SilverBullet is an open source personal productivity platform built on Markdown, turbo charged with the scripting power of Lua. You self host it on your server, access it via any modern browser on any device (desktop, laptop, mobile). Since SilverBullet is built as a Local First PWA, it is fully offline capable. Temporarily don’t have network access? No problem, SilverBullet will sync your content when you get back online.

Offline capable also means, if paying for a cloud service, it can be spun down when you are accessing your notes, saving money compared to a traditional, hire a cloud VM to deploy a Docker Container. I asked Geminia 2.5 Free for advise , which I am about to follow!

So Gemini, its more than just `docker pull ghcr.io/silverbulletmd/silverbullet:latest` I take it?

Make me a play-by-play plan please!

You're right, deploying to Cloud Run is more than just a docker pull! It involves setting up your Google Cloud project, configuring persistent storage, and then deploying your container. It's a fantastic learning opportunity, and I'll walk you through a detailed play-by-play plan.

Play-by-Play Plan: SilverBullet on Google Cloud Run

Goal: Deploy SilverBullet from GHCR to Google Cloud Run, with persistent storage in Google Cloud Storage, while staying within the free tier as much as possible.

Assumptions:

• You have a Google Cloud account and have enabled billing (you won't be charged unless you exceed the free tier).

• You're comfortable with basic command-line operations (or willing to learn).

• You have the gcloud CLI installed and authenticated (if not, install and configure it: gcloud init).

This plan is divided into three main phases: Setup Google Cloud Resources, Deploy SilverBullet, and Manage & Monitor.

Phase 1: Setup Google Cloud Resources (One-Time Setup)

1. Set Your Google Cloud Project

• Action: If you haven't already, select or create a Google Cloud project. All your resources will live within this project.

  • Via Console: Go to the Google Cloud Console (console.cloud.google.com), click on the project dropdown at the top, and select "New Project" or an existing one.

  • **Via gcloud CLI:**Bash

      gcloud projects list # List your projects
      gcloud config set project YOUR_PROJECT_ID # Set your current project
    

    (Replace YOUR_PROJECT_ID with the actual ID you choose or see in the console.)

2. Create a Google Cloud Storage (GCS) Bucket for Notes

SilverBullet needs a place to store your Markdown files persistently. Cloud Run instances are ephemeral. GCS is the ideal, free-tier-friendly solution.

• Action: Create a GCS bucket.

  • Via Console:

    1. Go to Cloud Storage > Buckets in the Google Cloud Console.

    2. Click "CREATE BUCKET".

    3. Name your bucket: Choose a globally unique name (e.g., silverbullet-notes-YOUR-UNIQUE-SUFFIX).

    4. Choose a region: Select a "Region" (not "Multi-region" or "Dual-region") for cost-effectiveness and to align with the free tier (e.g., us-central1, us-east1, or us-west1).

    5. Choose a storage class: Select Standard for balanced performance and cost.

    6. Access Control: Keep "Uniform" for simpler permissions.

    7. Click "CREATE".

  • **Via gcloud CLI:**Bash

      gcloud storage buckets create gs://silverbullet-notes-YOUR-UNIQUE-SUFFIX --project=YOUR_PROJECT_ID --location=us-central1 --uniform-bucket-level-access
    

    (Replace YOUR_UNIQUE_SUFFIX and YOUR_PROJECT_ID. Choose a region from us-central1, us-east1, or us-west1 for free tier eligibility.)

3. Grant Permissions to Your Cloud Run Service Account

Your Cloud Run service will need permission to read and write to your GCS bucket. Cloud Run services run as a default service account (or one you specify).

• Action: Grant the "Storage Object Admin" role to your Cloud Run service account on your GCS bucket.

  • Identify Cloud Run Service Account:

    • The default Compute Engine service account is usually YOUR_PROJECT_NUMBER-compute@developer.gserviceaccount.com. You can find your project number in the Google Cloud Console Dashboard.

    • Alternatively, when you deploy a Cloud Run service for the first time, it creates a service account like YOUR_PROJECT_ID@appspot.gserviceaccount.com or SERVICE_NAME@YOUR_PROJECT_ID.iam.gserviceaccount.com. You can verify this in IAM & Admin > Service Accounts.

