Fix escaped parentheses

config/hardware/dell-poweredge.md

@@ -25,6 +25,6 @@ breadcrumbs:
 ## Storage
 
 - PERC 5/i and 6/i do not support disks over 2TB. PERC H200 and similar may need to be flashed to support it.
-- PERC H200, H310 H310 mini etc. do not need to be flashed \(from IR\) to IT mode. They already function as HBAs. But upgrade the firmware. \(Controversal topic, needs verification.\)
+- PERC H200, H310 H310 mini etc. do not need to be flashed (from IR) to IT mode. They already function as HBAs. But upgrade the firmware. (Controversal topic, needs verification.)
 
 {% include footer.md %}

config/hosting-providers/one-com.md

@@ -12,6 +12,6 @@ breadcrumbs:
 
 ## Experience
 
-- Does not support non-ASCII characters in file names \(tested with basic web hosting\). I tried migrating a site with æ, ø and å in the file names, which didn't work at all.
+- Does not support non-ASCII characters in file names (tested with basic web hosting). I tried migrating a site with æ, ø and å in the file names, which didn't work at all.
 
 {% include footer.md %}

config/iot/raspberry-pi.md

@@ -19,13 +19,13 @@ Raspbian
 - Configure through the menu: `raspi-config`
   - Go through all the options.
   - Locale and default locale: Use `en_US.UTF-8`.
-  - Disable all interfaces except SSH \(disable SSH too if not needed\).
+  - Disable all interfaces except SSH (disable SSH too if not needed).
   - If a black border is present, disable overscan.
 - Upgrade the system: `apt update && apt upgrade`
 - Install packages: `vim htop screen`
 - Add personal admin user:
   - Create user: `adduser <user>`
-  - Add SSH key \(from a GitHub user in this case\):
+  - Add SSH key (from a GitHub user in this case):
     - `cd /home/<user>`
     - `mkdir .ssh`
     - `curl https://github.com/<user>.keys >> .ssh/authorized_keys`

config/linux-server/applications.md

@@ -20,7 +20,7 @@ Debian 10 Buster
 ### Setup
 
 1. [Official guide for Debian](https://docs.docker.com/install/linux/docker-ce/debian/)
-2. \(Optional\) Setup swap limit:
+2. (Optional) Setup swap limit:
    - If `docker info` contains `WARNING: No swap limit support`, it's not working and should maybe be fixed.
    - It incurs a small performance degredation and is optional but recommended.
    - In `/etc/default/grub`, add `cgroup_enable=memory swapaccount=1` to `GRUB_CMDLINE_LINUX`.
@@ -38,14 +38,14 @@ Debian 10 Buster
 
 ### Notes
 
-- DHCPv4 uses raw sockets, so it bypasses the firewall \(i.e. no firewall rules are needed\). DHCPv6, however, does not. This includes the respective clients as well.
+- DHCPv4 uses raw sockets, so it bypasses the firewall (i.e. no firewall rules are needed). DHCPv6, however, does not. This includes the respective clients as well.
 
 ### Setup
 
 1. Install and enable `isc-dhcp-server` and `radvd`.
 2. Add config files.
    1. DHCPv4: `/etc/dhcp/dhcpd.conf`
-   2. DHCPv6 \(optional\): `/etc/dhcp/dhcpd6.conf`
+   2. DHCPv6 (optional): `/etc/dhcp/dhcpd6.conf`
    3. radvd: `/etc/radvd.conf`
 3. If using systemd-networkd, fix wrong startup order:
    - **TODO**
@@ -54,9 +54,9 @@ Debian 10 Buster
 5. IPv6:
    1. For SLAAC, configure only radvd.
    2. Dor DHCPv6, configure radvd in stateful mode and DHCPv6.
-6. \(Optional\) Setup interfaces to listen to:
+6. (Optional) Setup interfaces to listen to:
    - This may mute the "No subnet declaration for ..." verbose error on some distros.
-   - In `/etc/default/isc-dhcp-server`, add the interfaces \(space-separated\) to `INTERFACESv4` and `INTERFACESv6`.
+   - In `/etc/default/isc-dhcp-server`, add the interfaces (space-separated) to `INTERFACESv4` and `INTERFACESv6`.
 
 ## NTPD
 
@@ -65,7 +65,7 @@ Debian 10 Buster
 - Disable systemd-timesyncd NTP client by disabling and stopping `systemd-timesyncd`.
 - Install `ntp`.
 - In `/etc/ntp.conf`, replace existing servers/pools with `ntp.justervesenet.no` with the `iburst` option.
-- Test with `ntpq -pn` \(it may take a minute to synchronize\).
+- Test with `ntpq -pn` (it may take a minute to synchronize).
 
 ## Postfix
 
@@ -74,7 +74,7 @@ Debian 10 Buster
 #### Notes
 
 - When using an SMTP relay, the original IP address will likely be found in the mail headers.
-- Make sure DNS is configured correctly \(SPF, DKIM, DMARC\).
+- Make sure DNS is configured correctly (SPF, DKIM, DMARC).
 
 #### Setup
 
@@ -82,24 +82,24 @@ Debian 10 Buster
    - If asked, choose to configure Postfix as a satellite system.
 2. Make sure the FQDN is correct in `/etc/mailname` and `/etc/postfix/main.cf`.
 3. Update the root alias in `/etc/aliases` and run `newaliases`.
-4. Update the `main.cf` config \(example not provided here\).
+4. Update the `main.cf` config (example not provided here).
    1. Only listen to localhost: Set “inet\_interfaces = loopback-only”
    2. Disable relaying: Set “mynetworks = 127.0.0.0/8 \[::ffff:127.0.0.0\]/104 \[::1\]/128”
    3. Anonymize banner: “smtpd\_banner = $myhostname ESMTP”
 5. Relay guides:
    1. Mailgun:
-      1. [How To Start Sending Email \(Mailgun\)](https://documentation.mailgun.com/en/latest/quickstart-sending.html)
-      2. [How to Set Up a Mail Relay with Postfix and Mailgun on Ubuntu 16.04 \(](https://www.digitalocean.com/community/tutorials/how-to-set-up-a-mail-relay-with-postfix-and-mailgun-on-ubuntu-16-04)[DigitalOcean\)](https://www.digitalocean.com/community/tutorials/how-to-set-up-a-mail-relay-with-postfix-and-mailgun-on-ubuntu-16-04)
+      1. [How To Start Sending Email (Mailgun)](https://documentation.mailgun.com/en/latest/quickstart-sending.html)
+      2. [How to Set Up a Mail Relay with Postfix and Mailgun on Ubuntu 16.04 (](https://www.digitalocean.com/community/tutorials/how-to-set-up-a-mail-relay-with-postfix-and-mailgun-on-ubuntu-16-04)[DigitalOcean)](https://www.digitalocean.com/community/tutorials/how-to-set-up-a-mail-relay-with-postfix-and-mailgun-on-ubuntu-16-04)
    2. SendGrid:
-      1. [Postfix \(SendGrid\)](https://sendgrid.com/docs/for-developers/sending-email/postfix/)
+      1. [Postfix (SendGrid)](https://sendgrid.com/docs/for-developers/sending-email/postfix/)
       2. Use API-key with permission to send mail only.
       3. The API-key username is `apikey`.
 6. Setup address rewrite rules:
    - For fixing the `To` and `From` fields, which is typically from root to root.
-   - Add the rewrite config \(see example below\).
+   - Add the rewrite config (see example below).
    - Reference the config using `smtp_header_checks` in the main config.
    - Test: `postmap -fq "From: root@<FQDN>" regexp:smtp_header_checks`
-7. Setup relay credentials \(SASL\):
+7. Setup relay credentials (SASL):
    1. Credentials file: `/etc/postfix/sasl_passwd`
    2. Add your credentials using format: `[relay_domain]:port user@domain:password`
    3. Run: `postmap sasl_passwd`
@@ -121,7 +121,7 @@ Debian 10 Buster
 - Send a test mail: `echo "Test from $HOSTNAME at time $(date)." | mail -s "Test" root`
 - Test the config: `postconf > /dev/null`
 - Print the config: `postconf -n`
-- If mails are stuck in the mail queue \(`mailq`\) because of previous errors, run `postqueue -f` to flush them.
+- If mails are stuck in the mail queue (`mailq`) because of previous errors, run `postqueue -f` to flush them.
 
