Standardise on <figure>

.gitignore

@@ -1,4 +1,5 @@
 .DS_Store
+.idea
 
 # When running outside of docker, Hugo writes content here
 /site/public

site/content/post/2016-04-10-sense-api.md

@@ -10,9 +10,10 @@ description: How to retrieve data from a Hello Sense without using the official
 area: REST APIs
 ---
 
-<div class="image right">
- <img src="/res/images/sense/sense.jpg" alt="Sense">
-</div>
+<figure class="right">
+  <img src="/res/images/sense/sense.jpg" alt="Sense">
+  <figcaption>A Sense unit and its two pillow sensors</figcaption>
+</figure>
 
 Sense is a little device that sits by your bedside and, in
 conjunction with a little 'pill' attached to your pillow, monitors your sleeping patterns and

site/content/post/2016-05-02-monitoring-power-with-wemo.md

@@ -10,9 +10,10 @@ description: Using SOAP requests to get raw data, and rrdtool to produce graphs.
 area: data analysis
 ---
 
-<div class="image right">
- <img src="/res/images/wemo/switch.jpg" alt="WeMo Insight Switch">
-</div>
+<figure class="left">
+  <img src="/res/images/wemo/switch.jpg" alt="WeMo Insight Switch">
+  <figcaption>A WeMo Insight Switch</figcaption>
+</figure>
 
 I recently picked up a couple of <a href="http://www.belkin.com/uk/p/P-F7C029/">Belkin's WeMo
 Insight Switches</a> to monitor power usage for my PC and networking equipment. WeMo is Belkin's

site/content/post/2016-05-21-docker-automatic-nginx-proxy.md

@@ -10,9 +10,10 @@ description: Automatically retrieve certificates from Let's Encrypt and configur
 area: Docker
 ---
 
-<div class="image left">
- <img src="/res/images/docker/logo.png" alt="Docker logo">
-</div>
+<figure class="right">
+  <img src="/res/images/docker/logo.png" alt="Docker logo">
+  <figcaption>The Docker project logo</figcaption>
+</figure>
 
 Over the past few weeks I've gradually been migrating services from running in LXC containers to
 Docker containers. It takes a while to get into the right mindset for Docker - thinking of

site/content/post/2016-06-17-why-you-should-be-using-https.md

@@ -9,9 +9,10 @@ description: There's no good reason for sites to avoid HTTPS any more, and lots
 area: security
 ---
 
-<div class="image right">
- <img src="/res/images/https/https-everywhere.jpg" alt="EFF HTTPS Everywhere logo">
-</div>
+<figure class="left">
+  <img src="/res/images/https/https-everywhere.jpg" alt="EFF HTTPS Everywhere logo">
+  <figcaption>The EFF's HTTPS Everywhere logo</figcaption>
+</figure>
 
 One of my favourite hobbyhorses recently has been the use of HTTPS, or lack thereof. HTTPS is the
 thing that makes the little padlock appear in your browser, and has existed for over 20 years.

site/content/post/2016-08-11-offline-gnupg-master-yubikey-subkeys.md

@@ -9,9 +9,10 @@ description: How to use an aircapped computer, a large dose of paranoia, an iron
 area: security
 ---
 
-<div class="image left">
- <img src="/res/images/yubikey/keys.png" alt="Two yubikeys">
-</div>
+<figure class="right">
+  <img src="/res/images/yubikey/keys.png" alt="Two yubikeys">
+  <figcaption>A (key-)pair of Yubikeys. (Sorry.)</figcaption>
+</figure>
 
 I recently noticed that I'd accidentally lost my previous GPG private key &mdash; whoops. It was on
 a drive that I'd since formatted and used for a fair amount of time, so there's no hope of

site/content/post/2016-10-18-shoring-up-sshd.md

@@ -8,9 +8,11 @@ image: /res/images/ssh/openssh.png
 description: Tools and suggestions for improving the security of SSHd by disabling weak algorithms and modern config tweaks.
 area: security
 ---
-<div class="image right">
- <img src="/res/images/ssh/openssh.png" alt="OpenSSH logo">
-</div>
+
+<figure class="left">
+  <img src="/res/images/ssh/openssh.png" alt="OpenSSH logo">
+  <figcaption>The OpenSSH project logo</figcaption>
+</figure>
 
 I recently came across a useful tool on GitHub called
 [ssh-audit](https://github.com/arthepsy/ssh-audit). It's a small Python script

site/content/post/2017-12-17-dns-over-tls-on-edgerouter-lite.md

@@ -7,9 +7,10 @@ description: Installing and configuring Unbound on an Edgerouter Lite to enable
 area: security
 ---
 
-<div class="image left">
- <img src="/res/images/erl/edgerouter.jpg" alt="EdgeRouter Lite">
-</div>
+<figure class="left">
+  <img src="/res/images/erl/edgerouter.jpg" alt="An EdgeRouter Lite">
+  <figcaption>The EdgeRouter Lite</figcaption>
+</figure>
 
 DNS-over-TLS is a fairly recent specificiation described in
 [RFC7858](https://tools.ietf.org/html/rfc7858), which enables DNS clients to
@@ -167,4 +168,4 @@ inspect packets on the WAN interface directed at port 53:
 sudo tcpdump -Xi eth0 port 53
 {{< / highlight >}}
 
-You should, hopefully, not see anything.
+You should, hopefully, not see anything.

site/content/post/2019-04-01-understanding-docker-volume-mounts.md

@@ -7,14 +7,17 @@ description: It's basically magic.
 area: Docker
 ---
 
+<figure class="left">
+  <img src="/res/images/docker/logo.png" alt="Docker logo">
+  <figcaption>The Docker project logo</figcaption>
+</figure>
+
 One thing that always confuses me with Docker is how exactly mounting
 volumes behaves. At a basic level it's fairly straight forward: you
 declare a volume in a Dockerfile, and then either explicitly mount
 something there or docker automatically creates an anonymous volume
 for you. Done. But it turns out there's quite a few edge cases...
 
-<!--more-->
-
 ### Changing ownership of the folder
 
 Perhaps the most common operation done on a Docker volume other than
@@ -22,6 +25,8 @@ simply mounting it is trying to change the ownership of the directory.
 If your Docker process runs as a certain user you probably want the
 directory to be writable by that user.
 
+<!--more-->
+
 At first we might try something like:
 
 {{< highlight docker >}}