:
+:EXPORT_FILE_NAME: 2023-06-13
+:END:
- Matt
- Melo
@@ -80,7 +90,9 @@ Prévoir entretient avec Melo.
- jeune croisé labrador
* [2023-10-03 Tue]
-
+:PROPERTIES:
+:EXPORT_FILE_NAME: 2023-10-03
+:END:
** Lettre Val
** Nouveau Contrat
@@ -100,6 +112,9 @@ Livret Captt.
Ancienne médecin. Peut-être remplacer Melo.
* [2023-11-23 Thu]
+:PROPERTIES:
+:EXPORT_FILE_NAME: 2023-11-23
+:END:
- Présentation Médecin
- Présentation de tous
@@ -124,6 +139,9 @@ Ajouter des binômes:
- Relire et check logo
* [2024-01-12 Fri]
+:PROPERTIES:
+:EXPORT_FILE_NAME: 2024-01-12
+:END:
** Personnes presentent:
- Matthieu
- Clara
@@ -275,3 +293,350 @@ Ajouter des binômes:
- Changer les couleurs du site web.
- Ajouter le périmetre d'accueil sur le site web.
- Ajouter un lien pour faire un don.
+
+* [2024-02-16 Fri 19:05]
+:PROPERTIES:
+:EXPORT_FILE_NAME: 2024-02-16
+:END:
+** Personnes présentes
+- Matthieu Delpeuch
+- Mélodie Durand
+- Lionel Rebière
+- Clara Toti
+- Krystelle Esposito
+** Compte Rendu
+
+Les points suivants ont été abordés:
+
+- État des comptes banquaires ; environ 4000€
+- Proposition de fournir un harnais de guidage avec dossard à chaque chien
+ d'assistance de l'association afin d'offrir une meilleure visibiblité à
+ l'association ainsi qu'une unité.
+ Nous allons demander des devis
+- Information donnée au groupe de dons faits au bénéfice de l'association.
+ Un provenant d'un membre bénéficiaire, un autre d'un particulier.
+- Matthieu et Clara ont fait un retour sur la 1ere rencontre en audioconférence
+ d'un éventuel bénéficiaire. Ce premier retour et plutôt positif ; la personne
+ a des attentes raisonnables et n'est pas novice dans l'univers du chien.
+ De plus elle est consciente des spécificités des animaux de refuges et y a
+ déjà adopté son actuel chien de compagnie.
+ L'entourage du demandeur semble aidant et impliqué.
+ Matthieu et Clara soulignent quand même que la personne a quelques notions
+ obsolètes de l'éducation canine mais qu'il semble assez ouvert et motivé pour
+ s'adapter aux nouvelles situations.
+ Lionel et Mélodie demandent si cette personne a les moyens d'entretenir et de
+ financer un nouveau chien.
+ Cette question sera abordée lors des prochains échanges si l'association
+ décide de poursuivre le processus d'intégration au programme de formation.
+ La décision a été prise à l'unanimité de poursuivre avec ce demandeur.
+- Clara soulève le problème du premier questionnaire d'accueil qui est trop
+ orienté sur l'autisme. Certains points ne correspondent pas à tous les
+ handicaps. Après discussion il est décidé que Matthieu et Clara s'occuperont
+ des questions concernant les spécificité éducatives et environnementales des
+ chiens et Mélodie et Christelle se pencheront sur la partie plus générale du
+ questionnaire.
+- Une discussion a eu lieu sur les moyens de trouver de nouveaux financements.
+ As-t-on vraiment besoin d'aller chercher plus an prenant en considérations que
+ celà demande beaucoup de temps et d'investissement aux membres et que de plus
+ la plupart des financement peuvent être soumis à des obligations de résultats.
+ La question reste ouverte pour les futures réunions.
+
+** Actions
+- [ ] demander des devis pour les harnais et dossards
+
+* [2024-03-15 Fri]
+:PROPERTIES:
+:EXPORT_FILE_NAME: 2024-03-15
+:END:
+** Personnes présentes
+- Claire
+- Clara
+- Yann
+- Krystelle
+** Notes
+@Claire: quelle est la pathologie douloureuse de l'éventuel bénéficiaire.
+@Clara: nous verrons si on pourra allez revoir la personne et être accompagné
+par Claire.
+** Actions
+Trouver une nouvelle date.
+* [2024-04-12 Fri]
+:PROPERTIES:
+:EXPORT_FILE_NAME: _2024-04-12_Fri_
+:END:
+
+** Personnes présentes
+Matthieu, Claire, Clara, Lionel, Krystelle, Yann.
+** Points
+*** Dossard
+Homogénéiser le dossard.
+Au niveau des financements, il faut être une association serieuse et carrée.
+Une autre asso, pour rentrer il faut payer une somme pour prendre en charge le
+matériel, le premier mois de croquettes, etc…
+
+Disons 500€: Chien, dossard, croquettes, quelques cours d'éducation.
+
+Peux-t-on recevoir de l'argent (pas avec une association a but non lucratif)
+
+*** Questionnaire
+
+Questionnaire plus général que sur les troubles autistiques.
+
+* [2024-05-16 Thu]
+:PROPERTIES:
+:EXPORT_FILE_NAME: 2024-05-16
+:END:
+
+** Personnes présentes
+:PROPERTIES:
+:EXPORT_FILE_NAME: Personnes_pr_sentes
+:END:
+- Céline
+- Clara
+- Krystelle
+- Matt
+- Milena
+- Yann
+
+** TL;DR
+
+1. Modifier le harnais pour agrandir le logo, et changer la police
+2. refus du Monsieur de la réunion d'hier pour devenir bénéficiaire
+3. une rencontre demain avec Matthieu, Céline et le bénéficiaire potentiel
+4. Création d'un Google drive pour partager les documents
+5. Création de cartes à imprimer pour que les membres du bureaux puisse les
+ donner pour permettre aux personnes de faire des dons et de contacter
+ facilement l'association
+6. Modifier légèrement la proposition 2 des cartes pour que le rendu à
+ l'impression soit plus lisible.
+
+** Dossard
+
+- Mettre tout le texte en capitale et agrandir le logo et le changer.
+ Changer la Police utiliser la police sans serif Helvetica.
+
+** Réunion hier
+
+@Matthieu:
+Monsieur 50aine, ils habitent Nice, centre ville, pas de parc.
+Il veut un chien de compagnie mais avec peu de demande technique.
+Environnement; 9ème étage en appartement, 2 lapin
+
+Mauvais feeling avec elle. Ils font un peu débordés.
+Le chien sera brut et il faudra travailler sur le chien.
+
+Lui très motivé. Ils ont pris un vieux chien en refuge.
+Il est sorti 2x/j.
+Il faut qu'un chien d'assistance sorte plus souvent.
+
+@Clara: pas de crainte de Matt.
+J'ai pas envie de placer un chien dans cet environnement.
+Zone d'immeubles, grande avenue, presque centre ville, que transport en commun.
+Le parc le plus proche en fauteuil roulant 20min.
+Compliqué en tant que besoin.
+Les moyens financier et humain sont peut-être insuffisants.
+L'appartement pas adapté au handicap du monsieur.
+Pas d'aide pour avoir le fauteuil électrique, don.
+Beaucoup d'animaux, pas super propre (chat, lapins).
+Les enfants sont partis, si il est hospitalisé, personne pour s'occuper des
+animaux.
+Mais pas de système pour s'occuper des animaux en cas de problème.
+
+@Milena: coté humain, je pense que ça le fait.
+Ils sont dans une forme d'écoute et de respect mutuel.
+Je rejoins sur le fait qu'ils sont isolés.
+Et sur le reste de l'environnement c'est vous qui savez.
+
+@Clara: Il faut mettre une femelle assez grande. Et pas trop jeune. Ce qui fait
+trop de contrainte pour trouver le chien.
+
+@Matt: environnement exiguë.
+
+@Milena: la demande n'est pas claire.
+Il veut continuer à avoir un chien avec les avantages de pouvoir rentrer dans un
+magasin. Est-ce une demande pertinente.
+Elle est légitime, mais pas forcément pertinente.
+
+@Clara: Le fait d'avoir un chien l'aide à sortir.
+En terme de besoin, il n'y a pas de besoin technique.
+
+@Milena: Il servira à la motivation, mais ne favorise pas plus d'autonomie.
+
+@Clara: peut rassurer aussi la conjointe.
+
+@Matt: Avec toutes les contraintes, on est obligé d'aller vers une
+certification.
+Mais je ne pense pas que l'environnement et le profil humain s'y prêtent.
+
+@Milena: Légitime mais est-elle pertinente pour l'asso ?
+
+@Krystelle: ça me dérange de placer un chien dans un environnement pas forcément adapté.
+Pour avoir accompagner pour les démarches, c'est beaucoup de temps sur les temps
+de libre pour travailler.
+Ce n'est pas qu'1h par semaine mais beaucoup plus.
+
+@Matt: On leur a dit, mais de ce que je ressens, j'ai la sensation le monsieur a
+tellement envie qu'il a dit oui mais il a pas conscience du travail qui a à faire
+sur le chien.
+On vu le problème avec Zucco et quand il arrive le chien, mais le chien il a
+gratté, il a mangé, il aboie, etc…
+Mais ils ont tellement un amour des animaux ils sont aveuglé du travail qui a
+derrière.
+Le monsieur n'est plus maître chien depuis longtemps.
+Je vais plus tendre vers le non.
+
+@Milena: pour la motivation, il n'y aura de surprise.
+Mais je te rejoins au niveau de l'organisation.
+J'émets un doute.
+
+@Clara: aussi l'entretient, le financier. Ils ont pas les moyens de faire mieux.
+
+@Matt: avec Céline on a un chien à voir pour un bénéficiaire, on va peut-être
+répondre favorablement.
+Moi j'ai une demande, à Fréjus, j'attendais qu'on voit le monsieur d'hier vu
+qu'il avait la priorité.
+Je prendrai RDV avec la jeune femme de Fréjus.
+
+@Krystelle: Faire rencontrer des personnes d'une famille qui a fait famille
+d'accueil pour expliquer les réalités. Peut-être que ça peut être un petit peu
+plus parlant.
+
+@Matt: au début, les 1er RDV avec Mélodie qui a un coté très humain qui fait.
+Si vous pouvez être présent avec grand plaisir.
+
+@Krystelle: si c'est dans mes horaires je me libère.
+
+@Matt: Oui ça serait très bien.
+
+@Milena: Peut-être faire un visio séparée.
+
+@Krystelle: Celà permettrait d'expliquer des réalités pour avoir des une vision
+réaliste de ce que représente être un bénéficiaire de l'association.
+
+@Matt: oui c'est une bonne idée.
+
+** Bénéficiaire 2
+
+@Celine: de l'extérieur, les besoins du chien.
+Le monsieur ne peut pas supporter d'être sans chien.
+Cognitivement c'est compliqué mais il est volontaire.
+Sa femme est très volontaire.
+Je lui est même proposer en cas de refus de chien d'assistance d'au moins venir
+pour l'aider à gérer le chien.
+C'est un golden qui est très actif.
+
+@Matt: ils sont très anxieux.
+
+@Celine: ils avaient un Beagle.
+
+@Celine: il a besoin qu'il allume les lumières, qu'il marche au pied.
+
+@Clara: quel handicap? Il est en fauteuil et paralysé d'un coté.
+
+@Celine: ils partent régulièrement prendre l'avion avec lui.
+Hémiplégie. Ils essayent de faire des choses.
+Ce monsieur à une aide qui vient chez lui.
+On pourrait une fois de temps en temps à domicile.
+La personne peut l'amener en voiture.
+
+@Clara: ça semble un travail qui se fait avec de la motivation.
+
+@Matt: quel âge le chien?
+
+@Celine: 7 ou 9 mois.
+Parfois ils ont pris de mauvaises habitudes, il faudra l'éduquer.
+L'environnement est bon.
+
+@Milena: seule limite, passer au delà des anxiétés et changer ses habitudes.
+
+@Clara: ce sont des problématiques qu'on a dans le quotidien. Donc rien d'inhabituel.
+
+@Celine: le chien ne comprends pas tout, je pense que la dame sera là pour l'accompagner.
+
+@Milena: c'était difficile le jour du RDV pour le monsieur il revenait de l'hôpital.
+
+@Celine: on sent qu'il y a de la bonne volonté.
+
+@Clara: ils ont un système d'aide.
+
+@Krystelle: ils sont d'où ?
+
+@Celine: de Ventabren
+
+
+** Actions
+- Clara; va faire le Google drive
+- Clara; nouvelles cartes, soit changer le vert, soit utiliser des fontes
+ blanches sur le vert.
+- Clara; pour les dossards, renvoyer le logo pour agrandir et changer la police
+- Clara: cartes de contact pour l'association
+- Krystelle & Yann; s'occuper du harnais (changer la police et agrandir le log)
+- Matt; mail de refus pour le rdv d'hier
+- Celine & Matt; réunion demain 18h
+
+
+** [2024-06-12 Wed]
+
+*** Personnes présentes
+
+- Matt
+- Lionel
+- Claire
+- Clara
+- Krystelle
+- Yann
+- Céline
+- Milena
+
+*** Sujets
+
+@Matt
+Un refus la semaine précédente
+
+@Matt
+Rencontrer des gens avec Céline, ils ont déjà un chien, Céline s'en occupera.
+Renvoyer un contrat.
+Bénéficiaire Douglas, le chien s'appelle Douglas.
+
+@Matt
+Addresse de l'asso est l'ancienne addresse perso.
+Est-ce que je la domicilie chez mes parents ?
+
+Décision: oui chez les parents, reste dans le 06.
+
+@Matt
+Valeine, 35 ans.
+Visio avec une bénéficiaire de Fréjus, qui a été amputée.
+
+@Milena
+Plutôt positif en terme d'environnement et profil pour moi. On était pas sûr de
+jusqu'où va son handicap. Toute une partie paralysée.
+Elle a déjà le chien.
+Chien doit faire rapport d'objet.
+Rapport au sol.
+Peu d'attente sur les capacités du chien.
+Peut-être que le chien n'ira pas.
+
+@Celine
+Est-ce qu'il y a besoin de faire des comptes rendus.
+
+@Matt
+Gamin sera certifié cet été.
+Les derniers temps, on suit le chien 2x par mois.
+Ralonger le temps entre les scéances pour autonomiser et pas avoir trop de frais
+dans l'asso.
+Il faudrait expliquer cela pour les bénéficiaires.
+
+@Lionel
+Factures Educ, Psy.
+@Matt 3656€, de hello asso.
+
+@Matt dossard validé fond vert clair, texte noir.
+
+@Krystelle: Dimensions du chien.
+
+*** Actions
+- Matt: changer l'addresse de l'asso à celle de ses parents
+- Yann: Changer l'addresse de l'asso sur le site; 28 Boulevard Pointcarré, 06160, Juan les Pins
+- Céline: envoyer un message à Norbert pour demander les dimensions du chien.
+- Tous: Checker le contrat et le valider
+- Tous: Checker le compte rendu de Valeine, RDV si besoin
diff --git a/notes/cisco_custom_roles.html b/notes/cisco_custom_roles.html
deleted file mode 100644
index bc26adb2..00000000
--- a/notes/cisco_custom_roles.html
+++ /dev/null
@@ -1,437 +0,0 @@
-
-
-
-
-
-
-
- Custom Roles
-
-
-
-
-
-
-
Custom Roles
-
XDR IROH
-
Yann Esposito
-
[2023-10-03 Tue 15:30]
-
-
Current state
-
Listing Roles (already by
-org)
-
GET /iroh/profile/roles
-
Provide a data structure with describing all roles for an Org:
-
-
3 roles for XDR (admin, user, sat)
-
2 roles for SX (admin, user)
-
-
⚠ Role ≠ Permissions
-
The role associated to a user do not necessarily matches the user
-permission.