 ## radvd
 
@@ -132,7 +132,7 @@ Debian 10 Buster
 
 ## TFTP Server
 
-Using H. Peter Anvin's TFTP server \(tftpd-hpa\).
+Using H. Peter Anvin's TFTP server (tftpd-hpa).
 
 ### Setup
 
@@ -203,8 +203,8 @@ TFTP_OPTIONS="--create --secure"
 
 ### Setup
 
-1. Enable the `contrib` and `non-free` repo areas. \(Don't use any backports repo.\)
-2. Install \(it might give errors\): `zfs-dkms zfsutils-linux zfs-zed`
+1. Enable the `contrib` and `non-free` repo areas. (Don't use any backports repo.)
+2. Install (it might give errors): `zfs-dkms zfsutils-linux zfs-zed`
 3. Load the ZFS module: `modprobe zfs`
 4. Fix the ZFS install: `apt install`
 
@@ -221,7 +221,7 @@ TFTP_OPTIONS="--create --secure"
 
 - ECC memory is recommended but not required. It helps prevent data corruption in memory. It does however not affect data corruption on disk.
 - Does not require large amounts of memory, but more memory allows it to cache more data. A minimum of around 1GB is suggested. Memory caching is termed ARC.
-- A dedicated disk \(e.g. an NVMe SSD\) can be used as a secondary read cache. This is termed L2ARC \(level 2 ARC\). Only frequently accessed blocks are cached. The memory requirement will increase based on the size of the L2ARC. It should only be considered for pools with high read traffic, slow disks and lots of memory available.
-- A dedicated disk \(e.g. an NVMe SSD\) can be used for the ZIL \(ZFS intent log\) \(which is used for synchronized writes\). The disk is then termed SLOG \(secondary log\). The disk must be able to handle lots of writes. It should only be considered for pools with high synchronous write traffic on relatively slow disks.
+- A dedicated disk (e.g. an NVMe SSD) can be used as a secondary read cache. This is termed L2ARC (level 2 ARC). Only frequently accessed blocks are cached. The memory requirement will increase based on the size of the L2ARC. It should only be considered for pools with high read traffic, slow disks and lots of memory available.
+- A dedicated disk (e.g. an NVMe SSD) can be used for the ZIL (ZFS intent log) (which is used for synchronized writes). The disk is then termed SLOG (secondary log). The disk must be able to handle lots of writes. It should only be considered for pools with high synchronous write traffic on relatively slow disks.
 
 {% include footer.md %}

config/linux-server/debian-server.md

@@ -20,10 +20,10 @@ Debian 10 Buster
 - Installation:
   - Always verify the downloaded installation image after downloading it.
   - Use UEFI if given the option.
-  - Use the United States UTF-8 locale \(`en_US.UTF-8`\).
+  - Use the United States UTF-8 locale (`en_US.UTF-8`).
   - Use an FQDN as the hostname.
   - Disk partitioning:
-    - \(Recommended\) Manually partition the boot/main drive\(s\). See [the storage page](system.md) for suggestions.
+    - (Recommended) Manually partition the boot/main drive(s). See [the storage page](system.md) for suggestions.
     - Guided partitioning makes weird partition/volume sizes, try to avoid it.
     - For simple or temporary systems, just use "guided - use entire disk" with all files in one partition.
   - At the software selection menu, select only "SSH server" and "standard system utilities".
@@ -42,7 +42,7 @@ Debian 10 Buster
 - Check the hostname:
   - Use a shortname as the hostname.
   - Set the hostname: `hostnamectl set-hostname <hostname>`
-  - Update `/etc/hosts` with all variants of the hostname \(including shortname and FQDN\).
+  - Update `/etc/hosts` with all variants of the hostname (including shortname and FQDN).
 - Packages:
   - Update, upgrade and auto-remove.
   - Install: `sudo ca-certificates mailutils`
@@ -50,10 +50,10 @@ Debian 10 Buster
   - Enable the `contrib` and `non-free` repo areas:
     - Add `contrib non-free` to every line in `/etc/apt/sources.list`.
   - Install free and non-free firmware: `firmware-linux`
-  - If it asked to install non-free firmware in the initial installation installation, try to install it now using APT \(hint: search for `firmware-`\).
+  - If it asked to install non-free firmware in the initial installation installation, try to install it now using APT (hint: search for `firmware-`).
 - Configure your personal user:
-  - Add it to the sudo group \(`usermod -aG sudo <user>`\).
-  - Add your personal SSH pubkey to `~/.ssh/authorized_keys` and fix the owner and permissions \(700 for dir, 600 for file\).
+  - Add it to the sudo group (`usermod -aG sudo <user>`).
+  - Add your personal SSH pubkey to `~/.ssh/authorized_keys` and fix the owner and permissions (700 for dir, 600 for file).
   - Test it.
 - Postfix: **TODO**
 
@@ -74,7 +74,7 @@ Debian 10 Buster
   - Restart and see status for service `systemd-timesyncd`.
 - Setup firewall:
   - Install: `iptables iptables-persistent netfilter-persistent`
-  - Add basic rules \(it defaults to accepting everything\).
+  - Add basic rules (it defaults to accepting everything).
 - Reboot and make sure it still works.
 