  • Grant Role (Recommended via Console for simplicity):

    1. Go to Cloud Storage > Buckets.

    2. Click on your silverbullet-notes-YOUR-UNIQUE-SUFFIX bucket.

    3. Go to the PERMISSIONS tab.

    4. Click "GRANT ACCESS".

    5. In "New principals," paste your Cloud Run service account email.

    6. In "Select a role," search for Storage Object Admin and select it.

    7. Click "SAVE".

Phase 2: Deploy SilverBullet to Cloud Run

This is where you bring the SilverBullet Docker image to life on Cloud Run.

Learning Objective: Understand Cloud Run deployment process, environment variables, and how to use Cloud Storage as a volume mount.

1. Determine SilverBullet's Storage Configuration

SilverBullet's Docker image typically uses environment variables to configure its storage backend. The documentation for SilverBullet (check the "Install/Configuration" section on their website) shows that it uses SB_FOLDER to specify the local path where notes are stored.

When using Cloud Storage volume mounts in Cloud Run, the bucket will appear as a regular filesystem path inside the container. So, you'll likely need to set SB_FOLDER to that mount path.

• Crucial step: While the original SilverBullet documentation states "Right now the only supported backend is to use your local disk," Google Cloud Run's "Cloud Storage FUSE" feature makes a GCS bucket appear as a local disk. This is the key. The path you define as your volume mount will be the SB_FOLDER.

2. Deploy SilverBullet to Cloud Run

You'll use the gcloud run deploy command.

• Action: Deploy the SilverBullet Docker image.

  • Via gcloud CLI (Recommended for initial deployment):

    Bash

      gcloud run deploy silverbullet-notes \
        --image docker.io/zefhemel/silverbullet:latest \
        --region us-central1 \
        --platform managed \
        --allow-unauthenticated \
        --min-instances 0 \
        --max-instances 1 \
        --cpu 0.5 \
        --memory 512Mi \
        --add-volume name=silverbullet-storage,type=cloud-storage,bucket=silverbullet-notes-YOUR-UNIQUE-SUFFIX \
        --add-volume-mount volume=silverbullet-storage,mount-path=/space \
        --set-env-vars SB_FOLDER=/space,SB_USER=your_username:your_password
    

    Let's break down this command:

    • gcloud run deploy silverbullet-notes: Deploys a new Cloud Run service named silverbullet-notes.

    • --image docker.io/zefhemel/silverbullet:latest: Specifies the Docker image to use from Docker Hub (GCP tier 1 provider, ghcr requires more providisonas Tier 2)

    • --region us-central1: Choose a region close to you, preferably one of the US free tier regions (us-central1, us-east1, us-west1).

    • --platform managed: Specifies that you're using the fully managed Cloud Run platform.

    • --allow-unauthenticated: Makes your SilverBullet instance publicly accessible on the internet. IMPORTANT: SilverBullet has built-in user authentication. Do not skip the SB_USER environment variable for security. For a personal app, this is acceptable. If you need stricter access, you'd integrate with Identity-Aware Proxy (IAP), which adds complexity and may incur more costs.

    • --min-instances 0: Crucial for free tier! This tells Cloud Run to scale down to zero instances when there's no traffic, so you don't pay for idle time.

    • --max-instances 1: Limits the maximum number of instances. For personal use, one is enough.

    • --cpu 0.5 --memory 512Mi: AllocThis detailed plan should get your SilverBullet personal knowledge base up and running on Google Cloud Run, leveraging the free tier effectively. Good luck, and enjoy your decentralized note-taking! This comprehensive plan should empower you to successfully deploy and manage your personal SilverBullet knowledge base on Google Cloud Run, making it accessible from anywhere while keeping costs in check. Enjoy your journey into Zettelkasten with SilverBullet!

      Thanks Gemini! Lets see how it goes. Follow me for further updates.ates 0.5 vCPU and 512 MiB of memory. This is a reasonable starting point for SilverBullet and helps stay within the free tier.

    • --add-volume name=silverbullet-storage,type=cloud-storage,bucket=silverbullet-notes-YOUR-UNIQUE-SUFFIX: This is the magic! It creates a volume named silverbullet-storage that is backed by your GCS bucket. Replace silverbullet-notes-YOUR-UNIQUE-SUFFIX with your actual bucket name.

    • --add-volume-mount volume=silverbullet-storage,mount-path=/space: Mounts the silverbullet-storage volume inside your container at the /space path. This means anything SilverBullet writes to /space will be stored in your GCS bucket.

    • --set-env-vars SB_FOLDER=/space,SB_USER=your_username:your_password:

      • SB_FOLDER=/space: Tells SilverBullet to use the mounted GCS bucket (which appears as /space inside the container) as its storage location.

      • SB_USER=your_username:your_password: This is critical for security. Replace your_username and your_password with strong, unique credentials. This provides basic authentication for your SilverBullet instance.

    • Important Note on --set-env-vars for SB_USER: Environment variables for secrets are generally discouraged for production. However, for a personal, free-tier focused project where you're already allowing unauthenticated access to the Cloud Run endpoint (relying on SilverBullet's internal auth), this is a common and acceptable compromise. For more robust secret management in a real production scenario, you'd use Google Secret Manager and integrate it with your Cloud Run service.

3. Wait for Deployment and Get URL

• Action: Monitor the deployment.

  • The gcloud run deploy command will show progress and, upon success, provide the URL of your deployed service.

  • In the console, you'll see the service status. Once it's green, the URL will be visible.

4. Access SilverBulletTroubleshooting (Common Issues)

"Service Unavailable" / "Error 500":

Check Cloud Run logs: In the Cloud Run console, click on your service, then go to the "Logs" tab. This is your first stop for debugging. Look for errors during startup or requests.

Check environment variables: Ensure SB_FOLDER is set correctly to /space and SB_USER has valid credentials.

Check GCS bucket permissions: Is your Cloud Run service account able to access the GCS bucket? Go to the GCS bucket's permissions and verify the Storage Object Admin role.

Notes not saving: Likely a GCS permission issue or incorrect SB_FOLDER setting.

Exceeding Free Tier: Check your billing reports. The common culprits are:

Not scaling to zero: Ensure --min-instances 0 is set.

Large GCS usage: If you're storing many large f

• This detailed plan should get your SilverBullet personal knowledge base up and running on Google Cloud Run, leveraging the free tier effectively. Good luck, and enjoy your decentralized note-taking! This comprehensive plan should empower you to successfully deploy and manage your personal SilverBullet knowledge base on Google Cloud Run, making it accessible from anywhere while keeping costs in check. Enjoy your journey into Zettelkasten with SilverBullet!

  Thanks Gemini! Lets see how it goes. Follow me for further updates.Action: Open the provided URL in your web browser.

  • You should be prompted for the username and password you set with SB_USER.

  • Log in, and you'll see your SilverBullet instance! Start creating notes.

Phase 3: Manage & Monitor (Ongoing)

1. Verify Persistent Storage

• Action: Create a test note in SilverBullet.

• Action: Go to your GCS bucket (silverbullet-notes-YOUR-UNIQUE-SUFFIX) in the Google Cloud Console.

• Verification: You should see your Markdown files (and any other SilverBullet-generated files like .silverbullet.db) appearing in the bucket's file list. This confirms your storage is persistent.

2. Monitor Usage and Billing

• Action: Regularly check your Google Cloud Billing page.

  • Go to Billing in the Google Cloud Console.

  • Under "Reports," you can filter by product (Cloud Run, Cloud Storage) to see your usage.

  • Set up Budget Alerts to notify you if your spending approaches a certain threshold (e.g., $1-$5) to avoid surprises. This is highly recommended.

    1. In the Billing section, go to Budgets & alerts.

    2. Click "CREATE BUDGET".

    3. Name your budget, set a target amount (e.g., $5), and select "All products" or specifically "Cloud Run" and "Cloud Storage."

    4. Configure alerts to notify you at different percentages of your budget.

3. Updating SilverBullet

If SilverBullet releases a new version, you'll want to update your Cloud Run service.

• Action: Redeploy with the new image tag.

  • You can simply run the same gcloud run deploy command as before, but change ghcr.io/silverbulletmd/silverbullet:latest to ghcr.io/silverbulletmd/silverbullet:NEW_VERSION_TAG (e.g., :0.9.0).

  • Cloud Run handles zero-downtime deployments, so your old version will keep serving until the new one is ready.

4. Troubleshooting (Common Issues)

• "Service Unavailable" / "Error 500":

  • Check Cloud Run logs: In the Cloud Run console, click on your service, then go to the "Logs" tab. This is your first stop for debugging. Look for errors during startup or requests.

  • Check environment variables: Ensure SB_FOLDER is set correctly to /space and SB_USER has valid credentials.

  • Check GCS bucket permissions: Is your Cloud Run service account able to access the GCS bucket? Go to the GCS bucket's permissions and verify the Storage Object Admin role.

• Notes not saving: Likely a GCS permission issue or incorrect SB_FOLDER setting.