-
The role is only one of the component to use to determine a token or
-even a user permissions. The permissions are represented by
-scopes which are computed using:
-
-
the user role
-
the org properties (activated or not, XDR or not etc…)
-
entitlements (not in use but will probably be the case in the
-future)
-
-
⚠ Role ≠ Permissions (Tokens)
-
-
the user scopes
-
as well as the client scopes
-
as well as the scopes requested during the OAuth2 authorization
-flow
-
-
Current response for an
-XDR-enabled org
-
GET /iroh/profile/roles
-{:admin {:english {:only-role-name"administrator",
-:adjective"an",
-:only-role-name-capitalized"Administrator",
-:english-role-name"an administrator"},
-:role-name"Administrator",
-:role-id"admin",
-:role-description"An admin of users.",
-:visibility"public"},
-:sat {:english {:only-role-name"security analyst",
-:adjective"a",
-:only-role-name-capitalized"Security Analyst",
-:english-role-name"a security analyst"},
-:role-name"Security Analyst",
-:role-id"sat",
-:role-description
-"No account admin. SXO read only + run existing workflows.",
-:visibility"public"},
-:user {:english {:only-role-name"incident responder",
-:adjective"an",
-:only-role-name-capitalized"Incident Responder",
-:english-role-name"an incident responder"},
-:role-name"Incident Responder",
-:role-id"user",
-:role-description
-"This is the closest to current user role:- no account administration- cannot create/change modules- SXO read only, but can run and edit workflows",
-:visibility"public"}}
-
Current response for an
-SX-only org
-
GET /iroh/profile/roles
-{:admin {:english {:only-role-name"admin",
-:adjective"an",
-:only-role-name-capitalized"Admin",
-:english-role-name"an admin"},
-:role-name"Admin",
-:role-id"admin",
-:role-description"An admin of users.",
-:visibility"public"},
-:user {:english {:only-role-name"user",
-:adjective"a",
-:only-role-name-capitalized"User",
-:english-role-name"a user"},
-:role-name"User",
-:role-id"user",
-:role-description"A standard user.",
-:visibility"public"}}
-
What the API already support
-
-
list all roles for every Org
-
change the role of a user
-
support roles during invitation and Org access request
-
expose a permissions endpoint to check permission access
-independently of the role
-
read/write access restriction
-
fine grained resource target in the scopes
-enrich → enrich/observables/observe:write
The GET /iroh/profile/roles will look
-like today + added the new custom roles that will look like:
-
{:admin ...
-:sat ...
-:user ...
-:role-d394db9e-613f-11ee-aff9-325096b39f47
- {:role-name"My Company Custom Role"
-:role-description"This is a role that is read only except for workflows"
-:role-id:role-d394db9e-613f-11ee-aff9-325096b39f47
-:visibility"org"
-:associated-scopes #{"inspect:read""ao""insights:read""profile:read"}}
-
-:role-8891b9f4-6140-11ee-8e1a-325096b39f47
- {:role-name"Manager"
-:role-description"Only for Sam who manage this team but should not directly act"
-:role-id:role-8891b9f4-6140-11ee-8e1a-325096b39f47
-:visibility"org"
-:associated-scopes #{"inspect:read""ao:read""insights:read""profile:read""users""profile"}}}
rw = read + write
-
-read = read:get # GET by id
-+ read:search # GET/POST search entities
-write = write:create # POST create new entity
-+ write:update # PUT/PATCH
-+ write:delete # DELETE
-+ write:execute # POST to trigger action
-
Most important points
-
-
Dynamic role ids. Must use the API
-
-
when you call /iroh/profile/whoami
-
when you look into the JWT
-
note: potentially a list of roles!
-
-
associated-scopes field only useful for the Role
-Management UI.
-
Use /iroh/profile/permissions
-
can also use scopes claim if present
-
-
Multiple Roles
-
Expect the role to be a sorted comma separated role ids like;
-admin,role-344,sat,user (which would be equivalent to
-admin here) in the tokens and not a list to prevent
-breaking changes. But it will probably be a list in the
-/whoami response.
-
-
diff --git a/notes/cisco_custom_roles.tex b/notes/cisco_custom_roles.tex
deleted file mode 100644
index 5e183569..00000000
--- a/notes/cisco_custom_roles.tex
+++ /dev/null
@@ -1,269 +0,0 @@
-% Created 2023-10-04 Wed 14:01
-% Intended LaTeX compiler: pdflatex
-\documentclass[11pt]{article}
-\usepackage[utf8]{inputenc}
-\usepackage[T1]{fontenc}
-\usepackage{graphicx}
-\usepackage{longtable}
-\usepackage{wrapfig}
-\usepackage{rotating}
-\usepackage[normalem]{ulem}
-\usepackage{amsmath}
-\usepackage{amssymb}
-\usepackage{capt-of}
-\usepackage{hyperref}
-\author{Yann Esposito}
-\date{\textit{[2023-10-03 Tue 15:30]}}
-\title{Custom Roles\\\medskip
-\large XDR IROH}
-\hypersetup{
- pdfauthor={Yann Esposito},
- pdftitle={Custom Roles},
- pdfkeywords={},
- pdfsubject={},
- pdfcreator={Emacs 29.1 (Org mode 9.7)},
- pdflang={English}}
-\begin{document}
-
-\maketitle
-\section{Current state}
-\label{sec:org5577c77}
-\subsection{Listing Roles (already by org)}
-\label{sec:org3475552}
-
-\texttt{GET /iroh/profile/roles}
-
-Provide a data structure with describing all roles for an Org:
-
-\begin{itemize}
-\item 3 roles for XDR (admin, user, sat)
-\item 2 roles for SX (admin, user)
-\end{itemize}
-\subsection{⚠ Role ≠ Permissions}
-\label{sec:org45793d5}
-
-The role associated to a user do not necessarily matches the user permission.
-
-The role is only one of the component to use to determine a token or even a user permissions.
-The permissions are represented by \emph{scopes} which are computed using:
-
-\begin{itemize}
-\item the user role
-\item the org properties (activated or not, XDR or not etc…)
-\item entitlements (not in use but will probably be the case in the future)
-\end{itemize}
-\subsection{⚠ Role ≠ Permissions (Tokens)}
-\label{sec:org0374daf}
-
-\begin{itemize}
-\item the user scopes
-\item as well as the client scopes
-\item as well as the scopes requested during the OAuth2 authorization flow
-\end{itemize}
-\subsection{Current response for an XDR-enabled org}
-\label{sec:orga98ced4}
-
-\begin{verbatim}
-GET /iroh/profile/roles
-{:admin {:english {:only-role-name "administrator",
- :adjective "an",
- :only-role-name-capitalized "Administrator",
- :english-role-name "an administrator"},
- :role-name "Administrator",
- :role-id "admin",
- :role-description "An admin of users.",
- :visibility "public"},
- :sat {:english {:only-role-name "security analyst",
- :adjective "a",
- :only-role-name-capitalized "Security Analyst",
- :english-role-name "a security analyst"},
- :role-name "Security Analyst",
- :role-id "sat",
- :role-description
- "No account admin. SXO read only + run existing workflows.",
- :visibility "public"},
- :user {:english {:only-role-name "incident responder",
- :adjective "an",
- :only-role-name-capitalized "Incident Responder",
- :english-role-name "an incident responder"},
- :role-name "Incident Responder",
- :role-id "user",
- :role-description
- "This is the closest to current user role:- no account administration- cannot create/change modules- SXO read only, but can run and edit workflows",
- :visibility "public"}}
-\end{verbatim}
-\subsection{Current response for an SX-only org}
-\label{sec:org8122353}
-
-\begin{verbatim}
-GET /iroh/profile/roles
-{:admin {:english {:only-role-name "admin",
- :adjective "an",
- :only-role-name-capitalized "Admin",
- :english-role-name "an admin"},
- :role-name "Admin",
- :role-id "admin",
- :role-description "An admin of users.",
- :visibility "public"},
- :user {:english {:only-role-name "user",
- :adjective "a",
- :only-role-name-capitalized "User",
- :english-role-name "a user"},
- :role-name "User",
- :role-id "user",
- :role-description "A standard user.",
- :visibility "public"}}
-\end{verbatim}
-\subsection{What the API already support}
-\label{sec:orgc601aac}
-
-
-\begin{itemize}
-\item list all roles for every Org
-\item change the role of a user
-\item support roles during invitation and Org access request
-\item expose a permissions endpoint to check permission access independently of the role
-\item read/write access restriction
-\item fine grained \emph{resource} target in the scopes \texttt{enrich} → \texttt{enrich/observables/observe:write}
-\end{itemize}
-\subsection{What the API does not support}
-\label{sec:orga19776c}
-
-\begin{itemize}
-\item No support for create+update but not delete.
-\item No support for multiple roles (not sure what it means yet)
-\item No support for custom role creation (obviously)
-\begin{itemize}
-\item No scopes API for roles
-\end{itemize}
-\end{itemize}
-\section{Expected Changes}
-\label{sec:org591e358}
-\subsection{New API: (exhaustive scopes list)}
-\label{sec:orgad4cfdd}
-
-Exhaustive list of scopes as a forest structure
-
-\begin{verbatim}
-[{:scope "global-intel"
- (optional :description) ,,,
- :accessors ["read"]
- :sub-scopes [{:scope "global-intel/incident"
- :accessors ["read"]}
- {:scope "global-intel/sighting"
- :accessors ["read"]}
- ,,,]}
- {:scope "private-intel"
- (optional :description) ,,,
- :accessors ["rw","read","write"]
- :sub-scopes [{,,,}]}]
-\end{verbatim}
-\subsection{New API (maybe?)}
-\label{sec:org7dbeae2}
-
-Expose only a subset of scopes aliases pre-negociated with UX/UI/Doc team:
-
-\begin{verbatim}
-[{:scope-alias "threat-hunt"
- :scopes ["enrich/observables/observe:read","inspect","investigation"]
- :description ,,,,}
- {:scope-alias "incidents"
- :scopes ["private-intel","global-intel:read"]
- :description ,,,}
- ,,, ]
-\end{verbatim}
-\subsection{New API: CRUD+Search}
-\label{sec:orgc22dbdb}
-
-API to manage new custom roles
-
-\begin{verbatim}
-(s/defschema NewRole
- {:role-name s/Str
- :role-description s/Str
- :provided-scopes Scopes})
-
-(s/defschema Role
- (st/merge NewRole
- {:id s/Str
- :created-at Date
- :updated-at Date}))
-\end{verbatim}
-\subsection{Existing APIs}
-\label{sec:org8b0636c}
-
-The \texttt{GET /iroh/profile/roles} will look like today + added the new custom roles
-that will look like:
-
-\begin{verbatim}
-{:admin ...
- :sat ...
- :user ...
- :role-d394db9e-613f-11ee-aff9-325096b39f47
- {:role-name "My Company Custom Role"
- :role-description "This is a role that is read only except for workflows"
- :role-id :role-d394db9e-613f-11ee-aff9-325096b39f47
- :visibility "org"
- :associated-scopes #{"inspect:read" "ao" "insights:read" "profile:read"}}
-
- :role-8891b9f4-6140-11ee-8e1a-325096b39f47
- {:role-name "Manager"
- :role-description "Only for Sam who manage this team but should not directly act"
- :role-id :role-8891b9f4-6140-11ee-8e1a-325096b39f47
- :visibility "org"
- :associated-scopes #{"inspect:read" "ao:read" "insights:read" "profile:read" "users" "profile"}}}
-\end{verbatim}
-\begin{itemize}
-\item \texttt{visibility}; \texttt{org} for custom, \texttt{public} for global.
-\item \texttt{associated-scopes}; only for role management UI
-\end{itemize}
-\subsection{Introduce sub-accessors (maybe?)}
-\label{sec:org6e45fe3}
-
-Today: \texttt{read}, \texttt{write}
-
-\begin{verbatim}
-inspect = inspect:rw
- = inspect:read + inspect:write.
-\end{verbatim}
-
-Tomorrow: introduce \texttt{read:get}, \texttt{read:search}, \texttt{write:create}, \texttt{write:update},
-\texttt{write:delete}, \texttt{write:execute}.
-\subsubsection{Equivalence of new accessors}
-\label{sec:org312e35c}
-
-\begin{verbatim}
-rw = read + write
-
-read = read:get # GET by id
- + read:search # GET/POST search entities
-write = write:create # POST create new entity
- + write:update # PUT/PATCH
- + write:delete # DELETE
- + write:execute # POST to trigger action
-\end{verbatim}
-\section{Most important points}
-\label{sec:org072056b}
-
-\begin{itemize}
-\item Dynamic role \texttt{ids}. \textbf{Must use the API}
-\begin{itemize}
-\item when you call \texttt{/iroh/profile/whoami}
-\item when you look into the JWT
-\item \textbf{note}: potentially a list of roles!
-\end{itemize}
-\item \texttt{associated-scopes} field only useful for the Role Management UI.
-\item Use \texttt{/iroh/profile/permissions}
-\item can also use \texttt{scopes} claim if present
-\end{itemize}
-\subsection{Multiple Roles}
-\label{sec:org27898f0}
-
-\begin{itemize}
-\item if union of roles for the same user:
-Expect the role to be a sorted comma separated role ids like;
-\texttt{admin,role-344,sat,user} (which would be equivalent to \texttt{admin} here)
-\item if one role per session, then we will use different \texttt{user-id} and thus the role
-must appear in the UIs (Registration UI, Org switching, etc…)
-\end{itemize}
-\end{document}
\ No newline at end of file
diff --git a/notes/cisco_iroh_client_data_retention.org b/notes/cisco_iroh_client_data_retention.org
new file mode 100644
index 00000000..c64b6218
--- /dev/null
+++ b/notes/cisco_iroh_client_data_retention.org
@@ -0,0 +1,47 @@
+:PROPERTIES:
+:ID: b129bbc2-43c7-4ba6-bcba-23fcc45add4f
+:END:
+#+Title: Cisco IROH Client Data Retention
+#+Author: Yann Esposito
+#+Date: [2024-06-05]
+
+- tags ::
+- source ::
+
+* Recommendation
+
+As a client of XDR API (IROH) you can retrieve the Data Retention policy using
+multiple APIs. But the recommended API to use is ~/iroh/profile/whoami~
+(See link in TEST: https://visibility.test.iroh.site/iroh/profile/index.html#/Profile/get_iroh_profile_whoami)
+
+You should call this API using an IROH access token that you could retrieve
+using the refresh token you should already have for your customer.
+
+Inside this HTTP call, the body of the request should looks like:
+
+#+begin_src javascript
+{
+ "user": {...},
+ "org": {
+ ...
+ "entitlement-summary": {
+ "tier": {"title": "advantage", ...},
+ "extra_data_retention": {...},
+ "extra_ingest": {...},
+ "techvals": {
+ "data-retention-in-days": 180,
+ "data-maximal-size-in-GB": 30,
+ ...
+ }
+ }
+ }
+}
+#+end_src
+
+The recommended method to retrieve the number of days is to use
+~org["entitlement-summary"]["techvals"]["data-retention-in-days"]~ value.
+Note for some org the entitlement summary will not be provided entirely as some
+XDR org do not have any entitlements (beta orgs, test orgs, not yet sync with
+PIAM, etc…)
+
+For these cases we do not provide any default number of day.
diff --git a/notes/composable_shell_nix.html b/notes/composable_shell_nix.html
deleted file mode 100644
index 0d792059..00000000
--- a/notes/composable_shell_nix.html
+++ /dev/null
@@ -1,536 +0,0 @@
-
-
-
-
-
-
-
- Composable shell.nix
-
-
-
-
-
-
So I work on a project for which we used Docker to locally run
-integration tests. More precisely we used docker-compose to launch different services,
-most of them being databases. The project is big enough that we need
-many different databases and other services.
-
It's been a while that I am following nix, and in particular I use
-nix on macOS to create local development environments. But I never used
-NixOS, even if I plan to do so on my remote server. In fact, I use nix
-on a very old Linux distro to run recent softwares.
-
Anyway, after Docker started to change its licensing on macOS I
-wanted to get rid of it. In fact, even before the licensing issue, I
-wanted to get rid of docker for Mac.
-
So I tried many time to replace docker-compose by nix. And even if I am interested in nix I never
-really dug into it. So my knowledge about it is incomplete and
-imprecise. But I know just enough to be able to start write script with
-nix taking care of dependencies, and similarly, I can write quick and
-dirty shell.nix for all my personal
-projects. Recently I started to add flake.nix files around too.
-
So here is how to easily replace docker-compose with nix. Which
-should also compose.
In the packages of nix version 22.11, create a new shell into which
-the package hello will be installed. At
-the end of the install, run a script that will print the package name.
-(Cf 4.1)
-
-
And indeed, if you copy/paste this nix block in a file and run
-nix-shell here is the result:
-
> nix-shell
-nix-shell shell.nix
-these 53 paths will be fetched (84.69 MiB download, 524.77 MiB unpacked):
- /nix/store/08pckaqznwh0s3822cjp5aji6y1lsm27-libcxx-11.1.0
- ...