 ### Security
@@ -93,21 +93,21 @@ Debian 10 Buster
   - `AllowTcpForwarding no`
   - `GatewayPorts no`
   - Restart `sshd`.
-- \(Optional\) Prevent root login:
+- (Optional) Prevent root login:
   - Alternatively, keep it enabled with a strong password as a local backdoor for recovery or similar.
   - Add a personal user first.
-  - Check that the password field \(the second field\) for root in `/etc/shadow` is something invalid like "\*" or "!", but not empty and not valid password hash. This prevents password login.
+  - Check that the password field (the second field) for root in `/etc/shadow` is something invalid like "\*" or "!", but not empty and not valid password hash. This prevents password login.
   - Clear `/etc/securetty` to prevent root local/console login.
 - Extra tools:
   - Install `libpam-tmpdir`.
-  - \(Optional\) Install `fail2ban`.
+  - (Optional) Install `fail2ban`.
     - Fix the firewall first so it configures itself correctly wrt. firewall blocking.
     - Check the status with `fail2ban-client status [sshd]`.
     - See [Applications](applications.md#fail-2-ban) for more info.
-  - \(Optional\) Install and run Lynis:
+  - (Optional) Install and run Lynis:
     - Install `lynis`.
     - Run `lynis audit system`.
-- \(Optional\) Extra package security:
+- (Optional) Extra package security:
   - Install `apt-listbugs` and `apt-listchanges` and run them before upgrading a package.
   - Install `needrestart` and run it after upgrading.
 
@@ -143,7 +143,7 @@ Debian 10 Buster
 - Make the new networkd configs.
   - Extra network device configs: `/etc/systemd/network/*.netdev`
   - Network configs: `/etc/systemd/network/*.network`
-- \(Re\)move the ifupdown config: `mv /etc/network/interfaces /etc/network/interfaces.disabled`
+- (Re)move the ifupdown config: `mv /etc/network/interfaces /etc/network/interfaces.disabled`
 - Enable systemd-networkd: `systemctl enable systemd-networkd`
 - Reboot and test.
 - Check the status: `networkctl [status [-a]]`
@@ -156,23 +156,23 @@ Debian 10 Buster
   - Doesn’t need to be super fast.
   - SSD: 1 or 2 mirrored, overprovisioned.
   - HDD: 2 mirrored.
-- Use LVM or ZFS \(if supported/stable\) for the whole main disk, except the boot and EFI partitions.
+- Use LVM or ZFS (if supported/stable) for the whole main disk, except the boot and EFI partitions.
 - Use EXT4 for general filesystems if ZFS is nor supported or appropriate.
 - Some semi-guided installers automatically add the boot or EFI partition when adding the first one.
 - Partitioning:
   - If BIOS:
     - MBR partitioning table.
-    - `/boot`: 500MB, FAT32 \(?\)
-  - If UEFI \(preferred\):
+    - `/boot`: 500MB, FAT32 (?)
+  - If UEFI (preferred):
     - `/boot/efi`: 500MB, FAT32/EFI
     - `/boot`: 500MB, EXT4
-  - \(Optional\) Swap. Alternatively, add it as an LVM volume.
-  - LVM \(or ZFS\). For `/` and other volumes.
-  - \(Optional\) ZFS. So that LVM uses the first half and ZFS the last.
-  - If SSD: Reserve around 10% at the end of the drive \(no partition\).
+  - (Optional) Swap. Alternatively, add it as an LVM volume.
+  - LVM (or ZFS). For `/` and other volumes.
+  - (Optional) ZFS. So that LVM uses the first half and ZFS the last.
+  - If SSD: Reserve around 10% at the end of the drive (no partition).
 - Configure LVM:
   - Finish the partitioning before entering the LVM configuration.
-  - Create a volume group \(call it `vg0` or something\) and add the partition you created earlier for it.
+  - Create a volume group (call it `vg0` or something) and add the partition you created earlier for it.
   - Create as many logical volumes as you want. See the table below for a suggestion. Call them something like `var-lib` for the `/var/lib` volume.
   - Mount points etc. are configured after you finish the LVM configuration.
 - Set mount points and file system formats and stuff for all the volumes.
@@ -181,7 +181,7 @@ Debian 10 Buster
 
 This table is just for reference, everything about it is supposed to be suggestive. All of these are specified in `/etc/fstab`. Volumes/mounts like `/dev` are not mentioned.
 
-| Volume/Mount | Minimal Size \(GB\) | Mount Options |
+| Volume/Mount | Minimal Size (GB) | Mount Options |
 | :--- | :--- | :--- |
 | `/proc` | N/A | hidepid=2,gid=1500 |
 | `/boot` | 0.5 | nodev,nosuid,noexec |
@@ -201,18 +201,18 @@ This table is just for reference, everything about it is supposed to be suggesti
 
 ### Cron
 
-- Don't use periods \(including file extensions\) in the hourly/daily/weekly/monthly scripts.
+- Don't use periods (including file extensions) in the hourly/daily/weekly/monthly scripts.
 
 ## Extra Configuration
 
 - MOTD:
   - Clear `/etc/motd`.
   - Download [dmotd.sh](https://github.com/HON95/misc-scripts/blob/master/linux-server/profile/dmotd.sh) to `/etc/profile.d/` and install the dependencies `neofetch` and `lolcat`.
-  - Add an ASCII art \(or Unicode art\) logo to `/etc/logo`, using e.g. [TAAG](http://patorjk.com/software/taag/).
-  - \(Optional\) Add a MOTD to `/etc/motd`.
+  - Add an ASCII art (or Unicode art) logo to `/etc/logo`, using e.g. [TAAG](http://patorjk.com/software/taag/).
+  - (Optional) Add a MOTD to `/etc/motd`.
 - Free disk space checking:
   - Download [disk-space-checker.sh](https://github.com/HON95/misc-scripts/blob/master/linux-server/cron/disk-space-checker.sh) either to `/cron/cron.daily/` or to `/opt/bin` and create a cron job for it.
-  - Example cron job \(15 minutes past every 4 hours\): `15 */4 * * * root /opt/bin/disk-space-checker`
+  - Example cron job (15 minutes past every 4 hours): `15 */4 * * * root /opt/bin/disk-space-checker`
   - Configure which disks/file systems it should exclude and how full they should be before it sends an email alert.
 