• UPDATE - WORKINGExceeding Free Tier: Check your billing reports. The common culprits are:

  • Not scaling to zero: Ensure --min-instances 0 is set.

  • Large GCS usage: If you're storing many large files or constantly rewriting files in GCS, you might exceed the 5GB free tier or operations limits.

UPDATE - My peronal SilverBullet is in the Cloud!

Google Cloud Run for SilverBullet: Abbreviated Community Guide

I. Provision Storage

• Console GUI:

  1. Go to Cloud Storage > Buckets.

  2. Click "CREATE BUCKET".

  3. Name: bucket-for-mynotes-app (or your unique name).

  4. Region: us-central1 (or us-east1, us-west1).

  5. Storage Class: Standard. Access Control: Uniform.

  6. Click "CREATE".

  7. Go to the created bucket's PERMISSIONS tab.

  8. Click "GRANT ACCESS".

  9. New principals: Enter your Cloud Run service account email (e.g., YOUR_PROJECT_NUMBER-compute@developer.gserviceaccount.com).

  10. Role: Storage Object Admin.

  11. Click "SAVE".

• Cloud Shell CLI:

  Bash

    # Create GCS bucket
    gcloud storage buckets create gs://bucket-for-mynotes-app \
      --project=silverbullet-notes-app \
      --location=us-central1 \
      --uniform-bucket-level-access
  
    # Grant permissions to Cloud Run service account (replace YOUR_PROJECT_NUMBER)
    gcloud storage buckets add-iam-policy-binding gs://bucket-for-mynotes-app \
      --member="serviceAccount:YOUR_PROJECT_NUMBER-compute@developer.gserviceaccount.com" \
      --role="roles/storage.objectAdmin" \
      --project=silverbullet-notes-app
  

II. Deploy Image & Service

• Cloud Shell CLI (Recommended for initial setup with volume mounts and env vars):

  Bash

    # Enable Cloud Run API (if not already enabled)
    gcloud services enable run.googleapis.com
  
    # Deploy SilverBullet service
    gcloud run deploy silverbullet-notes \
      --image docker.io/zefhemel/silverbullet:latest \
      --project=silverbullet-notes-app \
      --region us-central1 \
      --platform managed \
      --allow-unauthenticated \
      --min-instances 0 \
      --max-instances 1 \
      --cpu 1 \
      --memory 512Mi \
      --add-volume name=silverbullet-data,type=cloud-storage,bucket=bucket-for-mynotes-app \
      --add-volume-mount volume=silverbullet-data,mount-path=/space \
      --set-env-vars SB_FOLDER=/space,SB_USER=your_username:your_password \
      --port 3000
  

  Replace your_username:your_password with your actual SilverBullet credentials.

• Console GUI:

  1. Go to Cloud Run > Services.

  2. Click "CREATE SERVICE".

  3. Container image URL: docker.io/zefhemel/silverbullet:latest.

  4. Service name: silverbullet-notes.

  5. Region: us-central1.

  6. Authentication: "Allow unauthenticated invocations".

  7. Expand "Container(s), volumes, networking, security".

  8. Container tab: CPU: 1 vCPU, Memory: 512 MiB. Min instances: 0, Max instances: 1. Container port: 3000.

  9. Volumes tab: Add Cloud Storage bucket volume (silverbullet-data -> bucket-for-mynotes-app). Add Volume Mount (silverbullet-data -> /space).

  10. Variables & Secrets tab: Add SB_FOLDER\=/space and SB_USER\=your_username:your_password.

  11. Click "CREATE".

III. Monitor Usage & Costs

• Console GUI:

  1. Go to Billing > Reports. Filter by Cloud Run and Cloud Storage.

  2. Go to Billing > Budgets & alerts.

  3. Click "CREATE BUDGET". Set a low budget (e.g., $5) and alert thresholds for "All products".

IV. Maintain Service & Image

• Change or Upgrade Image Version (Redeploy):

  • **Cloud Shell CLI:**Bash

      gcloud run deploy silverbullet-notes \
        --image docker.io/zefhemel/silverbullet:[NEW_VERSION_TAG_OR_LATEST] \
        --project=silverbullet-notes-app \
        --region us-central1 \
        --platform managed \
        --allow-unauthenticated \
        --min-instances 0 \
        --max-instances 1 \
        --cpu 1 \
        --memory 512Mi \
        --add-volume name=silverbullet-data,type=cloud-storage,bucket=bucket-for-mynotes-app \
        --add-volume-mount volume=silverbullet-data,mount-path=/space \
        --set-env-vars SB_FOLDER=/space,SB_USER=mike:t1nkerB3ll3! \
        --port 3000
    

    Replace [NEW_VERSION_TAG_OR_LATEST] with the specific version or latest.