- /nix/store/zqcs5xahjxij0c8vfw60lnfb6d979rn2-zlib-1.2.13
-copying path '/nix/store/49wn01k9yikhjlxc1ym5b6civ29zz3gv-bash-5.1-p16' from 'https://cache.nixos.org'...
-...
-copying path '/nix/store/4w2rv6s96fwsb4qyw8b9w394010gxriz-stdenv-darwin' from 'https://cache.nixos.org'...
-Using hello-2.12.1.
-
-[nix-shell:~/tmp/nixplayground]$
-
-
If you close the session and run it again, it will be much faster and
-will only show this:
This is because all dependencies will be cached. OK so, this is level
-1 of nix-shell-fu.
-
Now, let's start level 2.
-
nix-shell-fu level 2 lesson; scripting and
-configuring
-
This time, we want to launch a full service, as a redis docker would
-do. So here is a basic shell script which is similar to the previous one
-but will request redis as a dependency
-instead of hello and also as a launching
-script. From there will add a little bit more features.
-
{pkgs?import(fetchTarballhttps://github.com/NixOS/nixpkgs/archive/22.11.tar.gz){}}:
- pkgs.mkShell {
-# must contain buildInputs, nativeBuildInputs and shellHook
-buildInputs=[ pkgs.redis ];
-
-# Post Shell Hook
-shellHook=''
- echo "Using ${pkgs.redis.name} on port: ${port}"
- redis-server
- '';
-}
-
Again if you run nix-shell here is the result:
-
❯ nix-shell
-these 2 paths will be fetched (2.08 MiB download, 6.99 MiB unpacked):
- /nix/store/6w4vnaxdx12ccq172i8j5l830mlp8jlg-redis-7.0.5
- /nix/store/b47gmsx9qx0c9vh75wsg8bqq9qd0ad6f-openssl-3.0.7
-copying path '/nix/store/b47gmsx9qx0c9vh75wsg8bqq9qd0ad6f-openssl-3.0.7' from 'https://cache.nixos.org'...
-copying path '/nix/store/6w4vnaxdx12ccq172i8j5l830mlp8jlg-redis-7.0.5' from 'https://cache.nixos.org'...
-Using redis-7.0.5
-97814:C 10 Feb 2023 20:44:36.960 # oO0OoO0OoO0Oo Redis is starting oO0OoO0OoO0Oo
-97814:C 10 Feb 2023 20:44:36.960 # Redis version=7.0.5, bits=64, commit=00000000, modified=0, pid=97814, just started
-97814:C 10 Feb 2023 20:44:36.960 # Warning: no config file specified, using the default config. In order to specify a config file use redis-server /path/to/redis.conf
-97814:M 10 Feb 2023 20:44:36.961 * Increased maximum number of open files to 10032 (it was originally set to 256).
-97814:M 10 Feb 2023 20:44:36.961 * monotonic clock: POSIX clock_gettime
- _._
- _.-``__ ''-._
- _.-`` `. `_. ''-._ Redis 7.0.5 (00000000/0) 64 bit
- .-`` .-```. ```\/ _.,_ ''-._
- ( ' , .-` | `, ) Running in standalone mode
- |`-._`-...-` __...-.``-._|'` _.-'| Port: 6379
- | `-._ `._ / _.-' | PID: 97814
- `-._ `-._ `-./ _.-' _.-'
- |`-._`-._ `-.__.-' _.-'_.-'|
- | `-._`-._ _.-'_.-' | https://redis.io
- `-._ `-._`-.__.-'_.-' _.-'
- |`-._`-._ `-.__.-' _.-'_.-'|
- | `-._`-._ _.-'_.-' |
- `-._ `-._`-.__.-'_.-' _.-'
- `-._ `-.__.-' _.-'
- `-._ _.-'
- `-.__.-'
-
-97814:M 10 Feb 2023 20:44:36.962 # WARNING: The TCP backlog setting of 511 cannot be enforced because kern.ipc.somaxconn is set to the lower value of 128.
-97814:M 10 Feb 2023 20:44:36.962 # Server initialized
-97814:M 10 Feb 2023 20:44:36.963 * Ready to accept connections
-
-
Woo! Redis is started and it works!
-
But if you have multiple projects you want to have more control. For
-example, we will want to run redis on a specific port. Here is how you
-do it:
-
{pkgs?import(fetchTarballhttps://github.com/NixOS/nixpkgs/archive/21.05.tar.gz){}}:
-letiport=16380;
-port=toString iport;
-in pkgs.mkShell {
-# must contain buildInputs, nativeBuildInputs and shellHook
-buildInputs=[ pkgs.redis ];
-
-# Post Shell Hook
-shellHook=''
- echo "Using ${pkgs.redis.name} on port ${port}"
- redis-server --port ${port}
- '';
-}
-
And here is the result:
-
> rm dump.rdb
-> nix-shell
-Using redis-6.2.3 on port 16380
-1785:C 10 Feb 2023 20:50:00.880 # oO0OoO0OoO0Oo Redis is starting oO0OoO0OoO0Oo
-1785:C 10 Feb 2023 20:50:00.880 # Redis version=6.2.3, bits=64, commit=00000000, modified=0, pid=1785, just started
-1785:C 10 Feb 2023 20:50:00.880 # Configuration loaded
-1785:M 10 Feb 2023 20:50:00.880 * Increased maximum number of open files to 10032 (it was originally set to 256).
-1785:M 10 Feb 2023 20:50:00.880 * monotonic clock: POSIX clock_gettime
- _._
- _.-``__ ''-._
- _.-`` `. `_. ''-._ Redis 6.2.3 (00000000/0) 64 bit
- .-`` .-```. ```\/ _.,_ ''-._
- ( ' , .-` | `, ) Running in standalone mode
- |`-._`-...-` __...-.``-._|'` _.-'| Port: 16380
- | `-._ `._ / _.-' | PID: 1785
- `-._ `-._ `-./ _.-' _.-'
- |`-._`-._ `-.__.-' _.-'_.-'|
- | `-._`-._ _.-'_.-' | https://redis.io
- `-._ `-._`-.__.-'_.-' _.-'
- |`-._`-._ `-.__.-' _.-'_.-'|
- | `-._`-._ _.-'_.-' |
- `-._ `-._`-.__.-'_.-' _.-'
- `-._ `-.__.-' _.-'
- `-._ _.-'
- `-.__.-'
-
-1785:M 10 Feb 2023 20:50:00.881 # Server initialized
-1785:M 10 Feb 2023 20:50:00.881 * Ready to accept connections
-
-
Woo! Now we can control the port from the file. That's nice. But,
-hmmm, has you might have noticed, when you quit the session it dumps the
-DB as the file dump.rdb. What we would
-like is to keep the state in a local file that would be easy to delete.
-So here is how I did it, mainly, I just create a redis config file
-locally, and run redis using this local config file. Also I do my best
-to put all files created for running this local redis instance into a
-local file into my project. The code is more complex this time, but I
-just added a way to create a config file and declare a directory that
-will contain all the state of the DB and of the nix configuration.
-
{pkgs?import(fetchTarballhttps://github.com/NixOS/nixpkgs/archive/21.05.tar.gz){}}:
-letiport=16380;
-port=toString iport;
-in pkgs.mkShell (rec{
-# ENV Variables the directory to put all the DATA
-REDIS_DATA="${toString./.}/.redis";
-# the config file, as we use REDIS_DATA variable we just declared in the
-# same nix set, we need to use rec
-redisConf= pkgs.writeText "redis.conf"
-''
- port ${port}
- dbfilename redis.db
- dir ${REDIS_DATA}
- '';
-
-buildInputs=[ pkgs.redis ];
-
-# Post Shell Hook
-shellHook=''
- echo "Using ${pkgs.redis.name} on port: ${port}"
-
- [ ! -d $REDIS_DATA ] \
- && mkdir -p $REDIS_DATA
- cat "$redisConf" > $REDIS_DATA/redis.conf
- alias redisstop="echo 'Stopping Redis'; redis-cli -p ${port} shutdown; rm -rf $REDIS_DATA"
- nohup redis-server $REDIS_DATA/redis.conf > /dev/null 2>&1 &
- echo "When finished just run redisstop && exit"
- '';
-})
-
And here is a full session using this shell.nix:
-
nix-shell
-Using redis-6.2.3 on port: 16380
-When finished just run redisstop && exit
-
-[nix-shell:~/tmp/nixplayground]$ redis-cli -p 16380
-127.0.0.1:16380> help
-redis-cli 6.2.3
-To get help about Redis commands type:
- "help @<group>" to get a list of commands in <group>
- "help <command>" for help on <command>
- "help <tab>" to get a list of possible help topics
- "quit" to exit
-
-To set redis-cli preferences:
- ":set hints" enable online hints
- ":set nohints" disable online hints
-Set your preferences in ~/.redisclirc
-127.0.0.1:16380>
-
-[nix-shell:~/tmp/nixplayground]$ ls -a
-. .. .redis shell.nix
-
-[nix-shell:~/tmp/nixplayground]$ find .redis
-.redis
-.redis/redis.conf
-
-[nix-shell:~/tmp/nixplayground]$ redis-cli -p 16380 shutdown
-[1]+ Done nohup redis-server $REDIS_DATA/redis.conf > /dev/null 2>&1
-
-[nix-shell:~/tmp/nixplayground]$ find .redis
-.redis
-.redis/redis.db
-.redis/redis.conf
-
-[nix-shell:~/tmp/nixplayground]$ redisstop
-Stopping Redis
-Could not connect to Redis at 127.0.0.1:16380: Connection refused
-
-[nix-shell:~/tmp/nixplayground]$ ls -a
-. .. shell.nix
-
-[nix-shell:~/tmp/nixplayground]$
-
-
So with this version all data related to redis is saved into the
-local .redis directory. And in the nix
-shell we provide a command redisstop that
-once invoked, shutdown redis, then purge all redis related data (as you
-would like in a development environment). Also, as compared to previous
-version, redis is launched in background so you could run commands in
-your nix shell.
-
nix-shell-fu level 3 lesson; composability
-
So in order for this part to be easier to follow, we'll go back to
-our first example with the shell.nix that just ran hello.
-
Appendice
-
Digression
-
In fact, this is a bit more complex than "just that". The reality is
-a bit more complex. The nix language is "pure", meaning, if you run the
-nix evaluation multiple times, it will always evaluate to the exact same
-value. But here, this block represent a function. The function takes as
-input a "nix set" (which you can see as an associative array, or a
-hash-map or also a javascript object depending on your preference), and
-this set is expected to contain a field named pkgs. If pkgs is
-not provided, it will us the set from the stable version 22.11 of
-nixpkgs by downloading them from github archive. The second part of the
-function generate "something" that is returned by an internal function
-of the standard library provided by nix
-which is named mkShell. So mainly, mkShell is a helper function that will generate
-what nix calls a derivation.
-Mainly, we don't really care about exactly what is a
-derivation. This is an internal to nix representation that
-could be finally used by different nix tools for different things.
-Typically, installing a package, running a local development environment
-with nix-shell or nix develop, etc…
-
So the important detail to remember is that we can manipulate the
-parameter we pass to the functions derivation, mkDerivation and mkShell, but we have no mechanism to manipulate
-directly derivation. So in order to make
-that composable, you need to call the derivation internal function at the very end
-only.
-Note also the access token lifetime is 3600 seconds (instead of the default 300s).
-After 1 hour, the access token will fail, from now on you could request another
-access token with:
-
-
-
\ No newline at end of file
diff --git a/notes/impots2023/fiche-fiscale-cisco-2023.pdf b/notes/impots2023/fiche-fiscale-cisco-2023.pdf
new file mode 100644
index 00000000..56edc3a0
Binary files /dev/null and b/notes/impots2023/fiche-fiscale-cisco-2023.pdf differ
diff --git a/notes/impots2023/morgan-stanley-statement.pdf b/notes/impots2023/morgan-stanley-statement.pdf
new file mode 100644
index 00000000..e597eea9
Binary files /dev/null and b/notes/impots2023/morgan-stanley-statement.pdf differ
diff --git a/notes/impots_2022.org b/notes/impots_2022.org
index a2afe055..39410323 100644
--- a/notes/impots_2022.org
+++ b/notes/impots_2022.org
@@ -4,8 +4,10 @@
#+Title: Impots 2022
#+Author: Yann Esposito
#+Date: [2023-05-20]
+
- tags :: [[id:7051b4a2-b42b-4d6f-abf6-2396b68dc5ed][impots]]
- source ::
+
* PERO (6QS)
- Case 6RS versements volontaires
diff --git a/notes/impots_2023.org b/notes/impots_2023.org
new file mode 100644
index 00000000..5a25fd17
--- /dev/null
+++ b/notes/impots_2023.org
@@ -0,0 +1,255 @@
+:PROPERTIES:
+:ID: 9952b8ac-59df-442c-b3aa-64e78e47d9b1
+:END:
+#+title: Impots 2023
+#+Author: Yann Esposito
+#+Date: [2024-05-18]
+
+- tags ::
+- source ::
+
+* PERO (6QS)
+
+- Case 6RS versements volontaires
+- Case 6QS versements obligatoire Pero + jours CET
+
+Cf Fiche Fiscale Cisco: 7611
+
+
+* Revenus Fonciers (2044?)