 {% include footer.md %}

config/linux-server/notes.md

@@ -15,7 +15,7 @@ breadcrumbs:
 - [Cipherli.st](https://cipherli.st/)
 - [Linux Hardening Checklist](https://github.com/trimstray/linux-hardening-checklist)
 - [The Practical Linux Hardening Guide](https://github.com/trimstray/the-practical-linux-hardening-guide)
-- [Text to ASCII Art Generator \(TAAG\)](http://patorjk.com/software/taag/#p=display&f=Slant&t=)
+- [Text to ASCII Art Generator (TAAG)](http://patorjk.com/software/taag/#p=display&f=Slant&t=)
 
 ## Addresses
 

config/linux-server/troubleshooting.md

@@ -19,8 +19,8 @@ Debian 10 Buster
   - See all services it depends on: `systemctl show -p WantedBy network-online.target`
   - Disable the unused services which stall.
 - Firmware for the network card fails to load:
-  - Causes a syslog record like "firmware: failed to load rtl\_nic/rtl8168g-3.fw \(-2\)" when trying to up the interface.
-  - Might happen after installation even if working initially \(for some reason\).
+  - Causes a syslog record like "firmware: failed to load rtl\_nic/rtl8168g-3.fw (-2)" when trying to up the interface.
+  - Might happen after installation even if working initially (for some reason).
   - Realtek solution: Enable the "non-free" repo and install "firmware-realtek".
 - Perl complains about a locale error:
   - Test with `perl -e exit`. It will complain if there's an error.

config/network/brocade-icx.md

@@ -23,7 +23,7 @@ Security features like port security, dynamic ARP inspection, DHCP snooping, IP
 4. Set the correct boot preference: boot system flash primary
    1. Check it with `sh boot-pref` in privileged exec mode.
 5. Set the hostname: `hostname <name>`
-6. Configure time zone \(Norway\):
+6. Configure time zone (Norway):
    1. Time zone: `clock timezone gmt gmt+01`
    2. Manual summer time: `clock summer-time`
 7. Configure NTP client:
@@ -54,25 +54,25 @@ Security features like port security, dynamic ARP inspection, DHCP snooping, IP
        1. `ip ssh encryption aes-only`
        2. `ip ssh encryption disable-aes-cbc`
        3. `jitc enable`
-    6. Set the idle timer: `ip ssh idle-time <minutes>` \(e.g. 10\)
+    6. Set the idle timer: `ip ssh idle-time <minutes>` (e.g. 10)
     7. Both password and key based authentication is enabled by default.
     8. SCP is enabled by default.
-11. \(Optional\) Enable HTTPS:
+11. (Optional) Enable HTTPS:
     1. Delete the old SSL/TLS certificate: `crypto-ssl certificate zeroize`
     2. Generate new SSL/TLS certificate: `crypto-ssl certificate generate`
     3. `web-management https`
     4. `no web-management http`
     5. `aaa authentication web-server default local`
 12. Disable extra features:
-    1. VSRP \(Brocade proprietary\): `no router vsrd`
+    1. VSRP (Brocade proprietary): `no router vsrd`
     2. Telner: `no telnet`
-13. Configure link aggregation \(LAG/LACP\):
+13. Configure link aggregation (LAG/LACP):
     1. Create it: `lag <name> [static | passive]`
     2. Add ports to it: `ports ethernet <if> [to <if>]`
        1. Use `no` to remove ports.
     3. Set the primary port: `primary-port <if>`
        1. All other ports will inherit the config for the primary port.
-    4. \(Optional\) Make it fast manually: `lacp-timeout short`
+    4. (Optional) Make it fast manually: `lacp-timeout short`
     5. Deploy/enable it: `deploy`
     6. If the LAG is not facing a STP-capable device, disable it. I've had problems where the LAG entered `LACP-BLOCKED` state and STP _seemed_ to have something to do with it.
 14. Configure VLANs:
@@ -80,11 +80,11 @@ Security features like port security, dynamic ARP inspection, DHCP snooping, IP
        1. Providing a name will automatically create it.
     2. Create untagged og tagged ports: `<untagged | tagged> <if> [<if>*]`
        1. Access ports and trunk ports in Cisco terms.
-    3. \(Optional\) Set a dual mode VLAN \(native VLAN for in Cisco terms\):
+    3. (Optional) Set a dual mode VLAN (native VLAN for in Cisco terms):
        1. Add the port as tagged.
        2. `dual-mode <VID>`
-    4. Enable spanning tree \(same type as global\): `spanning-tree`
-15. Configure normal interfaces \(`int eth <stack_unit>/slot/port [to ...]`\):
+    4. Enable spanning tree (same type as global): `spanning-tree`
+15. Configure normal interfaces (`int eth <stack_unit>/slot/port [to ...]`):
     1. Set the port name: `post-name <name>`
     2. If required, set the post speed and duplex mode: `speed-duplex <mode>`
        1. Note: SFP+ are disabled until a speed and duplex has been set.
@@ -93,16 +93,16 @@ Security features like port security, dynamic ARP inspection, DHCP snooping, IP
     1. Disable the OOB mgmt. interface:
        1. `int man 1`
        2. `disable`
-    2. Enter management VLAN config: `vlan 10` \(assuming 10 is the VID\)
-    3. Add router interface to the VLAN: `router-interface ve 10` \(10 should be same as VID\)
+    2. Enter management VLAN config: `vlan 10` (assuming 10 is the VID)
+    3. Add router interface to the VLAN: `router-interface ve 10` (10 should be same as VID)
     4. Enter router interface: `int ve 10`
     5. Set address for it: `ip address <address>/length`
     6. Exit router interface.
     7. Add a default route: `ip route 0.0.0.0/0 <gateway>`
-17. Configure spanning tree \(802-1w\):
+17. Configure spanning tree (802-1w):
     1. Enable globally: `spanning-tree single 802-1w`
     2. Set priority: `spanning-tree single 802-1w priority 12288`
-    3. Configure a port as edge port \(portfast in Cisco lingo\): `spanning-tree 802-1w admin-edge-port`
+    3. Configure a port as edge port (portfast in Cisco lingo): `spanning-tree 802-1w admin-edge-port`
     4. Enable root guard on a port: `spanning-tree root-protect`
     5. Enable BPDU guard on a port: `stp-bpdu-guard`
     6. Enable BPDU filter on a port: `stp-protect`
@@ -119,7 +119,7 @@ Security features like port security, dynamic ARP inspection, DHCP snooping, IP
 - Console:
   - Backspace in serial console: `Ctrl+H`
   - Enable logging to the serial console: `logging console`
-  - Enable logging to SSH/Telnet: `terminal monitor`\(in privileged exec mode\)
+  - Enable logging to SSH/Telnet: `terminal monitor`(in privileged exec mode)
 - Hardware:
   - Reboot: `boot system`
   - Show hardware: `sh chassis`
@@ -130,7 +130,7 @@ Security features like port security, dynamic ARP inspection, DHCP snooping, IP
   - Interface stats: `sh int`
 - Spanning tree:
   - Show: `sh span`
-- Link aggregation \(LAG\):
+- Link aggregation (LAG):
   - Show info: `sh lag`
 - File management:
   - Show directory contents: `sh dir`

