Open ZanattaMichael opened 3 years ago
potatoqualitee
commented
3 years ago I <3 security but wonder if the ordering is backwards. I always try to get people pumped so that they have the residual energy to invest into the more mundane things. Perhaps flip the order and start with like "Have concerns about getting PowerShell approved at your organization? We have a ton of info in Chapter X"
Windos
commented
3 years ago Re: "(We may want to consider the SecretManagement and SecretStore modules as well)" under "PowerShell Secrets and Azure KeyVault"
I'd suggest (imho) using SecretManagement as the backbone of the chapter. Can use it to handle the KeyVault secrets, and cover SecretStore for local + cross plat secrets... and the credman one for Windows specific local creds.
Windos
commented
3 years ago Want to piggyback a bit on @potatoqualitee's feedback. The order felt a little off in my read through, and I workshopped this a little with my wife.
My recommendation for section order is:
I'm not 100% sure on that Collab section either. I feel like it should come sooner, but I can't think of what should go after it.
I like the chapters inside each section!
TheFreeman193
commented
3 years ago I agree with @potatoqualitee and @Windos about the chapter ordering.
For the Data Analysis subsection, a good place to start might be an introduction to the more complex data types and structures that PowerShell can work with, including those exposed through .NET. A brief discussion of the data file formats that PowerShell can read from and write to would also be relevant here. This is also a good section to dicuss data streams and how processing differs from working with static data objects.
I also reckon, perhaps under the performance section, or in a chapter of its own, it's a good idea to talk about multithreading (jobs, runspaces, runspace pools etc.) and by extension the use of thread safe code.
Finally, it might be pertinent to discuss PowerShell's relationship with .NET more broadly, as well as its extensibility with modules and assemblies, within the PowerShell in Depth chapter.
Szeraax
commented
3 years ago well as its extensibility with modules and assemblies, within the PowerShell in Depth chapter.
@TheFreeman193 and classes.
Szeraax
commented
3 years ago I'm not 100% sure on that Collab section either. I feel like it should come sooner, but I can't think of what should go after it.
@Windos I actually really like the idea of making collaboration come sooner.
The sooner people learn git, the sooner they can take advantage of it during ALL of the exercises in the book.
Imagine if the collaboration section was first, told them to use git, gave them a public github repo to contribute a script to where others here in the community can see it and give REAL feedback through code reviews. They can practice doing code reviews on other people's commits. And then finish out that chapter with publishing.
At the end of this first section, a user knows how to go from code to deliverable! That's and end-to-end view of the powershell lifecycle, really.
ZanattaMichael
commented
3 years ago I <3 security but wonder if the ordering is backwards. I always try to get people pumped so that they have the residual energy to invest into the more mundane things. Perhaps flip the order and start with like "Have concerns about getting PowerShell approved at your organization? We have a ton of info in Chapter X"
Hmmm. That's in interesting idea. While it's a textbook I believe that FAQ section would be really cool.
ZanattaMichael
commented
3 years ago I agree with @potatoqualitee and @Windos about the chapter ordering.
For the Data Analysis subsection, a good place to start might be an introduction to the more complex data types and structures that PowerShell can work with, including those exposed through .NET. A brief discussion of the data file formats that PowerShell can read from and write to would also be relevant here. This is also a good section to dicuss data streams and how processing differs from working with static data objects.
I also reckon, perhaps under the performance section, or in a chapter of its own, it's a good idea to talk about multithreading (jobs, runspaces, runspace pools etc.) and by extension the use of thread safe code.
Finally, it might be pertinent to discuss PowerShell's relationship with .NET more broadly, as well as its extensibility with modules and assemblies, within the PowerShell in Depth chapter.
Thankyou for your feedback. That was really good.
ZanattaMichael
commented
3 years ago Re: "(We may want to consider the SecretManagement and SecretStore modules as well)" under "PowerShell Secrets and Azure KeyVault"
I'd suggest (imho) using SecretManagement as the backbone of the chapter. Can use it to handle the KeyVault secrets, and cover SecretStore for local + cross plat secrets... and the credman one for Windows specific local creds.
So would you suggest having that as the first chapter of PowerShell security?
billkindle
commented
3 years ago For the Data Analytics section, probably could touch on this a little: https://docs.microsoft.com/en-us/azure/azure-monitor/platform/data-platform-logs
That would tie into some of the logging discussion, and just move the position of the IaC to the end of the chapter or move up to be a follow up for testing with PowerShell.
billkindle
commented
3 years ago Extensibility section will need to cover at a minimum advanced functions, and writing comment based help as part of reuseability. One thing I don't really see talked about much is where to draw a line when to create basic functions and when to create advanced functions. I can't find the article now but I do remember reading somewhere a few years ago that you always want to keep functions doing one thing and one thing only. I've seen this in the Python world too.
