Doing random things over at
174 stories

DSC Future Direction Update


PowerShell Core and DSC

PowerShell is open sourced and moving over to .Net Standard 2.0 for the reasons outlined in Jeffrey’s blog post. Like PowerShell, PowerShell Desired State configuration (DSC) needs to meet customers in this multi-platform, multi-cloud, multi-OS world where they live. In Joey’s blog post, he outlined what this means to the future of PowerShell. What does all of this mean for DSC going forward?

In this post, we will discuss what direction we plan to take DSC including:

  • The DSC engine / local configuration manager (LCM)
  • DSC cmdlets
  • DSC Azure Extension
  • On-prem DSC pull server


Windows PowerShell Desired State Configuration is included as part of Windows PowerShell

  • Requires WMI
  • Ships as part of Windows and Windows Management Framework (WMF)
  • Requires Windows PowerShell 4.0, 5.0, 5.1
  • Supports resources written in native C (WMI based) and PowerShell
  • Cmdlets use WinRM or CIM for remote connections

DSC on Linux is open source version for Linux SKUs

  • Requires OMI
  • Supports resources written in native C and Python
  • Is not at feature parity with Windows DSC
  • Is separate open source code base

Desired State Configuration Core (DSC Core) is a soon to be released version of DSC that aligns with PowerShell Core

  • No dependency on WMI
  • No dependency on WMF
  • Xcopy-able package
  • Supports resources written in native C/C++ (no WMI), Python and PowerShell
  • Runs on Windows and Linux
  • Required (includes in package) PowerShell Core and .NET Core

Note: The above descriptions are based on current plans and implementation and may change slightly upon release

Philosophy for DSC Core

Our goals with DSC Core are to minimize dependencies on other technologies, provided a single DSC for all platforms, and position it better for cloud scale configuration while maintaining compatibility with Windows PowerShell Desired State Configuration.

As noted above, Windows PowerShell Desired State Configuration has dependencies on a number of other technologies. As a Windows component, this made sense since most if not all of these components were already part of Windows. The side effects of these dependencies (ex. WMF), however, include larger package sizes, upgrade complications due to other product’s use of these components, reboots required during installation, etc. For these reasons and more, DSC Core will reduce its dependencies on other technologies as much as possible.

What does this mean for compatibility?

  • DSC Resources: There will be support for native C resources, PowerShell 6 and Python (on Linux) supported resources. All existing and new DSC resources that use supported.NET standard 2.0 commands will work with DSC Core.
  • Cmdlets: The existing cmdlets will not work with DSC Core. A new set of cmdlets will be provided for use with DSC Core. We will do our best to maintain backward compatibility of these new cmdlets with Windows PowerShell DSC as well as maintaining script compatibility (ie. cmdlets will have same names and parameters). We are looking for feedback from the community on how important having backwards compatibility in these cmdlets is so, if you have an opinion, please add your comment to this post.
  • Azure DSC Extension: A new Azure extension will be provided that uses DSC Core.
  • Pull Server: The existing protocol that DSC uses to communicate with the Pull Server will be supported by DSC Core so existing Pull Server as well as Azure Automation DSC(AA DSC) will be compatible with DSC Core.
  • Configurations: Configuration scripts will be fully supported and will require no changes. They will just need to be compiled in PowerShell 6.

Note: The above compatibility is based on current plans and implementation. Since this is still a work in progress some things may change slightly upon release.

Although DSC exists for Windows and Linux currently, they are separate projects. They each have, for example, their own code base, features and defaults, etc. DSC Core will be a single project for all platforms. This means that features and functionality will be common whether you are using Windows or Linux. And more importantly, going forward new features, fixes, etc. will be available for both Windows and Linux.

Lastly, key portions of DSC Core are being rearchitected to better support cloud scale configuration. As an example, our intent is to support multiple versions of DSC Core side by side while retaining the DSC promise of a known end state. This enable scenarios like having some configuration that are “Autocorrected” every 15 min while other configurations are “Monitored” every 6 hours. This type of flexibility combined with a small xcopy-able package will make DSC Core much more flexible and scalable in the cloud world.