  • Console GUI:

    1. Go to Cloud Run > Services. Click silverbullet-notes.

    2. Click "Edit & Deploy new revision".

    3. Update "Container image URL" with the new tag.

    4. Click "Deploy".

• Manually Stop Service (Delete Service Endpoint):

  • **Cloud Shell CLI:**Bash

      gcloud run services delete silverbullet-notes \
        --region us-central1 \
        --project silverbullet-notes-app \
        --quiet
    

  • Console GUI:

    1. Go to Cloud Run > Services.

    2. Check the box next to silverbullet-notes.

    3. Click "DELETE" at the top.

    4. Confirm deletion. (Note: Deleting the service endpoint does NOT delete your GCS bucket or its data.)

Useful gcloud Cloud Shell CLI Commands for Exploration

Bash

# General help for gcloud commands
gcloud COMMAND --help

# List your GCP projects
gcloud projects list

# Set the current project for subsequent commands (replace NAME)
gcloud config set project silverbullet-notes-app

# List your Cloud Storage buckets
gcloud storage buckets list

# List your Cloud Run services
gcloud run services list --region=us-central1 # Specify region

# List service accounts in your project
gcloud iam service-accounts list --project=silverbullet-notes-app

# Get details about a specific Cloud Run service
gcloud run services describe silverbullet-notes --region=us-central1

Gemini 2.5 (free) on Cloud run free-tier
Checked and confirmed by human, 2025.05.24

Google Cloud Run Free Tier for SilverBullet

Cloud Run’s free tier is designed for low-usage applications and offers the following monthly allowances:

• CPU Usage: First 180,000 vCPU-seconds per month.

• Memory Usage: First 360,000 GiB-seconds per month.

• Requests: First 2 million requests per month.

• Networking (Egress): First 1 GB of outbound data transfer from North America per month.

How this applies to SilverBullet:

• Pay-per-use: The key advantage of Cloud Run is that when your SilverBullet instance isn’t actively being used (i.e., you’re not accessing it), it scales down to zero instances, and you don’t pay for idle time. This is critical for keeping costs low.

• CPU and Memory: SilverBullet is a lightweight application, so it likely won’t consume a lot of CPU or memory unless you’re constantly accessing it or performing heavy operations. For typical personal use (a few hours a day, occasional queries), you should easily stay within the free tier limits for CPU and memory.

• Requests: 2 million requests per month is a huge allowance for a personal knowledge base. Each time you load a page, save a note, or run a query, it counts as a request. Unless you have extremely frequent automated processes or share it with a massive audience, you’ll stay well within this limit.

• Networking (Egress): This is the data transfer out of Google Cloud. For a personal note-taking app, your egress will mostly be the text and any images you embed. 1 GB is generally sufficient for personal use. If you store many large images or frequently sync a massive local space, you might start to approach this limit.

Potential Cost Factors to Watch Out For:

• Persistent Storage: SilverBullet stores its data as Markdown files. Cloud Run itself is stateless, meaning any data stored directly on the container instance will be lost when the instance scales down or is redeployed. To persist your notes, you’ll need a separate storage solution.

  • Cloud Storage: This is the most common and cost-effective option for file storage on Google Cloud. The free tier for Cloud Storage offers 5 GB-months of Standard Storage (in US regions), 5,000 Class A operations, and 50,000 Class B operations, and 100 GB of outbound data transfer from North America. This is usually plenty for personal notes. SilverBullet could be configured to use a Google Cloud Storage bucket for its “space” (where the Markdown files live).

  • Cloud SQL (or other databases): While SilverBullet doesn’t use a traditional relational database, if you were to consider other applications in the future that do, Cloud SQL would be a significant cost. The free tier for Cloud SQL is very limited.

• Continuous Usage: If you were to configure Cloud Run to never scale down to zero (e.g., for very low latency access at all times), you would incur continuous charges for CPU and memory, which would quickly exceed the free tier. For a personal app, this is generally not necessary as SilverBullet’s “Local First PWA” design allows for offline use and synchronization.