+
+- 3060€ dans la case 7FK (investissement Duflot 2014)
+
+* Actions (RSU/ESPP) (Form. 2074)
+
+ | | Plus Values |
+ |-------+-------------|
+ | 03/01 | -37.86 |
+ | 17/02 | 274.94 |
+ | 05/04 | 201.11 |
+ | 16/06 | 775.31 |
+ | 04/07 | -107.53 |
+ | 26/07 | -24.10 |
+ | 10/08 | 3.0 |
+ | 19/09 | -57.35 |
+ | 15/10 | 156.69 |
+ |-------+-------------|
+ | TOTAL | 1184.21 |
+ #+TBLFM: @>$2=vsum(@I..@II)
+
+Par lignes:
+
+** 3 janvier 2023 (vente 162 ESPP => -37,86€) 1 vente
+
+
+| Actions à vendre | 162 |
+| Prix du marché par unité | × 47,89 $US |
+| Produit | 7 758,18 $US |
+| Frais de VEF/CCA | - 7,50 $US |
+| Processing Fee | - 5,00 $US |
+| Frais de transaction supplémentaires | - 0,18 $US |
+| Produit net | 7 745,50 $US |
+| Conversion de la devise | × 0,934951 |
+| Produit net converti | 7 241,66 € |
+| Revenu ordinaire | 1 851,66 $US |
+| Gain ou perte de capital | −40,50 $US |
+
+
+#+CONSTANTS: eu_03_01=0.934951
+| Date d’acquisition | Prix achat | Prix vente | Actions | Frais | Gain |
+|---------------------+------------+------------+---------+-------+--------|
+| 3 janvier 2023 en $ | 48.03085 | 47.89 | 162 | 17.68 | -40.50 |
+| #ERROR | 44.91 | 44.77 | 151.46 | 16.53 | -37.87 |
+#+TBLFM: @2$6=(((@2$3-@2$2)*@2$4) - @2$5);%.2f
+#+TBLFM: @3=@2*$eu_03_01;%.2f
+
+** 17 fevrier 2023 (vente 59 RSU => 274,94€) 1 vente
+
+| Actions à vendre | 59 |
+| Prix du marché par unité | × 51,36 $US |
+| Produit | 3 030,24 $US |
+| Frais de VEF/CCA | - 7,50 $US |
+| Processing Fee | - 5,00 $US |
+| Frais de transaction supplémentaires | - 0,07 $US |
+| Produit net | 3 017,67 $US |
+| Conversion de la devise | × 0,926536 |
+| Produit net converti | 2 795,98 € |
+
+
+#+CONSTANTS: eu_17_02=0.926536
+| Date d’acquisition | Prix achat | Prix vente | Actions | Frais | Gain |
+|---------------------+------------+------------+---------+-------+--------|
+| 3 janvier 2023 en $ | 46.70 | 51.36 | 59 | 12.57 | 262.37 |
+| #ERROR | 43.27 | 47.59 | 54.67 | 11.65 | 243.10 |
+#+TBLFM: @2$6=(((@2$3-@2$2)*@2$4) - @2$5);%.2f
+#+TBLFM: @3=@2*$eu_17_02;%.2f
+
+** 5 avril 2023 (vente 76 RSU => 201€) 1 vente
+
+
+| Actions à vendre | 76 |
+| Prix du marché par unité | × 51,965 $US |
+| Produit | 3 949,34 $US |
+| Frais de VEF/CCA | - 7,50 $US |
+| Processing Fee | - 5,00 $US |
+| Frais de transaction supplémentaires | - 0,04 $US |
+| Produit net | 3 936,34 $US |
+| Conversion de la devise | × 0,907801 |
+| Produit net converti | 3 573,83 € |
+| Gain ou perte de capital | 233,70 $US |
+
+
+#+CONSTANTS: eu_05_04=0.907801
+| Date d’acquisition | Prix achat | Prix vente | Actions | Frais | Gain |
+|--------------------+------------+------------+---------+-------+--------|
+| 10 mars 2023 en $ | 48.89 | 51.97 | 76 | 12.54 | 221.54 |
+| #ERROR | 44.38 | 47.18 | 68.99 | 11.38 | 201.11 |
+#+TBLFM: @2$6=(((@2$3-@2$2)*@2$4) - @2$5);%.2f
+#+TBLFM: @3=@2*$eu_05_04;%.2f
+
+** 16 juin 2023 (vente 236 RSU => 775.31€) 2 vente
+
+
+| Actions à vendre | 236 |
+| Prix du marché par unité | × 48,82 $US |
+| Produit | 12 349,88 $US |
+| Frais de VEF/CCA | - 7,50 $US |
+| Processing Fee | - 5,00 $US |
+| Frais de transaction supplémentaires | - 0,10 $US |
+| Produit net | 12 337,28 $US |
+| Conversion de la devise | × 0,898033 |
+| Produit net converti | 11 079,29 € |
+| Gain ou perte de capital | −827,42 $US |
+
+
+#+CONSTANTS: eu_16_06=0.898033
+| Date d’acquisition | Prix achat | Prix vente | Actions | Frais | Gain |
+|--------------------+------------+------------+---------+-------+--------|
+| 10 mai 2023 en $ | 46.70 | 52.33 | 59 | 12.57 | 319.60 |
+| #ERROR | 41.94 | 46.99 | 52.98 | 11.29 | 287.01 |
+| 10 juin 2023 en $ | 49.53 | 52.33 | 177 | | 495.60 |
+| #ERROR | 44.48 | 46.99 | 158.95 | 0.00 | 445.07 |
+|--------------------+------------+------------+---------+-------+--------|
+| Total | | | | | 732.08 |
+#+TBLFM: $6=((($3-$2)*$4) - $5);%.2f
+#+TBLFM: @3=@2*$eu_16_06;%.2f
+#+TBLFM: @5=@4*$eu_16_06;%.2f
+#+TBLFM: @>$6=vsum(@3$6,@5$6);%.2f
+
+** 4 juillet 2023 (vente 149 ESPP => -107.53€) 1 vente
+
+| Actions à vendre | 149 |
+| Prix du marché par unité | × 50,93 $US |
+| Produit | 7 588,57 $US |
+| Frais de VEF/CCA | - 7,50 $US |
+| Processing Fee | - 5,00 $US |
+| Frais de transaction supplémentaires | - 0,07 $US |
+| Produit net | 7 576,00 $US |
+| Conversion de la devise | × 0,897208 |
+| Produit net converti | 6 797,25 € |
+| Revenu ordinaire | 2 313,97 $US |
+| Gain ou perte de capital | −120,69 $US |
+
+#+CONSTANTS: eu_04_07=0.897208
+| Date d’acquisition | Prix achat | Prix vente | Actions | Frais | Gain $ | Gain |
+|---------------------+------------+------------+---------+-------+---------+---------|
+| 4 juillet 2023 en $ | 51.65 | 50.93 | 149 | 12.57 | -119.85 | -107.53 |
+| #ERROR | 46.34 | 45.69 | 133.68 | 11.28 | -107.53 | -96.48 |
+#+TBLFM: @2$6=(((@2$3-@2$2)*@2$4) - @2$5);%.2f
+#+TBLFM: @3=@2*$eu_04_07;%.2f
+
+** 26 juillet 2023 (vente 19 ESPP => -24€) 1 vente
+
+
+| Actions à vendre | 19 |
+| Prix du marché par unité | × 53,1649 $US |
+| Produit | 1 010,13 $US |
+| Frais de VEF/CCA | - 7,50 $US |
+| Processing Fee | - 5,00 $US |
+| Frais de transaction supplémentaires | - 0,01 $US |
+| Produit net | 997,62 $US |
+| Conversion de la devise | × 0,891041 |
+| Produit net converti | 888,92 € |
+| Revenu ordinaire | 295,07 $US |
+| Gain ou perte de capital | 27,07 $US |
+
+#+CONSTANTS: eu_26_07=0.891041
+| Date d’acquisition | Prix achat | Prix vente | Actions | Frais | Gain $ | Gain |
+|---------------------+------------+------------+---------+-------+--------+--------|
+| 3 janvier 2023 en $ | 53.93 | 53.1649 | 19 | 12.51 | -27.05 | -24.10 |
+| #ERROR | 48.05 | 47.37 | 16.93 | 11.15 | -24.10 | -21.47 |
+#+TBLFM: @2$6=(((@2$3-@2$2)*@2$4) - @2$5);%.2f
+#+TBLFM: @3=@2*$eu_26_07;%.2f
+
+** 15 aout 2023 (vente 61 RSU => 3€) 1 vente
+
+
+| actions à vendre | 61 |
+| Prix du marché par unité | × 53,67 $US |
+| Produit | 3 273,87 $US |
+| Frais de VEF/CCA | - 7,50 $US |
+| Processing Fee | - 5,00 $US |
+| Frais de transaction supplémentaires | - 0,03 $US |
+| Produit net | 3 261,34 $US |
+| Conversion de la devise | × 0,905048 |
+| Produit net converti | 2 951,67 € |
+
+
+#+CONSTANTS: eu_15_08=0.905048
+| Date d’acquisition | Prix achat | Prix vente | Actions | Frais | Gain |
+|--------------------+------------+------------+---------+-------+------|
+| 10 aout 2023 en $ | 53.41 | 53.67 | 61 | 12.53 | 3.33 |
+| #ERROR | 48.34 | 48.57 | 55.21 | 11.34 | 3.01 |
+#+TBLFM: @2$6=(((@2$3-@2$2)*@2$4) - @2$5);%.2f
+#+TBLFM: @3=@2*$eu_15_08;%.2f
+
+** 19 septembre 2023 (vente 87 RSU => -57.35€) 1 vente
+
+
+| Actions à vendre | 87 |
+| Prix du marché par unité | × 56,19 $US |
+| Produit | 4 888,53 $US |
+| Frais de VEF/CCA | - 7,50 $US |
+| Processing Fee | - 5,00 $US |
+| Frais de transaction supplémentaires | - 0,04 $US |
+| Produit net | 4 875,99 $US |
+| Conversion de la devise | × 0,923115 |
+| Produit net converti | 4 501,10 |
+
+#+CONSTANTS: eu_19_09=0.923115
+| Date d’acquisition | Prix achat | Prix vente | Actions | Frais | Gain |
+|------------------------+------------+------------+---------+-------+--------|
+| 10 septembre 2023 en $ | 56.76 | 56.19 | 87 | 12.54 | -62.13 |
+| #ERROR | 52.40 | 51.87 | 80.31 | 11.58 | -57.35 |
+#+TBLFM: $6=((($3-$2)*$4) - $5);%.2f
+#+TBLFM: @3=@2*$eu_19_09;%.2f
+
+** 15 novembre 2023 (vente 182 RSU => 156.69€) 1 vente
+
+| Actions à vendre | 182 |
+| Prix du marché par unité | × 53,27 $US |
+| Produit | 9 695,14 $US |
+| Frais de VEF/CCA | - 7,50 $US |
+| Processing Fee | - 5,00 $US |
+| Frais de transaction supplémentaires | - 0,08 $US |
+| Produit net | 9 682,56 $US |
+| Conversion de la devise | × 0,905196 |
+| Produit net converti | 8 764,61 € |
+
+#+CONSTANTS: eu_15_10=0.905196
+| Date d’acquisition | Prix achat | Prix vente | Actions | Frais | Gain |
+|-----------------------+------------+------------+---------+-------+--------|
+| 10 novembre 2023 en $ | 52.25 | 53.27 | 182 | 12.54 | 173.10 |
+| #ERROR | 47.30 | 48.22 | 164.75 | 11.35 | 156.69 |
+#+TBLFM: $6=((($3-$2)*$4) - $5);%.2f
+#+TBLFM: @3=@2*$eu_15_10;%.2f
+
+* Dons (7UD)
+
+
+| assoc | don |
+|-------------------------+-----|
+| Unicef | 276 |
+| Medecins Sans Frontiere | 120 |
+|-------------------------+-----|
+| | 396 |
diff --git a/notes/mdph_recours.html b/notes/mdph_recours.html
deleted file mode 100644
index 90f65ecd..00000000
--- a/notes/mdph_recours.html
+++ /dev/null
@@ -1,201 +0,0 @@
-
-
-
-
-
-
-
- MDPH recours
-
-
-
-
-
-
MDPH recours
-
Yann & Krystelle Esposito
-
[2021-12-22 Wed]
-
-
Nous demandons une réévaluation du dossier de notre fille, soit:
-
-
une reconnaissance d'handicap supérieure à 80% (avec réévaluation à la hausse de l'AEEH complémentaire)
-
la CMI Invalidité/Priorité indispensable à la réalisation de son projet de vie (en accord avec les soignants)
-
la CMI Stationnement
-
-
Demande reconnaissance d'au moins 80% de handicap
-
Depuis avril 2021, date de la demande de création de dossier MDPH, l'anxiété et l'autonomie de notre fille Anna se sont dégradées.
-
Une ALD à 100% vient de lui être octroyée (cf attestation). Compte tenu de la majoration de ses angoisses et en s'appuyant sur le guide d'appui aux pratiques des maisons départementales des personnes handicapées de la Caisse Nationale de Solidarité pour l'Autonomie (CNSA, cf document en annexe) Anna est dans l'incapacité absolue de réaliser des actes et activités simples de la vie courante comme :
-
-
faire des courses seule à cause de ses hypersensibilités ;
-
se diriger et agir seule en ville ;
-
prendre les transports en commun ; incapacité de programmer un trajet et surtout de répondre à un évènement inattendu comme adapter son itinéraire en cas de dysfonctionnement.
-
suivre un enseignement dans un établissement classique
-
initier une sortie en extérieur
-
-
C'est pourquoi nous vous demandons de réévaluer son taux de handicap à au moins 80%. Et aussi par conséquent de réévaluer l'AEEH complémentaire à la hausse.
-
Description des crises
-
L'intensité des crises d'angoisses autistiques de notre fille sont invalidantes. Ses dernières vont jusqu'à provoquer une incapacité à se mouvoir, hyperventilation, cécité et surdité temporaires, pertes de sensations. Lors des crises les risques de chutes sont présents car elle n'arrive pas à tenir la station debout. Afin d'assurer sa sécurité il est pratiquement impossible de la laisser seule, sauf chez elle.
-
Les crises sont provoquées par :
-
-
un contact, même léger : une personne qui la frôle suffit à provoquer une crise. Par exemple, récemment une enfant à voulu toucher sa peluche lestée en se précipitant sur elle. Anna n'a pas su comment se "mettre en sécurité" ce qui à provoquer une crise que nous avons eu du mal à apaiser.
-
trop de monde
-
les hyperstimulations sensorielles, par exemple, bruit de moteur inattendu, un feu clignotant, lumière trop vive, etc…
-
-
Elle n'arrive à gérer les hyperstimulations que pendant une courte période. Attendre à une caisse peut, pour elle, être elle un calvaire. Si cela dure un peu trop longtemps, ou qu'une personne la touche par inadvertance, il n'y a pas d'autre solution que de sortir du magasin, en laissant le caddie pour retourner dans la voiture. Je vous laisse imaginer la difficulté pour traverser un parking avec une personne en crise que l'on ne peut pas toucher, qui ne voit et n'entend pratiquement rien !
-
C'est pour cela que nous vous demandons la CMI Invalidité/Priorité et Stationnement.
-
Scolarité
-
La phobie scolaire de notre fille l'empêche d'avoir un enseignement dans un établissement ordinaire. Nous avons essayé le CNED à domicile, cela fut un échec, car son anxiété de performance et son isolement social ont été à leurs apogées.
-
Pour l'aider, depuis septembre, nous avons orienté Anna vers un établissement privé à très petit effectif. Cela est toujours difficile pour elle (incapacité à assister à tous les cours à cause de son anxiété et de sa fatiguabilité), mais nous avons constaté avec les équipes médicales et pédagogiques de réels progrès d'autant plus qu'Anna est douée, motivée et intéressée par les études.
-
Cependant cela à un coût élevé.
-
Chien d'assistance
-
Pour la soutenir dans ses efforts et avec l'appui de sa psychiatre et de son psychologue (cf certificats médicaux joins) nous avons pour projet d'adopter un chien d'assistance qui pourrait :
-
-
agir sur son état anxieux et maîtriser ses crises d'angoisses ;
-
être un moteur déterminant pour son autonomie future ;
-
rendre son handicap visible en rendant les inconnus plus conscient des difficultés d'Anna ;
-
initier des sorties en extérieur et sociabiliser grâce à l'animal ;
-
faciliter son autonomie en lui permettant d'accéder aux lieux publics.
-
-
Anna est très motivée par ce projet, c'est pourquoi il est indispensable qu'elle puisse bénéficier de la carte CMI ainsi que d'un taux de handicap reconnu à au moins 50% sans lesquels un chien d'assistance ne pourrait pas lui être attribué.
-
Conclusion
-
Bien que le TSA ne sera jamais soigné, avec les bons soins et les bons outils, elle peut arriver à vivre avec ses phobies et devenir un membre actif, responsable et épanouie de notre société. C'est pourquoi nous avons besoin de la reconnaissance de handicap d'au moins 80% et de la carte CMI Invalidité/Priorité pour qu'on puisse lui attribuer un chien d'assistance qui est essentiel à la réalisation de son projet de vie.
-
-
diff --git a/notes/on_software_programming_evolution.org b/notes/on_software_programming_evolution.org
new file mode 100644
index 00000000..06c0baec
--- /dev/null
+++ b/notes/on_software_programming_evolution.org
@@ -0,0 +1,110 @@
+:PROPERTIES:
+:ID: 3acde895-6fb6-433a-a46c-3ebd0dedcdbe
+:END:
+#+title: On software programming evolution
+#+Author: Yann Esposito
+#+Date: [2024-02-10]
+
+- tags ::
+- source ::
+
+* Software Programming
+
+My first contact with programming occurred when I was about 10 years old.
+I was confronted with BASIC on a local computer.
+BASIC was the UI you need to use to do anything interesting with your computer.
+
+The hardware interface was, a keyboard, two joysticks with a single button and
+an electronic pen.
+You could push your pen on the screen and the computer could detect the position
+of your pen.
+
+So as a child, to play any game I needed to put a magnetic tape in a recorder
+and wait for prompt to show and write something like:
+
+#+begin_src basic
+RUN ""
+#+end_src
+
+And after a while I saw that you could play with this computer by writing
+commands to draw things on the screen.
+And quickly I copied from a book a few commands to make a loop that drawed
+lines.
+And I felt it was incredible. Just drawing a few lines on the computer because,
+I could control how these lines were drawn.
+
+It wasn't easy to grasp what and how I could change things. But after a while I
+did my first computer program that was really useful.
+
+Of course, if I wanted to draw the same thing again, I needed to write the
+program from scratch all over again.
+
+I was lucky enough to also have to play with LOGO, and other programming
+languages.
+Year passed and I familiarized myself with Pascal.
+Then I really started my studies and really learned how to program.
+And a program was always something you mostly controlled.
+
+The mysterious part for a long time was the driver interface.
+I could write program that did various complex things.
+But I wouldn't be able to explain how my program could really write on the
+screen, or print something on a printer, etc…
+The layer provided by the OS was long a mystery to me.
+
+But mainly you had to accept the "Standard Library" that comes with your compiler.
+That can makes commands like `println` to really print a string into your
+terminal on your screen.
+
+And I quickly understood that if I wanted to create games or any kind of
+graphics you need to adopt an external component. A Graphic Library which
+exposed function that, if you used them, somehow, magically did things on the
+screen. Or generate some sounds.