WMF version of DSC

What happens to Windows PowerShell Desired State Configuration when DSC Core is released? As a Windows product, Windows PowerShell Desired State Configuration will continue to be supported and security fixes will be released for it but all new features and functionality will be driven in and release in DSC Core.

You will be able to run Windows PowerShell Desired State Configuration and DSC Core side by side but in order to prevent undetectable conflicts between the two agent’s configurations, this should be treated as a migration scenario with the goal of eventually moving to DSC Core and disabling Windows PowerShell Desired State Configuration.

Pull Server


The on-prem pull server is the Windows feature that ships with Windows since 2012 R2 and is included in WMF. There are three versions: 4.0, 5.0 and 5.1.

I am sure you have noticed that we did not discuss the Pull server in many of the above sections. There are a couple of reasons for this. First, since it is an extremely important but separate part of DSC, it deserves its own section. Second, we are still working on what the future of this looks like.

That said, we are committed to supporting and fixing critical security and performance issues with the on-prem pull server while we lock down on our plan for providing solutions for all of our customers whether you are in the Hybrid cloud, moving from on-prem to the cloud or staying on-prem. We want to be transparent with you so that we can ensure that we are going down the right path with this and all things DSC so expect an update on this in the coming months.

Azure Configuration Management (Azure Automation DSC)

Azure Automation DSC is the recommended pull server solution for enterprise and cloud environments. It supports both Windows PowerShell Desired State Configuration and will support DSC Core. It is and will remain our premium managed service. This provides the functionality of the in-box DSC Pull server and much, much more. Some of the additional goodies that you get with Azure Automation DSC are as follows:

  • Hosted Service (no infrastructure for you to manage)
  • Highly scalable pull service
  • Configuration status reporting
  • Central management that supports Azure Portal, PowerShell, Azure CLI, and Rest API iteration
  • Highly extensible through close integration with Automation Runbooks
  • Fast release cycle so you get new features and fixes faster


There is a ton of work that we want to do here, much of which is already in flight. Instead of holding everything until we are done, we will enable specific scenarios and then release. Our first release will be focused on Azure scenarios and will be release through the Azure DSC extension. The first release is expected to be around the end of the calendar year. From there we will be taking advantage of the faster release cadence available in the cloud to push new features and functionality first through the Azure DSC extension and then we will release as a downloadable package. ETA for this package is not yet determined, but we will publish a roadmap that we will keep updated here.

We are really looking forward to getting your feedback and sharing all of the work that we have been putting into DSC Core with you so don’t touch that dial.

Mark Gray, DSC Program Manager
Indhu Sivaramakrishnan, DSC Software Engineering Manager

Read the whole story
63 days ago
Share this story


1 Share

Read the whole story
170 days ago
Share this story

Adjective Foods

4 Comments and 19 Shares
Contains 100% of your recommended daily allowance!
Read the whole story
332 days ago
Share this story
3 public comments
331 days ago
The juice-like drink industry already has this down. "I'm going to the store, need anything?" "Yeah, buy me a gallon of purple"
Moses Lake, WA
333 days ago
I have the perfect supermarket in mind for these products:,-73.9901871,17z/data=!3m1!4b1!4m5!3m4!1s0x89c2585e0641d799:0xfab05c3ce38e4797!8m2!3d40.7753114!4d-73.9879984
New York, NY
333 days ago
Contains 100% of your recommended daily allowance!

A few drawings about Linux

1 Comment and 4 Shares

For the last few days, I’ve been doing a drawing about Linux on my Twitter every day. Here they are.

It’s been really lovely to see the response to these – some of these (like /proc) I’ve known about for quite a while, and it makes me really happy to hear “wow, I didn’t know that! That’s really cool!”

I’ll try to keep up making one a day for the rest of November.

Drawing these is a fun puzzle – I can’t draw most things (a cat? forget it!) so I need to figure out which things are within my capabilities (a lighting bolt? stars? hearts? okay!) and will communicate what I want.

You will probably also notice that I struggle to keep a consistent font weight :) I’m learning what I think looks good slowly. I’ve been using this Android app called “infinite design” to make vector drawings and they turn out nicer.

