Podcasts about azure cli

  • 19PODCASTS
  • 37EPISODES
  • 38mAVG DURATION
  • ?INFREQUENT EPISODES
  • Jan 15, 2025LATEST

POPULARITY

20172018201920202021202220232024


Best podcasts about azure cli

Latest podcast episodes about azure cli

RunAs Radio
DevOpsDocs with Mattias Karlsson

RunAs Radio

Play Episode Listen Later Jan 15, 2025 36:15


Are your docs part of your DevOps cycle? Richard chats with Mattias Karlsson about automating documentation for APIs, cloud resources, and more! Mattias talks about using tools to build text files that contain every Azure resource being utilized, hopefully per application, along with API info, NuGet packages, and more. He also digs into the different audiences for that documentation - business wants to know what website exist, both interior and publically facing. Operations need to know what resources are consumed on-premises and in the cloud. Development is always looking for versions of APIs, calling approaches, etc. Maintaining documentation by hand is tedious and perpetually out-of-date. But if you can get up to speed with the tooling, you can make your documentation generate at the speed of deployment!LinksBicepAzure Resource InventoryAzure CLIPulumiRecorded October 29, 2024

The Daily Decrypt - Cyber News and Discussions
CyberSecurity News: Child Predators Get Ransomwared, Cloud CLI Exposes Credentials, United Nations Data Theft

The Daily Decrypt - Cyber News and Discussions

Play Episode Listen Later Apr 22, 2024


From malware developers targeting child exploiters with ransomware, to major cloud services exposing credentials, learn how digital vigilantes and technological oversights shape online security. Featuring insights on the United Nations' latest ransomware dilemma, uncover the intricate web of cybersecurity challenges faced globally. URLs for Reference: Malware Dev lures child exploiters into honeytrap to extort them AWS, Google, and Azure CLI Tools Could Leak Credentials in Build Logs United Nations agency investigates ransomware attack, data theft Follow us on Instagram: https://www.instagram.com/the_daily_decrypt/ Thanks to Jered Jones for providing the music for this episode. https://www.jeredjones.com/ Logo Design by https://www.zackgraber.com/ Tags: cybersecurity, ransomware, malware, cloud security, digital threats, cyber vigilantes, tech giants, United Nations, cyber attack, data theft, CryptVPN, AWS, Google Cloud, Azure, CLI tools, BleepingComputer, The Hacker News Search Phrases: Cyber vigilante justice malware extortion Cloud CLI tools security vulnerabilities United Nations cyberattack investigation CryptVPN ransomware against child exploiters AWS, Google, and Azure CLI tools leaking credentials Impact of ransomware on global organizations Cybersecurity threats in cloud computing Cybersecurity tactics against illegal online activities Data breach at United Nations agency New trends in cyber threats and digital security Transcript: Apr22 Malware developers are now targeting individuals seeking child exploitation material, employing cryptVPN ransomware to extort them by locking their systems and demanding payment, as revealed by Bleeping Computer. What methods are these developers using, and why do I want them to succeed? Leaky CLI, a vulnerability discovered by Orca in AWS, Google, and Azure CLI tools, is exposing sensitive credentials in build logs, putting countless organizations at risk of cyber attacks. What measures can organizations take to prevent sensitive credentials from being exposed by build logs? Finally, hackers have infiltrated the United Nations Development Program's IT systems, stealing sensitive human resources data from its global network dedicated to fighting poverty and inequality. You're listening to the Daily Decrypt. Malware developers are now turning their tactics against individuals seeking child exploitation material, specifically targeting them with ransomware designed to extort money by feigning legal action. This new strain of malware, dubbed CryptVPN, was recently analyzed by Bleeping Computer after a sample was shared with the cybersecurity researcher MalwareHunterTeam. CryptVPN tricks users into downloading a seemingly harmless software, which then locks the user's desktop and changes their wallpaper to a menacing ransom note. The ploy begins with a decoy website that impersonates. Usenet Club, a purported subscription service offering uncensored access to downloadable content from Usenet, which is an established network used for various discussions, which unfortunately also includes illegal content. The site offers several subscription tiers, but the trap is set with the free tier, which requires the installation of the CryptVPN software to access the supposed free content. Now to be honest, I feel like I don't even want to give away these clues to any child predators that may be listening. So I'm going to stop there as far as how the attack works, but I'm really glad that attackers have found this vector because people who are partaking in illegal activities have a lot to lose and are often pretty scared, you know, unless they're complete psychopaths. And and so if someone's able to get the information or lure people into these websites You know, this reminds me of something that happened to me back in my single days. And those of you who know me personally can validate the authenticity of this story, but it might sound a little crazy to just an average listener. But swiping on Tinder, matched with someone, they didn't really want to chat too much, they just wanted to start sending nude photographs. And I personally, it's not my thing, but let's just say I'm not going to unmatch this person for offering. And so nude photographs came through, there was no exchange, but they did ask for photographs of myself, which I was not interested in sending. And in fact, I wasn't really interested in pursuing anyone who would just jump in and send nude photographs. So I stopped talking to them. And about a couple of days later, I got a phone call from a Someone claiming to be