HackerTrans
TopNewTrendsCommentsPastAskShowJobs

jborean93

no profile record

Submissions

PowerShell MSI Package Deprecation

devblogs.microsoft.com
1 points·by jborean93·vor 3 Monaten·1 comments

comments

jborean93
·vor 2 Monaten·discuss
This only works if credential guard has implemented a way to build a subsequent token/value from that secret. For things like basic auth the secret would need to eventually hit the userland process that needs it in some shape or form to then embed it in the HTTP payload which is plaintext.
jborean93
·vor 3 Monaten·discuss
> *nix fanboys were totes fine with wget and ls being an aliases in PowerShell for years but when they found out what PS is coming to Linux they made a biggest stink

The curl and wget aliases don’t exist on the PowerShell 7 version which is the cross platform one. Only the old powershell.exe builtin to Windows has these aliases and it’s worse today because curl.exe is builtin and the curl alias takes priority when you run just curl.
jborean93
·vor 3 Monaten·discuss
The runas command doesn’t elevate just runs as another user. This is a console executable that drives UAC and also provides a way to capture the stdout/stderr elevated process which isn’t natively possible today without your own wrapper.
jborean93
·vor 3 Monaten·discuss
Looks like Microsoft is trying to stop internal products from using MSI in favour of MSIX packages. MSIX is nice for interactive applications but has a few issues with dealing with system wide installations and automation scenarios that I doubt the PowerShell team will be able to solve by the time of the 7.7 release.
jborean93
·vor 5 Monaten·discuss
I don't mind NRT but I hate dealing with C# projects that haven't set < Nullable>Enable</Nullable> in their csproj. It's not perfect because I know at runtime it can still be nullable but it's nice when the compiler does most of the checks for you.
jborean93
·vor 6 Monaten·discuss
They didn't just write the PEP, they implemented them.
jborean93
·vor 6 Monaten·discuss
That's the thing, you don't have to :) While I think uv is a great tool and highly recommend it, you are more than welcome to use any of the other build backends or package management tools that fit your workstyle. By having these packaging PEPs (amongst) others, the ecosystem has been able to try out different approaches and most likely over time will consolidate on specific ones that work better than the others.
jborean93
·vor 6 Monaten·discuss
> They refused to invest in packaging to the extent that a separate company (astral) had to do it for them

uv didn't just happen in a vacuum, there has been lots of investment in the Python packaging ecosystem that has enabled it (and other tools) to try and improve the shortcomings of Python and packaging.

There's PEP 518 [1] for build requirements, PEP 600 [2] for manylinux wheels, PEP 621 [3] for pyproject.toml, PEP 656 [4] for musl wheels platform identifiers, PEP 723 [5] for inline script metadata.

Without all this uv wouldn't be a thing and we would be stuck with pip and setuptools or a bunch of more bandaid hacks on top making the whole thing brittle.

[1] https://peps.python.org/pep-0518/ [2] https://peps.python.org/pep-0600/ [3] https://peps.python.org/pep-0621/ [4] https://peps.python.org/pep-0654/ [5] https://peps.python.org/pep-0723/
jborean93
·vor 6 Monaten·discuss
There shouldn't be any difference between those two values. I'm not saying you are wrong and it didn't break but it's definitely surprising a parser would choke on that vs YAML itself being the problem.

Don't get me wrong I can empathise with whitespace formatting being annoying and having both forms be valid just adds confusion it's just surprising to see this was the problem.
jborean93
·vor 6 Monaten·discuss
& has no special behaviour in strings, backticks and $ on the other hand do. For example "&Some String&" and '&Some String&' are all the literal value `&Some String&`. Backticks and $ are special in double quoted strings as they are the escape character and variable reference chars respectively.
jborean93
·vor 7 Monaten·discuss
per-minute is really just a way to express the cost in a human friendly name. Doing per-hour, per-second, per-day could all result in the same total value just at a different number. If anything per-minute is better than per-hour as you won't be charge for minutes you don't use.
jborean93
·vor 7 Monaten·discuss
Maybe to you, I enjoy the fact that