config/network/cisco-catalyst-ios.md

@@ -16,16 +16,16 @@ Cisco Catalyst 2960G and 3750G
 ## Initial Configuration
 
 1. Connect using serial.
-2. Don't enter initial configuration \(it's useless\).
+2. Don't enter initial configuration (it's useless).
 3. Enter privileged exec mode: `enable`
 4. Enter configuration mode: `conf t`
 5. Set the hostname and domain name:
    1. `hostname <hostname>`
-   2. `ip domain-name <domain>` \(the part after the hostname\)
-6. Set the time zone \(Norway\):
+   2. `ip domain-name <domain>` (the part after the hostname)
+6. Set the time zone (Norway):
    1. Time zone: `clock timezone UTC 1 0`
    2. Automatic summer time: `clock summer-time CEST recurring last Sun Mar 2:00 last Sun Oct 3:00`
-7. \(Optional\) Configure NTP client:
+7. (Optional) Configure NTP client:
    1. `ntp server <address>`
    2. Show status:
       1. `sh ntp assoc`
@@ -45,7 +45,7 @@ Cisco Catalyst 2960G and 3750G
    2. Enable synchronous logging: `logging synchronous`
 10. Setup user login:
     1. Enable new model AAA: `aaa new-model`
-    2. Set the enable secret \(e.g. to "secret"\): `enable algorithm-type scrypt secret <secret>`
+    2. Set the enable secret (e.g. to "secret"): `enable algorithm-type scrypt secret <secret>`
     3. Add a user: `username <username> privilege 15 algorithm-type scrypt secret <password>`
     4. Set local login as default: `aaa authentication login default local`
     5. Enable console local login:
@@ -57,8 +57,8 @@ Cisco Catalyst 2960G and 3750G
     3. Set VTY lines to use SSH:
        1. Enter line config: `line vty 0 15`
        2. Set to use SSH: `transport input ssh`
-       3. Set the timeout: `exec-timeout <minutes> <seconds>` \(e.g. 10 minutes\)
-12. \(Optional\) Add default native vlan and black hole VLAN:
+       3. Set the timeout: `exec-timeout <minutes> <seconds>` (e.g. 10 minutes)
+12. (Optional) Add default native vlan and black hole VLAN:
     1. Never use the default native VLAN.
     2. Use the black hole VLAN as the native VLAN for trunks without an untagged VLAN, as it can't be simply disabled on some switches.
     3. Setup default native VLAN: `int vlan 1`, `desc default-native, shut`
@@ -66,15 +66,15 @@ Cisco Catalyst 2960G and 3750G
 13. Configure VLANs and VLAN interfaces:
     1. Enter VLAN config: `vlan <VID>`
     2. Set name: `name <name>`
-    3. \(Optional\) Shut down: `shutdown`
+    3. (Optional) Shut down: `shutdown`
     4. Enter VLAN interface config: `interface vlan<vid>`
     5. Set description: `description <description>`
-    6. \(Optional\) Shut down: `shutdown`
-14. Configure LAGs \(LACP\):
-    1. Set load balancing method \(globally\): `port-channel load-balance src-dst-ip`
+    6. (Optional) Shut down: `shutdown`
+14. Configure LAGs (LACP):
+    1. Set load balancing method (globally): `port-channel load-balance src-dst-ip`
     2. Enter LAG config: `interface port-channel<id>`
     3. Set description: `description <description>`
-    4. Add interfaces \(int config\): `channel-group <id> mode active`
+    4. Add interfaces (int config): `channel-group <id> mode active`
 15. Configure ports:
     1. If using LAG:
        1. Connect it: `channel-group <id> mode active`
@@ -84,17 +84,17 @@ Cisco Catalyst 2960G and 3750G
        2. `switchport mode access`
        3. Disable DTP: `switchport nonegotiate`
        4. `spanning-tree portfast`
-       5. `spanning-tree bpduguard enable` \(if not enabled globally\)
-       6. Setup other security features \(see section below.\)
+       5. `spanning-tree bpduguard enable` (if not enabled globally)
+       6. Setup other security features (see section below.)
     3. Add trunk port:
-       1. `switchport trunk encapsulation dot1q` \(the default on 2960G and cannot be set manually\)
+       1. `switchport trunk encapsulation dot1q` (the default on 2960G and cannot be set manually)
        2. `switchport trunk native vlan <vid>`
        3. `switchport trunk allowed vlan <vid>[,<vid>]*`
        4. `switchport mode trunk`
        5. Disable DTP: `switchport nonegotiate`
        6. Enable root guard if facing a lower-tier switch: `spanning-tree guard root`
     4. Disable unused ports: `shutdown`
-16. Configure spanning tree \(rapid-pvst\):
+16. Configure spanning tree (rapid-pvst):
     1. Mode: `spanning-tree mode rapid-pvst`
     2. `spanning-tree extend system-id`
     3. Configure VLANs:
@@ -103,37 +103,37 @@ Cisco Catalyst 2960G and 3750G
 17. Set management IP address and default gateway:
     1. Enter the chosen management VLAN.
     2. Set a management IP address: `ip address <address> <subnet-mask>`
-    3. Set the default gateway \(global config\): `ip default-gateway <address>`
+    3. Set the default gateway (global config): `ip default-gateway <address>`
 18. Configure access port security features:
     1. Storm control:
        1. Enter the interface config.
-       2. `storm-control broadcast level bps 3m` \(3Mbps broadcast\)
-       3. `storm-control multicast level bps 3m` \(3Mbps multicast\)
+       2. `storm-control broadcast level bps 3m` (3Mbps broadcast)
+       3. `storm-control multicast level bps 3m` (3Mbps multicast)
        4. By default it will only filter excess packets.
     2. DHCP snooping:
        1. DHCP snooping keeps a database DHCP leases. It can provide certain DHCP protection features, like rate limiting. It is used by some other security features.
        2. `ip dhcp snooping`
-       3. `ip dhcp snooping vlan <vid-list>` \(for user VLANs\)
-       4. `ip dhcp snooping verify mac-address` \(applies to DHCP packets\)
-       5. Set trusted interfaces \(if config\): `ip dhcp snooping trust`
-       6. Limit DHCP packets \(if config\): `ip dhcp snooping limit rate 25` \(25/s\)
+       3. `ip dhcp snooping vlan <vid-list>` (for user VLANs)
+       4. `ip dhcp snooping verify mac-address` (applies to DHCP packets)
+       5. Set trusted interfaces (if config): `ip dhcp snooping trust`
+       6. Limit DHCP packets (if config): `ip dhcp snooping limit rate 25` (25/s)
        7. Verify that it's enabled: `sh ip dhcp snooping`
     3. Port security:
        1. Port security limites the amount of MAC addresses that may be used by a single port.
        2. TL;DR, it validates MAC-to-port bindings.
        3. Enter the interface config.
        4. `switch port-sec`
-       5. `switch port-sec max 1` \(1 MAC address\)
-       6. `switch port-sec violation restrict` \(don't shut down port\)
+       5. `switch port-sec max 1` (1 MAC address)
+       6. `switch port-sec violation restrict` (don't shut down port)
        7. `switch port-sec aging type inactivity`
-       8. `switch port-sec aging time 1` \(1 minute\)
-    4. IP source guard \(IPSG\) \(IPv4\):
+       8. `switch port-sec aging time 1` (1 minute)
+    4. IP source guard (IPSG) (IPv4):
        1. IPSG verifies that packets from a port match the IP addresses and optionally MAC adresses in the DHCP snooping DB.
        2. TL;DR, it validates IP-to-port bindings.
        3. Enter interface config.
        4. `ip verify source`
        5. An extra argument `port-security` can be specified which specified that MAC addresses should also be checked. If not specified, it only checks IP addresses. It requires that the server supports option 82.
-    5. Dynamic ARP inspection \(DAI\) \(IPv4\):
+    5. Dynamic ARP inspection (DAI) (IPv4):
        1. DAI uses the DHCP snooping DB and is similar to IPSG, but only applies to ARP packets.
        2. TL;DR, it validates IP-to-MAC bindings.
        3. `ip arp inspection vlan <vid-list>`
@@ -165,7 +165,7 @@ Cisco Catalyst 2960G and 3750G
 #### AAA
 