the police department, saying that they had gotten my number from this girl's dad, and she's underage, and now they have proof that I've been sending nude photographs to this underage person. Well, I don't know. They accused me of that and that never happened. So immediately I knew it was a scan. But let's just say hypothetically that I had sent pictures to this person. I would be pretty scared receiving this threat. Because my whole life would change, right? If I became a child predator or a sexual predator or whatever it's called, then like a lot of stuff changes. And at the time I was in the military, so that was the end of my military career or whatever. So it's a very similar to that. If you're doing something wrong. And you get caught in a trap, you're very likely to pay the ransom. So first of all, don't mess around with children online. Don't do illegal sexual things. And you have nothing to worry about with this scam. So please stop doing that. Don't do that. And you've got nothing to worry about, it's been recently unveiled that command line interface tools from the tech giants such as Amazon Web Services and Google Cloud are susceptible to exposing sensitive credentials in the build logs, presenting a substantial security hazard to enterprises. This vulnerability is a Which the cloud security firm Orca has dubbed Leaky CLI, involves certain commands on the Azure CLI, AWS CLI, and Google Cloud CLI that could reveal environment variables. Roy Nizmi, a prominent security researcher, highlights in a report to the Hacker News that, quote, some commands can expose sensitive information in the form of environment variables, which can be collected by adversaries when published by tools such as GitHub Actions. In response, Microsoft has proactively addressed this security lapse in its November 2023 update, designating it with the CVE identifier 2023 36052, which carries a critical CVSS score of 8. 6 out of 10. Conversely, Amazon and Google view the exposure of environment variables as an anticipated behavior, advising organizations to refrain from storing secrets within these variables. Instead, they recommend using specialized services like AWS Secrets Manager or Google Cloud Secret Manager, which is a great recommendation. Furthermore, Google has advised users of its CLI tools to employ the dash dash no dash user output enabled option, which prevents the printing of command output to the terminal, thereby mitigating the risk of data leaks. Orca has also identified several instances on GitHub where projects inadvertently leaked access tokens and other sensitive data through continuous integration and deployment tools, including GitHub actions, CircleCI, TravisCI, and CloudBuild, which is always going to be a problem. Take those. Pull request reviews, seriously. Nimzy warns, if bad actors get their hands on these environment variables, this could potentially lead to view sensitive information, including credentials, such as passwords, usernames, and keys, which could allow them to access any resources that the repository owners can. He added that CLI commands are by default assumed to be running in a secure environment. But coupled with CICD pipelines or continuous integration, continuous development, they may pose a security threat. This ongoing issue underscores the critical need for heightened security measures within cloud computing environments. Go out there, get you a new cloud job, my guys. Finally, the United Nations Development Program, or UNDP, has launched an investigation into a significant cyber attack where intruders compromised its IT systems, resulting in the theft of critical human resources data. So, human resources data sounds It's pretty benign to me, like, the way that that's framed seems like nothing, but think about what the data Human Resources has. It's the crown jewels. They've got your social security number for your W 2 form, they've got your previous jobs, they've got your address, they've got your email address, they've got everything. So Human Resources data is nothing to bat an eye at. The agency, which is a cornerstone of the United Nations efforts to combat poverty and inequality worldwide. Confirmed the breach occurred in late March within the local IT infrastructure for the United Nations. Following the detection of the breach on March 27th, thanks to a threat intelligence alert, UNDP acted swiftly. Quote, actions were immediately taken to identify a potential source and contain the effective server as well. As to determine the specifics of the exposed data and who was impacted. The ongoing investigation seeks to fully understand the incident's nature and scope, as well as its impact on individuals whose information was compromised, but to further complicate some matters, the eight base ransomware gang, a group known for its broad attacks on various industries, claimed responsibility for the data theft. On the same day as the breach, they added a new entry for UNDP on their dark web leak site. The documents leaked, according to the attackers, contain a huge amount of confidential information, ranging from personal data to financial records and employment contracts. This cyberattack is not the first the United Nations has suffered. Previous breaches have struck the United Nations Environmental Program and key United Nations networks in Geneva and Vienna, showcasing ongoing vulnerabilities within UNIT systems. Meanwhile, the 8Base group, which claims to target companies neglecting data privacy, continues its surge of attacks, having listed over 350 victims on its data leak site to date. So if you're listening and you know your company is rejecting some data privacy protocols, maybe use this story as incentive to get them to pay more attention to this. That's all we got for you today. Happy Monday. Thanks so much for listening. Please head over to our social media accounts, Instagram, Twitter, Twitter. com. Youtube Give us a follow, give us a like, and send us a comment. We'd love to talk. And we'll be back tomorrow with some more news.

