Standardise on <figure>

.gitignore

 .DS_Store
+.idea
 
 # When running outside of docker, Hugo writes content here
 /site/public

site/content/post/2016-04-10-sense-api.md

 area: REST APIs
 ---
 
-<div class="image right">
- <img src="/res/images/sense/sense.jpg" alt="Sense">
-</div>
+<figure class="right">
+  <img src="/res/images/sense/sense.jpg" alt="Sense">
+  <figcaption>A Sense unit and its two pillow sensors</figcaption>
+</figure>
 
 Sense is a little device that sits by your bedside and, in
 conjunction with a little 'pill' attached to your pillow, monitors your sleeping patterns and

site/content/post/2016-05-02-monitoring-power-with-wemo.md

 area: data analysis
 ---
 
-<div class="image right">
- <img src="/res/images/wemo/switch.jpg" alt="WeMo Insight Switch">
-</div>
+<figure class="left">
+  <img src="/res/images/wemo/switch.jpg" alt="WeMo Insight Switch">
+  <figcaption>A WeMo Insight Switch</figcaption>
+</figure>
 
 I recently picked up a couple of <a href="http://www.belkin.com/uk/p/P-F7C029/">Belkin's WeMo
 Insight Switches</a> to monitor power usage for my PC and networking equipment. WeMo is Belkin's

site/content/post/2016-05-21-docker-automatic-nginx-proxy.md

 area: Docker
 ---
 
-<div class="image left">
- <img src="/res/images/docker/logo.png" alt="Docker logo">
-</div>
+<figure class="right">
+  <img src="/res/images/docker/logo.png" alt="Docker logo">
+  <figcaption>The Docker project logo</figcaption>
+</figure>
 
 Over the past few weeks I've gradually been migrating services from running in LXC containers to
 Docker containers. It takes a while to get into the right mindset for Docker - thinking of

site/content/post/2016-06-17-why-you-should-be-using-https.md

 area: security
 ---
 
-<div class="image right">
- <img src="/res/images/https/https-everywhere.jpg" alt="EFF HTTPS Everywhere logo">
-</div>
+<figure class="left">
+  <img src="/res/images/https/https-everywhere.jpg" alt="EFF HTTPS Everywhere logo">
+  <figcaption>The EFF's HTTPS Everywhere logo</figcaption>
+</figure>
 
 One of my favourite hobbyhorses recently has been the use of HTTPS, or lack thereof. HTTPS is the
 thing that makes the little padlock appear in your browser, and has existed for over 20 years.

site/content/post/2016-08-11-offline-gnupg-master-yubikey-subkeys.md

 area: security
 ---
 
-<div class="image left">
- <img src="/res/images/yubikey/keys.png" alt="Two yubikeys">
-</div>
+<figure class="right">
+  <img src="/res/images/yubikey/keys.png" alt="Two yubikeys">
+  <figcaption>A (key-)pair of Yubikeys. (Sorry.)</figcaption>
+</figure>
 
 I recently noticed that I'd accidentally lost my previous GPG private key &mdash; whoops. It was on
 a drive that I'd since formatted and used for a fair amount of time, so there's no hope of

site/content/post/2016-10-18-shoring-up-sshd.md

 description: Tools and suggestions for improving the security of SSHd by disabling weak algorithms and modern config tweaks.
 area: security
 ---
-<div class="image right">
- <img src="/res/images/ssh/openssh.png" alt="OpenSSH logo">
-</div>
+
+<figure class="left">
+  <img src="/res/images/ssh/openssh.png" alt="OpenSSH logo">
+  <figcaption>The OpenSSH project logo</figcaption>
+</figure>
 
 I recently came across a useful tool on GitHub called
 [ssh-audit](https://github.com/arthepsy/ssh-audit). It's a small Python script

site/content/post/2017-12-17-dns-over-tls-on-edgerouter-lite.md

 area: security
 ---
 
-<div class="image left">
- <img src="/res/images/erl/edgerouter.jpg" alt="EdgeRouter Lite">
-</div>
+<figure class="left">
+  <img src="/res/images/erl/edgerouter.jpg" alt="An EdgeRouter Lite">
+  <figcaption>The EdgeRouter Lite</figcaption>
+</figure>
 
 DNS-over-TLS is a fairly recent specificiation described in
 [RFC7858](https://tools.ietf.org/html/rfc7858), which enables DNS clients to
 sudo tcpdump -Xi eth0 port 53
 {{< / highlight >}}
 
-You should, hopefully, not see anything.
+You should, hopefully, not see anything.

site/content/post/2019-04-01-understanding-docker-volume-mounts.md

 area: Docker
 ---
 
+<figure class="left">
+  <img src="/res/images/docker/logo.png" alt="Docker logo">
+  <figcaption>The Docker project logo</figcaption>
+</figure>
+
 One thing that always confuses me with Docker is how exactly mounting
 volumes behaves. At a basic level it's fairly straight forward: you
 declare a volume in a Dockerfile, and then either explicitly mount
 something there or docker automatically creates an anonymous volume
 for you. Done. But it turns out there's quite a few edge cases...
 
-<!--more-->
-
 ### Changing ownership of the folder
 
 Perhaps the most common operation done on a Docker volume other than
 If your Docker process runs as a certain user you probably want the
 directory to be writable by that user.
 
+<!--more-->
+
 At first we might try something like:
 
 {{< highlight docker >}}