diff --git a/requirements.txt b/requirements.txt
index ec5fd59..dbe7a3d 100644
--- a/requirements.txt
+++ b/requirements.txt
@@ -1,7 +1,9 @@
 appdirs==1.4.3
+certifi==2017.7.27.1
 cffi==1.9.1
+chardet==3.0.4
 click==6.7
-CouchDB==1.1
+CouchDB==1.0
 cryptography==1.7.2
 dominate==2.3.1
 elasticsearch==5.1.0
@@ -14,7 +16,7 @@ Flask-Login==0.4.0
 flask-marshmallow==0.7.0
 Flask-WTF==0.14.2
 greenlet==0.4.12
-idna==2.2
+idna==2.5
 itsdangerous==0.24
 Jinja2==2.9.4
 lxml==3.7.2
@@ -30,10 +32,10 @@ PySocks==1.6.6
 python-dateutil==2.6.0
 python-memcached==1.58
 pyxdg==0.25
-requests==2.13.0
+requests==2.18.3
 six==1.10.0
 stevedore==1.20.0
-urllib3==1.19.1
+urllib3==1.22
 uWSGI==2.0.14
 virtualenv==15.1.0
 virtualenv-clone==0.2.6
diff --git a/src/posts.py b/src/posts.py
index 3e00244..a6921f1 100644
--- a/src/posts.py
+++ b/src/posts.py
@@ -7,7 +7,7 @@ from flask import jsonify
 from flask_marshmallow import Marshmallow
 
 class Posts:
-    def __init__(self, host=None, port=None):
+    def __init__(self, user, password, host=None, port=None):
         if host is None:
             host = "localhost"
         if port is None:
@@ -15,6 +15,10 @@ class Posts:
 
         self.client = couchdb.Server("http://%s:%s" % (host, port))
 
+        self.client.credentials = (user, password)
+
+        # FIXME check for pooling / concurrency issues
+
         self.db = self.client["blog"]
 
     def savepost(self, title="", content="", author="", category="programming", _id=False):
@@ -36,14 +40,14 @@ class Posts:
         return jsonify(self.db.save(doc))
 
     def getpost(self, _id, category="programming"):
-        results = self.db.iterview("blogPosts/blog-posts", 1, include_docs=True, startkey=[category, _id])
+        results = self.db.iterview("blogPosts/blog-posts", 1, include_docs=True, startkey=_id)
         return jsonify([result.doc for result in results][0])
 
     def iterpost(self, endkey=False, startkey=False, category="programming"):
         if startkey and not endkey:
-            results = self.db.iterview("blogPosts/blog-posts", 2, include_docs=True, startkey=[category, startkey])
+            results = self.db.iterview("blogPosts/blog-posts", 2, include_docs=True, startkey=startkey)
         elif endkey and not startkey:
-            results = self.db.iterview("blogPosts/blog-posts", 1, include_docs=True, endkey=[category, endkey])
+            results = self.db.iterview("blogPosts/blog-posts", 1, include_docs=True, endkey=endkey)
         else:
             results = self.db.iterview("blogPosts/blog-posts", 2, include_docs=True)
 
@@ -94,3 +98,16 @@ class Posts:
             print(e)
             return jsonify(False)
 
+    def categories(self):
+        return jsonify(
+                [
+                    c["key"][1] for c in
+                        self.db.view("blogPosts/categories",
+                                     startkey=["category"],
+                                     endkey=["category", {}],
+                                     inclusive_end=False,
+                                     group_level=2,
+                                     group=True)
+                ]
+            )
+
diff --git a/src/scripts/app.tag b/src/scripts/app.tag
index a7c7f2e..74267ab 100644
--- a/src/scripts/app.tag
+++ b/src/scripts/app.tag
@@ -13,7 +13,7 @@
       <sidebar
         if={this.active.get("posts")}
         name="Filter By Category"
-        items={["Programming", "Books", "Philosophy"]}>
+        items={categories}>
       </sidebar>
     </section>
 
@@ -234,7 +234,17 @@ function loaduser() {
     });
 }
 
+function getcategories() {
+  self.cached(`/blog/categories`)
+    .then((resp) => resp.json())
+    .then((resp) => {
+      self.categories = resp;
+      self.update();
+    });
+}
+
 self.on("mount", loaduser);
+self.on("mount", getcategories);
 
 </script>
 </app>
diff --git a/src/scripts/post.tag b/src/scripts/post.tag
index f469a4f..4b755bd 100644
--- a/src/scripts/post.tag
+++ b/src/scripts/post.tag
@@ -68,7 +68,7 @@ self.loading = self.opts.state.loaded;
 RiotControl.on("filtercategory",
   (ev) => {
     let category = ev.category.toLowerCase();
-    self.update({"category" : category});
+    console.log(category);
   });
 
 self.start = false;
diff --git a/src/website.py b/src/website.py
index 7f58bf3..4ba3c29 100755
--- a/src/website.py
+++ b/src/website.py
@@ -21,7 +21,6 @@ import os
 from posts import Posts
 from projects import getProjects
 
-posts = Posts()
 login_manager = LoginManager()
 
 def cacheit(key, thunk):
@@ -47,6 +46,10 @@ def NeverWhere(configfile=None):
         #return send_from_directory("/srv/http/goal/favicon.ico",
                                    #'favicon.ico', mimetype='image/vnd.microsoft.icon')
 
+    print(os.environ["RIOTBLOG_SETTINGS"])
+    app.config.from_envvar('RIOTBLOG_SETTINGS')
+
+    posts = Posts(app.config["COUCHDB_USER"], app.config["COUCHDB_PASSWORD"])
     @login_manager.user_loader
     def load_user(user_id):
         return Admin
@@ -110,6 +113,10 @@ def NeverWhere(configfile=None):
     def allposts():
         return posts.allposts()
 
+    @app.route("/blog/categories")
+    def categories():
+        return posts.categories()
+
     # remove a post
     @app.route("/blog/deletepost/<_id>")
     @login_required
@@ -158,8 +165,6 @@ def NeverWhere(configfile=None):
 
 app = NeverWhere()
 
-app.config.from_envvar('RIOTBLOG_SETTINGS')
-
 login_manager.init_app(app)
 
 csrf = CSRFProtect()