diff --git a/tsa/howto/retire-a-host.mdwn b/tsa/howto/retire-a-host.mdwn
index 9f85ba2cb0718a3ecddd3bc68b98b344cba0c345..de7e481d4c73c3b66f5df98b1a1ab3cbcbc21ee5 100644
--- a/tsa/howto/retire-a-host.mdwn
+++ b/tsa/howto/retire-a-host.mdwn
@@ -92,13 +92,17 @@ interface, you need to be a little more creative. We do this with the
 
     apt install nwipe
 
+Run in a screen:
+
+    screen
+
 If there's a RAID array, first wipe one of the disks by taking it
 offline and writing garbage:
 
     mdadm --fail /dev/md0 /dev/sdb1 &&
     mdadm --remove /dev/md0 /dev/sdb1 &&
-    mdadm --fail /dev/md1 /dev/sdb3 &&
-    mdadm --remove /dev/md1 /dev/sdb3 &&
+    mdadm --fail /dev/md1 /dev/sdb2 &&
+    mdadm --remove /dev/md1 /dev/sdb2 &&
     : etc, for the other RAID elements in /proc/mdstat &&
     nwipe --autonuke --method=random --verify=off /dev/sdb
 
@@ -112,19 +116,26 @@ When you return:
     that will survive disk wiping:
 
         # make sure /tmp is on a tmpfs first!
-        cp -av /root /tmp/root
-        mount -o bind /tmp/root /root
-        cp /bin/busybox /tmp/root/sh
-        export SHELL=/tmp/root/sh
+        cp -av /root /tmp/root &&
+        mount -o bind /tmp/root /root &&
+        cp /bin/busybox /tmp/root/sh &&
+        export SHELL=/tmp/root/sh &&
         exec screen -s $SHELL
 
+    TODO: the above eventually failed to make busybox survive the
+    destruction, probably because it got evicted from RAM and couldn't
+    be found in swap again (as *that* was destroyed too). We should
+    try using [vmtouch](https://hoytech.com/vmtouch/) with something like `vmtouch -dl
+    /tmp/root/sh` next time, although that is only [available in buster
+    and later](https://tracker.debian.org/pkg/vmtouch).
+
  2. kill all processes but the SSH daemon, your SSH connexion and
     shell. this will vary from machine to machine, but a good way is
     to list all processes with `systemctl status` and `systemctl stop`
     the services one by one. Hint: multiple services can be passed on
     the same `stop` command, for example:
 
-        systemctl stop acpid atd bacula-fd bind9 cron dbus dbus.socket fail2ban haveged irqbalance libvirtd lvm2-lvmetad.service mdmonitor nagios-nrpe-server ntp openvswitch-switch postfix prometheus-bind-exporter prometheus-node-exporter smartd strongswan syslog-ng.service systemd-journald systemd-journald-audit.socket systemd-journald-dev-log.socket systemd-journald.socket systemd-logind.service systemd-udevd systemd-udevd systemd-udevd-control.socket systemd-udevd-control.socket systemd-udevd-kernel.socket systemd-udevd-kernel.socket ulogd2 unbound virtlogd virtlogd.socket
+        systemctl stop acpid acpid.socket acpid.path atd bacula-fd bind9 cron dbus dbus.socket fail2ban haveged irqbalance libvirtd lvm2-lvmetad.service lvm2-lvmetad.socket mdmonitor nagios-nrpe-server ntp openvswitch-switch postfix prometheus-bind-exporter prometheus-node-exporter smartd strongswan syslog-ng.service systemd-journald systemd-journald-audit.socket systemd-journald-dev-log.socket systemd-journald.socket systemd-logind.service systemd-udevd systemd-udevd systemd-udevd-control.socket systemd-udevd-control.socket systemd-udevd-kernel.socket systemd-udevd-kernel.socket ulogd2 unbound virtlogd virtlogd.socket
 
  3. disable swap: