Tokenizing Private Credit, Real Estate, National Debt, and Everything Else

Obsidian Obliterates Opps

Ohh, Where Have You Been, Obsidian… Very rocky life over the last month and a half, and I was kinda in a funk due to my recent layoff. I wasn’t able to avoid the fade this round [https://www.marketwatch.com/story/cars-com-to-lay-off-11-of-full-time-workforce-amid-ai-push-update-bb0c9f35] 😭 Fuggin’ AI…. But I’m looking at this as a new chapter in my life to force my hand in exploring new opportunities while also being able to spend more time on Digital Dopamine. That being said, I realized that a lot of the organizational tools I used stemmed from tools I used at work. Most of these tools, though, were paid for by the company, and outside of my workday, I didn’t really need any personal organizational tools outside of generic Apple apps. When time started to feel like it was slipping away from me and being wasted on procrastination, bad timing, or just flat-out forgetting. Made me realize how much I need clear direction and organization to be productive, so I decided to do some hunting for some new and free tools I can use for my personal station. I went through a lot of options, and none of them seemed to be as geared towards developers as Obsidian was. Plenty of single-use cases within the other software, but Obsidian takes the cake because of its maturity and plugin ecosystem. I was looking for an all-in-one solution, and with the right plugins, Obsidian fulfils all of my (current) needs. That being said, Joplin [https://joplinapp.org/] and LocArk [https://locark.com/] were close runner-ups, and depending on what you’re looking for, those options may serve you better. There was another open source product called Memos [https://usememos.com/], and it’s a self-hosted note-taking timeline. It resembles Bluesky or a Facebook feed, but it’s just quick, timestamped notes. The devs put it nicely: “A self-hosted timeline for quick notes, daily logs, links, and snippets. Open it, write in Markdown, and move on.” So I plan to use this in tandem with Obsidian. Leaning In Given the state of AI, I have no choice but to lean in. And I’m not talking about using it here or and there or using Cursor as my IDE from now on, but really REALLY lean in. I’m talking certs, deeper research into the history and academic papers, Databricks proctored exam, projects, etc. In this world of capitalism, we have to adapt or get left behind. Not because we aren’t still capable of good work, but because company shareholders have no ethics and require consistent profits year in and year out. So if you work for a public company, know that you most likely will need to adapt to using AI if it hasn’t already been shoved down your throat. This is one of the main reasons I started using Obsidian. I needed a new tool that I can use to keep myself organized and on pace to get done what I need to get done. Calendar events and notifications can only do so much, and I started to find that the tools that I usually used with work or even my personal projects all started to limit the features behind subscriptions, and became more of pay-to-use software than having a pretty generous free tier for individual devs. Notion was one of my go-to apps for dev notes and runbooks, and while the free tier is still pretty generous, the tool as a whole is so bulky with other things that can’t be used without a subscription, and AI is also something that isn’t too subtle in the app anymore. So the hunt began, what was free that had the same capabilities as Notion and didn’t force you to have a subscription to use FREE PLUGINS…..😒 (a bit salty) The thing is, what Notion offers for free can be obtained by other products that aren’t as cluttered with all of the premium features Notion has to offer. Through my search, time and time again, I saw Obsidian as the top contender IF not the winner, of the best software to use as a knowledge base and notes app for devs. I could not have been happier with my discovery. Whatcha Got, Obsidian? Now that we know how much I have geeked out over Obsidian, let’s actually take a peek at just a bit of what it has to offer. The sheer scope of the plugin library makes this software such an extensible tool, and there’s no way I can (over ever will lol) cover all of them. We will cover some of the more important plugins, though the main focus is on Obsidian and what the tool includes by default. The Vault You Didn’t Know You Needed To me, the feature that stands out the most, since Notion was lacking it, is the vault concept (seems more common than not these days). Everything lives in a folder on your machine. Plain .md files. That’s it. No proprietary format, no data stored on AWS or Google Cloud servers. If Obsidian disappeared tomorrow, you’d still have all your notes, fully readable in any text editor or app that reads markdown files. That peace of mind alone is worth switching, and on top of that, this makes Obsidian the perfect tool for introducing AI agents into your knowledge base and note-taking process. You can have multiple vaults too — so if you want a clean separation between, say, your job search grind and your personal dev projects, that’s a two-second setup. Keeping It in Sync One question I immediately had after setting up my vault was, “Okay, how would I be able to sync up Obsidian with the mobile app without using Obsidian’s paid sync option?” Since we’re on Apple hardware, the answer was shockingly simple — iCloud Drive. In Obsidian on your Mac, when you create your vault, navigate to your iCloud Drive folder as the save location. Obsidian will create its own folder there automatically. Then, on your iPhone, download the free Obsidian app from the App Store, tap Create new vault, and toggle Store in iCloud on. From there, open the vault switcher, and your vault shows up ready to go. One thing to note — make sure your vault lives inside the Obsidian folder that the app creates in iCloud Drive, not a manually created folder. iCloud needs that app-generated folder to handle sync correctly. You can verify this in the Files app under Browse → iCloud Drive → Obsidian. Setup Docs → https://obsidian.md/help/sync-notes [https://obsidian.md/help/sync-notes] Markdown First, Always Everything in Obsidian is Markdown. If you’re a developer and you don’t already write in Markdown, you’re gonna learn to love it real fast. Headers, code blocks, callouts, tables, and checkboxes — it all renders beautifully in preview mode. And because it’s just .md files under the hood, your notes are version-control-friendly. Throw that vault in a Git repo, and now you’ve got note history. You’re welcome. # 1. cd into the vault folder cd /users/{my_username}/Documents/Obsdian # 2. git init git add -A git commit -m “Initial Commit” # 3 gh repo create project-name --public --source=. --remote=origin --push ⚠️ Heads up — that command above uses the GitHub CLI (gh). If you haven’t installed it yet, the push step will fail. You can grab it with Homebrew: brew install gh gh auth login Run gh auth login once follow the prompts, you’re good to go from that point on. Backlinks & Internal Linking — This Is Where It Gets Good This is the feature that will most likely be the catalyst for how my notes and doc creation evolve. In Obsidian, you can link any note to any other note using double brackets — [[like this]]. That seems simple enough, but the magic is the backlinks panel. Every note shows you a list of every other note that links to it, automatically. No manual cross-referencing. You start building a web of connected knowledge without a need for heavy configuration or reliance on plugins. The Graph View Okay, I’ll be honest — the graph view is 30% useful and 70% just deeply satisfying to look at. It renders a visual map of all your notes and how they connect to each other. As your vault grows, this thing becomes this sprawling network of nodes, and it genuinely feels like you’re looking at your own brain. Useful for spotting orphaned notes (stuff you wrote and never connected to anything) and identifying your knowledge clusters. Canvas Canvas is Obsidian’s infinite whiteboard feature, and it’s built right in. You can drag notes, images, cards, and web links onto a free-form board and arrange them however your brain needs them arranged. I’ve been using it for mapping out my AI learning path — laying out topics, drawing connections between concepts, dropping in reference notes. Think Miro or FigJam, but local-first and totally free. Daily Notes There’s a core plugin called Daily Notes (more on core plugins later) that creates a new dated note every day with a template you define. This is where my Obsidian and Memos workflow starts to come together — Memos handles my quick, throwaway timestamped thoughts throughout the day, and Daily Notes is where I do my actual structured reflection, task tracking, and progress logging. Two different tools, two different use cases, zero overlap. Templates Speaking of templates — Obsidian has a built-in templating system that lets you define reusable note structures. Spin up a new note and insert a template with a hotkey. I plan on creating more templates to become more efficient and consistent with my content depth and length. Hopefully should help me save a hell of a lot of time. Command Palette & Hotkeys The command palette (Cmd/Ctrl + P) gives you a searchable list of every action in the app. It’s that VS Code energy developers are already wired to love. Almost everything in Obsidian has a bindable hotkey too, so once you get your muscle memory dialed in, you barely have to touch the mouse. Very common feature. Themes & Appearance Out of the box, Obsidian has a solid dark and light mode. But the community theme library goes deep — there are themes that make this thing look like a hacker terminal, a Notion clone, a notebook app, whatever vibe you’re going for. Fully customizable via CSS snippets, too, if you want to get nerdy with it. $FREE.99 And all of that? Zero dollars. No subscription tier required. That’s the baseline, and it already clears the bar for most of what I was using Notion for. Now that’s the segue into the plugins section, because if the base Obsidian is a solid 9 out of 10, the right plugin suite is the icing on the cake. Plug Me In Okay, so now we have an understanding of the beast at hand, let’s get into the plugins that help push this tool into S-Tier levels. Core Plugins Here is a full list of core plugins: * Audio Recorder — record audio directly into a note. Good for voice memos or recording meetings without leaving the app * Backlinks — shows every note that links to the one you’re currently in. The backbone of the connected knowledge system * Bases — Create custom views that let you edit, sort, and filter files using their properties * Bookmarks — save and organize frequently visited notes, folders, searches, and headings for quick access * Canvas — the infinite whiteboard. Drag notes, cards, images, and links onto a free-form board * Command Palette — searchable list of every action in the app. The Cmd/Ctrl+P brain of the whole operation * Daily Notes — auto-creates a dated note each day, optionally from a template * File Recovery — snapshots of your notes at intervals so you can roll back if you nuke something * Files — the basic file explorer panel. Sounds boring but you can turn it off, which says something * Footnotes View — Show a list of footnotes from the current note * Format Converter — converts other markdown flavors (Roam, Bear, etc.) into Obsidian-style formatting * Graph View — the visual web of all your notes and their connections * Note Composer — lets you merge notes together or extract a section of a note into its own new note * Outgoing Links — the flip side of Backlinks; shows all links leaving the current note, including unlinked mentions * Outline — panel that shows the heading structure of your current note like a mini table of contents * Page Preview — hover over any internal link to peek at the note without opening it * Properties View — manages YAML frontmatter in your notes as a clean UI instead of raw text * Quick Switcher — Cmd/Ctrl+O to jump to any note instantly by typing its name * Random Note — opens a random note from your vault. Surprisingly useful for rediscovering old stuff * Search — full-text search across your entire vault with filters and regex support * Slash Commands — type / in a note to trigger a command inline without leaving the keyboard * Slides — turns a note into a basic presentation using --- as slide separators * Sync — Synchronize your files through Obsidian Sync * Tags View — panel that shows all tags across your vault and how many notes use each one * Templates — insert reusable note templates via hotkey * Unique Note Creator — creates notes with a unique timestamp-based filename, Zettelkasten style * Web Viewer — Open external links to webpages in Obsidian * Word Count — live word and character count in the status bar * Workspaces — save and switch between different panel layouts depending on what you’re working on Community Plugins Here is where the tools become ever more extensible. With an already huge community that’s still growing, the plugin ecosystem for Obsidian is elite.....no notes. There’s damn near everything you need to make Obsidian uniquely yours, and if you don’t see a plugin you’re looking for, you can build it! In my case, outside of the core features and core plugins, I also wanted this to be my main tool for task and time management. The main thing I needed was a Kanban board of sorts. I grew to become attached to that style of organizing my daily tasks due to using Kanban at work, so I felt bringing that back into the mix would make me feel a bit more organized, and lemme tell ya, I was right. There are a handful of Kanban plugins to choose from, and the most popular one in the marketplace has a bit over 2.25 million downloads. Screenshot 2026-05-28 at 2.31.32 PM.png The caveat is that it hasn’t been updated for 2 years, and even though that isn’t a deal breaker, it makes me think this plugin is no longer being maintained. But then I came across gold! TaskNotes [https://tasknotes.dev/] is a bit of an all-in-one type of plugin that includes extensions for. TaskNotes describes that their features include task organization, time tracking, and calendar integration. But that’s just scratching the surface. TaskNotes follows the “one note per task” principle, where each task lives as a separate Markdown note with structured metadata in YAML frontmatter. Meaning that every task can be modified manually or by a coding agent. TaskNotes also provides multiple views for managing tasks and tracking productivity. Amongst these views is a Kanban board that works interchangeably with other notes in your vault. All task-focused views operate as .base files located in the TaskNotes/Views/ directory and require Obsidian’s Bases core plugin to be enabled. I’ve been using other plugins, but they have been more theme and personalization-related. But this gets to the core of my excitement with Obsidian, with the push for using AI agents and the projects and practice I have planned for using open-weight models in my day-to-day and contribute to the source code (if possible), this just sets me up with extensive possibilities on working with agents and my home station. Giving these agents access to my Obsidian vaults will unlock a new level of project and up-skilling efficiency. All using (mostly) local first methods and storage. I highly recommend checking out the docs for TaskNotes, as it’s some of the best documentation I’ve seen put together for a plugin. Side Pieces During my quest for a new tool or suite of tools, I came across a tool called Memos. At first, I was going to use this app as my go-to note-taking app, but it felt more like a lightweight version of Obsidian’s Notes feature, which isn’t a bad thing. Considering everything is added on a timeline in chronological order, this is actually the perfect tool for quick thoughts, ideas, notes from learning lessons, quick code snippets, or just scrolling through dev forums and servers. That way, while I’m researching a new episode or learning something new for up-skilling, it’s an easy avenue for me to jot down my thoughts without thinking about folder structure or how it connects to my other notes. Many Memos I might do a separate piece on Memos as a whole, but for now, I just wanted to throw out a handful of use cases specifically for devs, although memos have usefulness for many professions. Dev Use Cases | # | Description | |---|-------------| | 01 | Store reusable code snippets and command-line recipes | | 02 | Document bug investigations and troubleshooting steps | | 03 | Record architecture decisions and technical trade-offs | | 04 | Collect learning resources while exploring new technologies | | 05 | Track API endpoints, credentials, and configuration notes | | 06 | Maintain personal development logs and TIL (Today I Learned) entries | Just a handful, but you can see the utility of this software, and when coupled with Obsidian, it becomes a great addition to the toolkit. The only catch is there’s no native mobile app — but we’ve got a workaround for that. Each instance runs in a Docker container, and Docker is actually required in order to use this tool. So let’s walk through how to spin up a local container with Docker, and then we will dive into the mobile workaround afterward. Docker Alrighty, time to get Docker set up on our machine. We will just need to download the desktop Link to Docker download -> https://docs.docker.com/get-started/get-docker/ [https://docs.docker.com/get-started/get-docker/] That’s pretty much it. Once Docker is installed on your computer, run the following command: docker run -d \ --name memos \ -p 0.0.0.0:5230:5230 \ -v ~/.memos:/var/opt/memos \ neosmemo/memos:stable This will get a memos container set up for ya and give you: * 5230 exposed on the host * a persistent data directory at ~/.memos * SQLite by default * one container that is easy to inspect and replacememos_container 1.png To verify the local instance in your terminal, you can run docker logs memos: memos_instance.png And then you can access your timeline at http://localhost:5230/home memos_timeline.png Now we’re cookin’! The textbox for logging your thoughts is completely markdown capable, and you can add something like: Screenshot 2026-05-30 at 1.30.38 PM.pngWhich will produce this in the timeline:Screenshot 2026-05-30 at 1.31.19 PM.pngThis is sick, right?! And since Obsidian is pure markdown as well, the memos are easily copied over when needed. Bailed By Tailscale for Mobile So, a workaround that took me about five minutes to set up is how we circumvent the issue of accessing our memos server via phone, and its name is Tailscale. Tailscale is a free VPN tool that creates a private, encrypted network between all of your devices. Think of it as your own personal internet that only your devices can see. Once your Mac and iPhone are on the same Tailscale network, your phone can hit http://[your-mac's-tailscale-ip]:5230 from literally anywhere — coffee shop, commute, wherever — and access your Memos instance like it’s sitting right next to you. Setup is dead simple: * Download Tailscale on your Mac → tailscale.com/download [https://tailscale.com/download] * Download the Tailscale app on your iPhone from the App Store → https://apps.apple.com/us/app/tailscale/id1470499037?ls=1 [https://apps.apple.com/us/app/tailscale/id1470499037?ls=1] * Sign in with the same account on both devices * On your Mac, run tailscale ip -4 in the terminal to grab your Tailscale IP: 667 * On your iPhone, open your browser and go to http://[that-ip]:5230. In my case, I went to http://100.88.216.15:5230/ * You’ll need to log in once the page loads, and then you’ll have your mobile instance!! (So long as your Docker container is running on your desktop)memos_mobile_video.movMemos on your phone, no native app required, no data leaving your network! Just Getting Started That about wraps up today’s episode/article. I can see myself using Obsidian for the foreseeable future. I’ve tried out so many apps in the past, and this one really feels like it’ll be a lifelong tool, or at least until something new and shiny comes out 😂. Look out for more coverage on tips, tricks, and plugins related to these tools in the future, but until next time, stay rooted. Peace ✌🏾. If you want to keep up with my work or want to connect as peers, check out my social links below and give me a follow! * 🦋 Bluesky [https://bsky.app/profile/digitaldopamine.dev] * 📸 Instagram [https://www.instagram.com/digital_dopamine_llc/] * ▶️ Youtube [https://youtube.com/@digitaldopaminellc?si=sujxCAMyboNvidiW] * 💻 Github [https://github.com/kdleonard93] * 👾 Discord [https://discord.com/users/407639833146818570] Get full access to Digital Dopamine at digitaldopaminellc.substack.com/subscribe [https://digitaldopaminellc.substack.com/subscribe?utm_medium=podcast&utm_campaign=CTA_4]

Gimme More Gemma 4

One Step Closer to Sustainable AI Today, we are going to give props where props are due, and that’s with Google’s new Gemma 4 models. The Gemma 4 models are open source with an Apache 2.0 license; Anyone can use this model commercially or personally with no restrictions, allowing folks to build and sell applications, embed the model in their product, or clone and build upon the core model code without needing permission from Google. That’s not the only cool thing about Gemma 4, the models are TINY and pretty damn powerful. As you can see in the image above, there are 4 models total: E2B, E4B, 26B, and 31B. E2B & E4B These models are best suited for mobile and IoT devices. There are no other models available that can run natively on the user’s device without an internet connection and using only the device’s processing power. The immediate benefit of this breakthrough is that populations with little to no internet access can begin using AI for their own learning. For personal use and coding, the intelligence of these 2 models is not strong enough to do any daunting task, coding, or deep thinking, but they are more than capable of providing quick 1-2 liner responses for learning and informational purposes (we’ll get into the exact details of the breakthrough later). This also benefits people who might get lost on long expeditions in unknown & uncivilized territories. For example, one might need to get foraging info to assist their survival tactics. Though they were engineered with a target audience in mind. These models were engineered from the ground up for maximum compute and memory efficiency [https://blog.google/innovation-and-ai/technology/developers-tools/gemma-4/], and in collaboration with Google Pixel, Qualcomm, and MediaTek, they can run completely offline with near-zero latency on phones, Raspberry Pi, and NVIDIA Jetson Orin Nano. 26B & 31B Here’s where things get pretty interesting. The 26B & 31B models are aimed at more coding assistants and agentic workflows, research, and enterprise production apps. The 26B works decently on a Mac Mini (M4), and you can easily downgrade to the smaller models for much greater performance, depending on the task and context provided. But for open source models that are so small with an open license, the 26B and 31B swing well above their weight class, outcompeting models with 20× more parameters. By total parameter count, Gemma 4 31B is 24× smaller than GLM-5 and 34× smaller than Kimi-K2.5-Thinking, delivering comparable performance at a fraction of the footprint. The more remarkable story is the 26B MoE: it achieves 97% of the 31B's quality at approximately 8× less compute per inference step, with the 26B MoE reaching 40+ tokens per second locally versus the 31B exceeding 10 tokens per second. The pure flexibility and power at these model sizes unlock so many possibilities in the open source space, especially for people looking for a free and frictionless way to get into using AI without needing massive compute power. Much better for the environment, too! Gemma The Winna Yes, I misspelled “winner” on purpose, relax. Gemma 4 is the clear winner when it comes to open models. At least in my. eyes. There are other open-source and free models, such as Kimi-K2.5 and Qwen 3.6, that beat Gemma 4 in almost every category, but the gap is not large, and with the other models, you pretty much will need a powerhouse of a home setup or the power of an actual enterprise server to run these on. So, for the everyday layman, Gemma 4 should be the model forced upon the people. Yup, I said it. If you aren’t using AI agents or AI in general for coding, deep thinking, research, or science, then you need to be forced to use a model that has very little impact on the environment and your wallet. There’s no reason for anyone to be paying $20/month for high-energy prompts about what to make for dinner or how to talk to women……there are people that do the latter and all I can do is pray for them lol. But below is a nice little graphic of the 4 different model variations, their use cases, and the min amount of compute needed to run (not necessarily smoothly). There are some cool facts to read into about the technical achievements of Gemma 4 and I urge anyone with a deeper interest in knowing the nitty-gritty to read into their official docs → https://ai.google.dev/gemma/docs/core/model_card_4 [https://ai.google.dev/gemma/docs/core/model_card_4] as well as peep the video below: Pairing With OpenCode and Ollama Now that we have a general sense of Gemma 4 and its capabilities, I wanted to test things out myself with a quick local project that uses the Gemma 4 Model to build out an API for an AI chat. I wanted to include a UI as well for screen recording purposes so I looked into ways to make this happen all without paying a single penny (locally of course). This led me to OpenCode and Ollama. OpenCode This is pretty much the open-source and free version of “Claude Code” with the added ability to use any free or paid model for your operations. To be more detailed, OpenCode is an AI-powered terminal coding agent that sits on top of whatever local model you point it at. It reads your codebase, writes and edits files, runs commands, and iterates — all from your terminal. Critically, it’s model-agnostic, so you can point it directly at your Ollama endpoint and it uses Gemma 4 as its brain instead of a paid cloud model. The local setup was very straightforward, and you can get it installed with curl, brew, or an installer: Curl curl -fsSL https://opencode.ai/install | bash Homebrew brew install anomalyco/tap/opencode Node (NPM, PNPM, BUN, YARN) # NPM npm install -g opencode-ai # PNPM pnpm install -g opencode-ai # Bun bun install -g opencode-ai # Yarn yarn global add opencode-ai Once installed, you are all set to start using OpenCode as your agent of choice, but you’ll still need a vehicle to download, manage, and serve open-weight models like Gemma 4 on your local machine. That's where Ollama comes in. Ollama Ollama is the runtime layer in which you can download and serve open-weight models and API dependent models on your local machine. In our case, it wraps the model in a local REST API (mimicking OpenAI's API format) so any app can talk to it at localhost:11434. With the command below: # The model i used is a custom 26b model. You can swap that out with gemma4:latest or any other model version ollama run gemma4:26b-32k you get your model running. Ollama handles quantization, GPU/CPU offloading, and model versioning under the hood. For our example project, it's the reason we have zero cloud dependency and zero API costs, which is DOPE AF!! Local AI API Example Now let’s dive into the example project itself. The goal was to build a Local AI assistant API using only OpenCode and Gemma 4 as the model. That turned into two rounds of attempting that, both having their fair share of difficulties when it came to some of the logic. Now this task was pretty hefty for Gemma 4 in my opinion but I wanted to see how well it would do with creating an AI itself. The Qwen flop This one kinda sucked because for the second run, I wanted to use Qwen since it’s supposed to be better when it comes to agentic coding. But long story short, as soon as I started using the qwen3.6:27b, which is supposed to be good on machines with at least 17 GB of RAM. I have 24GB, and while it’s running, my activity monitor says it’s using 22.5 GB of my 24 GB…. Not only is it using more GBs than the model apparently was supposed to use (or maybe it is, and there’s a lack of architectural knowledge on my end), but it just doesn’t work at all. No exaggeration when I say I let it run for about 1 hr on a simple question, and it never even got past the thinking step. Clearly, my Mac Mini was not up for the task with Qwen, but that’s exactly why Gemma 4 is so damn cool. There’s literally a model for every kind of device. API V1 & V2 So, as I mentioned earlier, I did two rounds of running this, and I will say there were successes and failures in both runs that made them about equal in output quality. V1 With V1, the UI is where we were lacking. Hell, the UI was the biggest struggle for both runs since it insisted it use Svelete and SvelteKit as the frontend framework 😂. I know most of these models have very little Svelte in their training data, so any chance I get, I make sure to use Svelte and help the AI build their Svelte chops lol. But considering this project is local, I’m not helping the big 3 (OpenAI, Anthropic, X) train their models this time around. The other issue with this build was that the scaffolding was a bit off, and that caused confusion when giving further directions. However, it seemed to pick up the pieces pretty quickly on the first round, and I got a working API + UI pushed up to GitHub [https://github.com/kdleonard93/local-ai-api]. Below is a quick screenshot of a random question I asked the V1 chatbot: For additional context here, the first question was asked with nothing in the “System Prompt” section, but for the second question, I added “Make sure your responses are fantasy-themed”, and the response was adjusted accordingly. The System Prompt section itself is unique to this version’s build, as V2 did not feel the need to add that feature 😅. But it gives a bit more control of the output for the user by allowing them to add some constants into their chat flow. The UI uses Svelte and took a couple of prompts to fix the errors present. I was personally still impressed by how well it did with Svelte compared to other big-name models I’ve used in the past. V2 Now with V2, the first run through of the prompt gave it a good head start with the UI, since there were already structured files in the first version. There were only 2 main issues with the second run through: it initially built the frontend in a “UI” folder instead of a “Frontend” folder, and the button + POST request was broken. The UI design, though, was a bit more compact, and in my opinion, that was a better look. The System Prompt section was also left out of this build, and the chat box is much smaller than V1’s, and I have a title to actually indicate what the tool is. I asked both versions their own simple questions, and they did a very good job and got a response back within a minute, once the models were warmed up. I personally don’t have a reason to ever use either of these chatbots, but I figured it would be a good test to see if AI can build….AI 😅. In the long run, and while imperfect, it was still a success. Goodnight Gemma That about wraps up my little experiment and dive into Google’s Gemma 4 model, and I simply can’t express enough how much I look forward to the continued evolution of Gemma. If you watched the full video, I hope you enjoyed the journey with me building pieces of both versions, even the roadblocks. I’ll be doing more dives into cool tech like this soon, but until next time, stay rooted. Peace ✌🏾. If you want to keep up with my work or want to connect as peers, check out my social links below and give me a follow! * 🦋 Bluesky [https://bsky.app/profile/digitaldopamine.dev] * 📸 Instagram [https://www.instagram.com/digital_dopamine_llc/] * ▶️ Youtube [https://youtube.com/@digitaldopaminellc?si=sujxCAMyboNvidiW] * 💻 Github [https://github.com/kdleonard93] * 👾 Discord [https://discord.com/users/407639833146818570] Get full access to Digital Dopamine at digitaldopaminellc.substack.com/subscribe [https://digitaldopaminellc.substack.com/subscribe?utm_medium=podcast&utm_campaign=CTA_4]

Deepfake Disco