Detection: Challenging Paradigms
Episode 34: Ryan Hausknecht (Again)

Detection: Challenging Paradigms

Play Episode Listen Later Jun 27, 2023 91:27


In this captivating episode, we delve into the world of Azure security with Ryan Hausknecht, Senior Security Researcher at Microsoft. Learn about his groundbreaking projects, the Azure Threat Research Matrix and the AzDetectSuite, and how they assist researchers and defenders in protecting against various attack techniques. We also discuss the complexities of Azure permissions and access control, and explore the nuances of the REST API, PowerShell, Azure CLI, and the Azure Portal. Don't miss this opportunity to learn from an expert and take your Azure security skills to new heights!

Message à caractère informatique
#79 Dans la Vallée, Elon annonce l'apocalypse sous Azure via les câbles sous-marin

Message à caractère informatique

Play Episode Listen Later Jan 19, 2023 87:42


Dans ce remarquable épisode, nos éminents participants vous éclairent sur VLC, sur ce que deviennent la Silicon Valley et Twitter. Il est également question de Azure CLI, de câbles sous-marin, d'une belle faille de sécurité dans Google Cloud, de la géopolitique des semi-conducteurs, avant de faire un bilan rock'n roll de Clever Cloud !

Stefanos Cloud Podcast (stefanos.cloud)
How to navigate in the Azure management portal

Stefanos Cloud Podcast (stefanos.cloud)

Play Episode Listen Later Oct 29, 2022 16:45


If you are new to Azure, you need to attend a series of introductory how-to videos to familiarize yourself with the basic features of the Microsoft Azure portal. In this how-to article, we will show you how to navigate to all sections of the Azure management portal. Bear in mind that all Azure features are first made available in the Azure REST APIs and then appear in Azure Powershell, Azure CLI and the Azure management portal. For instructions on how to connect to all Azure management tools, refer to the following article: https://stefanos.cloud/azure-management-tools. This is a high-level introduction article which introduces Azure concepts for beginners and new Azure administrators. To navigate to the various sections of the Azure management portal, carry out the following steps. The full stefanos.cloud blog post is available at: https://stefanos.cloud/kb/how-to-navigate-in-the-azure-management-portal/. --- Send in a voice message: https://anchor.fm/stefanoscloud/message

Microsoft Cloud IT Pro Podcast
Episode 304 – Coming down from the Ignite high

Microsoft Cloud IT Pro Podcast

Play Episode Listen Later Oct 20, 2022 37:58


It is Techtober and we're fundraising for Girls Who Code. Go to https://give.girlswhocode.com/msclouditpro and donate today to help ensure girls continue to have access to our educational experiences, programming, and incredible sisterhood. Because when you teach a girl to code, she'll change the world. In Episode 304, Ben and Scott catch up some news from Ignite, talk about the announced retirement of the Azure Service Manager (classic) APIs, some upcoming breaking changes to the Azure CLI and Azure PowerShell, and then get a little ranty as they talk about the Office --> Microsoft rebranding that was recently announced. Like what you hear and want to support the show? Check out our membership options. Show Notes MS Cloud IT Pro Podcast fundraiser for Girls Who Code Microsoft Ignite Microsoft Ignite 2023 Microsoft Cloud and AI chief Scott Guthrie on what's new and next for Microsoft Cloud customers Azure classic resource providers will be retired on 31 August 2024 Azure CLI Ignite 2022 Announcements Blog Azure PowerShell Ignite 2022 announcements Microsoft Office will become Microsoft 365 in major brand overhaul Microsoft Office is changing to Microsoft 365 Microsoft 365 is NOT Office 365 Conditional Access: Require an authentication strength for external users Conditional Access authentication strength (preview) About the sponsors Intelligink utilizes their skill and passion for the Microsoft cloud to empower their customers with the freedom to focus on their core business. They partner with them to implement and administer their cloud technology deployments and solutions. Visit Intelligink.com for more info.

Microsoft Cloud IT Pro Podcast
Episode 264 – New Settings for Managing Teams Meeting Expiration

Microsoft Cloud IT Pro Podcast

Play Episode Listen Later Jan 13, 2022 32:16


In Episode 264, Ben and Scott kick off 2022 with some Azure CLI follow-up from 2021, and then they talk about some new settings available for managing per-user meeting expiration policies. Sponsors Intelligink - We focus on the Microsoft Cloud so you can focus on your business Show Notes Streamline configuring Azure CLI with az init AZ-900 Azure Fundamentals Certification Course Github repo - AZ- 900 Azure Fundamentals Certification Course How to Manage Microsoft Teams Meeting Recording Auto-Expiration Meeting policies and meeting expiration in Microsoft Teams Record a meeting in Teams In development... In development for Microsoft Intune In development for Windows 365 Enterprise In development for Windows 365 Business Google search - site:https://docs.microsoft.com/ "Features in development" About the sponsors Intelligink utilizes their skill and passion for the Microsoft cloud to empower their customers with the freedom to focus on their core business. They partner with them to implement and administer their cloud technology deployments and solutions. Visit Intelligink.com for more info.

Microsoft Cloud IT Pro Podcast
Episode 252 – Troubleshooting Azure VMs with VM Inspector

Microsoft Cloud IT Pro Podcast

Play Episode Listen Later Oct 21, 2021 39:36


In Episode 252, Ben and Scott talk about a new way to troubleshoot your Azure VMs with VM Inspector, a breaking change in Azure AD when using older versions of the Azure CLI and Azure PowerShell, and upcoming changes which will allow uses to delete files with retention labels. Sponsors ShareGate - ShareGate's industry-leading products help IT professionals worldwide migrate their business to the Office 365 or SharePoint, automate their Office 365 governance, and understand their Azure usage & costs Spot by NetApp – The cloud automation platform that makes it easy to deliver continuously optimized infrastructure at the lowest possible cost Office365AdminPortal.com - Providing admins the knowledge and tools to run Office 365 successfully Intelligink - We focus on the Microsoft Cloud so you can focus on your business Show Notes Game-changing MacBook Pro with M1 Pro and M1 Max delivers extraordinary performance and battery life, and features the world's best notebook display Apple event recap: MacBook Pro 2021, AirPods 3, M1 Pro, M1X and all the big news Apple's new 140W charger can fast charge a lot more than just your MacBook Pro Introducing the next generation of AirPods: The world's most popular wireless headphones just got better VM Inspector for Azure virtual machines (Preview) manifest_content.md Use remote tools to troubleshoot Azure VM issues Azure Active Directory breaking change impacting Azure CLI and Azure PowerShell AppId Uri in single tenant applications will require use of default scheme or verified domains Why SharePoint Online Will Allow Users to Delete Files with Retention Labels Microsoft Compliance center: Information Governance: Retention label deletion behavior change in SharePoint About the sponsors Every business will eventually have to move to the cloud and adapt to it. That's a fact. ShareGate helps with that. Our industry-leading products help IT professionals worldwide migrate their business to the Office 365 or SharePoint, automate their Office 365 governance, and understand their Azure usage & costs. Visit https://sharegate.com/ to learn more. Spot by NetApp helps their customers get the most out of their cloud investments by automating cloud infrastructure to ensure performance, reduce complexity, and optimize costs. Discover how leading companies, from cloud-native startups to global enterprises, are automating, simplifying, and optimizing their cloud infrastructure with Spot by NetApp.Check them out at Spot.io/msit where you can find more information, request a demo, or evenstart a free trial. Intelligink utilizes their skill and passion for the Microsoft cloud to empower their customers with the freedom to focus on their core business. They partner with them to implement and administer their cloud technology deployments and solutions. Visit Intelligink.com for more info.

Cloud with Chris
Cloud Drops - Installing, Upgrading and Auto-Upgrading the Azure CLI

Cloud with Chris

Play Episode Listen Later Mar 10, 2021 3:59


Want to get started with the Azure CLI in Azure Cloud Shell or on Containers, Linux, MacOS or Windows? Then check out this bite-sized video from the Cloud With Chris Cloud Drops series on Installing, Upgrading and Auto-Upgrading the Azure CLI.