 - Disable the `password-encryption` service, use encrypted passwords instead.
-- Use type 9 \(scrypt\) secrets.
+- Use type 9 (scrypt) secrets.
 
 #### Ports and VLANs
 
@@ -173,8 +173,8 @@ Cisco Catalyst 2960G and 3750G
   - Overview: `sh ip int br`
   - Details: `sh int`
 - Use trunks between switches. Avoid using native VLANs with trunks if possible.
-- Select range of interfaces: `int range g1/0/1-52` \(example\)
-- Reset interface\(s\): `default int [range] <if>[-<end>]`
+- Select range of interfaces: `int range g1/0/1-52` (example)
+- Reset interface(s): `default int [range] <if>[-<end>]`
 - User ports:
   - Untrusted.
   - Generally, configure it as an access port.
@@ -191,8 +191,8 @@ Cisco Catalyst 2960G and 3750G
   - Shut them down.
 - Native VLAN:
   - Be careful not to have a native VLAN spanning the entire area.
-  - Avoid using VLAN 1 \(the default VLAN\).
-  - Consider adding a new VLAN \(e.g. VLAN 2\) and shutting it down, then using it as the native VLAN of trunks. This effectively disables the native VLAN for those trunks.
+  - Avoid using VLAN 1 (the default VLAN).
+  - Consider adding a new VLAN (e.g. VLAN 2) and shutting it down, then using it as the native VLAN of trunks. This effectively disables the native VLAN for those trunks.
   - User VLANs should never be a native VLAN on any trunk. It can enable VLAN hopping through double tagging.
 
 #### Services and Features

config/network/linux-router.md

@@ -16,8 +16,8 @@ Debian 10
 ## Notes
 
 1. For high-performance routing:
-   1. Disabling dynamic frequency and voltage scaling \(Intel SpeedStep\).
-   2. Disabling multithreading \(Intel Hyper-Threading\).
+   1. Disabling dynamic frequency and voltage scaling (Intel SpeedStep).
+   2. Disabling multithreading (Intel Hyper-Threading).
 2. Enable IPv4 and IPv6 forwarding in `/etc/sysctl.conf`:
    1. `net.ipv4.ip_forward=1`
    2. `net.ipv6.conf.all.forwarding=1`
@@ -25,7 +25,7 @@ Debian 10
    1. Configure NAT.
    2. Setup bogon and RFC 1918 filtering.
    3. Verify source for stub networks.
-4. Setup DHCP servers for IPv4 and IPv6 \(unless using IPv6 SLAAC\).
+4. Setup DHCP servers for IPv4 and IPv6 (unless using IPv6 SLAAC).
 5. Setup a DNS server.
 6. Setup other servers, like NTP.
 

config/network/notes.md

@@ -14,8 +14,8 @@ breadcrumbs:
 
 | Cisco IOS | Brocade ICX |
 | :--- | :--- |
-| Access port \(VLAN\) | Untagged port |
-| Trunk port \(VLAN\) | Tagged port |
+| Access port (VLAN) | Untagged port |
+| Trunk port (VLAN) | Tagged port |
 | Native VLAN | Dual mode |
 
 ## Spanning Tree
@@ -33,14 +33,14 @@ breadcrumbs:
 | 802.1s, MSTP, MST | Cisco IOS | Multiple instances with configurable VLAN members |
 | 802.1Q |  | ??? |
 
-\(\*\) Very incomplete list.
+(\*) Very incomplete list.
 
 ### Notes
 
 - Use extended system ID for multi-VLAN switches.
 - Make sure all switches are using compatible variants and default priorities.
-- Make sure all VLANs are running STP or that STP is running globally \(not per VLAN\).
-- STP \(excluding per-VLAN STP and generally not MST\) \(including rapid versions\) will consider multiple links between switches a loop, even when the links carry different VLANs.
+- Make sure all VLANs are running STP or that STP is running globally (not per VLAN).
+- STP (excluding per-VLAN STP and generally not MST) (including rapid versions) will consider multiple links between switches a loop, even when the links carry different VLANs.
 - The bridge priority should generally be a multiple of 4096.
 - PVST and 802.1Q regions cannot interoperate directly, but can through PVST+ regions.
 
@@ -53,9 +53,9 @@ breadcrumbs:
 
 #### Alternative 1
 
-- Cisco IOS \(Cat 3750G\): `rapid-pvst`
-- Brocade \(ICX 6610\): `802.1w`
-- Linksys \(LGS326\): `stp` \(slow but works\)
+- Cisco IOS (Cat 3750G): `rapid-pvst`
+- Brocade (ICX 6610): `802.1w`
+- Linksys (LGS326): `stp` (slow but works)
 - Use the same default priority, e.g. 32768.
 