This Is Where We Are…… It pains me to see society slowly but predictably corrode. We’ve had scammers and thieves long before the age of technology, but there’s just something uniquely dark about Deepfake technology, where many people can’t decipher the difference between the deepfake and the real person. Visual deception was the limit with deepfakes for a while; it was possible to mimic a face with a near 1:1 accuracy but as soon as voice came into play, the jig was up. Now, with the vast improvement in AI models and audio generation, voice deception is more accurate than ever, and it’s extremely worrying. The Baby boomer generation was typically the demographic scammed by phone salesmen or offshore scammers via phone or email, but now, with deepfakes being able to mimic voices of your loved ones, that opens the door for many of the younger generations to be scammed as well. So I want to educate as many folks as I can to help them combat the rise of deepfake scams, as well as give a quick overview of what deepfakes are in general and the problems around the tech. What Are Deepfakes? Deepfakes are images, videos, or audio that have been edited or generated using artificial intelligence [https://en.wikipedia.org/wiki/Generative_artificial_intelligence], AI-based tools, or audio-video editing software. They may depict real or fictional people and are considered a form of synthetic media [https://en.wikipedia.org/wiki/Synthetic_media], that is, media that is usually created by artificial intelligence systems by combining various media elements into a new media artifact. That’s a general definition and should give you an idea of where we are headed. The faster and more intelligent we make AI, the better these deepfakes and scams will get. For a bit of history, an early project called the "Video Rewrite" program was published in 1997. The program modified existing video footage of a person speaking to depict that person mouthing the words from a different audio track.[34] [https://dl.acm.org/doi/10.1145/258734.258880] It was the first system to fully automate this kind of facial reanimation, and it did so using machine learning techniques to make connections between the sounds produced by a video's subject and the shape of the subject's face. Fast forward some years, the deepfakes we know today stem from generative adversarial networks (GANs). It was developed in 2014 and published in a research paper by researcher Ian Goodfellow [https://en.wikipedia.org/wiki/Ian_Goodfellow] and his colleagues. A GAN is a machine learning [https://www.ibm.com/think/topics/machine-learning] model designed to generate realistic data by learning patterns from existing training datasets. It operates within an unsupervised learning [https://www.ibm.com/think/topics/unsupervised-learning] framework by using deep learning [https://www.ibm.com/think/topics/deep-learning] techniques, where two neural networks [https://www.ibm.com/think/topics/neural-network] work in opposition—one generates data, while the other evaluates whether the data is real or generated. The “Generator” creates synthetic content, and the “Discriminator” evaluates whether the content is real. This back and forth eventually makes the fake content look as real as possible. Think of it like sharpening a sword against a steel block. Every time the sword (the Generator) is run against the steel block (the Discriminator), the sword gets sharper. Deepfakes entered the mainstream in 2018, with the release of accessible open-source deepfake tools like DeepFaceLab. In 2023, the deepfake tool market skyrocketed, with a 44% increase in the development of these tools [https://humanizeai.com/deepfake-tools-statistics/]. It’s Pretty Messed Up Tech Deepfakes are f’d up….. Not much more to elaborate on there lol. While deepfakes could be used to make appropriate parodies, 9 times out of 10 it’s used for things like creating synthetic media of world leaders or creating content combining copyrighted media, along with other nefarious purposes. There is a huge concern amongst academics around deepfakes promoting disinformation, violence, and hate speech. Unfortunately, the creation of non-consensual explicit content of women has served as a motivating factor for the rising popularization of deepfake tools. The problem is rampant, with Security Hero [https://www.securityhero.io/state-of-deepfakes/] reporting that in 2023, approximately 98% of deepfake videos online are explicit in nature, and only 1% of targets in that category are male. Researchers have also shown that deepfakes are expanding into other domains such as medical imagery. In this work, it was shown how an attacker can automatically inject or remove lung cancer in a patient's 3D CT scan [https://en.wikipedia.org/wiki/Optical_coherence_tomography]. The result was so convincing that it fooled three radiologists and a state-of-the-art lung cancer detection AI. To demonstrate the threat, the authors successfully performed the attack on a hospital in a white hat penetration test.[37] [https://www.usenix.org/conference/usenixsecurity19/presentation/mirsky] Another example is a sophisticated scam using AI-generated video and voice that nearly compromised a well-known crypto developer linked to the Cardano ecosystem [https://blockonomi.com/cardano-foundation-deepfake-scam-targets-developer-as-cz-issues-warning/]. The attacker impersonated Pierre Kaklamanos, Head of Digital Assets Adoption at the Cardano Foundation, during what appeared to be a legitimate Microsoft Teams call. The target, developer Big Pey, said the scam almost succeeded after he followed instructions during the fake meeting. There are plenty of other domains that this can have a negative impact on, escpecially is we continue down the line of tokenization. We’d then be faced with deepfake contracts and deeds, getting people to sign away assets and funds to the attacker without even knowing it. How to Protect Yourself Protecting yourself is going to be the best way to avoid being scammed or caught up in a deepfake scheme. So it’s good to know a handful of the things to look out for and the best practices to follow to not be a victim of fraud. Verify Before You Trust If you receive an unexpected call, video, or message from someone claiming to be a family member, colleague, or authority figure — especially one asking for money or sensitive information — verify their identity through a separate channel. Call them back on a known number, or reach out via text/email independently. Example: If "your son" calls saying he's broke and needs some funds wired immediately, hang up and call his actual phone number before doing anything. Establish a Family Safe Word One of the most practical defenses against voice deepfakes is creating a secret code word with close family and friends. If someone calls claiming to be them in an emergency, ask for the safe word. No legitimate loved one will be offended. Example: A family could agree that the word "pineapple" must be said if any family member ever calls asking for urgent financial help. Slow Down — Urgency Is the Red Flag Deepfake scammers rely on panic and urgency to short-circuit your critical thinking. If any call, video, or message is pressuring you to act right now, that's your cue to pause. Scammers don't want you to have time to verify. Legitimate emergencies almost always have a moment to double-check. Use Multi-Factor Authentication (MFA) Everywhere Even if a scammer uses a deepfake to impersonate you to a bank or service provider, MFA adds a critical extra barrier. A voice or face alone shouldn't be enough to authorize anything sensitive — and if a service is relying solely on those for verification, that's a concern worth raising with them. Facing This Issue Head On Deepfakes are here and here to stay. The threat and its consequences are very real and present [https://www.dhs.gov/sites/default/files/publications/increasing_threats_of_deepfake_identities_0.pdf]. Deepfakes today are at the point of undermining trust in the online identity verification process that many organizations, especially in the financial sector, have come to rely upon. With more people than ever authenticating themselves using biometrics across all their devices, the growth in the malicious use of deepfakes can lead to a dire need to rethink authentication security [https://www.forbes.com/councils/forbestechcouncil/2024/08/02/in-the-deepfake-era-its-time-to-overhaul-identity-verification/] within the next five years, or sooner. As shown in the examples, the barrier to entry for creating realistic deepfakes has dramatically decreased. From cloned voices to full video impersonations, deepfakes empower scammers and fraudsters in ways that are harder to detect and defend against. Understanding the threat is the first step to defending against it. With more end-user security training and by leveraging emerging deepfake detection tools, organizations and individuals can begin to fight back against this new threat. We also have to help our elders and loved ones who aren’t tech-savvy get up to speed with this rising threat, so they too can be prepared to combat deepfakes. If you want to keep up with my work or want to connect as peers, check out my social links below and give me a follow! * 🦋 Bluesky [https://bsky.app/profile/digitaldopamine.dev] * 📸 Instagram [https://www.instagram.com/digital_dopamine_llc/] * ▶️ Youtube [https://youtube.com/@digitaldopaminellc?si=sujxCAMyboNvidiW] * 💻 Github [https://github.com/kdleonard93] * 👾 Discord [https://discord.com/users/407639833146818570] Get full access to Digital Dopamine at digitaldopaminellc.substack.com/subscribe [https://digitaldopaminellc.substack.com/subscribe?utm_medium=podcast&utm_campaign=CTA_4]

Hack w/ Me Episode 3: Linux Basics + VMs

Intro Sup folks, my last completed module was about the basics of Linux, so that’s what this episode will be about. However, I’ll be covering a bit more than we covered in the module. Within TryHackMe, we covered basic commands, working with the filesystem, shell operations, flags & switches, and automation, to name a few. But what I also want to cover is how to get a Virtual Machine booted up using “Kali Linux”, which is a Linux distribution designed for digital forensics [https://en.wikipedia.org/wiki/Digital_forensics] and penetration testing [https://en.wikipedia.org/wiki/Penetration_test]. That will involve us getting familiar with UTM, a full-featured system emulator and virtual machine host for iOS and macOS (sorry, Windows users, it might not be a 1:1 comparison on how to start the VM locally). We’ll also go through the entire process of installation of the distribution and even try our hand at a fun lil script 😏. Before we get into the hands-on sections of this episode, let’s go over some Linux basics. Lil Linux Lore The name "Linux" is actually an umbrella term for multiple OS's that are based on UNIX (another operating system). Thanks to Linux being open-source, variants of Linux come in all shapes and sizes - suited best for what the system is being used for. For example, Ubuntu & Debian are some of the more commonplace distributions of Linux because they are so extensible. For example, you can run Ubuntu as a server (such as websites & web applications) or as a fully-fledged desktop. While the TryHackMe module uses Ubuntu, when we are setting up our own VM, we will be using Debian, since that’s what Kali Linux is based on. When it comes to the commands and execution, though, both distributions should function very similarly. "Linux" is often used to refer to the entire operating system, but in reality, Linux is the operating system kernel, which is started by the boot loader, which is itself started by the “Basic Input/Output System”/”Unified Extensible Firmware Interface” (BIOS/UEFI). The kernel assumes a role similar to that of a conductor in an orchestra—it ensures coordination between hardware and software. And no, I did not come up with that analogy myself lol. But enough of the technical jargon, let's get our VMS set up, then dive into some basics. Setting Up Your VM There are a handful of steps to properly set up both of the VMs we will be using in this episode, so I created a quick