Data Exposed  - Channel 9
Infrastructure as Code and Azure – A Match Made in the Cloud (Part 1)

Data Exposed - Channel 9

Play Episode Listen Later Sep 29, 2020 11:59


In the first part of this two-part series with Hamish Watson, we will look at the various methods available to deploy an Azure SQL database including PowerShell, Azure CLI and Terraform. Creating resources has never been easier or more standard than what we have now.[01:55] A Match Made in the Cloud Overview [04:42] Demo [07:10] Other ways to deploy into Azure [08:22] Continuation of demo [08:56] CI CD PipelineAbout Hamish Watson:Hamish Watson is a Microsoft Data Platform MVP and VMware Expert with a passion for efficient database and application deployment using DevOps methodologies. He has 20+ years of IT experience in managing and deploying large scale databases on SQL Server technologies. He has been managing SQL Server since SQL Server 2000 and pragmatic approaches to delivering business value to clients is his career passion. Educating and helping others learn is a driver for Hamish and he is a Director-At-Large on the PASS Board, an international speaker, and a repeat guest lecturer at a local university. About MVPs: Microsoft Most Valuable Professionals, or MVPs, are technology experts who passionately share their knowledge with the community. They are always on the "bleeding edge" and have an unstoppable urge to get their hands on new, exciting technologies. They have very deep knowledge of Microsoft products and services, while also being able to bring together diverse platforms, products, and solutions, to solve real-world problems. MVPs make up a global community of over 4,000 technical experts and community leaders across 90 countries/regions and are driven by their passion, community spirit, and the quest for knowledge. Above all and in addition to their amazing technical abilities, MVPs are always willing to help others - that's what sets them apart. Learn more: https://aka.ms/mvpprogram

Data Exposed  - Channel 9
Intro to Azure CLI for Azure SQL

Data Exposed - Channel 9

Play Episode Listen Later Apr 10, 2020 5:14


In this video, Anna Hoffman and Jeroen ter Heerdt discuss and show how you can get started with Azure CLI and the Azure Cloud Shell with respect to Azure SQL. For more info, see https://docs.microsoft.com/en-us/cli/azure/sql/db?view=azure-cli-latest&WT.mc_id=dataexposed-c9-niner.[00:00] Intro[00:38] Intro to the Azure Cloud Shell (ACS)[01:06] Switch between Bash and PowerShell in ACS[01:20] Azure CLI is cross-platform[01:48] Set Azure subscription[02:05] Set default resource group and logical server[02:28] Demo of Azure CLI SQL commands[03:37] All Azure CLI commands available[04:28] Azure CLI in PowerShell notebooks in Azure Data Studio

Data Exposed  - Channel 9
Intro to Azure CLI for Azure SQL

Data Exposed - Channel 9

Play Episode Listen Later Apr 10, 2020 5:14


In this video, Anna Hoffman and Jeroen ter Heerdt discuss and show how you can get started with Azure CLI and the Azure Cloud Shell with respect to Azure SQL. For more info, see https://docs.microsoft.com/en-us/cli/azure/sql/db?view=azure-cli-latest&WT.mc_id=dataexposed-c9-niner.[00:00] Intro[00:38] Intro to the Azure Cloud Shell (ACS)[01:06] Switch between Bash and PowerShell in ACS[01:20] Azure CLI is cross-platform[01:48] Set Azure subscription[02:05] Set default resource group and logical server[02:28] Demo of Azure CLI SQL commands[03:37] All Azure CLI commands available[04:28] Azure CLI in PowerShell notebooks in Azure Data Studio

Microsoft Cloud IT Pro Podcast
Episode 170 – Azure Resource Manager All The Things!

Microsoft Cloud IT Pro Podcast

Play Episode Listen Later Mar 26, 2020 41:21


In Episode 170, Ben and Scott are joined by Alex Neihaus to talk about Azure Resource Manager Templates, PowerShell, and the Azure CLI. Sponsors ShareGate – ShareGate’s industry-leading products help IT professionals worldwide migrate their business to the Office 365 or SharePoint, automate their Office 365 governance, and understand their Azure usage & costs Sperry […] The post Episode 170 – Azure Resource Manager All The Things! appeared first on Microsoft Cloud IT Pro Podcast.

Ctrl+Alt+Azure
013 - Battle of the Azure Command Line - CLI, PowerShell, Windows Terminal, what more?

Ctrl+Alt+Azure

Play Episode Listen Later Jan 22, 2020 31:23


Follow Tobias and Jussi as they digest some of their choices for working with Azure from the command line. The options are many, and we'll dive into some of the favorite tools and what or when they are being used. Azure CLI, Azure PowerShell, Windows Terminal, Windows Subsystem for Linux and using Bash - so many options, but do you really need to know them all?

The Productive C# Podcast
9. Playing with the Azure CLI

The Productive C# Podcast

Play Episode Listen Later Aug 19, 2019 7:48


The Azure CLI is a command line tool that provide a fantastic experience to work with Azure resources. In this episode, I share my first time experience with it and how you can get started using it. It's definitely the best tool for the job!

playing azure azure cli
Brakeing Down Security Podcast
2018-043-Adam-Baldwin, npmjs Director of Security, event stream post mortem, and making your package system more secure

