<html>
<head>
<meta http-equiv="content-type" content="text/html; charset=UTF-8">
</head>
<body>
I've recently added the Risky Business podcast to my queue (I have a habit of drifting off to sleep wearing a pair Bluetooth headphones). Most of it is way over my head, but the Australian presenter really knows his infosec. <div><br /></div><div><a href="http://risky.biz/netcasts/risky-business" target="_blank">http://risky.biz/netcasts/risky-business</a><br /></div><div><br /></div><div>Just last night I was listening to the latest episode and Powershell gets a huge bashing (no pun intended) at the start for being insecure against hacks (both network traversal and privilege escalation, if I remember rightly). </div><div><br /></div><div>So, Risky Business podcast good and Powershell bad. </div><div><br /></div><div>Ta, </div><div><br /></div><div>Neal. <br /><br /><br />26. Aug 2016 18:57 by <a href="mailto:nottingham@mailman.lug.org.uk" target="_blank">nottingham@mailman.lug.org.uk</a>:<br /><br /><blockquote class="tutanota_quote" style="border-left: 1px solid #93A3B8; padding-left: 10px; margin-left: 5px;">-----BEGIN PGP SIGNED MESSAGE-----<br />Hash: SHA1<br /><br />On 22/08/16 09:07, Jason Irwin via Nottingham wrote:<blockquote>Or...<br /><br />A decision was taken years ago in isolation, which now turns out to<br />have been a bit silly and needs fixing.<br /><br />Either way, some of these comments make for some comedic reading: <br /><a href="https://github.com/PowerShell/PowerShell/pull/1901" target="_blank">https://github.com/PowerShell/PowerShell/pull/1901</a></blockquote><br />Note the agonising on there about possibly breaking PowerShell scripts<br />written on Windows that may rely on the erroneous operation...<br /><br />Myself, (to badly misuse a term) /surely/ an easy and compatible way<br />out is to have an environment variable that defaults to the erroneous<br />Windows way of working and that can be set to expose instead the *nix<br />way of things when set for a particular script... Easy?<br /><br /><br />In the surprisingly long discussion, ya just gotta LOVE the enthusiastic:<br /><br />#####<br />You bring up a great point. We added a number of aliases for Unix<br />commands but if someone has installed those commands on WIndows, those<br />aliases screw them up.<br /><br />We need to fix this.<br /><br />The only Q is what is the best way to do so? As Joey points out -<br />having shipped these, removing them is a breaking change. ...<br />#####<br /><br /><br />#####<br /><br />Wow, great discussion!<br /><br />#####<br /><br /><br />#####<br /><br />Thanks for providing input to make PowerShell great<br /><br />#####<br /><br /><br />What might this all mean? Hopefully that enthusiasm is all genuine<br />enthusiasm for discovering the power of FLOSS cooperation.<br /><br /><br /><br />Meanwhile, for an encore:<br /><br /><br />*Windows Update borks PowerShell – Microsoft won't fix it for a week*<br /><br />'We apologize for any inconvenience that this might cause'<br /><br /><a href="http://www.theregister.co.uk/2016/08/25/microsoft_breaks_powershell_with_borked_update_wont_fix_it_for_a_week/" target="_blank">http://www.theregister.co.uk/2016/08/25/microsoft_breaks_powershell_with_borked_update_wont_fix_it_for_a_week</a><br /><br /><br />... What was that about not causing breakage?...<br /><br /><br />One to watch further...<br /><br />Cheers,<br />Martin<br /><br /><br /><br />- -- <br />- - ╔═══════════════════╦══════════════════════════════════════════╗<br />- - ║ Martin Lomas ║ OpenPGP (GPG/PGP) Public Key: 0xCEE1D3B7 ║<br />- - ║ martin@ ml1 co uk ║ Import from hkp://subkeys.pgp.net or ║<br />- - ║ ----------------- ║ http:// ml1 .co .uk/martin_ml1_co_uk.gpg ║<br />- - ╚═══════════════════╩══════════════════════════════════════════╝<br />-----BEGIN PGP SIGNATURE-----<br />Version: GnuPG v2.0.15 (GNU/Linux)<br />Comment: Using GnuPG with Mozilla - <a href="http://enigmail.mozdev.org/" target="_blank">http://enigmail.mozdev.org</a><br /><br />iEYEARECAAYFAlfAguwACgkQ+sI3Ds7h07eNNQCggoPHYBXfY23CmQlGpxiOM/Au<br />lMcAn3fNex5O8q9HEvJW9wHEhaRtR0MK<br />=2j0H<br />-----END PGP SIGNATURE-----<br /><br />_______________________________________________<br />Nottingham mailing list<br /><a href="mailto:Nottingham@mailman.lug.org.uk" target="_blank">Nottingham@mailman.lug.org.uk</a><br /><a href="https://mailman.lug.org.uk/mailman/listinfo/nottingham" target="_blank">https://mailman.lug.org.uk/mailman/listinfo/nottingham</a></blockquote></div> </body>
</html>