Tweak headings

Signed-off-by: Harsh Shandilya <me@msfjarvis.dev>

content/posts/android-password-store-july-release.md

@@ -11,21 +11,21 @@ toc = true
 
 [As promised](https://twitter.com/MSF_Jarvis/status/1278002765046804480), here are detailed release notes for the [v1.10.0](https://github.com/android-password-store/Android-Password-Store/releases/tag/v1.10.0) build of Android Password Store that is going out right now on the Play Store and to F-Droid in the coming days. This is a massive one even compared to our previous v1.9.0 major release, which was our largest release when it went out. Let's dive into the changes!
 
-# New features
+## New features
 
-## TOTP support
+### TOTP support
 
 I [removed support for HOTP and TOTP secrets](https://msfjarvis.dev/aps/pr/806) back in v1.9.0 due to multiple reasons, a) it was blocking important refactoring efforts, b) it had zero test coverage, and c) none of the maintainers used it. Play Store reviews swiftly reminded us that people did use the feature even in its wonky state, and demanded its return. I stuck to our decision as maintainers for a while, but active members of the pass community like [erayd](https://github.com/erayd) (who happens to be the maintainer for [browserpass](https://github.com/browserpass)!) were able to convince us otherwise and provided good, actionable feedback allowing us to [bring back TOTP](https://msfjarvis.dev/aps/pr/890) support into APS, better than ever before.
 
 The new implementation is backed by a solid suite of tests and contains new features like the ability to import TOTP URIs using QR codes, being able to Autofill them into webpages as well as extracting OTPs from SMSes (not available on F-Droid due to GMS dependencies for SMS monitoring).
 
-## Support for ED25519/ECDSA keys
+### Support for ED25519/ECDSA keys
 
 With our ongoing efforts to switch over from the dated [Jsch](http://www.jcraft.com/jsch/) SSH library to the more up-to-date and maintained [SSHJ](https://github.com/hierynomus/sshj), we now fully support ED25519 and ECDSA keys! You no longer need to rely on RSA to authenticate from your phone to your Git host :)
 
 In a future release, we'll be bringing more improvements to this area including generating and storing SSH keys in the [Android Keystore](https://source.android.com/security/keystore/) for enhanced security as well as support for fallback authentication.
 
-## Proper support for per-directory keys
+### Proper support for per-directory keys
 
 [pass](https://www.passwordstore.org/) has a neat feature where it allows you to use a separate GPG key for a subdirectory, such as for sharing passwords across a team. It achieves this by looking for a `.gpg-id` file starting from the current directory, up to the root of the store. The first file it finds is what it uses as the key for the GPG operations.
 
@@ -41,27 +41,27 @@ In this directory structure, `pass generate subdirectory1/example.com` will use
 
 Previously, Password Store would only correctly handle decryption in this situation, and fail to select the right key for encrypting. The workaround for this was to manually select the key from settings that you wished to use, before creating a password. That's pretty stupid, and we're sorry you had to do that earlier. Now, Password Store uses an algorithm similar to the `pass` CLI to find the correct `.gpg-id` file and read the key from it. GnuPG is more 'forgiving', if you will, in what type of key values it can work with so there's a slim chance that your current workflow might now be broken. If this happens, please immediately either file an issue over on the [GitHub repository](https://msfjarvis.dev/aps) or email us at {{< cloakemail "aps@msfjarvis.dev" >}} with as much detail as you can and we'll resolve it ASAP.
 
-# Bugfixes
+## Bugfixes
 
-## Better protection against invalid filename changes
+### Better protection against invalid filename changes
 
 Over the past few releases we've been hard at work improving the password edit flow, making it more accessible and 'obvious' to users and simultaneously prevent any hidden footguns from souring the experience. We received a bug report about [file renaming](https://msfjarvis.dev/aps/issue/928) having unexpected behavior that caused destructive actions in the store, and in response we [now have better safeguards against this](https://msfjarvis.dev/aps/pr/929) and have improved the UI to make things more clear to users.
 