Brakeing Down Security Podcast

Play Episode Listen Later Dec 10, 2018 71:15


Adam Baldwin (@adam_baldwin) Director of Security, npm   https://foundation.nodejs.org/ https://spring.io/understanding/javascript-package-managers   Role in the NodeJS project     Advisory? Active role? Maintain security modules?     Are there any requirements to being a dev?     Are there different roles in the NodeJS environment?     Is there any review of system sensitive packages? (or has that ship sailed…)   Discussion of timeline from NodeJS security team     When were you notified? (or were you notified at all?)     What steps were taken to fix the issue?     Lessons learned?   Official npm security policy: https://www.npmjs.com/policies/security (good stuff!)   Event-stream (initial bug report):   https://github.com/dominictarr/event-stream/issues/116   Only affected bitcoin Wallets from ‘Copay’                     https://nakedsecurity.sophos.com/2018/11/28/javascript-library-used-for-sneak-attack-on-copay-bitcoin-wallet/ “Cue relief, mixed with frustration, for anyone not targeted. Developer Chris Northwood wrote : We’ve wiped our brows as we’ve got away with it, we didn’t have malicious code running on our dev machines, our CI servers, or in prod. This time.” (   https://medium.com/@jsoverson/exploiting-developer-infrastructure-is-insanely-easy-9849937e81d4 “The damage this could have caused is incredible to think about. The projects that depend on this aren’t trivial either, Microsoft’s original Azure CLI depends on event-stream! Think of the systems that either develop that tool or run that tool. Each one of those potentially had this malicious code installed.”   https://thehackernews.com/2018/11/nodejs-event-stream-module.html “The malicious code detected earlier this week was added to Event-Stream version 3.3.6, published on September 9 via NPM repository, and had since been downloaded by nearly 8 million application programmers.”   https://www.analyticsvidhya.com/blog/2018/07/using-power-deep-learning-cyber-security/   Hacker News (with comments): https://news.ycombinator.com/item?id=18534392   Official npm blog post: https://blog.npmjs.org/post/180565383195/details-about-the-event-stream-incident https://blog.npmjs.org/post/175824896885/incident-report-npm-inc-operations-incident-of https://resources.whitesourcesoftware.com/blog-whitesource/top-5-open-source-security-vulnerabilities-november-2018   2017 package/user stats: https://www.linux.com/news/event/Nodejs/2016/state-union-npm   According to npmjs.org: over 800,000 packages (854,000 packages, 7 million+ individual versions)   Dependency hell in NodeJS: https://blog.risingstack.com/controlling-node-js-security-risk-npm-dependencies/     “Roughly 76% of Node shops use vulnerable packages, some of which are extremely severe; and open source projects regularly grow stale, neglecting to fix security flaws.”   History of NodeJS security issues:   ESLINT: https://nodesource.com/blog/a-high-level-post-mortem-of-the-eslint-scope-security-incident/ Left-pad: https://www.theregister.co.uk/2016/03/23/npm_left_pad_chaos/   How to ensure this type of issue doesn’t happen again? (or is that possible, considering the ecosystem?) What can devs, blueteams, or companies that live and die by NodeJS do to increase security, or assist in making NPM Security team’s job easier?   What the responsibility is of consumers of open source?   What can be done to ensure vetting for ‘important’ packages? Can someone manage turnover? (or is that ship sailed?)   Security scanners: https://geekflare.com/nodejs-security-scanner/ https://techbeacon.com/13-tools-checking-security-risk-open-source-dependencies-0   Threat assessment or ‘what could go wrong in the future’?     Bad code     “Trust issues”     Repo corruption     Hijacking packages     Keep up to date on NodeJS security issues: https://nodejs.org/en/security/ https://groups.google.com/forum/#!forum/nodejs-sec   ^ this is great for node, but if you want to stay up to date with security advisories in the ecosystem? npmjs.com/advisories or @npmjs on twitter https://rubysec.com/ -Ruby security group   Check out our Store on Teepub! https://brakesec.com/store Join us on our #Slack Channel! Send a request to @brakesec on Twitter or email bds.podcast@gmail.com #Brakesec Store!:https://www.teepublic.com/user/bdspodcast #Spotify: https://brakesec.com/spotifyBDS #RSS: https://brakesec.com/BrakesecRSS #Youtube Channel:  http://www.youtube.com/c/BDSPodcast #iTunes Store Link: https://brakesec.com/BDSiTunes #Google Play Store: https://brakesec.com/BDS-GooglePlay Our main site:  https://brakesec.com/bdswebsite #iHeartRadio App:  https://brakesec.com/iHeartBrakesec #SoundCloud: https://brakesec.com/SoundcloudBrakesec Comments, Questions, Feedback: bds.podcast@gmail.com Support Brakeing Down Security Podcast by using our #Paypal: https://brakesec.com/PaypalBDS OR our #Patreon https://brakesec.com/BDSPatreon #Twitter: @brakesec @boettcherpwned @bryanbrake @infosystir #Player.FM : https://brakesec.com/BDS-PlayerFM #Stitcher Network: https://brakesec.com/BrakeSecStitcher #TuneIn Radio App: https://brakesec.com/TuneInBrakesec