+
+But mainly, that was it.
+
+A program has always been, for a very long time something starting with the
+standard library provided with the compiler of your programming language (C,
+Pascal, Java, etc…), and perhaps, you need to install *ONE* big dependency. Like
+QT, or something else. And that was it.
+You started mostly from scratch every time.
+
+Then, years passed, and I started to earn money for programming.
+And slowly, I witnessed the evolution of programs.
+From a single man, a small team work from scratch.
+To... a kind of social construction.
+
+In particular, I saw how Silicon Valley startups could use the power of many
+open source projects, use many libraries to build more complex programs.
+And it really changed the pace of the production of the end product.
+But, more and more, people started to forget about this initial art of writing
+something from scratch without the help of an external library or framework.
+
+Now, I feel, the situation appear to be a bit ridiculous.
+We are not even talking about library but people consider to use paying services
+instead of libs to provide and publish an application.
+And what is left to software engineer is about how to put these external, paying
+tools together.
+
+Of course, there is always a bit of code you need to write, but the objects you
+manipulate are already pretty abstract things coming from external libraries.
+And somehow, this is so much ingrained in people minds now, that people are
+afraid to build something themselves. They prefer the comfort of using a bloated
+external code that provide a feature they need. Generally, you introduce a new
+dependency that could be quite big just for a small part of the proposed features.
+This is not only code, but also, publication of your application that is done
+that way.
+
+Instead of executing a binary on your own machine, or a machine you lend.
+You kind of package all this in many layers of complex things.
+Part of the complexity is justified, but probably a big part is not for most
+applications.
+This has simply became "best practices" to deploy and publish an application.
+You add tons of dependencies, which are pretty huge comparatively to the feature
+your app will provide, you deploy them in "the Cloud", or a pretty expensive
+lent computers, generally inside a containers with a complex topology of
+machines and services.
+
+To me it looks like an incredible waste of resources for most use case.
+But as this is "cheap" nobody really cares.
+But, doing things this way kind of removed the magic of feeling in control and
+feeling that you really built something you understand top to bottom.
diff --git a/notes/protection_juridique.org b/notes/protection_juridique.org
new file mode 100644
index 00000000..031bae6d
--- /dev/null
+++ b/notes/protection_juridique.org
@@ -0,0 +1,78 @@
+:PROPERTIES:
+:ID: a6cd5474-53e9-465e-8f49-f544199ccb40
+:END:
+#+Title: Protection Juridique
+#+Author: Yann Esposito
+#+Date: [2024-05-29]
+#+Lang: fr
+
+- tags ::
+- source ::
+
+* Contacts
+
+Le CSE n'intervient à aucun moment dans les échanges et procédures avec Solucia
+Protection Juridique.
+Pour avoir recours à leurs services, vous devez les contactez directement par
+téléphone, en indiquant le numéro du contrat.
+
+Pour contacter Solucia Protection Juridique :
+
+Tel: 09 69 39 94 88 (du lundi au samedi, de 9 h à 20 h)
+Code partenaire : 1000 63 99
+
+* Toyota
+
+Envoyer courrier recommander.
+Juridique.
+
+Pour la preuve, de la réception de la partie adverse.
+Courrier avec délais recommandé de 15j a partir de la date de réception.
+
+** 1er courrier
+
+Objet: Erreur de carte grise - Changement de propriétaire
+
+Bonjour,
+
+Le 7 février 2024, nous avons contacté le service administratif pour faire par d'une
+erreur de votre part lors de la création de la carte grise de la Aygo que j'ai
+achetée le 26 février 2021.
+
+Bien qu'ayant acheté ce véhicule neuf, le propriétaire est Toyota Kredibank GMBH
+et non pas Krystelle Esposito.
+
+Depuis mon déménagement je ne peux pas faire une procédure de changement
+d'adresse car nous n'en sommes pas le propriétaire.
+
+Nous avons bien reçu deux courriels en février de la part du service administratif nous
+demandant de fournir les documents nécessaires au changement de propriétaire de
+la carte grise.
+Nous avons pu joindre un peu après avoir envoyer ces documents une personne de vos
+services qui nous a confirmer s'en occuper dans un délai proche.
+
+Malgré nos tentatives pour obtenir un retour de vos services - plusieurs
+messages téléphoniques et des courriels avec mes coordonnées - nous n'avons depuis
+reçu aucune nouvelle.
+C'est pourquoi je vous envoie ce courrier avec accusé de réception pour
+m'enquérir de l'avancement du changement de propriétaire de la carte grise de notre
+Toyota Aygo.
+
+Je joins à nouveau les documents demandés, à savoir :
+
+- Une photocopie de la carte d'immatriculation de la Toyota Aygo
+- Un mandat signé pour effectuer les formalités d'immatriculation auprès du ministère de l'Intérieur
+- Une photocopie de la carte d'identité de Krystelle Esposito
+- Une attestation de domicile
+
+Si je n'ai pas reçu une réponse de votre part dans les 15 jours suivant la date
+de réception de cette lettre, j'aurai été contraint de lancer une procédure
+judiciaire.
+
+Je vous prie d'accueillir favorablement ma requête et de prendre en compte mon
+cas avec urgence. Je serai reconnaissant si vous pouviez me contacter pour
+discuter plus avant de cette affaire.
+
+Cordialement,
+
+Krystelle & Yann Esposito.
diff --git a/notes/retrieve_tokens_for_ai_assistant.org b/notes/retrieve_tokens_for_ai_assistant.org
new file mode 100644
index 00000000..57e4ce8b
--- /dev/null
+++ b/notes/retrieve_tokens_for_ai_assistant.org
@@ -0,0 +1,21 @@
+:PROPERTIES:
+:ID: 7d934841-a145-4833-8389-18ba449a6de7
+:END:
+#+title: Retrieve Tokens for AI Assistant
+#+Author: Yann Esposito
+#+Date: [2024-02-09]
+
+- tags ::
+- source ::
+
+* TL;DR
+
+1. Call =/iroh/oauth2/custom/tokens= with body =client_id=client-ai-assistant= and
+ the user JWT as bearer token in the Authorization header.
+2. From there you could use the access token to call the AI Assistant API.
+
+
+* Working Example
+
+
+
+
+*** Functional Requirements
+
+We plan on using part of the XDR UI inside another Web application SCC.
+SCC is in charge of centralizing customer products and users. The SCC UI
+session will be handled via a /PIAM token/[^1].
+
+*** Specification
+
+**** PIAM Terminology and concepts
+
+An Enterprise can access to different regions.
+Into each region, we can have "Platform Group".
+Within each Platform Group, you can have at most 1 IROH headless org.
+Or if the org upgrade to XDR 1 IROH and 1 XDR with the exact same tenant-id.
+
+Example from PIAM doc; PIAM Enterprise Structure
+
+#+NAME: Enterprise_0
+#+begin_src mermaid :file scc_integration_piam_enterprise_structure_0.png
+flowchart TB;
+ Enterprise_3443 --> NAM
+ Enterprise_3443 --> APJC
+ NAM --> PlatformGroup_1
+ APJC --> PlatformGroup_2
+ NAM --> SecureAccess_49b9
+ PlatformGroup_1 --> IROH_f122b
+ PlatformGroup_1 --> SSX_358e
+ APJC --> CDO_193a
+ PlatformGroup_2 --> IROH_57db
+ PlatformGroup_2 --> SSX_9dc5
+#+end_src
+
+Then the customer buy XDR in NAM in =PlatformGroup_1=
+
+#+NAME: Enterprise_1
+#+begin_src mermaid :file scc_integration_piam_enterprise_structure_1.png
+flowchart TB;
+ Enterprise_3443 --> NAM
+ Enterprise_3443 --> APJC
+ NAM --> PlatformGroup_1
+ APJC --> PlatformGroup_2
+ NAM --> SecureAccess_49b9
+ PlatformGroup_1 --> IROH_f122b
+ PlatformGroup_1 --> XDR_f122b
+ PlatformGroup_1 --> SSX_358e
+ APJC --> CDO_193a
+ PlatformGroup_2 --> IROH_57db
+ PlatformGroup_2 --> SSX_9dc5
+#+end_src
+
+
+Then the customer buy a new XDR in NAM, they need to create a new Platform Group:
+
+#+NAME: Enterprise_2
+#+begin_src mermaid :file scc_integration_piam_enterprise_structure_2.png
+flowchart TB;
+ Enterprise_3443 --> NAM
+ Enterprise_3443 --> APJC
+ NAM --> PlatformGroup_1
+ APJC --> PlatformGroup_2
+ NAM --> PlatformGroup_3
+ NAM --> SecureAccess_49b9
+ PlatformGroup_1 --> IROH_f122b
+ PlatformGroup_1 --> XDR_f122b
+ PlatformGroup_1 --> SSX_358e
+ PlatformGroup_3 --> IROH_1234
+ PlatformGroup_3 --> XDR_1234
+ APJC --> CDO_193a
+ PlatformGroup_2 --> IROH_57db
+ PlatformGroup_2 --> SSX_9dc5
+#+end_src
+
+***** PIAM Tokens
+
+A PIAM Token is a JWT signed and issued by PIAM.
+
+A client can request PIAM to issue a token. Depending on the requested scopes
+and the identity of the client and parameter of the request different PIAM Token
+could be generated.
+
+For this specific work we are interested in two different kind of tokens.
+
+- Tokens for SCC audience.
+- Tokens for some Application (for example DI)
+
+In both cases, for this feature we are interested in the following claims:
+- ~sub~: the PIAM identity which is an *email* and not an unique identifier, AN EMAIL!
+- ~security-cloud~ claim which contain a list of strings. Each of this string is
+ intended to be parsed to represent a "Product Access".
+ For example the string
+ ="security:iroh:integration-admin:e0b9859c-3bdd-4e6c-87de-c7fb8caf122b"=
+ represent the fact that this token can give access to the product /iroh/ with
+ the role /integration-admin/ for the /tenant id/ =e0b9859c-3bdd-4e6c-87de-c7fb8caf122b=.
+ :warning:
+ IT IS NOT FIXED WHAT /tenant id/ WILL BE, FOR NOW, THIS IS THE IROH ORG-ID.
+ BUT IT IS PLANNED TO BE A /product tenant id/ GENERATED BY PIAM AND SAVED IN PIAM.
+
+For the three different states shown for <>, <> and
+<>, the ~security-cloud~ , for a token dedicated to use the SCC UI will contain:
+
+For <>
+
+#+begin_src
+"security-cloud": [
+ "security:enterprise:member:2a715451-c4c2-4d46-b3e3-69d8b53b3443",
+ "security:iroh:integrations-admin:e0b9859c-3bdd-4e6c-87de-c7fb8caf122b",
+ "security:iroh:integrations-admin:61ad26da-bf66-44f3-9648-738704b957db"
+]
+#+end_src
+
+For <>
+
+#+begin_src
+"security-cloud": [
+ "security:enterprise:member:2a715451-c4c2-4d46-b3e3-69d8b53b3443",
+ "security:iroh:integrations-admin:e0b9859c-3bdd-4e6c-87de-c7fb8caf122b",
+ "security:iroh:integrations-admin:61ad26da-bf66-44f3-9648-738704b957db"
+]
+#+end_src
+
+For <>
+
+#+begin_src
+"security-cloud": [
+ "security:enterprise:member:2a715451-c4c2-4d46-b3e3-69d8b53b3443",
+ "security:iroh:integrations-admin:e0b9859c-3bdd-4e6c-87de-c7fb8caf122b",
+ "security:iroh:integrations-admin:61ad26da-bf66-44f3-9648-738704b957db"
+ "security:iroh:integrations-admin:12345678-ae36-1afb-3633-acf7147db123"
+]
+#+end_src
+
+
+** Tasks
+
+- Create Token Exchange API (still working on gathering technical details)
+- JIT user sync between PIAM and IROH (still need a few details)
+- New module auth in IROH to support PIAM Auth (cc @msprunck)
+- Create new role for PIAM Administrators within XDR (to be defined by PM)
+- Role mapping with SCSO (to be defined by PM)
+- SecureX Orgs migration to Common Orgs @yogsototh: should be handled via
+ Brownfield attach API effort, otherwise there is no known way to send the IROH
+ tenant ID to PIAM/SCC. As such this should be customer driven, and the related
+ work has not yet started for Q3.
+- Licence Restriction in XDR based on module capability (cc @msprunck)
+- Disable XDR functionality from IROH when XDR license expires (see another
+ comment expect about 1 to 2 releases of dev work, 1 to 2 releases of team
+ sync, perhaps more depending on the other team)
+
+*[Update 2024-03-14]: new tasks discovered after PIAM sync*:
+
+- Universal PIAM API with different onboard rules:
+ - creating an headless IROH Org
+ - creating an XDR Org
+ - upgrading an headless IROH Org to an XDR Org
+ - downgrading an XDR Org to an headless IROH Org
+- Add a new Middleware to support PIAM token, we should also look for a header
+ containing a ~product-tenant-id~ in order to be able to transform this request
+ with a valid IROH user request-identity.
+- Update the Universal PIAM API to keep track of the ~product-tenant-id~.
+- Create a migration script to attach the PIAM ~product-tenant-id~ to existing IROH ~org-id~.
+
+*[Update 2024-03-18]: need to support Secure Client UI*
+
+- secure-client flag in the Org
+- init flag of Orgs using Secure Access team to set
+- Add secure-client flag during the provisioning
+- Handle Invite flow target URL
+- Show the Org flags (labels, applications) in the Registration UI
+
+#+begin_quote
+Org Flags:
+ - scc
+ - xdr
+ - secure-client
+ - sx
+#+end_quote
+
+[^1]: [PIAM Token Doc (+ tenant, user, rbac)](https://wwwin-github.cisco.com/cisco-sbgidm/docs/blob/master/access-control/index.md)
+
+** Detailled Tasks
+
+#+begin_quote
+Unfixed Vocabulary:
+
+- headless org, common org
+#+end_quote
+
+*** PIAM ⇒ IROH token
+
+From [[https://wwwin-github.cisco.com/cisco-sbgidm/docs/blob/master/access-control/index.md#example][PIAM Access Control Doc]]
+
+The PIAM token will look like:
+
+#+begin_src js
+{
+ "ver": 1,
+ "jti": "AT.zWFQnc9MVJQ9wtjFgzzCK88lqTNS3OshQJdQCOeCTHs",
+ "iss": "https://sso-staging.test.security.cisco.com/oauth2/aus3uzfwpumAvDegH357",
+ "aud": "api://preprod-mercury",
+ "iat": 1701291945,
+ "exp": 1701295545,
+ "cid": "0oa9sca662IshmWh1357",
+ "uid": "00udtubj15dIiqKti357",
+ "scp": [
+ "email",
+ "openid",
+ "profile",
+ "security-cloud",
+ "security:xdr",
+ "security:cdo",
+ "security:ssx"
+ ],
+ "auth_time": 1701291942,
+ "sub": "rhofschn@cisco.com",
+ "security-cloud": [
+ "security:enterprise:member:2a715451-c4c2-4d46-b3e3-69d8b53b3443",
+ "security:xdr:admin:e0b9859c-3bdd-4e6c-87de-c7fb8caf122b",
+ "security:cdo:read-only:5dbd3bb4-0e67-4379-a231-068c930a6e41",
+ "security:ssx:create-device:4ed0c951-4027-43e0-846f-b1b12789358e",
+ ],
+ "client-product": "xdr"
+}
+#+end_src
+
+Expectations:
+
+1. The PIAM token `security-cloud` claim will contain one and only one value
+ starting with `security:xdr:`.
+2. PIAM will know the target region to call the correct XDR region URL.
+
+We will expose an endpoint:
+
+- ~POST /iroh/cisco-piam/token~ that given a PIAM token in the ~Authorization~
+ header as Bearer token will:
+ 1. Look up for:
+ - user-email = sub claim of PIAM token
+ - org-id = TENANT_ID part of the ~security:xdr~ block
+ 2. If no org is found ⇒ return a 400 error
+ If the org is found ⇒ tag that org as an headless-compatible org
+ 3. If no user found; Create the new User and return a couple (IROH Session
+ Token/Session Refresh Token)
+ If user if found; optionally update the user (role) if necessary and return
+ a couple IROH Session Token/Session Refresh Token).
