diff --git a/_includes/layouts/base.njk b/_includes/layouts/base.njk
index 9965b3d..c329563 100644
--- a/_includes/layouts/base.njk
+++ b/_includes/layouts/base.njk
@@ -19,7 +19,7 @@
 		<link rel="stylesheet" href="{% getBundleFileUrl "css" %}">
 		<link rel="stylesheet" href="{% getBundleFileUrl "css", "defer" %}">
 		<script src="{% getBundleFileUrl "js" %}"></script>
-		<script src="{% getBundleFileUrl "js", "module %}"></script>
+		<script src="{% getBundleFileUrl "js", "module" %}"></script>
 		{% getBundle "html", "head" %}
 	</head>
 	<body>
diff --git a/_includes/layouts/deck.njk b/_includes/layouts/deck.njk
index c3ca0df..ba1b4fd 100644
--- a/_includes/layouts/deck.njk
+++ b/_includes/layouts/deck.njk
@@ -1,5 +1,5 @@
 <!doctype html>
-<html lang="{{ metadata.language}}">
+<html lang="{{ metadata.language }}">
 	<head>
 		<meta charset="utf-8">
 		<meta name="viewport" content="width=device-width, initial-scale=1.0, maximum-scale=1.0, user-scalable=no">
diff --git a/content/blog.njk b/content/blog.njk
index c7e04d6..689daa5 100644
--- a/content/blog.njk
+++ b/content/blog.njk
@@ -1,10 +1,10 @@
 ---
 layout: layouts/home.njk
 eleventyNavigation:
-  key: Archive
+  key: Posts
   order: 2
 ---
-<h1>Archive</h1>
+<h1>Posts</h1>
 
 {% set postslist = collections.posts %}
 {% include "postslist.njk" %}
diff --git a/content/blog/github-codesarch.md b/content/blog/github-codesarch.md
new file mode 100644
index 0000000..8320073
--- /dev/null
+++ b/content/blog/github-codesarch.md
@@ -0,0 +1,34 @@
+---
+title: Abusing regex in GitHub code search
+date: 2025-04-24
+tags:
+	- short
+	- cybersec
+---
+
+I recently discovered that the new(ish) GitHub Code Search feature
+supports regular expressions. While dorking on the classic GitHub search
+has been documented to death by skids, I haven't seen anyone reference this yet.
+I'm sure someone is using it, since it's powerful.
+
+Case in point:
+```
+/"[a-z]{4}(?: [a-z]{4}){3}"/ language:Python SMTP
+```
+
+That regex is a bit tricky, but it's just matching for 4 space-separated
+groups of 4 lowercase letters. What good does that do, you might ask?
+The SMTP should be a hint - it's some kind of credential for email.
+More specifically, this is the Google app password format.
+
+This search has 5k hits.
+
+I think Google will still block suspicious connections, so this isn't a huge
+pwn. But I guarantee at least one of these accounts has bad opsec, so you can
+determine their location. Combined with a bit of residential proxy work... you
+get the idea.
+
+GitHub should be a lot more proactive about this stuff - blocking it from
+search, blocking it from public discovery, or even blocking the commit
+itself. Most people who are posting this stuff don't know how they could do it
+better.
diff --git a/content/blog/hacking-hikmicro-pt1/hacking-hikmicro.md b/content/blog/hacking-hikmicro-pt1/hacking-hikmicro.md
index 80a1fe9..5447eff 100644
--- a/content/blog/hacking-hikmicro-pt1/hacking-hikmicro.md
+++ b/content/blog/hacking-hikmicro-pt1/hacking-hikmicro.md
@@ -1,7 +1,9 @@
 ---
 title: Reversing an image format
 date: 2025-01-15
-tags: [reverse-engineering, hacking-hikmicro]
+tags:
+	- reverse-engineering
+	- hacking-hikmicro
 drafts: true
 ---
 
diff --git a/content/now.md b/content/now.md
index 38045be..5da8164 100644
--- a/content/now.md
+++ b/content/now.md
@@ -1,6 +1,7 @@
 ---
 layout: layouts/base.njk
 title: Now
+draft: true
 eleventyNavigation:
   key: Now
   order: 4
@@ -11,14 +12,13 @@ Rate-Monotonic scheduling my life.
 
 ### Playing
 
-- Helldivers 2 {gamepad}
+- Helldivers 2
 - Ocarina of Time Randomizer Multiworld [link](https://wiki.ootrandomizer.com/index.php?title=Multiworld)
 
 ### Doing
 
-- Putting out fires at $dayjob {fire}
 - Bouldering!
 
-## Breaking
+### Breaking
 
 - Hacking together servers with [NixOS](https://nixos.org/)
