Network Security at it's best at my school.
So firstly our school has only one wifi AP in the whole building and you can only access Internet from there or their PCs which have just like the AP restricted internet with mc afee Webgateway even though they didn't even restrict shuting down computers remotely with shutdown -i.
The next stupid thing is cmd is disabled but powershell isn't and you can execute cmd commands with batch files.
But back to internet access: the proxy with Mcafee is permanently added in these PCs and you don't havs admin rights to change them.
Although this can be bypassed by basically everone because everyone knows one or two teacher accounts, its still restricted right.
So I thought I could try to get around. My first first few tries failed until I found out that they apparently have a mac adress wthitelist for their lan.
Then I just copied a mac adress of one of their ARM terminals pc and set up a raspberry pi with a mac change at startup.
Finally I got an Ip with normal DHCP and internet but port 80 was blocked in contrast to others like 443. So I set up an tcp openvpn server on port 443 elsewhere on a server to mimic ssl traffic.
Then I set up my raspberry pi to change mac, connect to this vpn at startup and provide a wifi ap with an own ip address range and internet over vpn.
As a little extra feature I also added a script for it to act as Spotify connect speaker.
So basically I now have a raspberry pi which I can plugin into power and Ethernet and an aux cable of the always-on-speakers in every room.
My own portable 10mbit/s unrestricted AP with spotify connect speaker.
Last but not least I learnt very many things about networks, vpns and so on while exploiting my schools security as a 16 year old.

"Ralph" has been working on a process that updates a field in a SharePoint list and bellying aching for almost a month. Couldn't use the C# client, too hard...tried to use the SharePoint REST entry point, using C# too complex...Javascript also was overly complex. Tried to use PowerShell, that worked but could only run on the SharePoint Server and it didn't have access to the 3rd party system.

In our stand up this morning, again, he was belly aching he is still not done because of the complexity of SharePoint.

I thought "Good lord...what the frack is the problem? Surely other devs in the world aren't having this much of a problem."

Fire up google...search for an example...copy the MSDN C# example...run it...tada...updated the SharePoint list just fine. Maybe 15 minutes of effort (< 20 lines of mostly copy+pasted code).

Next stand up, I'm contemplating calling him out on the BS, but I suspect he had working code for a while. Wouldn't be the first time he has dragged his ass working on a project until folks get fed up waiting and he has an "intellectual breakthrough" and brags how all his effort was worth the time. Similar to the firefighter who starts fires just so he can 'be the hero'.

Security is a joke. And people don't seem to get it. Especially Data mungers.

I've spent about half an hour trying to work out how to securely connect to power BI using PowerShell in a renewable manner for unattended access later on.

Every single example I've found seems to involve you storing $user and $password variables inside your script. If I'm lucky, they're going to pass them through ConvertTo-SecureString. And nobody talks about securely storing AD auth tokens, or using the Windows Credential Manager.

I know it's possible, but it's going to take me ages to work out how from all sorts of disparate sources...

Fucking remote db doesn't want to work with me and workbench. DB is on an empty test server, no firewall issues on the network, powershell on my pc says ping ok, tcp failing though, server firewall not running, server up and running.
Tried to modify network access on db configs like bind-adress, set my db user "host" value to wildcard. Now I can log in on workbench with my user, yet root somehow fails, wtf?
And of course once the connection is live, no db us visible, accessible, nothing works. I'm so frustrated. About to nuke it and restart ... again!

Yes, I'd like to apply for your Macy's Cyber Security department please?

I hate that when developing on Windows I need like four different terminals. CMD, MINGW64/Cygwin/MSYS2, PowerShell. Each one has different functionality:
CMD - basic Windows commands
MINGW64 - emulates Linux terminal with frequent Linux commands and great support for Git
Powershell - access Windows COM, .NET etc.

Now there are solutions that attempt to solve this like Cmder (which is just more user-friendly ConEmu). These are console emulators which wrap all these in one window (with multiple tabs). But they are slow as hell. I have to wait like 10 seconds each time I start a terminal in Cmder, because the emulators need to run some huge startup scripts. But I just need to run one command from this one freaking folder!

Eventually I end up having like 30 different terminal windows open, each one different in functionality and each time I need to do something I must think about which terminal I need and in which folder. Furthermore I have to think about whether to run the terminal as administrator, but I usually forget that, so I have to close the terminal and reopen as admin. Why don't you just add something like su or sudo, Microsoft?

Just wanted to do some scripted image resizing for school in school because the teacher asked me to help her with that.
So I thought: Let's just write a tiny script. Written the script in almost no time (just iterates over all jpg's and resizes them)

30sec.

Now I tried to run it. Didn't have my laptop so I had to somehow run it on their windows PCs. At least it's windows 10, unlike other schools that still run XP and stuff so I thought it might be doable. Well guess what, nope it wasn't.