The .NET MAUI Podcast
Episode 56: Let's Reboot This

The .NET MAUI Podcast

Play Episode Listen Later Dec 7, 2018 45:57


In this month's episode we reboot the podcast! Matt Soucoup, a Senior Cloud Advocate at Microsoft joins James as host and we expand the topics to focus both on Xamarin mobile development and using Azure with your mobile apps. In this episode we recap the latest news in the Xamarin world including a marathon Twitch workshop, wondering Android build time improvements, the latest news in Xamarin.Forms, and recent announcements from Microsoft Connect();. We also cover the latest in Azure news, including DevOps, MSAL, and new Azure Cosmos DB pricing. All of this, and a whole lot more! Links: Get Some Free Azure! (https://azure.microsoft.com/free?WT.mc_id=vsmobiledev-podcast-masoucou) Twitch Workshop: Build Your First Mobile App with C#, Xamarin, and the Cloud (https://blog.xamarin.com/twitch-workshop-build-your-first-mobile-app/?WT.mc_id=vsmobiledev-podcast-masoucou) Android build performance and reliability! (https://blog.xamarin.com/android-build-performance-reliability/?WT.mc_id=vsmobiledev-podcast-masoucou) Tabbing and Keyboard Navigation in Xamarin.Forms (https://docs.microsoft.com/xamarin/xamarin-forms/app-fundamentals/accessibility/keyboard?WT.mc_id=vsmobiledev-podcast-masoucou) Image Button (https://https://docs.microsoft.com/xamarin/xamarin-forms/user-interface/imagebutton?WT.mc_id=vsmobiledev-podcast-masoucou) Span Class (https://docs.microsoft.com/dotnet/api/xamarin.forms.span?WT.mc_id=vsmobiledev-podcast-masoucou) Decorate that Xamarin.Forms Label! (https://docs.microsoft.com/xamarin/xamarin-forms/user-interface/text/label?WT.mc_id=vsmobiledev-podcast-masoucou) Xamarin.Forms Editor (https://docs.microsoft.com/xamarin/xamarin-forms/user-interface/text/editor?WT.mc_id=vsmobiledev-podcast-masoucou) GlideX (https://github.com/jonathanpeppers/glidex) Learn more about Azure DevOps (https://azure.microsoft.com/services/devops/?WT.mc_id=vsmobiledev-podcast-masoucou) MSAL 2.0 - Authenticate all the things - now better! (https://github.com/AzureAD/microsoft-authentication-library-for-dotnet/wiki/msal-net-2-released) New Azure Cosmos DB shared database offer (https://azure.microsoft.com/updates/azure-cosmos-db-new-shared-database-offer-now-available/?WT.mc_id=vsmobiledev-podcast-masoucou) 2018 Connect Announcements for Xamarin (https://blog.xamarin.com/connect-2018-xamarin-announcements/?WT.mc_id=vsmobiledev-podcast-masoucou) Xamarin.Forms Shell (https://docs.microsoft.com/xamarin/xamarin-forms/app-fundamentals/shell?WT.mc_id=vsmobiledev-podcast-masoucou) Xamarin.Forms Visual (https://docs.microsoft.com/xamarin/xamarin-forms/user-interface/visual?WT.mc_id=vsmobiledev-podcast-masoucou) Forget about the ListView and use the CollectionView! (https://docs.microsoft.com/xamarin/xamarin-forms/user-interface/collectionview?WT.mc_id=vsmobiledev-podcast-masoucou) James' Twitch - Implementing an iOS Checkbox for Xamarin.Forms (https://www.twitch.tv/videos/342827636) Xamarin.Essentials - it's in GA! (https://docs.microsoft.com/xamarin/essentials/?WT.mc_id=vsmobiledev-podcast-masoucou) and check out the code (https://github.com/xamarin/Essentials)! Super early preview release notes for Xamarin.Forms 4.0-pre! (https://developer.xamarin.com/releases/xamarin-forms/xamarin-forms-4.0/4.0.0-pre1/?WT.mc_id=vsmobiledev-podcast-masoucou) and while you're at it - give it a spin (https://www.nuget.org/packages/Xamarin.Forms/4.0.0.8055-pre1) in your apps! Get the Visual Studio 2019 Preview! (https://visualstudio.microsoft.com/vs/preview/?WT.mc_id=vsmobiledev-podcast-masoucou) The machines are coming for our intellisense! VS Intellicode (https://visualstudio.microsoft.com/services/intellicode/?WT.mc_id=vsmobiledev-podcast-masoucou) Zeplin - speed up your design process (https://blog.xamarin.com/xamarin-forms-and-zeplin-speed-up-your-design-to-development-process/) Azure CLI (https://docs.microsoft.com/cli/azure/?WT.mc_id=vsmobiledev-podcast-masoucou) Microsoft Ignite | The Tour (https://www.microsoft.com/ignite-the-tour/?WT.mc_id=vsmobiledev-podcast-masoucou) Follow Us: * James: Twitter (https://twitter.com/jamesmontemagno), Blog (https://montemagno.com), GitHub (http://github.com/jamesmontemagno), Merge Conflict Podcast (http://mergeconflict.fm) * Matt: Twitter (https://twitter.com/codemillmatt), Blog (https://codemilltech.com), GitHub (https://github.com/codemillmatt)

.NET Rocks!
Node on Azure with John Papa

.NET Rocks!

Play Episode Listen Later Jul 17, 2018 59:25


Azure loves Node! Carl and Richard talk to John Papa about running JavaScript on the server side, in the cloud and otherwise. John talks about the tooling around doing web development in Azure, including the Azure CLI and more. The conversation also digs into the client side of development with VS Code and the huge array of extensions available that allow you to personalize and automate your development experience - the right tooling makes all the difference!Support this podcast at — https://redcircle.com/net-rocks/donations

.NET Rocks!
Node on Azure with John Papa

.NET Rocks!

Play Episode Listen Later Jul 17, 2018 59:24


Azure loves Node! Carl and Richard talk to John Papa about running JavaScript on the server side, in the cloud and otherwise. John talks about the tooling around doing web development in Azure, including the Azure CLI and more. The conversation also digs into the client side of development with VS Code and the huge array of extensions available that allow you to personalize and automate your development experience - the right tooling makes all the difference!Support this podcast at — https://redcircle.com/net-rocks/donations

Azure Friday (HD) - Channel 9

Aaron and Scott check out the latest extensions for Azure CLI. Azure CLI Extensions provide new, exciting features, and the Alias Extension is the first of many user-centric extensions that make Azure automation simple and easy.For more information, see:Azure CLI DocsCreate a free account (Azure)Follow @SHanselman Follow @AzureFriday Follow @twitchax

Azure Friday (Audio) - Channel 9

Aaron and Scott check out the latest extensions for Azure CLI. Azure CLI Extensions provide new, exciting features, and the Alias Extension is the first of many user-centric extensions that make Azure automation simple and easy.For more information, see:Azure CLI DocsCreate a free account (Azure)Follow @SHanselman Follow @AzureFriday Follow @twitchax