+ 4. Notes;
+ - User created via this JIT should have a specific flag to mark they were created via PIAM
+ - The token will have a specific audience
+
+*** Just In Time User sync
+
+We will only synchronize user on user login. No service to service
+synchronization mechanism. For example, if a user is deleted from PIAM server
+this user will never be deleted from IROH server.
+
+*Expectations*:
+a. the role specified in the value for XDR product in the ~security-cloud~ claim
+ will always be ~admin~.
+OR
+b. the role specified in the value for XDR product in the ~security-cloud~ claim
+ will always be a valid, known XDR role id (~admin~, ~user~ or ~sat~ , for now).
+
+User will created or updated upon calls to retrieve an IROH token from a PIAM
+Token only.
+
+Invitations as well as Organization Access Requests will still be handled by IROH.
+This mean that a user login into SCC could create a user in an XDR tenant.
+BUT, a user having access to this XDR tenant will not necessarily have an SCC account.
+
+In order to improve any future decision, we need to flag Users object to
+determine if they only access XDR via SCC portal or if they login directly in
+XDR or both.
+
+**** Subtasks
+
+- [ ] Add a flag when a user login into XDR so we will be able to know if user
+ logged in only via SCC, only via XDR or both. I suggest adding a field
+ ~{:login-product #{(s/enum :scc :xdr :sx :ctr :orbital :internal)}}~ and using
+ the ~allowed-login-origins~ to add a tag of the login product.
+ Ideally we could then support adding the login origin in the ~aud~ of the JWT.
+
+*** DELEGATED New module Auth in IROH to support PIAM token (cc @msprunck)
+*** DELEGATED Role mapping with SCSO (to be defined by PM probably all admin)
+*** SX Org migration (Brownfield attach mechanism enough?) YES
+*** DELEGATED License Restriction in XDR based on module capability (cc @msprunck)
+*** Disable XDR Functionalities when XDR license expires
+
+**** Change the org mode back to ~common~ (1 to 2 releases)
+
+Expectations:
+
+- The common org should already be tagged as ~common~.
+- Every common org should have an ~enterprise-id~.
+
+Changes:
+
+Currently we have a single /scopes matrix/ with a "fake role" to simulate
+admin user from inactive Orgs.
+This need to be changed by a function that given an Org and its Entitlements
+returns a /scopes matrix/. (Ideally sharing the same lines).
+More precisely we will only need 3 scopes matrix in total:
+
+- a scopes matrix for XDR orgs
+- a scopes matrix for inactive XDR orgs
+- a scopes matrix for inactive XDR Org which are also a common Org
+
+Sub tasks:
+
+1. Make a decision about the list of scopes for the two new matrix, perhaps
+ there will be a need to have different matrices before and after SX EOL.
+ a. after SX EOL, unactivated and non common org are fully disabled (I don't
+ think that's the case to continue to support SE / Orbital for example)
+ b. after SX EOL, there will be an UI that should work for all possible
+ "scopes set". We are talking about 1 scopes-set per role per matrix.
+ Currently 6 scopes set (admin, user, sat).
+
+I would expect the scopes choice to be done in a few days, and about 1 to 2 releases
+(2 to 4 weeks for the code change).
+
+**** Disabling Products
+***** SXO (0 release, should already be supported)
+
+We could immediately remove the ~ao~ scope and it should be enough to prevent
+Automation usage.
+
+SXO is already consuming Entitlement changes events and thus could detect and
+Org becomes inactive and could therefore do the necessary tasks inside SXO.
+
+***** DAP / SCA (1 to 2 releases about team syncing, close to 0 dev effort)
+
+We need to configure a new hook on ~EntitlementSummary~ changes so this could
+trigger a decommission.
+
+It should be a matter of adding a webhook with some configuration. So here we
+mostly need time to sync with the dev teams to configure the webhooks.
+Creating a new webhook should be easy but we will probably need a few days to
+gather all necessary data to create this configuration.
+
+*** Org Schema change
+
+IROH will be an API that will be used for two different Applications.
+SCC and XDR.
+Notice IROH is already used as API for many different applications;
+- CTR,
+- SecureX,
+- XDR,
+- Orbital,
+- Registration UI,
+- Tactical Portal.
+- IROH-Admin,
+- SecureX UI Dev Env
+
+So SCC will be one more to add, but this time the login method will be different.
+Also while all other existing cases are mostly synchronous, we should start to
+enforce a lot better the application accessible or not.
+
+Regarding the functionality I suggest not to be too precise and only mention
+SCC, XDR and SecureX.
+
+#+begin_src clojure
+(s/defschema AllowedApplications
+ (s/enum :scc :xdr :sx))
+#+end_src
+
+This should probably not be used to enforce anything from the backend yet, but
+should be useful for the UI and will help have a better data structure internally.
+Currently we create a view with ~xdr-enabled?~, ~sx-enabled?~ etc…
+It will be nice to transform this set to add many flags, the new one will be ~scc-enabled?~.
+
+With the current plan, every XDR org will be ~scc-enabled~, but some might not be
+~xdr-enabled~, and all will have ~sx-enabled~ set to false. And we need to planify a
+time where ~sx~ app will be removed.
+
+*** User Schema change
+When we receive a token exchange to generate an IROH token with a PIAM token
+containing in the ~security-cloud~ claim a value starting with ~security:iroh:~ then
+we should mark that user to be an scc user.
+
+When we receive a token exchange or when a user login as usual, we should mark
+that user to be an xdr user.
+
+*** Update Universal Provisioning
+
+Add a query parameter to the Universal Provisioning API (typically ~&headless=true~).
+If the provisioning occurs with this parameter then: only onboard DI and SCC.
+Keep track of the onboarding state somewhere (perhaps just looking for existing
+module instances)
+
+If a provisioning occurs without this parameter then onboard DI, SCC, SXO & SCA.
+If we receive an update:
+ onboard the missing product (looking at module instances) SXO & SCA.
+
+*** PIAM token support middleware
+
+We need a middleware that provide the ability to translate a PIAM token to an
+IROH identity.
+We already have a mechanism that depending on the JWT issuer returns a different user-identity.
+
+We should have a mechanism so that an API could accept PIAM token for both cases:
+
+- we just have the PIAM token, this API is not IROH tenant scoped.
+- we have the PIAM token as well as a tenant-id (either PIAM product-tenant-id
+ or IROH org-id) and the API will be tenant scoped
+
+*** Update Universal Provisioning to track PIAM product-tenant-id
+*** Create a migration script to attach the PIAM product-tenant-id to existing IROH org-id
+
+For every org provisioned before we keep track of the product-tenant-id we
+should attach a product-tenant-id to the org.
+
+* Official Tasks
+
+[[https://airtable.com/appZKQe0zXhVMepC8/shrdGCDFRzqZoIIFc/tblP6J2lMHF942Emq][Airtable list]]
+
+- create a token exchange API
+- JIT user sync between PIAM and IROH
+- New module auth in IROH to support PIAM Auth
+- Create new role for PIAM Administrators within XDR
+- Role Mapping with Security Cloud Sign-on
+- SX Orgs migration to Common Orgs
+- License Restriction in XDR based on module capability
+- Disable XDR functionality from IROH when XDR license expires
+
+Unknown:
+
+- PM how to handle SCC user vs XDR invited users
+* Questions to [[webexteams://im?space=f4791010-c534-11ee-a02f-8b2b472f9d7c][channel]]
+** User Session
+
+Hello All!
+
+I have a few technical questions for which I would like some clarifications.
+
+The plan as I understood would be to integrate some external UI to the SCC UI.
+And this external UI will need to "exchange" the session of the user logged into
+SCC into a user in IROH.
+
+As such, I would like to understand how is the session saved in the SCC UI.
+Is it a cookie session? If it is, does the session contain a JWT?
+If it is a JWT, is it a PIAM token?
+
+If we want to create a valid token in IROH out of such session we will need at least:
+
+A ~user-email~, an ~enterprise-id~ and an SCC user role (from my understanding there
+are only two SCC roles, which should roughly be admin and user).
+
+More straight to the point, what would be a secure way to expose an API in IROH
+that the integrated UI in SCC could use to exchange an SCC session to an IROH
+user token?
+If this is a JWT signed by PIAM which contain just an ~user-email~ and an
+~enterprise-id~ then this should be fine as I will be able to search for the
+single IROH tenant with this ~enterprise-id~ (as I understood we decided to keep
+this constraint of preventing multi-XDR tenancy relatively to SCC tenancy).
+
+Also, let me know if my understanding that we will need to manage different type
+of token is true?
+I think what we call a _PIAM Token_ is an *access token* which is also a *JWT* that
+will contain a list from which we could deduce the user-id and its role for
+every product. Like: `::`.
+I don't think the session in SCC is maintained using such token, could you
+confirm this?
+
+I also have another question related to the PIAM tokens.
+Should we support multiple entries for the same product in the list in the JWT
+containing the user-id and role in the external products?
+
+Thanks!
+* Sizing
+** [[webexteams://im?space=b62bf8f0-6062-11ed-9564-a57f2c094899&message=c82ce020-db43-11ee-8e37-799ed57689d0][Jyoti question]]
+#+begin_quote
+2. Disable XDR functionality when XDR license expires (Yann)
+ a. Change the org mode back to `common`
+ b. Disable SXO, DAP, SAC tenants
+#+end_quote
+
+*** Disable XDR Functionalities when XDR license expires
+
+**** Change the org mode back to ~common~ (1 to 2 releases)
+
+Expectations:
+
+- The common org should already be tagged as ~common~.
+- Every common org should have an ~enterprise-id~.
+
+Changes:
+
+Currently we have a single /scopes matrix/ with a "fake role" to simulate
+admin user from unactivated Orgs.
+This need to be changed by a function that given an Org and its Entitlements
+returns a /scopes matrix/. (Ideally sharing the same lines).
+More precisely we will only need 3 scopes matrix in total:
+
+- a scopes matrix for XDR orgs
+- a scopes matrix for unactivated XDR orgs
+- a scopes matrix for unactivated XDR Org which are also a common Org
+
+Sub tasks:
+
+1. Make a decision about the list of scopes for the two new matrix, perhaps
+ there will be a need to have different matrices before and after SX EOL.
+ a. after SX EOL, unactivated and non common org are fully disabled (I don't
+ think that's the case to continue to support SE / Orbital for example)
+ b. after SX EOL, there will be an UI that should work for all possible
+ "scopes set". We are talking about 1 scopes-set per role per matrix.
+ Currently 6 scopes set (admin, user, sat).
+
+I would expect the scopes choice to be done in a few days, and about 1 to 2 releases
+(2 to 4 weeks for the code change).
+**** Disabling Products
+***** SXO (0 release, should already be supported)
+
+We could immediately remove the ~ao~ scope and it should be enough to prevent
+Automation usage.
+
+SXO is already consuming Entitlement changes events and thus could detect and
+Org becomes inactive and could therefore do the necessary tasks inside SXO.
+
+***** DAP / SCA (1 to 2 releases about team syncing, close to 0 dev effort)
+
+We need to configure a new hook on EntitlementSummary changes so this could
+trigger a decomission.
+
+It should be a matter of adding a webhook with some configuration. So here we
+mostly need time to sync with the dev teams to configure the webhooks.
+Creating a new webhook should be easy but we will probably need a few days to
+gather all necessary data to create this configuration.
diff --git a/notes/secure_client_and_orbital_sx_eol.org b/notes/secure_client_and_orbital_sx_eol.org
new file mode 100644
index 00000000..9fe486c0
--- /dev/null
+++ b/notes/secure_client_and_orbital_sx_eol.org
@@ -0,0 +1,106 @@
+:PROPERTIES:
+:ID: 26867184-57cf-472d-b5db-d6349665184e
+:END:
+#+title: Secure Client And Orbital SX EOL
+#+Author: Yann Esposito
+#+Date: [2024-06-26]
+
+- tags ::
+- source ::
+
+* Orbital Modules Types
+
+- NAM: ~b7f21c6b-701a-4b45-8a3d-449001844efe~
+- EU: ~2c55baf0-5fa4-4ffc-a263-954920ddd8c6~
+- APJC: ~9b801b44-310d-432a-8668-8611c74415e9~
+- TEST: ~59bbd2bb-b2e9-4fa0-935d-61eafc663a07~
+- INT: ~59bbd2bb-b2e9-4fa0-935d-61eafc663a07~
+
+
+#+BEGIN_SRC js
+{
+ "description": "Orbital is an advanced capability in Cisco Secure Endpoint that is designed to make security investigation and threat hunting simple by providing an implementation of powerful Osquery technology on each of your Secure Endpoint-enabled endpoints. Orbital allows you to create custom queries to look across your network for anything of interest, but also comes with over a hundred pre-canned queries, allowing you to quickly run complex queries on any or all endpoints. This capability enables you to gain deeper visibility on what happened to any endpoint at any given time by taking a snapshot of its current state. Whether you are doing an investigation as part of incident response, threat hunting, IT operations, or vulnerability and compliance, we get you the answers you need about your endpoints fast. Orbital can enrich information presented in the relations graph by pivoting into Orbital to query and gather additional intelligence about your host, IP, IP4, IP6, MAC, and OS, etc. The Orbital app is available on the ribbon and it allows you to run a live query. You can view metrics and your recent queries in the right panel.\n\nThis integration also creates a target automatically in Automation for out-of-box workflows.",
+ "properties": "mPBDSYPMOUhPHmeNfjsPusJFa5qSvyxqkl2bRzDMUcPgWt5NUthziK/hfaBIEnPnAqyml0m8Epl7p4+2LGwJ2ESBCKpUKjzuv0+0RG4xbIxLf+gFRiERjjFwqexQsaexmQPgWflkoMhUar4fj2Crn9M6uh1Wz95FrCt618A2CFyPZaDmsbCBuqvdwMb+SpOuy4Fb9kS7ss5D1qZDzKpDuCwmFYWVwEMFoZUht1Lz0mNEc9DykFdLQFNgdejmSO+gGJRYbTq200+y0aikGc1IIaKStHJ3BB4MOuA3Bn4MO5NqQyRIRilU3JrXrV/m9/tmls2pkDzx0om7ca6VWYhwQtYkSvmGUFZwpzFiOloq76gVVEyIdKS+FOPxD3EPCyaA",
+ "capabilities": [
+ {
+ "id": "health",
+ "description": "Healthcheck"
+ },
+ {
+ "id": "refer",
+ "description": "Reference links"
+ },
+ {
+ "id": "device_insights",
+ "description": "Device Insights"
+ }
+ ],
+ "app_link_meta": {
+ "url": "https://visibility.amp.cisco.com/iroh/iroh-auth/login?redirect_after_login=https%3A%2F%2Forbital.amp.cisco.com%2Firoh%3Fnext%3DaHR0cHM6Ly9vcmJpdGFsLmFtcC5jaXNjby5jb20v",
+ "title": "launch"
+ },
+ "tips": "**Prerequisite:** Secure Endpoint Advantage license for North America and European Union.\n\n1. Complete the **Add Integration** form:\n \n * **Integration Name** - Leave the default name or enter a name that is meaningful to you. \n * **Integration with Device Insights** - The Devices feature consolidates your device inventory from multiple device managers into a unified view. \n By default, the check box is checked, which enables Orbital integration with the Devices feature and it allows you to view data from Orbital in Devices. \n Unchecking the check box disables Orbital integration with the Devices feature. Orbital will still integrate with the current platform, you just won’t be able to view data from Orbital in Devices.\n \n2. Click **Add** or **Save** to complete the Orbital integration configuration.",
+ "logo_dark": "https://brand-assets.security.cisco.com/secure-monochrome/orbital-dark.svg",
+ "logo": "https://brand-assets.security.cisco.com/secure-monochrome/orbital-light.svg",
+ "org_id": "964a8c3b-9aef-4e1d-aadf-e2754004d230",
+ "configuration_spec": [
+ {
+ "key": "custom_enable_device_insight",
+ "type": "boolean",
+ "label": "Integration with Device Insights",
+ "default_value": true
+ }
+ ],
+ "short_description": "Cisco Orbital is a service that uses Osquery to provide you and your applications with detailed information about your hosts.",
+ "title": "Orbital",
+ "external_references": [
+ {
+ "link": "https://www.cisco.com/c/dam/en/us/solutions/collateral/enterprise-networks/advanced-malware-protection/amp-endpoints-faq.pdf",
+ "label": "FAQ"
+ },
+ {
+ "link": "https://orbital.amp.cisco.com/help/",
+ "label": "Help"
+ },
+ {
+ "link": "https://trustportal.cisco.com/c/dam/r/ctp/docs/privacydatasheet/security/cisco-orbital-advanced-search-privacy-data-sheet.pdf",
+ "label": "Privacy"
+ },
+ {
+ "class": "securex:di:asset_source",
+ "external_id": "securex:di:orbital"
+ },
+ {
+ "class": "securex:ao:target",
+ "external_id": "securex:ao:orbital"
+ }
+ ],
+ "updated_at": "2024-03-27T14:30:16.763Z",
+ "id": "b7f21c6b-701a-4b45-8a3d-449001844efe",
+ "record": "relay-module.module/RelayModule+Orbital",
+ "user_id": "7b02b2d4-9961-4167-90ff-328df51f5b65",
+ "client_id": "iroh-ui",
+ "default_name": "Orbital",
+ "flags": [
+ "default",
+ "cisco",
+ "managed"
+ ],
+ "enabled": true,
+ "visibility": "global",
+ "created_at": "2020-06-03T17:46:07.479Z"
+}
+ #+END_SRC
+
+
+* Request to create a new module-instance
+
+#+BEGIN_SRC
+POST ${IROH_API}/iroh/iroh-int/module-instance
+Authorization: Bearer ${JWT}
+Content-Type: application/json
+
+{"name": "Orbital",
+ "module_type_id": "${MODULE_TYPE_ID}",
+ "settings": {"custom_enable_device_insight":true}}
+#+END_SRC
diff --git a/notes/sx_eol_phase_1.org b/notes/sx_eol_phase_1.org
new file mode 100644
index 00000000..bc5cc3f3
--- /dev/null
+++ b/notes/sx_eol_phase_1.org
@@ -0,0 +1,180 @@
+:PROPERTIES:
+:ID: c60e01f9-9513-46f7-85f8-994f90989b2f
+:END:
+#+title: SX EOL Phase 1
+#+Author: Yann Esposito
+#+Date: [2024-04-02]
+
+- tags :: [[id:91f33b35-6e4e-4213-b214-972ee20722df][Cisco]]
+- aha :: https://ciscosecurity.aha.io/epics/XDR-E-164?active_tab=related
+- jira :: https://cisco-sbg.atlassian.net/browse/XDR-1523
+
+* Epic SecureX EOL Phase 1
+
+** Functional Specification
+- Org Flag
+ + XDR Orgs (as usual)
+ + SC Orgs:
+ - only two roles (admin and user)
+ - authorizations:
+ - manage clients
+ - manage users (remove allow non-admin user section, should be checked by default)
+ - manage devices
+ - audit logs
+ - profile
+ - integrations (module-instances)
+ - no incident activity
+ - no incident investigation
+ - no Automation workflow nor response action
+ + SX-only Orgs (after EOL disabled)
+- script to init Org flags
+- create a new matrix Org-flags => role->scopes matrix
+- reduce module-type
+- provision script for SC-only orgs
+- Check the org-view provided to Registration-UI to provide the applications flags
+- Org switching
+ + SC Interim UI shows only SC orgs
+ + XDR UI only show XDR orgs
+- Rebrand HTML Error pages (invitation, org join, account disabled, org disabled)
+- SE should be able to provision new IROH Org for SC and Orbital
+
+** Technical Specification
+*** Org Applications
+
+Add the following field to the ~Org~:
+
+#+begin_src clojure
+:apps #{Application}
+#+end_src
+
+Where
+
+#+begin_src clojure
+(s/defschema Application
+ ;; use comment here because the name will change but the keywords will not
+ ;; and it will be useful to remember why we used `sc` if Secure Client is renamed to something
+ ;; else for example
+ (s/enum :xdr ;; XDR
+ :sx ;; SecureX to disappear after 31th of July
+ :sc ;; Secure Client
+ ))
+#+end_src
+
+Make this field visible. With the following rules:
+ - org is enabled and has ~cisco/feature-flag/xdr~ in the ~additional-flags~ => provide ~:xdr~ app
+ - org is enabled and does not have the XDR flag => gives ~:sx~ app
+ - org is disabled => apps is the empty set
+ Note there is no way to have the ~sc~ flag without admin intervention
+
+*** Org View update
+
+Add a field ~sc-enabled?~ similar to ~sx-enabled?~ and ~xdr-enabled?~
+to the OrgView visible from the Profile API.