• Tier 2 Regions: Google Cloud regions are divided into pricing tiers. Tier 1 regions (like some in the US and Europe) are generally cheaper. If you deploy to a Tier 2 region (e.g., some in South America or Asia), costs beyond the free tier would be higher.

• Serverless VPC Access: If you need to connect your Cloud Run service to resources within a Virtual Private Cloud (VPC), there might be additional compute charges for the Serverless VPC Access connector. For a basic SilverBullet setup, this is unlikely to be needed.

Prerequisites for Deployment

1. Google Cloud Account: If you don’t have one, sign up for a Google Cloud account. New customers often get a $300 free credit, which is a great buffer while you get started.

2. Enable Billing: Even for free tier services, you need to enable billing on your Google Cloud project. This allows Google to track your usage and apply the free tier credits automatically. You won’t be charged unless you exceed the free tier.

Part of my modular PowerShell setup series and the ongoing saga of lost awesome software tools.

🧰 The Setup

If you’ve ever right-clicked a file in Windows expecting a “Generate Hash” option only to find... nothing — you’re not alone. I used to have a perfect little portable tool with shell integration for hashing. But one day, it vanished from my C:\Portables directory. Instead of chasing it down, I found myself diving back into old-school command-line tools and realized a lot can still be done with built-ins like certutil.

This post is about:

• Wrapping a simple hashing utility in PowerShell

• Understanding how and why hashing works

• Kicking off a few side quests around crypto, profiles, and home-labbing

⚙️ The Classic CMD One-liner

echo|set /p="foobar" > %TMP%\hash.txt | certutil -hashfile %TMP%\hash.txt SHA256 | findstr /v "hash"

This hashes the string foobar using SHA256 without appending a newline. That’s crucial. Using echo "foobar" would hash foobar\n, which is a different hash.

🧪 Step-by-step (explained)

Supported algorithms:

• MD2, MD4, MD5

• SHA1, SHA256, SHA384, SHA512

🧱 PowerShell Wrapper: Hash-String

Put this in ~\Documents\PowerShell\PSProfile.d\hash.ps1:

powershellCopyEditfunction Hash-String {
    param (
        [Parameter(Mandatory)]
        [string]$InputString,

        [ValidateSet("MD5", "SHA1", "SHA256", "SHA384", "SHA512")]
        [string]$Algorithm = "SHA256"
    )

    $tmpFile = [System.IO.Path]::GetTempFileName()
    [System.IO.File]::WriteAllText($tmpFile, $InputString)

    certutil -hashfile $tmpFile $Algorithm |
        Where-Object { $_ -notmatch "hash of|certutil" }

    Remove-Item $tmpFile
}

Usage:

powershellCopyEditHash-String -InputString "foobar" -Algorithm SHA256

🧬 Why Hashes Matter

• ✅ Verify downloads with SHA256 hashes

• ✅ Secure passwords with irreversible hashing

• ✅ Digital signatures & TLS/SSL

• ✅ Git, blockchains, Merkle Trees... it's all hashes.

Hashes are the checksum of our digital lives.

🗂 Modular Profiles with PSProfile.d

Like /etc/profile.d on Linux, I’m modularizing my Windows shell setup:

powershellCopyEdit# In $PROFILE
Get-ChildItem "$HOME\Documents\PowerShell\PSProfile.d" -Filter *.ps1 |
    ForEach-Object { . $_.FullName }

Drop your tools in PSProfile.d and you’ve got a portable, composable shell setup.

🏗 Side Quest: Active Directory, Certs & More

Working with certutil reminded me I really should stand up a Windows Server 2019 VM inside my Proxmox cluster and finally add a domain controller to my home network.

Why?

• Local DNS, SSO, and central auth

• Experiment with GPOs and PKI

• Self-signed internal CA to play with smartcards or TLS

🔮 Teaser: SHA-3 and the Weird Math

Everyone knows about MD5 and SHA-2. But SHA-3 (based on Keccak) is something else entirely — a "sponge function" that's mathematically quite different. I'm planning a whole future post on it once I get my head around the math and its growing role in post-quantum cryptography and hardware implementations.

🧩 TL;DR

• Hash files or strings in Windows using certutil

• PowerShell makes it portable and repeatable

• Modular shell setups are 🔥

• Hashes underpin almost all of modern digital life

• And this is just the beginning...

Got feedback? Need a GUI hash tool or want to explore digital signatures or SHA-3 next? Let me know. I’m building out a full FOSS-friendly workflow for Windows, Linux, and hybrid setups.