@mrpowershell.com
Jack of all Trades, Master of PowerShell. Prolific Programmer Microsoft MVP in Azure / PowerShell https://mrpowershell.com/ https://github.com/StartAutomating https://github.com/PowerShellWeb NB, Neurodivergent, Nerdy, Newsjunkie. Ask me anything.
Because c# is inherently more rigid than PowerShell, and because PowerShell can compile C# inline.
And, yes, no offense meant, but this is a gap as a sec analyst.
PowerShell is *huge* in both hacking and cyber security.
Because it's inherently more dynamic than C#.
This is both a hot take and a wrong take.
First up, PowerShell already dynamically compiling every script your write.
Second up, it's really easy to compile anything with PowerShell.
Third up, PowerShell calls any compilation toolchain just fine.
Any questions ?
Sounds like a blast!
I'm pretty sure we'd all love to oblige!
Still figuring out scheduling but I feel like @brucepayette.bsky.social could go on about this for hours off the top of their head.
#FridayFun from the #GoodOldInternet
youtu.be/cCeeTfsm8bk
Mark Osborne's MORE
Still one of the best short films I've ever seen....
See what got the director of Kung Fu Panda nominated for an academy award.
In the spirit of simple feasibility...
I'd just change the env as soon as the runspace is open.
Alternatively, I _think_ you'd be able to control this with InitialSessionState.
I'm wondering just how many people understand that "alt" came from the days of Usenet.
Almost all of the fun Usenets were "alt".
The rest were "rec."
Also, not to flex too much more, but my ICQ number was somewhere in the 300,000 range.
And my BlueSky # is about a half million.
Just because I have grown older doesn't mean I'm less curious.
Just means I'm more annoyed at wheels being reinvented.
Hard relate.
I wrote the Critics Score for Rotten Tomatoes and was a founding member of the OFCS.
I wrote realtime video mixers in the days of 200mhz boxes.
I helped build a language millions use.
I am literally older than the Arpanet.
Young tech & everyone owes everything to old tech.
I like it.
And, yet, it's dogma I don't always agree with.
Got any other suggestions ?
( Will run this one past the trio )
I mean "how does the loot box get parsed / processed?".
And if you're not doing Invoke-Expression, or .ExpandScript, or just running it as PowerShell, you're probably good.
๐๐
( Personally I'd prefer either a json or psd1 file, both of which can be loaded safely )
Now, to play testing ๐
Just caught up with @brucepayette.bsky.social and @jsnover.com and talked tons about tech.
Going to be doing this every few weeks and uploading talks to YouTube.
Looking for suggestions from the Internet for potential podcast names.
Anyone got a good idea?
Any topics you want us to talk about?
I appreciate your insights, and don't mind the heat you are bringing.
I asked if it was open source.
And they answered.
And then I asked about the loot boxes.
And they will answer.
And perhaps this is my own psychological issue, but I feel l don't have too much of a platform and my imposter syndrome prevents me from feeling worthy of respect.
Yes, and I'm generally concerned about save file injection, too.
But I have less expertise in all save file injections than you, and defer to your expertise here.
Hopefully you can understand why I asked.
I hear you and respect you.
And I believe asking questions shouldn't be scary, it should be educational.
I look forward to the answer.
๐คท I think that when you're inviting the creation and sharing of disk assets you have a different category or two of risk.
And I believe I have seen some games make this mistake before.
But ๐คท happy to hear their answer.
Yes, and, they're usually not loading an external scripting language to poke at files.
Aka they can all have problems, but some scenarios may produce more open ended problems than others.
I'm ( slightly ) worried that they are doing an expansion in the loot box logic, which could enable bad "loot" spreading thru an otherwise cool looking game.
I've asked them. Let's let them answer.
Either they have it managed or the public awareness helps fix a problem before it starts.
Yes, bad games can come in all shapes and sizes.
And, also, some specific risks are present when user generated files are part of the play.
( This is what drew my eye )
Hence asking, and getting a good response, and then asking again about the potentially specific security concern.
Presuming the developer doesn't iex / expand string the box contents, my concern is mollified.
Well, if they make loot boxes that expand strings, then the risk isn't just the game's code anymore.
It's the loot box.
And that's what worries me.
Easy path for a game to implement with unexpected side effects.
Helpful write up.
The thing I am most concerned about ( still ) is the possibility for command injection in any of the "loot".
Can you confirm you're not using Invoke-Expression or .expandString when you're unpacking "loot"?
Nobody likes a trapped chest ๐งฐ๐ฃ
Oh every program is a risk, just some appear more risky than others.
Like games that open terminals and do funny things with files are slightly higher risk because:
- the open terminal and command injection
- the chance to hide vectors in files
The author's answers mollified some of the risk.
@juhrjuhr.itch.io
Is File Explorer Dungeon Crawler open source?
store.steampowered.com/app/3333010/...
It looks cool!
I have some slight security concerns that could be mollified if it was open source.
Can something look cool and also sus?
I think so.
Sadly, -a- that's exactly what I've done and -b- it seems not to work for plaintext or images, either -c- very ironically, their own docs recommend against content sniffing (for it can be the source of many security holes of its own).
Direct from the pds would be preferable.
tl;dr of what I'm trying to do is take Open Packaging Conventions files and try to upload them to the pds with an attached linked record.
This would basically make AtProto / BlueSky an open package source.
Any #AtProto people out there know why I would be getting "Internal Server Errors" on BlueSky blobs?
Was really hoping to see how a .zip file works in a blob.
Blobs seem to upload fine, and can be referenced in an at proto record.
Just don't seem to be available as a synced blob.
Any ideas?
All of this is to say: It's not just doing it for the team. It's doing this for your future self (who will not remember the context as well as you do when you're writing / updating it)
I tend to use the slightly macabre metric of:
"Would you understand this if you just woke up from a coma due to a traumatic brain injury?"
Anytime I don't meet that metric I'm inevitably disappointed with myself as I mentally re-parse my previous code.