+
+*** Expose an API to manage app flags
+
+Along the feature-flag API, add a new route that can add/remove App flags.
+Decide who can use this API and how (script?).
+
+*** Write a script to update (by batch) the app flag of an Org
+
+This would probably be run once before SX EOL date to init the Orgs.
+
+*** Org Application => Scopes Matrix
+
+With the introduction of these flags, we will now have 4 specific orgs kind:
+
+1. xdr org (contains :xdr, we do not care about :sc nor :sx)
+2. sc org (does not contain :xdr, but contain :sc, we do not care about :sx presence)
+3. sx-only org (does not contain :xdr nor sc, but contain :sx)
+4. disabled org; when apps is empty, then we should disable the org (can use
+ ~get-org~ in the Org service for that, and we might update the DB accordingly)
+
+#+begin_src clojure
+(defn org-scopes-matrix
+ [org]
+ (condp contains? (:apps org)
+ #{:xdr} xdr-scopes-matrix
+ #{:sc} sc-scopes-matrix
+ #{:sx} sx-scopes-matrix
+ empty-scopes-matrix))
+#+end_src
+
+And then the user scopes will be provided with:
+
+#+begin_src clojure
+(defn user-scopes
+ [org user]
+ (let [scopes-matrix (org-scopes-matrix org)]
+ (scopula/scopes-union
+ (scopes-from-role (:role user) scopes-matrix)
+ (:additional-scopes org)
+ (:additional-scopes user))))
+#+end_src
+
+*NOTE*:
+
+- Have a test checking the XDR scopes matrix is a superset of the SC scopes matrix.
+- SC scopes matrix is XDR without the scopes ~private-intel~ and ~ao~ and ~response~:
+
+
+*** Depending on XDR apps reduce the visible and allowed list of module-types
+
+Change the list of available module-types for SC-only Orgs.
+The Org service will contain a method named ~org-main-app~ and the logic should be:
+
+#+begin_src clojure
+(defn available-modules
+ [org entitlement-tier]
+ (case (org-main-app org)
+ :xdr (xdr-available-module-types entitlement-tier)
+ :sc sc-available-module-types
+ :sx sx-available-module-types
+ nil))
+#+end_src
+
+*** Secure Endpoint Provisioning
+Secure Endpoint already use the provisioning routes.
+But we need some work to:
+
+1. Add the ~sc~ flag to these org
+2. Support async onboarding as well
+3. When ~sc~ only provision CSC and DI
+
+*** Add value in whoami to state we reached SX EOL
+
+#+begin_src clojure
+:before-sx-eol? (describe s/Bool "true before sx-eol false after.")
+#+end_src
+
+* Tasks
+
+- [X] https://github.com/advthreat/iroh/pull/9175 Org Application
+- [X] [[https://github.com/advthreat/iroh/pull/9192]] Org View with Apps
+- [X] https://github.com/advthreat/iroh/pull/9195 API to manage app flags
+- [ ] Write a script to batch update apps of orgs
+- [ ] https://github.com/advthreat/iroh/pull/9247 Add a scopes-matrix per org apps
+- [ ] PR that will change SX orgs to SC orgs after SX EOL date.
+ - [ ] Create a service that manage deadlines dates (from the backend)
+ - [ ] Exposes the dates managed by this service to the ~/whoami~ endpoint
+ - [ ] Have an Admin API able to change the list of timers
+ - [ ] Have SX orgs become SC orgs after ~sx-eol?~ deadline.
+- [ ] Org Applications change visibility of modules
+- [ ] Provisioning
+ - [ ] Support adding the ~sc~ app
+ - [ ] Support async onboarding (or keep non async endpoints conf)
+ - [ ] When ~sc~ app, only provision CSC and DI
+
+* Questions
+
+- What about downgrade?
+
+ XDR orgs have more 3 roles
+ SC orgs have 2 roles
+
+ 1. customer start with SC
+ 2. customer then buy XDR, set some user to SAT role (security analyst neither admin nor user)
+ 3. customer leave XDR, so get back to XDR
+ Should the TAC role user be back to user?
+ What if a new role has fewer scopes than SC user? changing their role will
+ mean escalation of authorization, should we disable them?
diff --git a/notes/sx_eol_phase_1_presentation.org b/notes/sx_eol_phase_1_presentation.org
new file mode 100644
index 00000000..6e2b2977
--- /dev/null
+++ b/notes/sx_eol_phase_1_presentation.org
@@ -0,0 +1,58 @@
+:PROPERTIES:
+:ID: 7ddbbc9f-a3a9-4ef3-b751-3f12be315482
+:END:
+#+title: SX EOL Phase 1 Presentation
+#+Author: Yann Esposito
+#+Date: [2024-04-23]
+
+- tags ::
+- source ::
+
+* SecureX EOL Cases
+
+- What occurs during downgrade
+- What occurs for an XDR admin
+- What occurs for an SX admin when they go XDR after 31th July
+- What occurs to Sat user in XDR if they downgrade to SC?
+- What should be the roles
+
+** Existing SecureX Orgs
+*** IdP
+
+- SXSO => easy
+- CSA => should have been migrated to SXSO ?
+- TG => some beta Org with the XDR flag but no solution to migrate to PIAM
+
+*** SX to XDR?
+
+- XDR feature flag;
+ - manually added; give access to SX and XDR
+ - PIAM Provisioning =>
+ - add a PIAM enterprise-id to the Org
+ - remove access to SX, only XDR becomes available
+
+*** Downgrading?
+
+- PIAM Provisioning => remove entitlements ;
+ undefined behavior
+ currently no code taking care of this case.
+ Now:
+ - the XDR feature-flag stays
+ - the PIAM enterprise-id is still kept
+ - remove data retention policy, all data is here forever and never deleted.
+ So, for example, expired XDR cost more than paying customer.
+- Manual downgrade; remove the XDR feature-flag
+ - XDR UI becomes inaccessible
+ - XDR roles becomes inaccessible
+ - if a user with an XDR-role only exists, IROH API, SX UI (or even SC UI) will probably break
+
+
+*** Example
+
+1. today SX
+2. mark it as SC org
+3. SX EOL comes => SC org
+4. Upgrade to XDR
+5. XDR expires
+6. ??? should it become back an SC org? I would say yes.
+ - Same issue with roles
diff --git a/notes/the_new_web_and_how_to_achieve_it.org b/notes/the_new_web_and_how_to_achieve_it.org
new file mode 100644
index 00000000..08c7684b
--- /dev/null
+++ b/notes/the_new_web_and_how_to_achieve_it.org
@@ -0,0 +1,122 @@
+:PROPERTIES:
+:ID: d8304f8a-8db3-4b57-b87a-1d31230fbe93
+:END:
+#+title: The new web and how to achieve it
+#+Author: Yann Esposito
+#+Date: [2024-06-27]
+
+- tags :: [[id:a5be1daf-1010-428f-a30f-8faf95c1a42f][blog]]
+- source ::
+
+* The new web and how to achieve it
+
+I was born before the web, and discovered Internet via the web first as most
+people.
+Clearly now, the web is polluted to the point where it is almost unbearable for
+me.
+I don't want to start the analysis about exactly went wrong about it. A lot as
+already been written about it.
+But let just say, people now forgot about the Internet and focus on the Web.
+
+So the spirit about consuming the Internet changed a lot.
+As I remember the Internet, it was first focused on protocols.
+People would create a new protocol to provide a feature.
+Typically, chat, voice, file sharing, etc…
+Let's take for example, chatting.
+
+The IRC protocol is provide.
+The IRC need two applications, an IRC server and an IRC client.
+We saw many different IRC servers be built, in different programming languages.
+And we saw, also many different IRC clients.
+Of course, there was always some tension between some server not respecting
+exactly the same conventions than others, but mostly. This was entirely
+interoperable.
+As a consumer you choose the application you preferred to use IRC.
+
+And the same occurred for, the Web (even if it has changed a lot; [[org:web-engines][see footnote]]),
+file sharing (FTP, sFTP, then so many P2P protocols), discussion/forum (BBS,
+Usenet).
+
+In fact, I would argue that, the "real Internet" consumption, I mean, in the
+spirit of the founders was the P2P networks.
+The net was supposed to make direct communication between people.
+
+Not everything was perfect, very far from it. But it had the property of being
+really free, as consumer we had a lot more choices.
+
+So now, we mostly consume the Internet only via the Web and emails.
+And, as the Web becomes crap, we see a resurgence from the geekiest between us
+of a will to go back to the old direction. Mainly, decentralization to prevent
+a single player (generally a big corp) to "enshitify" the experience for
+everyone of us.
+
+I feel the crappy web will be here to stay for a long time.
+But, we can do something about it.
+First, there is the recent [[https://www.w3.org/TR/activitypub/][ActivityPub]] protocol.
+This protocol is recently used to build a [[https://en.wikipedia.org/wiki/Fediverse][Fediverse]].
+I feel this protocol has its flaw, but so far, we have not reached [[https://en.wikipedia.org/wiki/Eternal_September][Eternal
+September]] yet and I enjoy [[https://joinmastodon.org][Mastodon]] (a twitter clone) and [[https://join-lemmy.org][Lemmy]] (a reddit
+clone) for example.
+But I wouldn't write this blog post if I didn't believe that we can do better.
+
+I feel we reached a point where the web is screwed for good.
+It is now time to create another protocol that does not need a "Web Browser".
+Here is my doleances:
+
+- The client of this new protocol should be EASY to write from scratch.
+- The client should NEVER allow client-side scripting.
+- The language into which we express a rendering should be expressive enough but
+ NOT Turing Complete, we must have a language that can be proven to stop.
+- The user should be in control of the rendering of the content. Disabled people
+ deserve the right to access the content they way they see fit.
+ No equivalent of CSS which should naturally provide a more "article" or
+ "content" type of things.
+- Bonuses:
+ - the client is mostly retro compatible with small-websites.
+ Can parse basic HTML, will not load js, will not load CSS, will take care of
+ checking some properties before redirect the user. Ideally we should ask use
+ HTTP to ask a HEAD on the resource, and check a specific header that tell
+ us, that yes, this website is compatible with the "small-web"
+ - the client should also be compatible with gopher and gemini.
+
+
+* Footnotes
+
+** <> The Web is entirely controlled by Big corps now
+
+As a reminder, the Web is just one way to consume the Internet.
+Internet is about protocols so different computers can communicate across the
+globe and beyond.
+And I would like to remind a time were attached to every new protocol there were
+a set of applications tied to it.
+So the Web turns around the HTTP/HTTPs protocols whose content is HTML+CSS+JS.
+The Applications to consume the Web are Web browsers.
+For web browser to render a website correctly should have a lot of features, so
+much that for that you need a /Browser Engine/.
+The complexity of these Browser Engine is so huge that it would be very
+difficult if not impossible for just a small group of people to be able to
+create a new one from scratch.
+As of today, there are very few choices, looking at this [[https://en.wikipedia.org/wiki/Comparison_of_browser_engines][Wikipedia page]] there
+are only 4 active browser engine.
+Most controlled by tech Giants (Apple, Google and Microsoft) and the last one
+Gecko is controlled, mostly, by Mozilla but is currently very dependent
+financially from Google.
+
+Does it matter? I think so yes. It is now, very easy, for these big players to
+enforce policies that are against consumers best interests.
+I guess you can imagine a few of them.
+Through the browser engine you could alter the rendering of any website.
+
+** The new web became an open application download platform.
+What really changed recently, is that, we added, layer after layer.
+The new web mix content website with applications.
+A website that is in fact an application, or contain an application.
+As long as you use the application in the "virtual machine" that is the browser
+engine, you're good to go.
+The system will download the application without any warning, and it will launch
+the application without any warning. And you are slightly protected from most
+nefarious use case but not all. Typically, I could easily put an js that run
+crypto-money mining and there is not really anything you could do about it.
+I am even very surprised most website are not already doing something like this.