Data Driven
Happy 100th Upload

Data Driven

Play Episode Listen Later Jan 2, 2018 70:34


In this episode Frank and Andy celebrate a huge (yuge?) milestone, 100 uploads since launching in late May 2017. Links Sponsor: Audible.com (http://thedatadrivenbook.com) – Get a free audio book when you sign up for a free trial! Sponsor: Enterprise Data & Analytics (https://entdna.com) Notable Quotes It’s show #100! ([01:30]) On pop filters (https://en.wikipedia.org/wiki/Pop_filter) ([03:30]) On Azure.gov (https://docs.microsoft.com/en-us/azure/azure-government/documentation-government-welcome) ([04:30]) Spiderman reference ([05:00]) Azure CLI (https://docs.microsoft.com/en-us/cli/azure/install-azure-cli?view=azure-cli-latest) ([07:00]) Regarding the Microsoft Dublin Datacenter Case (https://redmondmag.com/articles/2017/10/16/microsoft-dublin-datacenter-case.aspx) ([09:30]) Data Law (Brad Smith, Microsoft) (https://blogs.microsoft.com/datalaw/category/brad-smith/?filter_post_type=post) ([12:00]) Brent Ozar’s post on GDPR (https://www.brentozar.com/archive/2017/12/gdpr-stopped-selling-stuff-europe/) ([23:00]) ClearDB deleted Frank’s data (http://datadriven.tv/special-5pm-know-data-is/) ([25:00]) Andy is not selling (https://biml.academy/stopping-sales-to-eu-starting-31-dec-2017/) in the EU ([26:40]) Soup nazi (https://www.youtube.com/watch?v=M2lfZg-apSA) reference ([30:20]) Microsoft’s German Data Centers (http://fortune.com/2016/09/21/microsoft-germany-data-centers/) ([32:50]) Frank’s “aha” moment regarding Hadoop ([34:50]) Microsoft Azure HDInsight Big Data Analyst (https://www.edx.org/xseries/microsoft-azure-hdinsight-big-data-analyst) at edX ([35:40]) The Last SSIS Book You Read (https://andyleonard.blog/2017/02/the-last-ssis-book-you-read/) ([37:15]) Frank has a lot of certifications (https://www.linkedin.com/in/frank-lavigne/) ([43:30]) On Dashboards (https://andyleonard.blog/2011/12/dashboards/) ([45:00]) Regarding IIoT (http://internetofthingsagenda.techtarget.com/definition/Industrial-Internet-of-Things-IIoT) … ([47:45]) Databricks ([50:00]) Regardign the tuple (https://en.wikipedia.org/wiki/Tuple) ([51:00]) Data Science training is available at Wintellect Now (https://www.wintellectnow.com/) ([1:02:45]) Khan Academy (https://www.khanacademy.org/) ([1:04:15]) Biml training is available at Biml Academy (https://biml.academy) ([1:05:30]) Frank had a rough 2016, but he came back strong in 2017! ([1:06:30]) Frank is on a mission from God (https://www.youtube.com/watch?v=-4YrCFz0Kfc) ([1:08:15]) Microsoft was founded 4 Apr 1975 (Frank was right and I was wrong) ([1:09:10])

Microsoft Cloud IT Pro Podcast
Episode 39 – Azure IaaS: VMs and Storage

Microsoft Cloud IT Pro Podcast

Play Episode Listen Later Nov 30, 2017 28:02


In Episode 39, Ben and Scott provide an overview of onboarding into Azure Virtual Machines and the associated Infrastructure-as-a-Service (IaaS) components of Azure. Azure Virtual Machines Create a Windows virtual machine with the Azure portal Create a Windows virtual machine from an ARM Template Azure Quickstart Templates Overview of Azure PowerShell Use the Azure CLI […] The post Episode 39 – Azure IaaS: VMs and Storage appeared first on Microsoft Cloud IT Pro Podcast.

Azure Friday (HD) - Channel 9
Virtual Machine Planned Maintenance

Azure Friday (HD) - Channel 9

Play Episode Listen Later Sep 18, 2017


Ziv Rafalovich joins Scott Hanselman to talk about improvements to the planned maintenance experience in Azure, including better visibility and control of maintenance events that impact virtual machine availability. Learn how to create alerts, discover which virtual machines are scheduled for maintenance, and proactively start the maintenance using the Azure portal, REST API, Azure PowerShell, or Azure CLI. Note: During September 2017, you can try the new experience by creating new VMs in the US West Central region using this special link to the Azure portal: https://aka.ms/PlannedMaintenancePreview. For more information, see: Planned maintenance for Linux virtual machines Planned maintenance for Windows virtual machines in Azure Create a Free Account (Azure) Follow @SHanselman Follow @AzureFriday

Azure Friday (Audio) - Channel 9
Virtual Machine Planned Maintenance

Azure Friday (Audio) - Channel 9

Play Episode Listen Later Sep 18, 2017


Ziv Rafalovich joins Scott Hanselman to talk about improvements to the planned maintenance experience in Azure, including better visibility and control of maintenance events that impact virtual machine availability. Learn how to create alerts, discover which virtual machines are scheduled for maintenance, and proactively start the maintenance using the Azure portal, REST API, Azure PowerShell, or Azure CLI. Note: During September 2017, you can try the new experience by creating new VMs in the US West Central region using this special link to the Azure portal: https://aka.ms/PlannedMaintenancePreview. For more information, see: Planned maintenance for Linux virtual machines Planned maintenance for Windows virtual machines in Azure Create a Free Account (Azure) Follow @SHanselman Follow @AzureFriday

Azure Friday (HD) - Channel 9
Azure Container Instances

Azure Friday (HD) - Channel 9

Play Episode Listen Later Aug 3, 2017


Sean McKenna joins Donovan Brown to talk about the newest service in Azure, Azure Container Instances. Azure Container Instances makes it possible to run Linux and Windows containers directly on Azure infrastructure, without setting up and managing VMs and without adopting a higher-level service. See how easy it is to create and manage containers with the Azure CLI and the Azure portal, and learn how Azure Container Instances relates to container orchestrators, such as Kubernetes. See also: Using Kubernetes with Azure Container Instances with Brendan Burns on Azure Friday For more information, see: Azure Container Instances (Overview) Azure Container Instances (Docs) Azure Container Instances (Pricing) Fast and Easy Containers: Azure Container Instances (Azure Blog) Create a Free Account (Azure) Follow @SHanselman Follow @DonovanBrown Follow @AzureFriday Follow @SeanMcKMSFT