 {% include footer.md %}

config/network/pfsense.md

@@ -30,7 +30,7 @@ pfSense v2
 7. Set the correct thermal sensors.
 8. Enable RAM disks with e.g. 1024MiB and 4096MiB and e.g. 3 hour backups.
 9. Increase network memory buffer size: Add a new system tunable with key `kern.ipc.nmbclusters` and value `1000000`.
-10. Disable TCP segmentation offload \(TSO\) and large receive offload \(LRO\). Most hardware/drivers have issues with them.
+10. Disable TCP segmentation offload (TSO) and large receive offload (LRO). Most hardware/drivers have issues with them.
 11. See [this page](https://docs.netgate.com/pfsense/en/latest/hardware/tuning-and-troubleshooting-network-cards.html) for NIC-specific tuning.
 
 ## Services
@@ -41,11 +41,11 @@ pfSense v2
 
 1. Install `freeradius3`.
 2. Go to the FreeRADIUS settings.
-3. Add an interface for authentication: Listen on all interfaces \(or only localhost\), port 1812, type "authentication", IPv4. Add a separate interface for IPv6.
-4. Add an interface for accounting: Listen on all interfaces \(or only localhost\), port 1813, type "accounting", IPv4. Add a separate interface for IPv6.
+3. Add an interface for authentication: Listen on all interfaces (or only localhost), port 1812, type "authentication", IPv4. Add a separate interface for IPv6.
+4. Add an interface for accounting: Listen on all interfaces (or only localhost), port 1813, type "accounting", IPv4. Add a separate interface for IPv6.
 5. Add clients/NAS.
 6. Add RADIUS users.
-7. \(Optional\) Use FreeRADIUS as an authentication backend.
+7. (Optional) Use FreeRADIUS as an authentication backend.
    1. Create a RADIUS client with client IP address `127.0.0.1`.
    2. Add the RADIUS client in "System/User Manager/Authentication Servers".
    3. **TODO** What's the "RADIUS NAS IP Attribute"?
@@ -77,9 +77,9 @@ pfSense v2
 
 1. Install `ntopng`.
 2. Enable it.
-3. Set an admin password. \(The username is "admin".\)
+3. Set an admin password. (The username is "admin".)
 4. Enable all interfaces to monitor.
-5. Update GeoIP data \(save first, it reloads the page\).
+5. Update GeoIP data (save first, it reloads the page).
 6. New users can be added through the web panel.
 7. It uses a bit of storage and processing power, so disable it if it's not being used.
 
@@ -89,7 +89,7 @@ pfSense v2
 
 1. OpenVPN is built in.
 2. Install `openvpn-client-export`.
-3. \(Recommended\) Use RADIUS as the local auth backend. OpenVPN + FreeRADIUS supports authentication with cert. + PIN + TOTP.
+3. (Recommended) Use RADIUS as the local auth backend. OpenVPN + FreeRADIUS supports authentication with cert. + PIN + TOTP.
 4. Use the wizard.
 5. Use hardware crypto if you have it.
 6. Use server mode with TLS cert. and password.
@@ -101,15 +101,15 @@ pfSense v2
 1. Disable hardware checksum offloading. Suricata doesn't work well with it.
 2. Insall `suricata`.
 3. Update the rule set manually the first time.
-4. Select which rule sets to install. E.g. the ETOpen Emerging Threats \(ET\) Open which is free and modular.
+4. Select which rule sets to install. E.g. the ETOpen Emerging Threats (ET) Open which is free and modular.
 5. Set the rule update interval. E.g. 6 or 12 hours.
 6. Enable "live rule swap on update".
 7. Set the "remove blocked host interval". E.g. 15 minutes.
 8. Add the WAN interface.
    1. Enable desired logs.
-   2. Don't enable "block offenders" \(yet\).
+   2. Don't enable "block offenders" (yet).
    3. Set the detect-engine profile appropriately. Use "high" if you have more than 4GB of memory and an okay machine.
-9. Enable "resolve flowbits", which allows rules to match based on multiple packets by setting bits on the flow \(or something like that\).
+9. Enable "resolve flowbits", which allows rules to match based on multiple packets by setting bits on the flow (or something like that).
 10. Select which installed rule sets to use.
     1. Description of some ET Open rule sets: [Here](https://doc.emergingthreats.net/bin/view/Main/EmergingFAQ#What_is_the_general_intent_of_ea)
     2. Some rule sets contain a short description at the top of the file.
@@ -121,7 +121,7 @@ pfSense v2
     8. More rules means more problems and debugging.
 11. Double all the "memory cap" values. It can fail to start if it runs out of memory.
 12. Enable/start the WAN interface.
-    1. If it doesn't start, check the error log. If it contains "alloc error" or "pool grow failed", increase "Stream Memory Cap" to e.g. `100663296` \(96MiB\).
+    1. If it doesn't start, check the error log. If it contains "alloc error" or "pool grow failed", increase "Stream Memory Cap" to e.g. `100663296` (96MiB).
     2. If it failed to start, it may have failed to remove its PID file. Remove it manually if it refuses to restart because of it.
 13. Watch for alerts and resolve false alerts by changing and tweaking the settings.
     1. Torrenting is a useful way of load testing.
@@ -131,21 +131,21 @@ pfSense v2
     2. Inline mode inspects packets before the host network stack. It will affect performance/latency but will not leak, thus making it more secure. It requires support from the NIC driver.
 15. Test it by trying to do bad stuff.
     1. Try downloading the EICAR file.
-16. \(Optional\) Add LAN interfaces.
+16. (Optional) Add LAN interfaces.
 
 ### Unbound
 
 #### Setup
 
-1. Use only the DNS resolver \(Unbound\), not the older DNS forwarder \(dnsmasq\).
+1. Use only the DNS resolver (Unbound), not the older DNS forwarder (dnsmasq).
 2. Receive from and transmit to every interface.
 3. Use a "transparent" local zone.
 4. Enable DNSSEC.
 5. Enable forwarding mode if you want to query a set of selected servers instead of the root servers. The selected servers are the ones specified in the system settings. Check that you're not using the DNS servers provided by DHCP, unless you want that for some reason.
-6. Use TLS for outgoing queries if using forwarding mode and the selected servers supports it \(such as Cloudflare\).
+6. Use TLS for outgoing queries if using forwarding mode and the selected servers supports it (such as Cloudflare).
 7. Don't register DHCP or OpenVPN clients.
 8. Enable DNSSEC hardening.
-9. Enable DNS rebinding protection in the system settings \(enabled by default\).
+9. Enable DNS rebinding protection in the system settings (enabled by default).
 
 #### Usage
 

config/network/unifi.md

@@ -17,9 +17,9 @@ UniFi AP AC (different variants) with controller v5
 
 ### Miscellaneous
 
-- Disable wireless uplinks \(meshing\) if not used:
-  - \(Alternative 1\) Disable per site: Go to site settings and disable "uplink connectivity monitor".
-  - \(Alternative 2\) Disable per AP: Go to AP settings, "wireless uplinks" and disable everything.
+- Disable wireless uplinks (meshing) if not used:
+  - (Alternative 1) Disable per site: Go to site settings and disable "uplink connectivity monitor".
+  - (Alternative 2) Disable per AP: Go to AP settings, "wireless uplinks" and disable everything.
   - Upgrade the controller and AP firmware. Old versions can be buggy wrt. wireless uplinks and can cause L2 loops.
 