+This might be an even better mechanism to earn money than ads... Anyway, it
+would waste so much resources, I'm glad this is not the norm... yet.
diff --git a/notes/xdr_monetization.html b/notes/xdr_monetization.html
deleted file mode 100644
index e91b2df5..00000000
--- a/notes/xdr_monetization.html
+++ /dev/null
@@ -1,543 +0,0 @@
-
-
-
-
-XDR Monetization
-
-
-
-
-
-
-
-
name – The name of the entitlement (defined as part of the entitlement
-controlled vocabulary between PIAM and the product)
-
-
-
-
-
-
2.3.3. value
-
-
value – Some entitlements will have a string value that serves to qualify the
-entitlement. For example an entitlement with name=tier may have three
-different manifestations if there are three different tiers (e.g., {"name":
- "tier", "value": "essentials"}, {"name": "tier", "value": "primary"},
- {"name": "tier", "value": "advantage"})
-
-
-
-
-
-
2.3.4. quantity
-
-
quantity – Some entitlements will have numeric quantity associated with the
-entitlement, this represents the amount of this entitlement the tenant is
-permitted to consume. Each quantity field will contain an object with the
-following values:
-
-
value - The number holding the actual quantity.
-
unit - A string representing what unit to use when interpreting the quantity.
-
-
-
-
-
-
-
-
2.3.5. quantityenforced
-
-
quantity_enforced – A boolean field, if true it means that the product
-should enforce the allocated quantity of the entitlement for this tenant. It
-is up to the product to determine how to do this. Cases where this will be
-false are if the customer purchased via a buying program that supports a
-“pay as you go” pricing model.
-
-
-
-
-
-
-
-
3. Entitlement Summary
-
-The Entitlement Summary provides a data-structure easier to consume
-than the entitlements list.
-
-
-
-
A JSON Object instead of list.
-
Additional technically useful entries.
-
-
-
-
-
-
3.1. Structure
-
-The main structure of the EntitlementSummary is:
-
-But we plan to add more technical specific values so it helps every Entitlement consumer.
-That way it would make possible to share between product specific technical values.
-
-
-
-For example, we plan to add:
-
-
-
a list of allowed modules.
-
an optional list of additional scopes
-
rate limits
-
-
-
-
-
-
3.8.2. XDR global values
-
-If you want us to add some information, so we could centralize some logic
-related to entitlement into IROH just ask us to add it.
-Ideally, this should only contain data that could be shared between different modules.
-For example:
-
-
-
-
allowed workflows, or allowed properties for workflows
-
specific limitations for a specific module (read-only, etc…)
{// ---- SUMMARY OF TECHNICAL LIMITS
- "summary" {
- // PIAM Logic
- "data-retention-in-days": 180, // use extra_data_retention + tier
- "data-maximal-size-in-GB": 4000, // use extra_ingest + tier quantity
- // IROH Internal
- "additional-scopes": [ ... ], // depends on the tier
- "allowed-modules": [ ... ], // depends on the tier
- // XDR Shared Global Rules
- "restricted-workflows": [...], // depends on the tier (or something else)
- "rate-limits": // can change depending on the tier
- {"sca": {"queries-per-minutes": "100"},
- "sxo": {"queries-per-minutes": "80"},
- "csc": ...},
- ...
- }
-}
-
-
-
-
-
-
-
-
4. Conclusion
-
-
tier? GET /iroh/profile/whoami
-then whoami.org["entitlement-summary"].tier.title
-
Summary only: GET /iroh/profile/entitlement-summary
-
raw entitlements: GET /iroh/profile/entitlements
-
-
-
-
-
-
-
-
-
-
-
-
-
-
diff --git a/notes/xdr_monetization.tex b/notes/xdr_monetization.tex
deleted file mode 100644
index 519255c9..00000000
--- a/notes/xdr_monetization.tex
+++ /dev/null
@@ -1,376 +0,0 @@
-% Created 2023-07-12 Wed 17:18
-% Intended LaTeX compiler: pdflatex
-\documentclass[11pt]{article}
-\usepackage[utf8]{inputenc}
-\usepackage[T1]{fontenc}
-\usepackage{graphicx}
-\usepackage{longtable}
-\usepackage{wrapfig}
-\usepackage{rotating}
-\usepackage[normalem]{ulem}
-\usepackage{amsmath}
-\usepackage{amssymb}
-\usepackage{capt-of}
-\usepackage{hyperref}
-\author{Yann Esposito}
-\date{\textit{[2023-07-12 Wed]}}
-\title{XDR Monetization}
-\hypersetup{
- pdfauthor={Yann Esposito},
- pdftitle={XDR Monetization},
- pdfkeywords={},
- pdfsubject={},
- pdfcreator={Emacs 29.0.60 (Org mode 9.6.1)},
- pdflang={English}}
-\begin{document}
-
-\maketitle
-\tableofcontents
-
-
-\section{Intro}
-\label{sec:orgccd9c9c}
-
-\subsection{What?}
-\label{sec:org3c93695}
-
-\begin{itemize}
-\item \textbf{Entitlements}: What the customer is paying for.
-\item \textbf{Access Rules}: What services should allow, restrict.
-\end{itemize}
-
-\subsection{Example}
-\label{sec:org4004377}
-
-\subsubsection{Entitlements:}
-\label{sec:org4d9cf8d}
-
-\begin{itemize}
-\item Tier: Essentials for 1000 \emph{users} (number of \href{https://cisco.sharepoint.com/sites/SecurityPersonas/SitePages/prime-employee.aspx?csf=1\&web=1\&e=LcTwTp}{Lees}).
-\item Extra Data Retention ``add-on'': 180 \emph{days}
-\item Extra Ingest ``add-on'': 2 \emph{GB}
-\end{itemize}
-
-\subsubsection{Access Rule example:}
-\label{sec:org0a71eba}
-
-\begin{itemize}
-\item \textbf{Total Ingest}: 4000GB (1000 user × (2GB + 2GB))
-\item \textbf{Time to Keep Data}: 180 days (yes, \textbf{extra} might not mean what we could expect)
-\end{itemize}
-
-ref: \url{https://wwwin-github.cisco.com/cisco-sbgidm/docs/blob/master/provisioning/xdr/xdr-ga.md\#entitlements}
-
-\subsection{How?}
-\label{sec:org102ca4d}
-
-Entitlement represent what the customer pays for.
-PIAM creates and updates them.
-
-\begin{center}
-\includegraphics[width=.9\linewidth]{xdr-monetization-piam-entitlements.png}
-\end{center}
-
-\subsection{Also Entitlement Summary}
-\label{sec:org9a0848a}
-
-IROH exposes an API to retrieve an \texttt{EntitlementSummary}.
-A data structure easier to consume than the list of entitlements.
-
-\begin{center}
-\includegraphics[width=.9\linewidth]{xdr-monetization-piam-entitlement-summary.png}
-\end{center}
-
-\section{Entitlements (technically)}
-\label{sec:org7404848}
-
-Example of a list of \texttt{Entitlements} sent by PIAM to IROH:
-
-\subsection{Just the Tier, no add-on:}
-\label{sec:orgc760d26}
-
-\begin{verbatim}
-[{"name" "tier",
- "value" "advantage",
- "quantity" {"value" 1000, "unit" "users"},
- "enforce-quantity" true}]
-\end{verbatim}
-
-
-\subsection{Tier with add-ons}
-\label{sec:org39f5857}
-
-\begin{verbatim}
-[{"name":"tier",
- "value":"essentials",
- "quantity":{"value":1000, "unit":"users"},
- "enforce-quantity":true},
- {"name":"extra_ingest",
- "value":"",
- "quantity":{"value":2, "unit":"GB"},
- "enforce-quantity":true},
- {"name":"extra_data_retention",
- "value":"",
- "quantity":{"value":180, "unit":"days"},
- "enforce-quantity":true}]
-\end{verbatim}
-
-\subsection{PIAM Doc}
-\label{sec:orgeacc44a}
-
-From \href{https://wwwin-github.cisco.com/cisco-sbgidm/docs/blob/master/provisioning/xdr/xdr-ga.md\#entitlements}{Paul Chichonski's doc}
-
-\url{https://wwwin-github.cisco.com/cisco-sbgidm/docs/blob/master/provisioning/product-spec.md\#multi-valued-attributes}
-
-\subsubsection{Entitlements}
-\label{sec:org4517481}
-
-\begin{itemize}
-\item \texttt{entitlements} -- A list of entitlements the tenant is allowed to use. Each item in
-the list is an object with the following fields:
-\end{itemize}
-
-\begin{verbatim}
-[{"name":"tier",
- "value":"essentials",
- "quantity":{"value":1000, "unit":"users"},
- "enforce-quantity":true},
- {"name":"extra_ingest",
- "value":"",
- "quantity":{"value":2, "unit":"GB"},
- "enforce-quantity":true}]
-\end{verbatim}
-
-\subsubsection{name}
-\label{sec:org4fd025b}
-
-\begin{itemize}
-\item \texttt{name} -- The name of the entitlement (defined as part of the entitlement
-controlled vocabulary between PIAM and the product)
-\end{itemize}
-
-\subsubsection{value}
-\label{sec:org7d691e0}
-
-\begin{itemize}
-\item \texttt{value} -- Some entitlements will have a string value that serves to qualify the
-entitlement. For example an entitlement with \texttt{name=tier} may have three
-different manifestations if there are three different tiers (e.g., \texttt{\{"name":
- "tier", "value": "essentials"\}}, \texttt{\{"name": "tier", "value": "primary"\}},
- \texttt{\{"name": "tier", "value": "advantage"\}})
-\end{itemize}
-
-\subsubsection{quantity}
-\label{sec:orgd8af516}
-
-\begin{itemize}
-\item \texttt{quantity} -- Some entitlements will have numeric quantity associated with the
-entitlement, this represents the amount of this entitlement the tenant is
-permitted to consume. Each quantity field will contain an object with the
-following values:
-\begin{itemize}
-\item \texttt{value} - The number holding the actual quantity.
-\item \texttt{unit} - A string representing what unit to use when interpreting the quantity.
-\end{itemize}
-\end{itemize}
-
-\subsubsection{quantity\textsubscript{enforced}}
-\label{sec:org70e8a50}
-
-\begin{itemize}
-\item \texttt{quantity\_enforced} -- A boolean field, if \texttt{true} it means that the product
-should enforce the allocated quantity of the entitlement for this tenant. It
-is up to the product to determine how to do this. Cases where this will be
-\texttt{false} are if the customer purchased via a buying program that supports a
-``pay as you go'' pricing model.
-\end{itemize}
-
-\section{Entitlement Summary}
-\label{sec:orgd343c8e}
-
-The Entitlement Summary provides a data-structure easier to consume
-than the entitlements list.
-
-\begin{itemize}
-\item A JSON Object instead of list.
-\item Additional technically useful entries.
-\end{itemize}
-
-\subsection{Structure}
-\label{sec:orge20a61f}
-
-The main structure of the \texttt{EntitlementSummary} is:
-
-\begin{verbatim}
-{: }
-\end{verbatim}
-
-Where \texttt{} looks like:
-
-\begin{verbatim}
-{"title": "something", // <- optional instead of value:""
- "quantity": Integer,
- "unit": "human-readable-unit",
- "enforce?": Boolean}
-\end{verbatim}
-\subsection{Tier-only Entitlement}
-\label{sec:orgd758f52}
-
-When PIAM send this list of \texttt{Entitlements}:
-
-\begin{verbatim}
-[{"name" : "tier",
- "value" : "advantage",
- "quantity" : {"value" : 32000,
- "unit" : "users"},
- "enforce-quantity" : true}]
-\end{verbatim}
-
-\subsection{The \texttt{EntitlementSummary} will look like this:}
-\label{sec:orgc8e6e94}
-
-\begin{verbatim}
-{"tier" : {"title" : "advantage",
- "quantity" : 32000,
- "unit" : "users",
- "enforce?" : true}}
-\end{verbatim}
-
-\subsection{With Add-ons}
-\label{sec:orgbb2ae87}
-
-If PIAM send a list of \texttt{Entitlements} with add-ons:
-
-\begin{verbatim}
-[ {"name" : "tier",
- "value" : "premier",
- "quantity" : {"value" : 1000, "unit" : "users"},
- "enforce-quantity" : true},
- {"name" : "extra_ingest",
- "value" : "",
- "quantity" : {"value" : 2, "unit" : "GB"},
- "enforce-quantity" : true},
- {"name" : "extra_data_retention",
- "value" : "",
- "quantity" : {"value" : 180, "unit" : "days"},
- "enforce-quantity" : true}]
-\end{verbatim}
-
-\subsection{The \texttt{EntitlementSummary} will be:}
-\label{sec:orga1d4095}
-
-\begin{verbatim}
-{"tier": {"title": "premier",
- "quantity": 1000,
- "unit": "users",
- "enforce?": true},
- "extra_data_retention": {"quantity": 180,
- "unit": "days",
- "enforce?": true},
- "extra_ingest": {"quantity": 2,
- "unit": "GB",
- "enforce?": true}}
-\end{verbatim}
-
-\subsection{\texttt{Entitlements} consumption in js}
-\label{sec:orgab7d502}
-
-\begin{verbatim}
-function get_entitlement_tier (entitlements) {
- for (entitlement in org.entitlements) {
- if (entitlement.name == "tier") {
- return entitlement.title;
- }
- }
-}
-let tier = get_entitlement_tier (entitlements);
-\end{verbatim}
-
-\subsection{EntitlementSummary consumption in js}
-\label{sec:orgd3ca5ad}
-
-\begin{verbatim}
-let tier = whoami.org["entitlement-summary"].tier.title;
-\end{verbatim}
-
-\subsection{More to come}
-\label{sec:org9a60163}
-
-\subsubsection{IROH Internal}
-\label{sec:org6a8035d}
-
-But we plan to add more technical specific values so it helps every Entitlement consumer.
-That way it would make possible to share between product specific technical values.
-
-For example, we plan to add:
-\begin{itemize}
-\item a list of allowed modules.
-\item an optional list of additional scopes
-\item rate limits
-\end{itemize}
-
-\subsubsection{XDR global values}
-\label{sec:org7090a59}
-
-If you want us to add some information, so we could centralize some logic
-related to entitlement into IROH just ask us to add it.
-Ideally, this should only contain data that could be shared between different modules.
-For example:
-
-\begin{itemize}
-\item allowed workflows, or allowed properties for workflows
-\item specific limitations for a specific module (read-only, etc…)
-\end{itemize}
-
-\subsubsection{Example}
-\label{sec:org83305cb}
-
-\begin{verbatim}
-{"tier": {"title": "premier",
- "quantity": 1000,
- "unit": "users",
- "enforce?": true},
- "extra_data_retention": {"quantity": 180,
- "unit": "days",
- "enforce?": true},
- "extra_ingest": {"quantity": 2,
- "unit": "GB",
- "enforce?": true},
- // ---- SUMMARY OF TECHNICAL LIMITS
- "summary" {...}}
-\end{verbatim}
-
-\subsubsection{Summary}
-\label{sec:org903d7c1}
-
-
-\begin{verbatim}
-{// ---- SUMMARY OF TECHNICAL LIMITS
- "summary" {
- // PIAM Logic
- "data-retention-in-days": 180, // use extra_data_retention + tier
- "data-maximal-size-in-GB": 4000, // use extra_ingest + tier quantity
- // IROH Internal
- "additional-scopes": [ ... ], // depends on the tier
- "allowed-modules": [ ... ], // depends on the tier
- // XDR Shared Global Rules
- "restricted-workflows": [...], // depends on the tier (or something else)
- "rate-limits": // can change depending on the tier
- {"sca": {"queries-per-minutes": "100"},
- "sxo": {"queries-per-minutes": "80"},
- "csc": ...},
- ...
- }
-}
-\end{verbatim}
-
-\section{Conclusion}
-\label{sec:org9d9f957}
-
-\begin{itemize}
-\item tier? \texttt{GET /iroh/profile/whoami}
-then \texttt{whoami.org["entitlement-summary"].tier.title}
-\item Summary only: \texttt{GET /iroh/profile/entitlement-summary}
-\item raw entitlements: \texttt{GET /iroh/profile/entitlements}
-\end{itemize}
-\end{document}
\ No newline at end of file
diff --git a/notes/yann_s_personal_retrospective_2023_offsite.html b/notes/yann_s_personal_retrospective_2023_offsite.html
deleted file mode 100644
index d2501950..00000000
--- a/notes/yann_s_personal_retrospective_2023_offsite.html
+++ /dev/null
@@ -1,244 +0,0 @@
-
-
-
-
-Yann’s Personal Retrospective 2023 Offsite
-
-
-
-
-
-
-
-