Azure Friday (Audio) - Channel 9
Azure Container Instances

Azure Friday (Audio) - Channel 9

Play Episode Listen Later Aug 3, 2017


Sean McKenna joins Donovan Brown to talk about the newest service in Azure, Azure Container Instances. Azure Container Instances makes it possible to run Linux and Windows containers directly on Azure infrastructure, without setting up and managing VMs and without adopting a higher-level service. See how easy it is to create and manage containers with the Azure CLI and the Azure portal, and learn how Azure Container Instances relates to container orchestrators, such as Kubernetes. See also: Using Kubernetes with Azure Container Instances with Brendan Burns on Azure Friday For more information, see: Azure Container Instances (Overview) Azure Container Instances (Docs) Azure Container Instances (Pricing) Fast and Easy Containers: Azure Container Instances (Azure Blog) Create a Free Account (Azure) Follow @SHanselman Follow @DonovanBrown Follow @AzureFriday Follow @SeanMcKMSFT

Azure Friday (HD) - Channel 9
Using Azure CLI 2.0 from Docker

Azure Friday (HD) - Channel 9

Play Episode Listen Later May 12, 2017


Aaron Roney saves Scott Hanselman the trouble of installing Azure CLI 2.0 prerequisites by setting him up with a pre-built Docker image. Azure CLI 2.0 is the cross-platform command-line tool for managing Azure resources, which is written in Python, updated every two weeks, and is available as open source on GitHub (Azure/azure-cli). Follow @SHanselman Follow @AzureFriday Follow @twitchax

Azure Friday (Audio) - Channel 9
Using Azure CLI 2.0 from Docker

Azure Friday (Audio) - Channel 9

Play Episode Listen Later May 12, 2017


Aaron Roney saves Scott Hanselman the trouble of installing Azure CLI 2.0 prerequisites by setting him up with a pre-built Docker image. Azure CLI 2.0 is the cross-platform command-line tool for managing Azure resources, which is written in Python, updated every two weeks, and is available as open source on GitHub (Azure/azure-cli). Follow @SHanselman Follow @AzureFriday Follow @twitchax

Azure Friday (HD) - Channel 9
Create a SQL Database from Azure CLI 2.0

Azure Friday (HD) - Channel 9

Play Episode Listen Later May 11, 2017


Aaron Roney joins Scott Hanselman to show off creating a SQL database in Azure from the command line using Azure CLI 2.0. Azure CLI 2.0 is the cross-platform command-line tool for managing Azure resources, which is written in Python, updated every two weeks, and is available as open source on GitHub (Azure/azure-cli). Follow @SHanselman Follow @AzureFriday Follow @twitchax

Azure Friday (Audio) - Channel 9
Create a SQL Database from Azure CLI 2.0

Azure Friday (Audio) - Channel 9

Play Episode Listen Later May 11, 2017


Aaron Roney joins Scott Hanselman to show off creating a SQL database in Azure from the command line using Azure CLI 2.0. Azure CLI 2.0 is the cross-platform command-line tool for managing Azure resources, which is written in Python, updated every two weeks, and is available as open source on GitHub (Azure/azure-cli). Follow @SHanselman Follow @AzureFriday Follow @twitchax

Azure Friday (HD) - Channel 9
Build and Deploy Web Apps from Azure CLI 2.0

Azure Friday (HD) - Channel 9

Play Episode Listen Later May 10, 2017


Aaron Roney joins Scott Hanselman to show off building and deploying a web app to Azure from the command line using Azure CLI 2.0 and Git. Azure CLI 2.0 is the cross-platform command-line tool for managing Azure resources, which is written in Python, updated every two weeks, and is available as open source on GitHub (Azure/azure-cli). Follow @SHanselman Follow @AzureFriday Follow @twitchax

Azure Friday (Audio) - Channel 9
Build and Deploy Web Apps from Azure CLI 2.0

Azure Friday (Audio) - Channel 9

Play Episode Listen Later May 10, 2017


Aaron Roney joins Scott Hanselman to show off building and deploying a web app to Azure from the command line using Azure CLI 2.0 and Git. Azure CLI 2.0 is the cross-platform command-line tool for managing Azure resources, which is written in Python, updated every two weeks, and is available as open source on GitHub (Azure/azure-cli). Follow @SHanselman Follow @AzureFriday Follow @twitchax

MS Dev Show
Azure x-plat CLI 2.0 with Jason R. Shaver

MS Dev Show

Play Episode Listen Later Apr 21, 2017 48:26


We talk with Jason R Shaver about the new Azure CLI 2.0. PowerPoint is Turing complete and needs to be removed from the Apple app store. And I finally have quantifiable proof that Carl is a slacker!

Azure Friday (HD) - Channel 9

In this episode of Azure Friday, Aaron Roney joins Scott Hanselman to demo and discuss Azure CLI 2.0, Azure's new command-line experience for managing Azure resources. It can be used on macOS, Linux, and Windows. Azure CLI 2.0 is optimized for managing and administering Azure resources from the command line, and for building automation scripts that work against the Azure Resource Manager.

Azure Friday (Audio) - Channel 9

In this episode of Azure Friday, Aaron Roney joins Scott Hanselman to demo and discuss Azure CLI 2.0, Azure's new command-line experience for managing Azure resources. It can be used on macOS, Linux, and Windows. Azure CLI 2.0 is optimized for managing and administering Azure resources from the command line, and for building automation scripts that work against the Azure Resource Manager.