diff --git a/README.md b/README.md
index 9301463..af6048b 100644
--- a/README.md
+++ b/README.md
@@ -50,7 +50,7 @@ See the [getting started section](getting-started.md) for further details.
     1.  [Count boot instructions](count-boot-instructions.md)
     1.  [GEM5](gem5.md)
     1.  [ftrace](ftrace.md)
-    1.  [Device tree](device-tree.md)
+    1.  [QEMU user mode](qemu-user-mode.md)
 1.  Failed action
     1.  [Record and replay](record-and-replay.md)
 1.  Insane action
@@ -58,5 +58,6 @@ See the [getting started section](getting-started.md) for further details.
     1.  [Hello host](hello_host/)
 1.  Conversation
     1.  [kmod](kmod.md)
+    1.  [Device tree](device-tree.md)
     1.  [Maintainers](maintainers.md)
     1.  [Bibliography](bibliography.md)
diff --git a/buildroot_config_fragment b/buildroot_config_fragment
index 18f8a4f..d4139fb 100644
--- a/buildroot_config_fragment
+++ b/buildroot_config_fragment
@@ -26,7 +26,8 @@ BR2_PTHREAD_DEBUG=y
 
 # QEMU
 BR2_PACKAGE_HOST_QEMU=y
-# False because otherwise we need the host to be as recent as guest.
+# False because otherwise we need the host to be as recent as guest, and the build fails with:
+# package/qemu/qemu.mk:110: *** "Refusing to build qemu-user: target Linux version newer than host's.".  Stop.
 BR2_PACKAGE_HOST_QEMU_LINUX_USER_MODE=n
 BR2_PACKAGE_HOST_QEMU_SYSTEM_MODE=y
 BR2_PACKAGE_HOST_QEMU_VDE2=y
diff --git a/qemu-user-mode.md b/qemu-user-mode.md
new file mode 100644
index 0000000..370daf9
--- /dev/null
+++ b/qemu-user-mode.md
@@ -0,0 +1,32 @@
+# QEMU user mode
+
+This has nothing to do with the Linux kernel, but it is cool:
+
+    sudo apt-get install qemu-user
+    ./build -a arm
+    cd buildroot/output.arm~/target
+    qemu-arm -L . bin/ls
+
+This uses QEMU's user-mode emulation mode that allows us to run cross-compiled userland programs directly on the host.
+
+The reason this is cool, is that `ls` is not statically compiled, but since we have the Buildroot image, we are still able to find the shared linker and the shared library at the given path.
+
+In other words, much cooler than:
+
+    arm-linux-gnueabi-gcc -o hello -static hello.c
+    qemu-arm hello
+
+It is also possible to compile QEMU user mode from source with `BR2_PACKAGE_HOST_QEMU_LINUX_USER_MODE=y`, but then your compilation will likely fail with:
+
+    package/qemu/qemu.mk:110: *** "Refusing to build qemu-user: target Linux version newer than host's.".  Stop.
+
+since we are using a bleeding edge kernel, which is a sanity check in the Buildroot QEMU package.
+
+Anyways, this warns us that the userland emulation will likely not be reliable, which is good to know. TODO: where is it documented the host kernel must be as new as the target one?
+
+GDB step debugging is also possible with:
+
+    qemu-arm -g 1234 -L . bin/ls
+    ../host/usr/bin/arm-buildroot-linux-uclibcgnueabi-gdb -ex 'target remote localhost:1234'
+
+TODO: find source. Lazy now.