-## Export passwords asynchronously
+### Export passwords asynchronously
 
 Previously the password export would run on the main thread and potentially cause the app to completely freeze and throw a 'Password Store is not responding error'. This has been rectified, and the export now occurs in an entirely separate process.
 
-## UI fixes
+### UI fixes
 
 A bunch of UI feedback was provided to us after the last major release and we've worked to address it in this one. Long file/folder names now correctly wrap across lines, and the error UI for wrong password/passphrase is now aesthetically correct [[PR](https://msfjarvis.dev/aps/pr/892)].
 
-## QoL improvements
+### QoL improvements
 
 We've been aggressively refactoring the codebase to use modern APIs like [ActivityResultContracts](https://msfjarvis.dev/aps/pr/910) and making large scale architectural changes to our old code in efforts to improve maintainability in the future. We also have work-in-progress rewrites of the [Git commands pipeline](https://msfjarvis.dev/aps/pr/865) and incoming support for [fallback authentication](https://msfjarvis.dev/aps/pr/825).
 
-# General changes and improvements
+## General changes and improvements
 
-## New icon and color scheme
+### New icon and color scheme
 
 Right off the bat, you will notice a brand new icon for Password Store. This was created for us by [Radek Błędowski](https://twitter.com/RKBDI), go check him out!
 
@@ -69,15 +69,15 @@ Right off the bat, you will notice a brand new icon for Password Store. This was
 
 To complement the new icon, we've also updated our color scheme to better suit this new branding.
 
-## Simplified XkPasswd implementation
+### Simplified XkPasswd implementation
 
 While revisiting our UI during the icon change, we realised that the alternate XkPasswd password generator option we introduced back in v1.6.0 was a tad too complicated to use with a lot more knobs and switches than necessary. This has been fixed, and we hope that it's now at a level of accessibility that allows more users to try it out.
 
-## Improvements to biometric lock transition and password list UI
+### Improvements to biometric lock transition and password list UI
 
 The biometric authentication UI flow has been updated to show the authentication dialog over a transparent screen, before starting the app upon success. We've also retouched the password list to remove the leading icons, as we have been consistently receiving numerous comments about them being unnecessary and a bit ugly. In v1.4.0 we introduced child counts and iconographic hints to directories, and we feel they are more than sufficient to communicate the difference between them and password files. We welcome all feedback about these changes at {{< cloakemail "me@msfjarvis.dev" >}}.
 
-# In conclusion
+## In conclusion
 
 There are a lot more changes in this release than those included in this post, which you can check out [here](https://github.com/android-password-store/Android-Password-Store/milestone/10). We're constantly at work improving APS and all constructive feedback helps us create a better experience for users and ourselves, so please keep it coming (over email, if it's a suggestion. Play Store reviews are not good for back-and-forth communication).
 

content/posts/android-password-store-september-release.md

@@ -13,21 +13,21 @@ Continuing with this new-ish tradition we have going here, here are the detailed
 
 > Multiple important announcements at the end of the page, make sure to read the whole thing!
 
-# New features
+## New features
 
-## Extend Autofill support to more browsers
+### Extend Autofill support to more browsers
 
 [Devin J. Pohly](https://github.com/djpohly) and [Rounak Dutta](https://github.com/rounakdatta) collectively contributed support for 3 new Chromium-based browsers: [Bromite](https://www.bromite.org/), [Ungoogled Chromium](https://git.droidware.info/wchen342/ungoogled-chromium-android) and [Kiwi](https://kiwibrowser.com/).
 
-## Allow sorting by recently used
+### Allow sorting by recently used
 
 This feature was requested [a while ago](https://msfjarvis.dev/aps/issue/535) and was [implemented by Alex Molinares](https://msfjarvis.dev/aps/pr/1031) early in the cycle. The database that keeps track of the recently used passwords is always active, so if and when you switch to this sorting mode you'll see everything already sorted based on your old usage patterns. Neat!
 
-## Add ability to view Git commit log
+### Add ability to view Git commit log
 
 Another, [even older](https://msfjarvis.dev/aps/issue/284) feature request has finally been addressed. This too, [came from an external contributor](https://msfjarvis.dev/aps/pr/1056) and was one of the best pull requests I have ever seen. It's a great feature, and I thoroughly enjoyed the entire process of its inclusion.
 