video to help walk through each step of the process while notating some of the known bugs when it comes to getting the “Kali Linux” VM set up. Quick Setup Summary UTM * We will need UTM as our emulator. Download and install it → https://mac.getutm.app [https://mac.getutm.app] Kali * Download the ISO image from their site → https://www.kali.org/get-kali/#kali-installer-images [https://www.kali.org/get-kali/#kali-installer-images]. Make sure you are downloading the right image for the architecture you’re on. * Follow their official guide once you have it downloaded → https://www.kali.org/docs/virtualization/install-utm-guest-vm/ [https://www.kali.org/docs/virtualization/install-utm-guest-vm/] ParrotOS * Download the pre-configured UTM from ParrotOS - Home → https://www.parrotsec.org/download/ [https://www.parrotsec.org/download/] * Follow their official installation guide → https://www.parrotsec.org/docs/virtualization/utm-configuration [https://www.parrotsec.org/docs/virtualization/utm-configuration] Once you have both of these VMs installed, we are ready for action! The Basics Commands Now, when it comes to commands, if you are familiar with macOS terminal commands, you should feel at home with Linux. Apple’s macOS is based on UNIX as well, so a lot of the commands for filesystem management, shell commands, and shortcuts should be identical. Let’s start with the very basic command echo. echo will output any text that we provide. Check out this screenshot below. You can see the simple command input and the output. There are various use cases for using echo from debugging to getting environment variables in a safe manner, and we will for sure be using some of them throughout this series. Another basic command is whoami to find out what user we're currently logged in as. That’s the only function there, lol, a one-and-done command. You can see in the screenshot above that I’m logged in as “mortaniel”. Next we have pwd which stands for “print working directory”, and this just prints out where you are currently in your filesystem within your terminal. The ls command prints out the contents of the directory you’re in. The last command I wanna mention here is cd, which lets you navigate into certain directories. Below you can see me navigate into “Desktop” and I used ls to list out the contents on my VM’s desktop, which is just a custom folder named “Best Folder”. There are TONS of other commands available to use, and we’d be here all day if I tried listing them out with their use cases. For instance, the find command is very useful and worth covering; I just have to spare the time to fit everything under an hour. It would be extremely boring too 😂, and besides, there are going to be commands I use later in this episode and will provide a quick definition of what it is when I reference/use them. So let’s move on to the next section, where I want to discuss SSH. Secure Shell: Operations & Deploy Secure Shell (SSH) is the common means of connecting to and interacting with the command line of a remote Linux machine. In TryHackMe, we deploy two machines: * The Linux machine * The TryHackMe AttackBox Where we go over common shell operations as well as how to use it to remotely log into the Linux Machine. So, what we’ll do is create 2 VMs locally to emulate what we’re doing in TryHackMe (or at least as close as possible). The main VM we will make should be a standard setup in terms of memory and storage allocation. This will be our “Attack Box”, and it will be using Kali Linux. The second VM we create will be our “Target Linux Machine”, and I’ll use ParrotOS for this one, to change it up a bit. You are more than welcome to use 2 Kali Linux VMs. Ubuntu, being the 2nd VM, is ideal if you can get it set up, but I’m having compatibility issues that I don’t feel like resolving, so I'm stuck with 2 different Debian-based distros. I’ll walk through how to set both up a bit later on, but our Attack Box will be where we get to test out some of these shell commands. I’m also going to walk through a cool and simple exploit to give an idea of what’s capable in the world of pen testing. A few of those operations are as follows: * &: This operator allows you to run commands in the background of your terminal. * &&: This operator allows you to combine multiple commands together in one line of your terminal. * >: This operator is a redirector - meaning that we can take the output from a command (such as using cat to output a file) and direct it elsewhere. * >>: This operator does the same function of the > operator but appends the output rather than replacing (meaning nothing is overwritten). If we want to get into more details on each operator: Operator “&” This operator allows us to execute commands in the background. For example, let’s say we want to copy a large file. This will obviously take quite a long time and will leave us unable to do anything else until the file is successfully copied. The “&” shell operator allows us to execute a command and have it run in the background (such as this file copy), allowing us to do other things! Operator “&&” This shell operator is a bit misleading in the sense of how familiar is to its partner “&”. Unlike the “&” operator, we can use “&&” to make a list of commands to run for example command1 && command2. However, it’s worth noting that command2 will only run if command1 was successful. Operator “>” This operator is what’s known as an output redirector. What this essentially means is that we take the output from a command we run and send that output to somewhere else. A great example of this is redirecting the output of the echo command that we learned in Task 4. Of course, running something such as echo wordsILoveToSay will return “wordsILoveToSay” back to our terminal — that isn’t super useful. What we can do instead is redirect “wordsILoveToSay” to something such as a new file! Let’s say we wanted to create a file, and I’ll name it newFile with the message “sup”. We can run echo sup > newFile where we want the file created with the contents “sup” like so: Now I personally don’t see much use of this other than allowing users to save command results directly to a file for later but I feel that’s something you’d just work on in whatever file you are writing code in. I could be missing the nice use case and maybe it’ll come to me in practice. That leads us to the “>>” operator. Operator “>>” This is pretty much an extension of the previous command. But instead of creating or replacing an entire file with the new command, this operator appends the output. These are just very basic Linux commands, and I’m sure I’ll find more use for them the more I dabble. There is a lot more basic knowledge that I feel is useful but to go into detail on each one would make this a very long episode. So in the next section, im just going to list the command, give a quick definition, and show an example screenshot if applicable. The File System Navigating the file system is extremely important, but can be summed up clearly, in which your file system is like your playing field in an RPG, table top, or digital. In that RPG’s playing field/world (the filesystem), there are many paths that you can take once you leave home (different paths like /Home/Desktop/Pictures & /Home/Downloads/cool_img.jpg). But you can always come back home and even further, go back to your root(s)…aka /~. I haven’t seen anyone make a similar analogy, so I’m gonna call dibs on that until further notice 😏. But you want to be able to navigate your file system(s) effortlessly, because sometimes time is not on your side when trying to execute an exploit or defend yourself from one. Terminal Text Editor If you’re a command-line wizard, you’d probably want to do everything in one location, including code updates. Well, there’s a way for you to do just that by accessing a code editor in your terminal window with Nano or VIM Nano (GNU nano) is a text editor [https://en.wikipedia.org/wiki/Text_editor] for Unix-like [https://en.wikipedia.org/wiki/Unix-like] computing systems or operating environments using a command line interface [https://en.wikipedia.org/wiki/Command_line_interface] that emulates the Pico [https://en.wikipedia.org/wiki/Pico_(text_editor)] text editor. It can be initialized with nano {fileName}. For example lets say in the “Best Folder” I created on my Kali Linux VM, I wanted to create a new file with text and then make a longer edit to the file. Instead of doing a bunch of ”>>” operations, we can just open up the file and make the full text change as needed. Quick little video of me doing just that: This is an oversimplification of Nano’s use, but you get the picture of the capabilities. VIM is a much more advanced text editor. Some of VIM’s benefits, albeit taking a much longer time to become familiar with, include: * Customisable - you can modify the keyboard shortcuts to be of your choosing * Syntax Highlighting - this is useful if you are writing or maintaining code, making it a popular choice for software developers * VIM works on all terminals where nano may not be installed * There are a lot of resources, such as cheatsheets [https://vim.rtorr.com/], tutorials, and the like, available to use. VIM, however, needs to be installed on your OS if it isn’t already from your distro you installed (in my case, it was). So, below is another quick video of how to get this installed, and I will make another edit to the file we altered using Nano. This video has a bit of rambling and is NOT shorter than the one for Nano 😅. But after understanding the basics of Nano and VIM, you are well on your way to becoming a command-line hero. General Utilities There are a handful of general utilities at our disposal, but I want to make sure I cover downloading files, secure copy transfers, and serving files from a separate server. Secure Copy (SCP) Secure copy is as it seems, a means of securely copying files. Working with it requires only a SOURCE and a DESTINATION. Unlike the regular cp command, this command allows you to transfer files between two computers using the SSH protocol to provide both authentication and encryption. It goes 2 ways, you can: * Copy files & directories from your current system to a remote system * Copy files & directories from a remote system to your current system Provided that we know usernames and passwords for a user on your current system and a user on the remote system. For example, let's copy an example file from our machine to a remote machine, which I pulled from TryHackMe: With this information, we can craft our scp command (remembering that the format of SCP is just SOURCE and DESTINATION): scp important.txt ubuntu@192.168.1.30:/home/ubuntu/transferred.txt And now let's reverse this and layout the syntax for using scp to copy a file from a remote computer that we're not logged into The command will now look like the following: scp ubuntu@192.168.1.30:/home/ubuntu/documents.txt notes.txt Downloading and serving files To cover these 2, I made another video clip walking through how to accomplish this. I highly recommend watching the video clip so you can see this in action, but to sum it up how TryHackMe has it: Downloading Files (Wget) The wget