Improvements in Windows PowerShell Container Images

This post was originally published on this site

Beginning with Windows Server 20H1 Insider builds, Windows Server Core Insider images have been reduced in size from ~2.1 GBs to ~1.1 GBs.

How did the Server Core images get over 40% smaller?

Traditionally, Windows 10 and Windows Server have always included a set of .NET native binaries that were pre-compiled using the Native Image Generator tool (Ngen.exe). This native pre-compilation makes these binaries faster on default installations of the OS, but it also makes the image size grow: managed/IL .NET binaries are typically smaller and slower initially (until JIT compilation happens) than their native counterparts (with another tradeoff being that the latter are not portable between platforms and architectures).

For more details, check out corresponding blogs published by the .NET team and the Windows Server team.

What does this mean for me as a PowerShell user?

If you depend on Windows Server container images for usage of Windows PowerShell, and you value performance, you should switch from the windows/servercore images to the dotnet/framework/runtime images. The latter are specifically optimized for .NET Framework workloads like Windows PowerShell.

And in fact, switching to the new dotnet/framework/runtime images will actually provide a greater benefit to startup performance even over the old windows/servercore images. When running Measure-Command { docker run --rm <image> powershell -c "echo 1" } on a Windows box, observe the following differences:

windows/servercore:1903 windows/servercore/insider:10.0.19023.1 dotnet/framework/runtime:4.8-20191008-windowsservercore-1903 dotnet/framework/runtime:4.8-windowsservercore-2004
7.34 sec 5.41 sec 6.8 sec 3.76 sec

 

What if I’m using PowerShell Core instead of Windows PowerShell in my containers?

If have already moved your workloads from Windows PowerShell to PowerShell Core, you should continue to use the windowsservercore images from microsoft/powershell, and when the Windows Server reductions graduate from Insiders you’ll simply enjoy the benefit of smaller image sizes.

That’s it!

Thanks to everyone leveraging PowerShell in Docker containers! And make sure to file any issues you have in our powershell-docker repository.

Thanks,
Joey Aiello
Program Manager, PowerShell

AWS Links & Updates – Monday, December 9, 2019

This post was originally published on this site

With re:Invent 2019 behind me, I have a fairly light blogging load for the rest of the month. I do, however, have a collection of late-breaking news and links that I want to share while they are still hot out of the oven!

AWS Online Tech Talks for December – We have 18 tech talks scheduled for the remainder of the month. You can lean about Running Kubernetes on AWS Fargate, What’s New with AWS IoT, Transforming Healthcare with AI, and much more!

AWS Outposts: Ordering and Installation Overview – This video walks you through the process of ordering and installing an Outposts rack. You will learn about the physical, electrical, and network requirements, and you will get to see an actual install first-hand.

NFL Digital Athlete – We have partnered with the NFL to use data and analytics to co-develop the Digital Athlete, a platform that aims to improve player safety & treatment, and to predict & prevent injury. Watch the video in this tweet to learn more:

AWS JPL Open Source Rover Challenge – Build and train a reinforcement learning (RL) model on AWS to autonomously drive JPL’s Open-Source Rover between given locations in a simulated Mars environment with the least amount of energy consumption and risk of damage. To learn more, visit the web site or watch the Launchpad Video.

Map for Machine Learning on AWS – My colleague Julien Simon created an awesome map that categories all of the ML and AI services. The map covers applied ML, SageMaker’s built-in environments, ML for text, ML for any data, ML for speech, ML for images & video, fraud detection, personalization & recommendation, and time series. The linked article contains a scaled-down version of the image; the original version is best!

Verified Author Badges for Serverless App Repository – The authors of applications in the Serverless Application Repository can now apply for a Verified Author badge that will appear next to the author’s name on the application card and the detail page.

Cloud Innovation Centers – We announced that we will open three more Cloud Innovation Centers in 2020 (one in Australia and two in Bahrain), bringing the global total to eleven.

Machine Learning Embark – This new program is designed to help companies transform their development teams into machine learning practitioners. It is based on our own internal experience, and will help to address and overcome common challenges in the machine learning journey. Read the blog post to learn more.

Enjoy!

Jeff;

December Update: VMware Learning Zone’s New & Notable Content

This post was originally published on this site

There’s always something exciting going on in the VMware Learning Zone (VLZ). If you haven’t visited recently, stop by to check out these fresh offerings. Don’t miss the ever-growing free library, with original videos added regularly, as well as free live webinars and instructor hours.   Upcoming Live Online Events – Free for All Registered

The post December Update: VMware Learning Zone’s New & Notable Content appeared first on VMware Education Services.