-## SSH key generation and handling improvements
+### SSH key generation and handling improvements
 
 The old SSH key generation has been [scrapped and rewritten](https://msfjarvis.dev/aps/pr/1070) to use safer cryptographic curves: RSA-3072, NIST's P-256 and ED25519. Users are now also afforded the choice to secure access to this key via device biometrics. Once enabled, you will be prompted to authenticate via your device lock each time the SSH key is needed by the app.
 
@@ -35,29 +35,29 @@ On supported devices, this key will be stored in the device's dedicated keystore
 
 The [wiki](https://github.com/android-password-store/Android-Password-Store/wiki) has been refreshed with updated guidance and documentation on SSH key handling.
 
-## Fallback authentication for SSH
+### Fallback authentication for SSH
 
 SSH servers are often configured to have multiple authentication methods, where you first attempt to authenticate with private keys and if that fails, fall back to passwords. This wasn't previously supported in APS, which would quit after the first failure. We've changed that to now offer the option of entering a password if the server is configured to fall back to it.
 
-## Rewritten and redesigned onboarding flow
+### Rewritten and redesigned onboarding flow
 
 In a multi-step refactoring process, the initial flow of setting up the app has been completely revamped. The internals were completely overhauled to improve stability, weed out some gnarly hacks, and make the whole thing easier to test and understand. Maintainer [Aditya Wasan](https://github.com/Skrilltrax) did a fabulous job giving the [UI a facelift](https://msfjarvis.dev/aps/pr/1099). It's real pretty now ✨
 
-## Show hidden folders now also shows hidden directories
+### Show hidden folders now also shows hidden directories
 
 Our old 'Show hidden folders' feature has now been simplified to show _all_ hidden files and folders in the repository. It is intended to make it easier to perform trivial maintenance tasks that would normally require access to a PC.
 
-# Bugfixes
+## Bugfixes
 
-## SSH connection problems with Bitbucket
+### SSH connection problems with Bitbucket
 
 In our last major release, we included a change to [re-use SSH connections](https://msfjarvis.dev/aps/pr/1012) to speed up Git operations. This had an unfortunate side effect: Bitbucket users were unable to use SSH to connect to their repositories. Atlassian has been [aware of this problem](https://community.atlassian.com/t5/Bitbucket-questions/Can-t-repo-sync-anymore/qaq-p/354231) for quite some time now and did nothing about it, so we now include a [helpful message and an internal workaround](https://msfjarvis.dev/aps/pr/1093) when this particular type of error is encountered.
 
-## Symlink support
+### Symlink support
 
 While still potentially finicky, we're now confident that this is ready to be shipped to all users without the risk of crashes.
 
-## Assorted UX improvements
+### Assorted UX improvements
 
 As always, there are a handful of Quality of Life changes to make the app more enjoyable to use:
 
@@ -71,13 +71,13 @@ As always, there are a handful of Quality of Life changes to make the app more e
 
 There's definitely more fixes here, but we ended up rewriting, breaking and fixing so many things for this release that it's hard to tell what was actually broken in the previous release and what is just us fixing regressions during refactoring. We've been busy :)
 
-# Important announcements
+## Important announcements
 
-## Autofill parser is now a standalone library!
+### Autofill parser is now a standalone library!
 
 Our excellent Autofill capabilities are now bundled as a separate Android library and can be used by other password managers to improve their Autofill experiences. Detailed documentation will be coming over the next few days, keep an eye out [here](https://github.com/android-password-store/Android-Password-Store/tree/develop/autofill-parser) if it's something you're interested in.
 
-## RFC for removal of Git support in external repos
+### RFC for removal of Git support in external repos
 
 Based on the issues raised in the repository and the support emails I've received, the maintainers have come to the conclusion that nearly all users who choose to store their pass repositories in their device storage or external SD card as opposed to the app's private, hidden directory are not users of Git and rely on solutions like Syncthing and Nextcloud to keep the repository in sync with their other devices.