Taggart Tech

There's nothing a user interface designer loathes more than complexity. Every design—at least, every modern design—seeks to minimize clicks, icons, visual noise. What if instead of a button, we had a borderless icon? What if instead of navigation controls, we used gestures?

And what if—hear me out—instead of search results, we had language model-distilled text delivered to you, hot and fresh?

The objective of DevOps is simplicity. But with so many moving parts, getting the Rube Goldberg machine to run without a hitch is challenging even under the best circumstances. Recently, I had a need for a rapid deployment of a LetsEncrypt-enabled web service, and I was tired of doing, well, any manual steps. So I buckled down and figured out how to get an app deployed with a real domain and a real cert in a single move.

Here's how I got it done. Hopefully this process can be of use for you.

This post is a preview of the upcoming book, The Homelab Almanac, by yours truly.

Why do you want to build a homelab?

"'Cause it seems fun," is a perfectly valid answer on a lot of levels! Unfortunately, it doesn't provide a lot of information about what equipment we need, or how we'll set it up in our home. For that, we need to dive into the nitty gritty of both intention and circumstance for your future lab.

Count me among those who are alarmed about the implications of "AI," such as it is. But I am not among those who worry about machines taking over. I see no signs of intelligence—either from the large language models being hyped right now, or from those doing the hyping. My concern around this technology is more mundane than apocalypse, but more profound than simple economic impact.

I'm terrified we're about to lose the war for truth.

In June 2022 when we launched The Taggart Institute, we knew that the mission was a daunting one: produce high-quality tech and cybersecurity instruction that people around the world could afford. Our formula was simple: make the basic courses free, and charge a reasonable price for advanced content. We hoped the quality of the free courses would motivate purchases of advanced material for those who could afford it.

It's Friday afternoon. It always happens on Friday afternoon. You're ready to be done for the week, having closed out a pesky ticket that took far too long. Just as you're about to lock the screen and punch out for the day, you watch the email arrive—almost in slow motion—with that dreadful tagline:

URGENT: Account Compromised

Goodbye to your Friday evening. You don't get to sit down and watch the game. You don't get to enjoy a nice dinner with the fam. Because you, through a series of questionable life choices, have made your way to the role of Lead Incident Responder. The clock is ticking, and all eyes are on you.

And you know you have at least 2 adversaries: the criminal trying to cause your organization harm, and your own flawed, bias-prone brain.

This is the story of how I used Microsoft Teams's own design against itself.

We all kinda know that Electron apps are dangerous—at least to our RAM, am I right??

But seriously, these cross-platform apps, because of how they get installed, present a tasty spot for attackers to take up residence and even inject malicious code into trusted applications, with the poor user being none the wiser.

Here's how it works.

POV: You're performing a pentest/red team engagement against a fairly hardened environment. You have, through creativity and perseverance, landed an implant on a workstation. Your session has low privileges, but the user may have local admin or associated higher-priv accounts. You're trying to remain stealthy, and normal lateral movement techniques might get detected. You need creds, but how to get them when everyone's watching you?

Answer: use SSO against itself by listening in on the browser.

Look, it's not original thinking to be concerned about the future of social media with a megalomaniacal billionaire threatening to impose regressive policies. Enough ink has already been spilled on what might or might not happen with Twitter as the new owner molds it in his image. The debate rages on about whether Twitter is a town square, whether it ought to be, or whether something that functions as a public service should in fact be driven by profit. But that debate misses the fact that some folks have already created a truly free alternative. It didn't require government intervention. As always in the open source software world, it simply took the conviction, creativity, and hard work of a community.

Or in this case, a federation of communities. This last week, I dove back into the Fediverse by way of Mastodon. Mastodon is a free and open alternative to Twitter—or "the birdsite," as users of Mastodon call it. What I've found has not just made me want to stay, but made me question my assumptions about social media in general.

Let's explore how your entry into the Fediverse might proceed.