command allows us to download files from the web via HTTP -- as if you were accessing the file in your browser. We simply need to provide the address of the resource that we wish to download. For example, if I wanted to download a file named "myfile.txt" onto my machine, assuming I knew the web address, it would look something like this: wget https://assets.tryhackme.com/additional/linux-fundamentals/part3/myfile.txt In my video example, I show you how to do this between two VMs. Serving Files Ubuntu machines come pre-packaged with python3. Python helpfully provides a lightweight and easy-to-use module called "HTTPServer". This module turns your computer into a quick and easy web server that you can use to serve your own files, where they can then be downloaded by another computer using commands such as curl and wget. In my example video, we create a new server in my ParrotOS VM using the command python3 -m http.server within the directory where the target file lives, and once that’s running in your Linux machine, you’d run the following command → wget http://:8000/myfile.txt. You can get the IP on whatever machine you’re working with by using ip a. That command will print out something like this: The IP address we want to look for is the inet value on ether, which is 192.168.64.2. So if I were to use this IP in the command from before, it would look like wget http://192.168.64.2:8000/myfile.txt. Sometimes you won't have access to make a GET request to servers you don’t have permission to access. But this leads us to understanding our local permissions Permissions 101 The great thing about Linux is that permissions can be so granular that, whilst a user technically owns a file, if the permissions have been set, then a group of users can also have either the same or a different set of permissions to the exact same file without affecting the file owner itself. Let’s put this into a real-world context; the system user that runs a web server must have permissions to read and write files for an effective web application. However, companies such as web hosting companies will have to want to allow their customers to upload their own files for their website without being the web server system user -- compromising the security of every other customer. Below is an overview of the types of permissions: r - Permission to read. This grants permission only to open and view a file. w - Permission to write. This grants permission only to view and edit a file. x - Permission to execute. This allows users to execute a file (but not necessarily view or edit it). To move ownership of a file to a different user so that they can control permissions, we can use the chown (change owner) command. For example: chown ringo /tmp/coolFile Similarly, you can change ownership from one group to another by using chgrp (change group). In this case, we want to give the security team access to a recently downloaded defensive tool, IDS (intrusion detection system). You would run a command like this: chgrp securityGroup newIDS This comes in handy if you are working with a team of pentesters, but the defensive/security team only needs full access to certain tools. Switching between users on Linux is easy thanks to the su command. Unless you are the root user (or using root permissions through sudo), then you are required to know two things to facilitate this transition of user accounts: * The user we wish to switch to * The user’s password The su command takes a couple of switches that I think are relevant to this explanation, but definitely check out the manual page for su to find out more. I’m just gonna cover the -l switch. By providing the -l switch to su, we start a shell that is much more similar to the actual user logging into the system - we inherit a lot more properties of the new user, like environment variables and such. For example, in the screenshot below, you can see the use of the -l switch and an instance without it. When using su to switch to "ringo", our new session drops us into our previous user's home directory. Whereas, after using -l, our new session has dropped us into the home directory of "ringo" automatically. Now let’s get back to the permissions. As noted before, every file and directory has a set of permissions that control who can read, write, or execute it. These permissions are often displayed in symbolic format, such as: rwxrwxrwx I find it easier to read as rwx|rwx|rwx. This format is split into three groups: Each permission has a numeric value: To calculate the numeric value, we add the values together for each group. Some common examples are: Understanding numeric permissions is important because: * Many Linux commands use numeric values * You can quickly identify security risks * You can control who can access sensitive files For example, we’d use the chmod (change mode) command followed by the numeric permission setting and then end it with the target file or directory, like so: chmod 750 system_overview.txt This means for system_overview.txt: * Owner: full access * Group: read + execute * Others: no access I highly recommend getting familiar with reading, granting, and removing permissions and their numeric format. Still trips me up a bit, but I’m sure over time, I’ll get very accustomed to reading it easily. The last major thing I wanted to discuss was automation. Automation and the Cron Process Users may want to schedule a certain action or task to take place after the system has booted. Take, for example, running commands, backing up files, or launching your favourite programs on, such as Spotify or Google Chrome. So I’ll be talking about the cron process, but more specifically, how we can interact with it via the use of crontabs . Crontab is one of the processes that is started during boot, which is responsible for facilitating and managing cron jobs. A crontab is simply a special file with formatting that is recognised by the cron process to execute each line step-by-step. Crontabs require 6 specific values: Let’s use the example of backing up files. You may wish to back up “mortaniel”’s “Documents” every 12 hours. We would use the following formatting: 0 */12 * * * cp -R /home/mortaniel/Documents /var/backups/ An interesting feature of crontabs is that they also support the wildcard or asterisk (*). If we do not wish to provide a value for that specific field. For example, we don’t care what month, day, or year it is executed -- only that it is executed every 12 hours, we simply place an asterisk. This can be confusing to begin with, which is why there are some great resources, such as "Crontab Generator [https://crontab-generator.org/]", that allows you to use a friendly application to generate your formatting for you, as well as the site "Cron Guru [https://crontab.guru/]". If you need to start cron, you simply run cron. Crontabs can be edited by using crontab -e, where you can select an editor (such as Nano) to edit your crontab. In my example below, I confirmed Cron was running, and I created a new cron job to write out a message in a text file every 2 min. That cron command is: */2 * * * * echo "🔔 Cron fired at $(date)" >> ~/Desktop/cron_demo.txt An easy way to follow that cron job is to tail the file and watch it in your terminal tail -f ~/Desktop/cron_demo.txt Bash Scripting Now let’s have a little fun, we’re gonna create a lil script that will just be a series of questions, inputs, and the final echo statement that combines the input into a sentence. That doesn’t sound exactly thrilling lol, but it will give you a general idea on how to create and execute scripts. Scripts can be executed through many methods and languages. Most interpreted languages (Python, Bash, Ruby, etc.) just need the runtime installed, and then scripts for that language can be run directly from the terminal. Compiled languages (C, Go) need a build step first. The shebang line #!/usr/bin/env python3 lets you run scripts directly as ./python_demo.py on Unix systems, after making them executable with chmod +x python_demo.py. The same thing goes for creating a shell/bash script, just slightly different syntax: #!/bin/bash/ From here, we will then start to build out our script. Now I’ve built the same script in both Python and Shell, just so you can see different flavors of the same code. Python #!/usr/bin/env python3 # Second script # Multi line text name = input("State your name, playa.\n") fruit = input("What's your favorite fruit?\n") print(f"Welcome to the Vice City, {name}. We have the finest {fruit} in the country.") Shell/Bash #! /bin/bash/ # Second bash script # Multi line text echo "State your name, playa." read name echo "What's your favorite fruit?" read fruit echo "Welcome to the Vice City, $name. We have the finest $fruit in the country." Here you can see the 2 different ways to prompt users a couple of questions, storing the answer in a variable, and then printing out the last sentence with the variables included. The main difference here is how Python stores variables and how Shell stores them. I’m not an expert on Shell, but from what I learned, the read command takes the user input and splits the string into fields, assigning each new word to an argument. If there are fewer variables than words, read stores the remaining terms into the final variable. The splitting behavior is more advanced, and typically, you will just be using 1 variable at a time. When it comes to Python, it’s clearly much cleaner in terms of being readable from the jump. You see both the name and fruit variables followed by the “=” operator, which is a clear indication that whatever else follows will be assigned to that variable. In our case, the input() function follows the “=” operator, which tells us that there will be a prompt that a user will need to respond to. That input is then stored in the connected variables. Finally, we print out a full sentence with those variables included. One caveat is that with Python, to include variables inside of strings, we need to use F-strings. With f-strings (formatted string literals), you can directly embed variables and expressions inside strings using curly braces {}, and this was introduced in version 3.6 to make string formatting and interpolation easier. Python remains the most versatile language for scripting and automation in ethical hacking, so any type of scripting or exploits I make in future entries will use Python only, unless a different language serves the exploit better. Below is a quick demo on both scripts and how they are executed in the terminal. Conclusion That about wraps it up for this episode. I’ve only scratched the surface of Linux basics, and there are a handful of other things to look into and get a better understanding of if you want to continue learning the basics: * Flags & Switches * Package management * Logs * Processes I hope that this was very insightful for everyone and that I sparked some interest in folks to invest some time in getting to know Linux a bit deeper ✌🏾. If you want to keep up with my work or want to connect as peers, check out my social links below and give me a follow! * 🦋 Bluesky [https://bsky.app/profile/digitaldopamine.dev] * 📸 Instagram [https://www.instagram.com/digital_dopamine_llc/] * ▶️ Youtube [https://youtube.com/@digitaldopaminellc?si=sujxCAMyboNvidiW] * 💻 Github [https://github.com/kdleonard93] * 👾 Discord [https://discord.com/users/407639833146818570] Get full access to Digital Dopamine at digitaldopaminellc.substack.com/subscribe [https://digitaldopaminellc.substack.com/subscribe?utm_medium=podcast&utm_campaign=CTA_4]