First tried to install imagemagick, that didn't work as only teacher accounts have admin and the teacher was already pretty scarred once he saw me doing stuff in powershell so I thought I'd better not ask to do this via a teacher account and mess with stuff as admin.

Next method: Installing msys2. That worked at least (after taking forever to install and having to mess with the av software to get it to run).
And there comes the next problem: pacman doesn't connect via the proxy so I can't download any packages. There is free wifi but only for teachers, and students aren't going to get access until the school finally has a faster connection because they'd (understandably) cause this connection to be constantly overloaded. I just happen to have access to this wifi network, too, because at least the guys from the IT dept know how bad using proxies under linux is. So I connect via wifi and it works. At least I thought: After running the script it yields weird errors about unsupported arguments even though the command is exactly the same I have been using for years (already checked typos twice)

Then got the idea of simply installing imagemagick on termux on android and transferring the files onto my phone.
Too bad we aren't allowed to attach our own USBs to the pcs. Luckily I got a rooted phone so I simply activate adb over network and connect to it.
After downloading the platform-tools I can't run them because of AV software. Luckily there is an option to add an exception per executable so I do that. After doing that it works.... nope it doesn't. The wifi only allows 443/tcp and 80/tcp, even for internal network devices.

So that's it. I'm simply going to upload that stuff to my nextcloud and convert it at home.

Windows, I hate you!!!

I know a lot of people aren't fans of Microsoft here, but does anyone have some extended experience with using powershell?

I've been using it for creating a script that handles quite a large set of tasks for setting up and configuring some application servers and so far I have been really digging the language. Being able to invoke the script against remote hosts in parallel like ansible has been a really cool learning experience.

Admittedly it's verbose as fuck, so getting the same thing done in something like python/perl might be like half the lines of code. And I know that some of the commands illicit a "WTF?" every now and again. But I think one of the powershell tutorials I watched early on in attempting this helped make using powershell not suck ass.

Every command is basically 'verb-noun'. You don't know what the command or switches are:
> get-help "command" -showwindow

It will give you a list of options if you didn't select the exact command with get-help.

It feels* amazingly buttoned up as a scripting language and it's really cool to be able to take advantage of lower level stuff, like you can run alternative shells (we have cygwin installed on some of our servers), you can run C# code, you have access to interfacing with .NET api's. I haven't messed with anything azure yet, but being able to interface with products and services like SQL/Exchange/O365/azure/servers/desktops from the same language seems pretty cool.

Admittedly, the learning curve feels terrible though. I felt like a dunce for the first couple weeks, couldn't navigate the language at all, and was always in the docs trying to figure stuff out. I think I just needed to understand how the people developing powershell intended for it to be used. Once I was able to put two-and-two together about the verb-noun structure and how to find information/examples about the cmdlets it's been quite easy to work with it.

If anyone else has any extended experience with it, please share your thoughts/opinions. Curious to see if your experiences are/were similar to mine.

If you don't have Powershell experience, please feel free to share your opinions of Micro$haft and me for using Micro$haft products too! It's all good 😎

I just got hired at a small MSP and I’m just utterly fucking frustrated by the shitty tools and complete lack of client documentation. I want to implement tons of FOSS tools for these newbhats but they seem to like spending money on tools that only work half-assedly at best... looking at you LogMeIn!

I’ve setup Apache Guacamole a few times before and want to get each client a guac-srv setup for client’s server mgmt. or PowerShell Web Access for clients.

I want to build AWS infrastructure for clients cause we can use cloudformation or terraform to build infrastructure. But these skunk-taint licking dipsticks would rather support physical 2003 servers. If I didn’t need this job to pay my bills right now I’d be fucking gone.

But... they are very nice people.

Just technologically speaking, they eat lead paint chips for breakfast and like to piss on electric fences for the funsies.

The whole windows server + ms sql server ordeal is the biggest fucking joke I've ever seen in my time being a dev.
The ms sql dashboard uses a hidden user to access files and stuffs, so I spent 1 hour trying to make the dashboard's explorer to find the database dump file, only to find out that the file need to be owned by the hidden user. So
I spent about 1 hour trying to set the correct owner of the dump file, but to no avail, the explorer still couldn't pick it up. Then I spent another hour to set the correct owner for the containing folder. Finally, a 6 years old answer on SO point out that I should just put the fucking .bak file in their default folder, and voilà, the fucking thing works like a charm.

I can't get why Microsoft has to go out of their way making permission management on their os so fucking convoluted. The fucking usernames are a fucking mess, you have to go through a bunch of form to change just the owner of a file (please don't start me up with that running some command on powershell bullshit, I would rather deal with bad GUI than a badly designed CLI)

If I were to being positive though, Microsoft is actually one of a few tech companies having a good technical decision of moving their shits over Linux.