 {% include footer.md %}

config/pc/common-applications.md

@@ -29,7 +29,7 @@ breadcrumbs:
 
 ### Usage
 
-- New key \(RSA\): `ssh-keygen -t rsa -b 4096`
+- New key (RSA): `ssh-keygen -t rsa -b 4096`
 
 ### Config
 
@@ -59,7 +59,7 @@ autocmd FileType yaml setlocal ts=2 sts=2 sw=2 expandtab
 
 ### Extensions
 
-- HTML CSS Support \(ecmel.vscode-html-css\)
+- HTML CSS Support (ecmel.vscode-html-css)
 
 ### Config
 

config/pc/kubuntu.md

@@ -21,15 +21,15 @@ Kubuntu 19.10+
 
 1. Install `vim` and change the default editor to vim by running `update-alternatives --config editor` and selecting `vim.basic`.
 2. Disable password for the sudo group by running `visudo` and changing the sudo group line to `%sudo ALL=(ALL:ALL) NOPASSWD: ALL`.
-3. Enable numlock on boot \(search for it\).
+3. Enable numlock on boot (search for it).
 4. Appearance:
    1. Change to the dark theme.
    2. Make all fonts 1 size smaller.
 5. Shortcuts:
    1. Disable web shortcuts.
-   2. Add a keyboard shortcut for Dolphin \(e.g. `Meta+E`\) by running `kmenuedit` and changing System, Dolphin.
+   2. Add a keyboard shortcut for Dolphin (e.g. `Meta+E`) by running `kmenuedit` and changing System, Dolphin.
 6. Setup panels for all screens. Only show tasks for the current screen.
-7. Install and configure a \(persistent\) firewall.
+7. Install and configure a (persistent) firewall.
 
 ## Troubleshooting
 

config/pc/linux-applications.md

@@ -28,11 +28,11 @@ Kubuntu 19.10+
 #### Configure Fancontrol
 
 1. Install `fancontrol`.
-2. \(Optional\) Install `gnuplot` if you want `pwmconfig` to generate graphical plots.
+2. (Optional) Install `gnuplot` if you want `pwmconfig` to generate graphical plots.
 3. Run `pwmconfig`.
    1. Use manual mode for when asked.
    2. Generate detailed correlations when asked.
-   3. Set up the config file when asked \(`/etc/fancontrol`\).
+   3. Set up the config file when asked (`/etc/fancontrol`).
    4. Decide which sensor each controller should depend on.
    5. Configure all fan controllers.
    6. Save and quit.
@@ -58,7 +58,7 @@ GUI for configuring gaming mice.
 
 ## Shell
 
-### ZSH \(Oh-My-ZSH\)
+### ZSH (Oh-My-ZSH)
 
 1. Install ZSH.
 2. Install Oh-My-ZSH:

config/pc/linux-examples.md

@@ -17,9 +17,9 @@ Debian 10 Buster
 
 ### File Systems and Logical Volume Managers
 
-- Partition disk: `gdisk <dev>` \(GPT\) or `fdisk <dev>` \(MBR\)
+- Partition disk: `gdisk <dev>` (GPT) or `fdisk <dev>` (MBR)
 - Create filesystem: `mkfs.<fs> <dev>`
-- ZFS: See ZFS \(**TODO**\).
+- ZFS: See ZFS (**TODO**).
 
 ### Files
 
@@ -27,8 +27,8 @@ Debian 10 Buster
   - By UID: `find / -user <UID>`
   - Without a user: `find / -nouser`
   - With setuid permission bit: `find / -perm /4000`
-- Recursive search and replace: `find <dir> \( -type d -name .git -prune \) -o -type f -print0 | xargs -0 sed -i 's/123/456/g'`
-  - `\( -type d -name .git -prune \) -o` skips `.git` directories and can be excluded outside of git repos.
+- Recursive search and replace: `find <dir> ( -type d -name .git -prune ) -o -type f -print0 | xargs -0 sed -i 's/123/456/g'`
+  - `( -type d -name .git -prune ) -o` skips `.git` directories and can be excluded outside of git repos.
 
 ### Fun
 

config/pc/windows.md

@@ -15,14 +15,14 @@ Windows 10
 
 ## Installation
 
-- There's no need to provide a product/activation key. If the PC \(motherboard?\) has been activated before, it will automatically activate when starting the first time.
+- There's no need to provide a product/activation key. If the PC (motherboard?) has been activated before, it will automatically activate when starting the first time.
 -  Use a local account. Link to a Microsoft account later if needed, but preferably only for Microsoft apps.
 - Say no to everything privacy related.
 
 ## After Installation
 
 - Install all available updates.
-- Install graphics drivers and fix display frame rates, color ranges \(use full range for PC displays and limited for TVs, generally\) etc.
+- Install graphics drivers and fix display frame rates, color ranges (use full range for PC displays and limited for TVs, generally) etc.
 - Enable BitLocker drive encryption for all drives.
   - Allow using it without a TPM module:
     - Open `gpedit.msc`.
@@ -32,7 +32,7 @@ Windows 10
       - Allow without compatible TPM module.
       - Do not allow TPM.
     - Enable "allow enhanced PINs for startup".
-- Disable the lock screen: [How to Disable the Lock Screen on Windows 10 \(Lifewire\)](https://www.lifewire.com/disable-lock-screen-windows-10-4173812)
+- Disable the lock screen: [How to Disable the Lock Screen on Windows 10 (Lifewire)](https://www.lifewire.com/disable-lock-screen-windows-10-4173812)
   - Open `regedit`.
   - Go to `HKEY_LOCAL_MACHINE/SOFTWARE/Policies/Microsoft/Windows`.
   - Create a new key named `Personalization`.
@@ -54,7 +54,7 @@ Windows 10
   - Used balanced.
   - Extend periods for turning off stuff.
   - Disable the sleep timer.
-  - Allow the CPU to reduce its "utilization" \(for Intel SpeedStep\).
+  - Allow the CPU to reduce its "utilization" (for Intel SpeedStep).
 - Device settings:
   - Disable AutoPlay.
 - Personalisation settings:
@@ -75,7 +75,7 @@ Windows 10
 
 ## Troubleshooting
 
-### Windows Subsystem for Linux \(WSL\)
+### Windows Subsystem for Linux (WSL)
 
 #### Linux Kernel CMA Support was Requested ...