Top 20 articles for NSX, November 2019

This post was originally published on this site

Status of TLSv1.1/1.2 Enablement and TLSv1.0 Disablement across VMware products Guest Introspection status reports “Warning: Guest Introspection service not ready” “No NSX Managers available” error in the vSphere Web Client vCenter Server or Platform Services Controller certificate validation error for external VMware Solutions in vSphere 6.0 NSX-T admin password expired After upgrading to NSX-v 6.4.0,

The post Top 20 articles for NSX, November 2019 appeared first on VMware Support Insider.

StarWind VSAN has a high level of customization

This post was originally published on this site

I don’t think that I have to re-introduce StarWind company to our readers. Their software solutions were simple but effective for many years. Hyper-converged infrastructure (HCI) solutions are also provided by StarWind and since this year they are also present in the Magic Quadrant by Gartner. Gartner’s study says that “StarWind VSAN offers a high […]

Read the full post StarWind VSAN has a high level of customization at ESX Virtualization.

StarWind VSAN has a high level of customization

This post was originally published on this site

I don’t think that I have to re-introduce StarWind company to our readers. Their software solutions were simple but effective for many years. Hyper-converged infrastructure (HCI) solutions are also provided by StarWind and since this year they are also present in the Magic Quadrant by Gartner. Gartner’s study says that “StarWind VSAN offers a high […]

Read the full post StarWind VSAN has a high level of customization at ESX Virtualization.

(Lazy) Sunday Maldoc Analysis, (Mon, Dec 9th)

This post was originally published on this site

I received another malicious Word document: with VBA macros and string obfuscation, launching a PowerShell downloader. As classic as they come.

The VBA code is not too long, and the obfuscation is not that hard. It makes a good example for static analysis.

I start the analysis with my tool oledump.py, this will give me an overview of the streams (including VBA macro streams) contained in the document:


Stream 8 has an M indicator: this stream contains VBA macros. Using option -s 8 to select stream 8, and option –vbadecompressskipattributes to decompress the VBA macros without showing the hidden attributes (usually I just use option -v, since I don’t mind seeing the hidden attributes), I get to see the VBA code:


There’s a Document_Open subroutine: this will be executed once the document is opened and the user has accepted the warning(s). It assigns a different number to three variables, and then calls function besb repeatedly with a number as argument.

These numbers are mostly different. Function besb takes the argument (a number), divides it by 23 and multiplies it with 1. Then it converts the obtained number to a character (chr function), and concatenates it into variable ahiv.
Finally, subroutine Document_Open executes (run) string ahiv.

With this information, I know that the numbers represent a command and that I can obtain that command by dividing each number by 23 and then converting it to a character. Typically, one would write a small custom script to do this, but as I often have to do such conversions, I made my own tool to help with this: numbers-to-string.py.

Numbers-to-string.py takes text as input, extracts the numbers it finds on each line (provided there are at least 3 numbers per line), transforms the numbers according to a given formula, and then converts them to a string.

I will use this to decode the command. First I select all VBA source code lines with function besb using grep. Since identifiers in VBA are not case-sensitive, I use option -i, just in case the malware author was not consistent in his case use for function name besb.


Next, I use numbers-to-string.py to process each number. Since by default, my tool expects 3 numbers per line, and here I have only one number per line, I use option -n 1 to have my tool process each line with 1 number or more.
Each number has to divided by 23: I use expression “n / 23” to achieve this. Here is the complete command:


When I read the characters from top to bottom, I see a command forming: powershell iex …

My final step is to use option -j to join all lines together:

Like I said: a classic example.

Yet, there is something unusual about this document. To be continued …

 

Didier Stevens
Senior handler
Microsoft MVP
blog.DidierStevens.com DidierStevensLabs.com

(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.

NSX-T Service Interface or Centralized Service Port for vRealize Automation Load Balancing

This post was originally published on this site

Service Interface or previously known as CSP (Centralized Service Port) connecting to VLAN or Overlay segments can be used for providing Load balancer functions. It is connected to a standalone Tier1- Gateway which has only Service router function and no Distributed Router (DR) function. The Service router can be deployed on a single NSX Edge … Continue reading NSX-T Service Interface or Centralized Service Port for vRealize Automation Load Balancing

Wireshark 3.0.7 Released, (Sun, Dec 8th)

This post was originally published on this site

Wireshark version 3.0.7 was released.

It has a vulnerability fix and bug fixes.

The vulnerability in the CMS dissector can be abused to cause a crash: %%cve:2019-19553%%

Didier Stevens
Senior handler
Microsoft MVP
blog.DidierStevens.com DidierStevensLabs.com

 

(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.