> I don't knock it out of my head by having the wire catching on something > Dealing with the cable and having to pack it back up when I'm done > It auto connects to both my phone and laptop 99% of the time > It easily swap between the 2 as I change the focus

Now they aren't perfect, charging can be a bit fiddly over time but they certainly are nicer than the normal headphones. Maybe you just aren't the target audience but clearly they are popular enough for most people.
jborean93
·vor 8 Monaten·discuss
This seems a bit pedantic, while you may be correct (I honestly don't know what standard this is referring to) the UTF-8 BOM is a thing that some tools do know about. Even then in the context of OP's question the BOM with UTF-8 isn't the specific problem but rather how the shebang interpreter reads the actual ASCII byte sequences so a UTF-16 with a BOM "text" file would also fail.
jborean93
·vor 8 Monaten·discuss
That's the realm side which should be upper case. The comment reference was for hostname themselves which I've always just done as lower case and have never seen a reason to make it upper case. The krb5.conf has a [domain_realm] section which can map a DNS name/suffix to the actual realm

    [domain_realm]
    .domain.com = DOMAIN.COM
    domain.com = DOMAIN.COM
jborean93
·vor 8 Monaten·discuss
The problem I have with using a gMSA outside of Windows is you need a Kerberos principal and credential for that principal in the first place to allow retrieving the gMSA details. Why not just use that principal and avoid adding this next step.

It would be great if Linux had a mechanism where the host itself could act as the principal to retrieve the gMSA like on Windows but the GSSAPI worker model just works differently there and runs in process. A similar problem exists for using Kerberos FAST/armouring where Windows uses the hosts' ticket to wrap the client request but on Linux there is no privileged worker process that protects this ticket so the client needs to have full access to it.

The closest thing I've seen is gssproxy [1] which tries to solve the problem where you want to protect host secrets from a client actually seeing the secrets but can still use them but I've not seen anything from there to support gMSAs for armouring for client TGT requests.

[1] https://github.com/gssapi/gssproxy
jborean93
·vor 10 Monaten·discuss
The subsystem in question would be the one to handle the logic for the syscall. So the POSIX subsystem would use the reparse data buffer as needed. It's just that the Win32 subsystem added its own symlink one in Vista/2008.

This is all a guess, the POSIX subsystems were a bit before my time and I've never actually used them. I just know how symlinks work on Windows/NTFS and when they were added.
jborean93
·vor 10 Monaten·discuss
No idea if the POSIX subsystem used NTFS or some other filesystem but if it was NTFS it probably just used the same reparse data buffer. It's just that Windows only added a symlink buffer structure in Vista/2008. You can manually use the same data buffer in older Windows versions it just won't know what to do with them just like all the other reparse data structures.
jborean93
·vor 10 Monaten·discuss
It had junction points and hard links but symbolic links were added in Vista/Server 2008.
jborean93
·vor 3 Jahren·discuss
Can you share an actual example where you need to specify requirements twice. With pyproject.toml I know of 3 ways requirements are specified and they are all used by different things:

1. Build requirements - requirements needed to build your package from an sdist

2. Runtime requirements - requirements your library needs at runtime

3. Extra requirements - optional runtime requirements

For example my library pyspnego https://github.com/jborean93/pyspnego/blob/main/pyproject.to... has all 3:

1. Cython for Win32 needed to build the sdist and setuptools as the general build system - https://github.com/jborean93/pyspnego/blob/c3db058b636fc102f...

2. cryptography as a runtime dependency - https://github.com/jborean93/pyspnego/blob/c3db058b636fc102f...

3. optional extras kerberos and yaml - https://github.com/jborean93/pyspnego/blob/c3db058b636fc102f...

Granted the toml format and what is used in pyproject.toml has its warts but I'm curious what your joke and clown_fiesta examples are actually from as from where I am standing each section currently serve different purposes.