For practical applications, could we maybe include some Linux, Azure, AWS based applications and also how to use API's?
billkindle
commented
3 years ago Re: "(We may want to consider the SecretManagement and SecretStore modules as well)" under "PowerShell Secrets and Azure KeyVault" I'd suggest (imho) using SecretManagement as the backbone of the chapter. Can use it to handle the KeyVault secrets, and cover SecretStore for local + cross plat secrets... and the credman one for Windows specific local creds.
So would you suggest having that as the first chapter of PowerShell security?
Given how often I've seen people ask and have been asked myself about this topic in the past, I'd vote for making Security the very first chapter. There's no reason to bury it in the middle or the end IMHO.
billkindle
commented
3 years ago I <3 security but wonder if the ordering is backwards. I always try to get people pumped so that they have the residual energy to invest into the more mundane things. Perhaps flip the order and start with like "Have concerns about getting PowerShell approved at your organization? We have a ton of info in Chapter X"
Hmmm. That's in interesting idea. While it's a textbook I believe that FAQ section would be really cool.
Treat the book like a really looooooonnnnnnnggggg blog post. Take a brief description of each chapter, make an introduction read like a question that then points the reader to the chapter/verse.
I agree that it engages a reader more while also allowing them to explore a little on their own.
billkindle
commented
3 years ago Want to piggyback a bit on @potatoqualitee's feedback. The order felt a little off in my read through, and I workshopped this a little with my wife.
My recommendation for section order is:
* PowerShell in Depth * Architecture and Design * PowerShell Testing * PowerShell Security * CollaborationI'm not 100% sure on that Collab section either. I feel like it should come sooner, but I can't think of what should go after it.
I like the chapters inside each section!
Could always turn it into a opportunity to practice it throughout the book. Maybe give the reader the option to pull code from a repository and issue PR's , make some commits etc. Practicing a little in a collaborative way? Just spitballing here.
billkindle
commented
3 years ago @ZanattaMichael do we really need an afterword section though? Or were you intending to have some explanations as to why the formatting changed from the last three conference style books? Or am I way way off and this is separate from PSconfV4?
ZanattaMichael
commented
3 years ago @ZanattaMichael do we really need an afterword section though? Or were you intending to have some explanations as to why the formatting changed from the last three conference style books? Or am I way way off and this is separate from PSconfV4?
Completely separate. The PowerShell Conference books lineage has ended. We are now branching out by writing the textbook on the matter.
Outline
Goal of the Book: This book is for those that want to develop the knowledge and skills required for a senior level automation or administration position. It will cover the concepts that will help you develop the mindset/lay the groundwork for best practices required for advanced topics, topics that are not always covered by other books. This book will use PowerShell as the primary tool used for examples of these concepts, but the examples are not limited to only PowerShell based solutions. Once you have read this book and understand the concepts contained within, you will be well prepared for many difficult and potentially senior level technical challenges. This book will be written as a textbook resource that universities/ engineers can reference/ incorporate into course material.
Target Audience: This book is intended to target engineers that have completed the "Month of Lunches" books (including the toolmaker book).
Vision: The vision of this book is to have a book that is written by the community for the community allowing community experts to directly facilitate the learning.
Platform: Leanpub using Markdown. Hard-copies will be published using Amazon.
Management: To ensure that technical accuracy is maintained, senior editors will provide quality control (across sections), where editors will focus on the content (spelling/ grammar) for each chapter.
Content:
Forward (Orin Thomas has agreed to write the forward) http://orinthomas.com/
Introduction:
PowerShell Security
Script Signing
Script Execution Policies
Constrained Language Mode
Just Enough Administration
PowerShell Secrets and Azure KeyVault
PowerShell Testing
The AAA Approach.
Unit Testing.
Integration Testing.
Parameterized Testing.
Mocking.
PowerShell in Depth
Advanced Conditions.
Using Regex.
Abstract Syntax Tree (AST).
Logging
Infrastructure as Code (IaC)
Data Analytics.
(I have no idea here.)
Architecture and Design
Extensibility
Refactoring PowerShell.
Performance
Practical Applications.
This chapter looks at the practical applications of PowerShell and how to use the engine to achieve what you want.
Collaboration
Code Review.
This chapter explores the process of performing code review (what to look for, ) Best practices used within the community.
Git
This chapter will introduce Git and how it can be used to store your code. It will cover typical Git commands with detailed explanations on what it is doing.
Publishing and Deploying your Code.
This chapter explores the different methods of deploying your code (Internally / Externally). This chapter will also demonstrate some best practices for deployments.
Afterword
(Yet to decide who will contribute to the afterword) ##