Tokenizing Private Credit, Real Estate, National Debt, and Everything Else

Blockchain and Tokenization Popularity Boom Tokenization has become one of the new buzzwords in the world of finance. Your 401(k) may already be invested in assets you've never heard of, through technology you don't understand — and the people making those decisions didn't ask your permission.There are a lot of people who barely know much about blockchain, and it’s been around even before cryptocurrency was a thing, and tokenization is just an extension of digital assets. So I feel like I should go over both just a bit. Blockchain A blockchain is a digital ledger, which is a record-keeping system, that stores information across a network of computers rather than in a single centralized location. Think of it as a shared spreadsheet that thousands of computers maintain simultaneously, where every entry is permanent, time-stamped, and visible to participants on the network. Some key features and benefits are: * Decentralization: No single institution (no bank, no government, no company) controls the ledger. It’s maintained by a distributed network of computers (called “nodes”). * Immutability: Once a transaction is recorded, it cannot be altered or deleted. Every entry is cryptographically linked to the one before it, forming a “chain” of “blocks” — hence the name. * Transparency: On public blockchains, every transaction is visible to anyone who looks. This is a feature for accountability, but also a concern for privacy, since financial activity becomes traceable. * Smart contracts: Blockchains can execute automated agreements — code that says “if X happens, then do Y.” For example, a smart contract could automatically distribute rental income to token holders every month without a human intermediary. Tokenization Tokenization is the process of creating a digital token on a blockchain that represents ownership of real-world assets like real estate, art, or stocks, as well as intangible assets such as intellectual property or voting rights. Tokenization enables easier asset transfers, ownership verification, and fractional ownership. Imagine a commercial building worth $10 million. Traditionally, you'd need millions of dollars and a team of lawyers to buy it. With tokenization, the building's ownership can be divided into 10 million tokens worth $1 each. An investor could buy 100 tokens for $100 and own a tiny fraction of that building, receiving proportional rental income and being able to sell those tokens on a digital marketplace. Now this may sound like a scenario where the average Jamal has a seat at the big dawg table, but that fractional piece of ownership will never outweigh the millions or billions of dollars the elite will put in all at once, maybe even taking ownership of all available tokens for that digital asset themselves. How Tokenization Connects Real-World Assets to the Blockchain Let’s cover a bit on exactly how Tokenization Connects Real-World Assets to the Blockchain [https://www.hedgeco.net/news/03/2026/the-26-billion-threshold-for-tokenized-real-world-assets-rwas.html]: * The asset exists in the real world — a piece of real estate, a corporate loan, a Treasury bond, shares in an ETF, etc. * A legal structure is created that ties the digital token to legal ownership rights over that asset. This is the critical (and often fragile) link, because the token is only as good as the legal framework backing it. * Tokens are then issued on a blockchain, where they can be bought, sold, held, or used as collateral — 24 hours a day, across borders, without traditional intermediaries like brokers or clearinghouses. But this presents its own issues with cyber criminals and hacking. * Last but not least, Smart contracts automate functions like interest payments, dividend distributions, compliance checks, and transfer restrictions. But what is being tokenized right now, you ask? * U.S. Treasuries and money market funds (~$12 billion tokenized) — led by BlackRock’s BUIDL [https://coinpaprika.com/education/blackrock-buidl-fund-what-it-is-and-how-it-works/] fund and J.P. Morgan’s MONY fund [https://am.jpmorgan.com/us/en/asset-management/adv/about-us/media/press-releases/jp-morgan-asset-management-launches-its-first-tokenized-money-market-fund/] * Private credit (~$9 billion tokenized) — corporate loans that were traditionally opaque and illiquid * Real estate — commercial and residential properties fractionalized for smaller investors * Commodities — tokenized gold and trade receivables * ETFs and fund shares — increasingly being explored for on-chain issuance Who Is Leading The Financial Tokenization Charge Like I just mentioned, tokenization converts ownership of physical or financial assets into digital tokens on a blockchain (real estate, loans, Treasury bonds, ETFs), and we have big players like BlackRock, J.P. Morgan, Goldman Sachs, Franklin Templeton, and Apollo Global Management, leading the charge. The tokenized real-world asset market surpassed a staggering $26 billion by early 2026, which is a fourfold increase from early 2025, with private credit and U.S. Treasuries dominating. The Private Credit Problem Large lenders, including BlackRock, Blue Owl, and J.P. Morgan, have restricted investor withdrawals from private credit funds amid rising interest rates and borrower distress. Businesses that took on these loans are struggling to service their debt, and what most people don’t know is that tokenization is being positioned as a solution. The plan is to create secondary markets for these illiquid loans, fractionalize them, and potentially offload the risk to a broader pool of investors. Some might call this a genuine innovation in the digital landscape of finance, but I call it transferring risk from institutional balance sheets to less sophisticated investors. The private credit market is sitting at a staggering $3 trillion [https://www.npr.org/2026/03/19/nx-s1-5747128/private-credit-equity-jamie-dimon-wall-street], and investors want out, which could cause major ripple effects in the broader markets. Now I can go deep into a rabbit hole on the issues in the private credit market alone, but let’s stick to our focus on the tokenization of all these connected issues. The 401(k) Pipeline Back in August 2025, President Trump signed an executive order directing the Department of Labor to open 401(k) plans to alternative investments, including private equity, private credit, and digital assets. Essentially, just giving America’s $13.9 trillion in defined-contribution retirement plans to private-asset giants like Apollo, Blackstone, and BlackRock. Target Date Funds — where most workers’ 401(k) money sits by default — were designed for daily liquidity, transparency, and public markets. They were never built to house illiquid private equity or gated real estate. As one longtime fiduciary advisor put it: “This quiet push isn’t democratization. It’s risk transfer.” And a lot of workers typically have little or no say in how their plan providers allocate funds. The risks are substantial on multiple fronts: [https://ideas.darden.virginia.edu/private-assets-retirement-plans] * You have higher fees than traditional index funds. * Your money is locked up for years. * It’s less transparent in terms of knowing which companies took out these risky loans. * And there’s no guarantee of performance. Legal experts warn that many plan committees lack the expertise to evaluate private market investments, and attorneys are already watching for ERISA fiduciary violations — ERISA being the 1974 federal law [https://www.dol.gov/general/topic/retirement/erisa] specifically designed to protect workers in retirement plans like these. The Security Problem No One Wants to Talk About Tokenization’s promise depends entirely on the security of the systems holding these assets. And right now, those systems are under siege from every direction — nation-states, organized crime, AI-powered scam operations, and even physical violence. State-Sponsored Theft: The North Korea Problem North Korean hackers, operating under the umbrella group known as Lazarus Group, stole $2.02 billion in cryptocurrency in 2025 alone [https://www.nbcnews.com/tech/crypto/north-korea-stole-billions-crypto-2025-new-research-says-rcna249738] — a 51% increase from the prior year and their all-time record. Their cumulative total now exceeds $6.75 billion. The single largest heist was the February 2025 Bybit hack: $1.5 billion in Ethereum stolen [https://www.bbc.com/news/articles/c2kgndwwd7lo] by compromising a third-party wallet provider’s developer through social engineering. The FBI formally attributed the attack to North Korea’s TraderTraitor unit. What makes this especially relevant to tokenization is that these hackers aren’t breaking the blockchain itself. They’re targeting the human and operational layers around it — the developers, the wallet software, and the interfaces people actually use. When real-world assets like Treasury bonds, real estate, and private credit are tokenized and held in similar infrastructure, the attack surface for nation-state hackers grows enormously. We’re no longer talking about stolen cryptocurrency; we’re talking about the potential theft or manipulation of tokenized deeds, loan obligations, and retirement fund shares. North Korea is the only country in the world known to use state-sponsored hacking primarily for financial gain, and the proceeds fund its nuclear and missile programs. A senior Biden administration official estimated that roughly 50% of North Korea’s foreign-currency earnings come from cybercrime. Now, just think about your 401(k) assets becoming tokenized on the same kind of infrastructure these hackers are already systematically exploiting; the risk is no longer theoretical. The AI-Powered Fraud Explosion AI is becoming embedded in everything and is becoming more of a security risk for our everyday lives today, without even considering tokenization. Crypto scam losses hit an estimated $17 billion in 2025, according to Chainalysis. These AI-powered scams — using deepfake video calls, cloned executive voices, and automated social engineering [https://us.norton.com/blog/online-scams/top-5-ai-and-deepfakes-2025] — extracted 4.5 times more money than traditional scams. Impersonation scams surged 1,400% year over year. One investor lost $284 million in a single phishing attack after scammers impersonated hardware wallet support staff. [https://beincrypto.com/crypto-theft-loses-january-2026/] As tokenized assets become more mainstream, these same techniques will be weaponized against retail investors, plan administrators, and the platforms managing tokenized 401(k) assets. Imagine AI-generated deepfakes impersonating your retirement plan administrator, or phishing campaigns targeting the custodians holding tokenized private