Hello, friends! I'm thrilled to announce that The Homelab Almanac, v3.0 has officially launched! There is a ton of new stuff in this version, including:

• Proper DNS for the lab
• Lab PKI
• Automatic signed certificate retrieval
• New secrets management
• Proxmox clustering
• Network storage
• Cloud integration

And lots more. Now, with all this addition, plus the work to make it, I've had to increase the price to $29.99 USD. I know that's a lot. But for what THA is, I still think it's fair. But I'm also running a sale right now. Code OMGVERSIONTHREE gets you 50% off until the end of June.

And of course, if you've already purchased THA, you just got access to the new version. Thanks for being an early supporter!

I hope you love this new version of the book. I'm really happy with how it turned out.

And seriously: thank you to everyone who's supported @thetaggartinstitute over the years, and especially the folks who have purchased and enjoyed The Homelab Almanac. I had no idea what I was getting myself into writing this book, but it's been lovely to see folks build community around it.

https://taggart-tech.com/thav3/

He talked about electric cars. I don't know anything about cars, so when people said he was a genius I figured he must be a genius.

Then he talked about rockets. I don't know anything about rockets, so when people said he was a genius I figured he must be a genius.

Now he talks about software. I happen to know a lot about software & Elon Musk is saying the stupidest shit I've ever heard anyone say, so when people say he's a genius I figure I should stay the hell away from his cars and rockets.

In the wake of Trump's attacks on their institution, Harvard made their online courses on the US government, the US constitution, civic engagement, and more... available for FREE.

✅ Government Courses | Harvard University
https://pll.harvard.edu/subject/government
#trump #civil #harvard #education

I did some reversing/exploring on a widely used IoT product for fun this week, and here’s what I found:

- embedded Linux on an SD card
- SD card not encrypted
- developed by a third party on behalf of the end customer who makes the actual device this thing is connected too
- runs the code in docker containers from a private container repo
- docker credentials for private repo stored locally
- can use docker credentials to access containers for all of third parties customers, not just the one who makes the device
- GitHub creds in bash history
- can access source code for all customer projects using said creds

So things are going well over there.

Creating a U.S. Bitcoin reserve will make taxpayers the biggest bagholders yet. The fundamental nature of Bitcoin is it’s a pyramid scheme propped up by new entrants buying in to enrich the previous buyers.

It hits bust cycles whenever the flow of new buyers slows until some catalyst creates an influx of new rich buyers. The price is now so inflated the new buyers need to be sovereign wealth funds or hedge funds to maintain the price. But where do you go when those run out?

USA! USA!! USA!!!

A recent move by Google to populate the Internet with eight new top-level domains is prompting concerns that two of the additions could be a boon to online scammers who trick people into clicking on malicious links.

Frequently abbreviated as TLD, a top-level domain is the rightmost segment of a domain name. In the early days of the Internet, they helped classify the purpose, geographic region, or operator of a given domain. The .com TLD, for instance, corresponded to sites run by commercial entities, .org was used for nonprofit organizations, .net for Internet or network entities, .edu for schools and universities, and so on. There are also country codes, such as .uk for the United Kingdom, .ng for Nigeria, and .fj for Fiji. One of the earliest Internet communities, The WELL, was reachable at www.well.sf.ca.us.

Since then, the organizations governing Internet domains have rolled out thousands of new TLDs. Two weeks ago, Google added eight new TLDs to the Internet, bringing the total number of TLDs to 1,480, according to the Internet Assigned Numbers Authority, the governing body that oversees the DNS Root, IP addressing, and other Internet protocol resources.

Two of Google’s new TLDs—.zip and .mov—have sparked scorn in some security circles. While Google marketers say the aim is to designate “tying things together or moving really fast” and “moving pictures and whatever moves you,” respectively, these suffixes are already widely used to designate something altogether different. Specifically, .zip is an extension used in archive files that use a compression format known as zip. The format .mov, meanwhile, appears at the end of video files, usually when they were created in Apple’s QuickTime format.

Many security practitioners are warning that these two TLDs will cause confusion when they’re displayed in emails, on social media, and elsewhere. The reason is that many sites and software automatically convert strings like "arstechnica.com" or "mastodon.social" into a URL that, when clicked, leads a user to the corresponding domain. The worry is that emails and social media posts that refer to a file such as setup.zip or vacation.mov will automatically turn them into clickable links—and that scammers will seize on the ambiguity.

“Threat actors can easily register domain names that are likely to be used by other people to casually refer to file names,” Randy Pargman, director of threat detection at security firm Proofpoint, wrote in an email. “They can then use those conversations that the threat actor didn’t even have to initiate (or participate in) to lure people into clicking and downloading malicious content.”

https://arstechnica.com/information-technology/2023/05/critics-say-googles-new-zip-and-mov-domains-will-be-a-boon-to-scammers/