credit. The technology for these attacks already exists and is being used at industrial scale. Physical Violence: “Wrench Attacks” Here’s one most people don’t think about. As crypto values have risen and adoption has spread, criminals have increasingly turned to physical violence to steal digital assets. In 2025, verified physical attacks on crypto holders surged 75% year over year [https://www.coindesk.com/markets/2026/02/02/crypto-crime-is-getting-violent-wrench-attacks-jumped-75-in-2026] — kidnappings, home invasions, armed robbery, even torture. In one Canadian case, a family was held hostage overnight, waterboarded, and sexually assaulted for their Bitcoin [https://cryptonews.com/news/canada-bitcoin-wrench-attack-sentence/]. In France, the co-founder of crypto wallet company Ledger had his finger severed [https://fortune.com/crypto/2025/05/05/father-crypto-millionaire-rescued-held-ransom-finger-severed/] by kidnappers demanding ransom. A crypto entrepreneur and his wife were murdered in the UAE [https://www.theweek.in/news/middle-east/2025/12/04/poured-into-concrete-chilling-details-of-russian-crypto-millionaire-roman-novak-s-murder-in-dubai-uncovered.html] during a staged business meeting. These aren’t isolated incidents. Security firm TRM Labs documented roughly 60 reported physical assaults on crypto holders in 2025, and the actual number is likely significantly higher since many go unreported. Organized crime groups are outsourcing the violence to local gangs, and it’s not just the crypto millionaires but teachers, construction workers, and firefighters — anyone whose crypto holdings become visible. As tokenization expands and more people hold digital representations of real-world assets, the risk of physical targeting will grow alongside it. KYC databases that link real identities to wallet addresses, crypto ATMs, and regulated exchange accounts all create new vulnerabilities if breached. The Quantum Computing Horizon Another area we need to consider is quantum computing. Current blockchain security depends on mathematical problems that are impossible for today’s computers to solve. A sufficiently powerful quantum computer could theoretically derive private keys from public keys, enabling signature forgery and asset theft. Blockchain developers are working on post-quantum cryptography, and NIST has already standardized new signature schemes. But the transition will be slow and complex, and tokenized assets sitting on blockchains that haven’t migrated to quantum-resistant cryptography will be vulnerable. An IBM study estimated that quantum computing could compromise up to 40% of current cryptographic systems without preparation. The Institutional Trust Gap A recent survey of asset managers found that nearly half (48%) who don’t yet offer tokenized funds ranked cybersecurity resilience as their single top concern. Among asset owners, 63% selected cybersecurity as one of their most important criteria for choosing a tokenized services provider. The fundamental tension: blockchain’s immutability — the very feature that makes it trustworthy — becomes a liability when a breach occurs. Unlike in traditional finance, reversing or correcting a fraudulent transaction on a blockchain is far more complex, and in many cases, impossible. A bad loan on paper can be restructured. A stolen token is usually gone for good. If the financial industry is going to tokenize trillions of dollars in assets — including the retirement savings of millions of ordinary workers — the security infrastructure needs to be built to a standard that doesn’t yet exist. And until it does, every tokenized asset sitting on these systems carries a risk that most investors will never be told about. The Dollar, Stablecoins, and The Debt Question Stablecoins and the GENIUS Act Now that leads us to discuss the broader monetary backdrop and the huge issue with our national debt. President Trump banned federal CBDC development in January 2025 [https://bitcoinmagazine.com/politics/president-trump-signs-executive-order-to-ban-central-bank-digital-currencies-cbdc], but the administration simultaneously championed private stablecoins via the GENIUS Act, signed into law in July 2025 [https://en.wikipedia.org/wiki/GENIUS_Act]. Stablecoins are private digital currencies pegged to the dollar and typically backed by U.S. Treasuries and, in some cases, commodities — they've surged to a $312 billion market. Let's not forget, Trump called Bitcoin 'a scam' and 'a disaster waiting to happen' on national television in 2021 [https://www.businessinsider.com/trump-called-crypto-scam-now-owns-million-ethereum-disclosure-bitcoin-2024-8?op=1]. He said crypto was 'based on thin air.' Then, once he realized there was money to be made — NFTs in 2022, $1 million+ in Ethereum by 2024, and a $TRUMP meme coin in January 2025 — he did a complete 180 and declared himself the 'crypto president.' So when this same administration bans a government-issued digital dollar while signing the GENIUS Act to hand the digital payments infrastructure to private stablecoin companies, you have to ask: who is this really for? That's a rhetorical question — we know who it's for: the elite and billionaires of this country. The ban was framed as protecting Americans from government surveillance. But the practical effect is that the dollar is going digital regardless — the only question is whether public accountability or private profit drives it. Just to be clear, scammers are in most industries, and crypto is not a special place where only scammers benefit. There are good actors and great technology + services within the industry that have been overshadowed by scammers for quite some time. We also have to understand that the dollar is getting weaker and weaker [https://www.atlanticcouncil.org/blogs/what-the-data-shows-and-doesnt-show-about-the-future-of-the-dollar/] as our debt grows. Folks want to act as if dollar dominance will last forever, but we need to give up that pipe dream. Empires don’t last forever, especially when the people who control the money and legislation creation continue to exploit anyone who isn’t in the top 1% of wealthy individuals. Capitalism is, in a lot of ways, cannibalistic. It’s also worth noting that the Senate voted 89-10 this month, March 2026, to extend that ban on a government-issued digital dollar through at least 2030. [https://www.forbes.com/sites/tonyaevans/2026/03/13/the-senate-just-banned-a-digital-dollar-here-are-3-things-to-watch/] However, Washington is still backing private stablecoins, and the ban extension, which was included in the “ROAD to Housing Act” [https://www.congress.gov/bill/119th-congress/senate-bill/2651/text] bill, is still not signed into law. So no one knows if the extension will become a reality. The Dollar and the Debt Problem 39 trillion dollars……We just surpassed 39 trillion dollars in national debt, and our interest payments are 900 billion a year, and we the taxpayers, are footing that ginormous. The strategic logic is clear as day: widespread stablecoin adoption creates artificial demand for U.S. Treasury securities, helping the government service its enormous national debt by pushing borrowing costs down. Stephen Miran, a former top economic adviser to Trump and now a Federal Reserve committee member, has argued stablecoins could lower interest rates by as much as 0.4 percentage points. But critics argue this amounts to privatizing the monetary system — handing the infrastructure of digital payments to private companies (like Tether and Circle) that face far less oversight than banks, while creating a parallel financial layer where instability could cascade into the real economy. Leading economist Adam Posen of the Peterson Institute [https://www.piie.com/experts/senior-research-staff/adam-s-posen] has warned that he is “fundamentally very worried about financial stability in the United States,” citing stablecoin issuers’ insufficient regulation, potential cross-selling of risky crypto products, and the danger of a run if trust collapses. The dollar fell 9% in 2025 — its worst year since 2017 — driven by Fed rate cuts, tariff chaos, and broader uncertainty about U.S. economic management. If stablecoins or tokenized products destabilize, the ripple effects could reach the savings and retirement accounts of millions who never chose to be exposed to these instruments. Whether through a CBDC or stablecoins, the risk to savers is similar: if the underlying monetary system is being restructured to service national debt rather than protect purchasing power, the people holding dollars — in savings accounts, in 401(k)s, in paychecks — are the ones who absorb the cost. The Average Person/Investor Gets Left Holding The Bag I wanna be annoyingly clear about this: The people most at risk are those least involved in the decision-making. Workers whose 401(k) providers quietly allocate their retirement savings into private credit and alternative assets without meaningful disclosure, and savers whose purchasing power deteriorates as the dollar weakens and monetary policy contorts to service national debt. I mean, who the hell reads crypto whitepapers other than nerds like me? And even I have only read a few of them; S**t is overwhelming 😂. Your average Jamal doesn’t monitor blockchain ledgers; they just expect their retirement to be there when they need it or are ready to cash out. Why All of This Is Important to Know The promise of tokenization is real in theory: lower costs, faster settlement, broader access, and greater transparency. But the crucial issue is who benefits and who bears the risk. When major financial institutions tokenize their private credit portfolios, they gain liquidity and new distribution channels. When those tokenized products get funneled into workers’ 401(k)s through Target Date Funds, the risk is silently transferred to people who never asked for exposure to speculative, illiquid, complex assets — and who most likely won’t know they have it. Tokenization doesn’t eliminate the underlying risk of an asset. A bad loan is still a bad loan whether it’s on paper or on a blockchain. What tokenization does is make that loan easier to slice up, repackage, and sell to someone else. If this sounds familiar and worrisome, it should because it echoes the mortgage-backed securities that fueled the 2008 financial crisis, where complex instruments were distributed widely before anyone fully understood the risks embedded in them. The difference this time is that the packaging is digital, the plumbing is blockchain, and the people holding the bag may not even know what a token even is. If you want to keep up with my work or want to connect as peers, check out my social links below and give me a follow! * 🦋 Bluesky [https://bsky.app/profile/digitaldopamine.dev] * 📸 Instagram [https://www.instagram.com/digital_dopamine_llc/] * ▶️ Youtube [https://youtube.com/@digitaldopaminellc?si=sujxCAMyboNvidiW] * 💻 Github [https://github.com/kdleonard93] * 👾 Discord [https://discord.com/users/407639833146818570] Get full access to Digital Dopamine at digitaldopaminellc.substack.com/subscribe [https://digitaldopaminellc.substack.com/subscribe?utm_medium=podcast&utm_campaign=CTA_4]