Read the whole story
371 days ago
Share this story
1 public comment
369 days ago
Julia is the coolest, these are awesome.
Brooklyn, NY

Every Version of Voxel Quest, Ever

1 Share
At the bottom of this post I have included images and videos from the many versions of VQ, for nostalgia's sake. :)

I released the first version of VQ a while ago, but have not since done much with the other versions. I had been debating what to do about the current situation of the VQ source. As I have probably said a million times at this point, my spare time is borderline non-existent these days between family and work obligations. There are three things I could do:
  1. Continue to sit on it and keep it private (bad)
  2. Release it all in its current state (not great, but better than nothing)
  3. Polish up a few select releases, make them git-friendly, etc. (best)
Obviously #3 would be ideal, but I don't know exactly when I will have enough spare time to go through that. In the meantime, I think doing #2 is better than waiting an arbitrary span of time for #3. I will be happy to link any git or other repositories people go through the trouble of making.  So anyway, here it is:

Edit 2: simcop2387 has kindly put it all in a repository here and bsagdiyev made this bittorrent magnet:?xt=urn:btih:e52b16bdf2eda8b678d5104517dba6ba05fb6089&dn=vqfiles

Edit: use this Dropbox link instead of the one below to get all files. (As of this edit at 11/5/2016 7:50 PST files are still uploading, so give it some time)

Every single snapshot of Voxel Quest(Google Drive link, limited to versions under 20 mb)

All of this code is being released under the zlib license (alternate licenses available on request). Any third party code or libraries used fall under their respective licenses, although from what I recall every third party resource also falls under a liberal license. The one exception is the bitmap resources used (sprites, icons, etc). These free for your personal use but you must buy the corresponding files from 7soul (AKA Henrique Lazarini) if you plan to publish anything (the RPG sprite and monster packs).

I have also included some very old versions of the source, dating back to stuff seen on, long before VQ even had a name.

Some of the bigger snapshots contain all files (usually weighing in at around 70 mb or so), and the smaller ones (around 15-20mb) are just code and other resources.  You can copy over resources from the nearest version and it will usually work, or just work with archives that contain all files. Note that you cannot use the same resource files between all versions, necessarily - sometimes the layout or structure of this data would change over time. If you really want to get it up and running fast, you can check out the binary or release folder in a big snapshot, which usually will contain an exe. Not all snapshots are stable. To find a stable snapshot for a particular date, I recommend looking at the videos and picking the date nearest to that of the Youtube publish date on the video. To find controls, which also change over time, you will have to look at the source (most of the time, controls can be found within the singleton file).

If you are opening up one of the newest versions (which use "real" voxels and are computed on the CPU, as seen in recent @voxelquest screenshots), you will have to press "t" to toggle the new render mode. Otherwise, you will be running the old render mode, while at the same time computing voxel chunks on the CPU and it will run slow as hell! To use the ray traced version, I personally recommend the release on or around early August 2015.

You can probably find some helpful notes in the isometric repository - not all will apply, but much of the information there is still relevant to other versions. If you have any missing dll's, its not really "best practice" but you can probably snag them from the iso release on them in the binary folder)

Some older versions are designed to be build on Mac, I think around early 2013 and prior. The rest are designed to be built on Windows, but all versions are portable with a tiny bit of work.

Other notes: people keep telling me they don't want their money back, which is fine - I'm not going to force you to take it back. But I am still honoring my promise to return money to anyone who wishes (and the few who have requested have been paid back so far). Do not feel bad about asking for money back, I am more than happy to return it! You can reach me via Kickstarter, Twitter, or the contact form on this site if you would like a refund of any money that you put into VQ (through KS or otherwise).

One last note: I do not get notifications for the comments on this website, but I do try to read all comments from time to time. I will more likely respond to comments on other channels like Twitter or Youtube as those are easier to manage in a timely manner.

I may have left something out, please let me know if I am forgetting anything!
Read the whole story
371 days ago
Share this story

14 new trusted root certificates added to Windows in unannounced update

1 Share

My monitoring scripts raised an alert a few days ago: Microsoft has just quietly updated its Root CTL (Certificate Trust List), increasing its size to 356 roots.

The official channels, which normally announce and document such updates well in advance, are oddly silent about this one, and the new CTL is already being pushed to all Windows systems (including servers).

A quick RCC scan (shameless plug!) highlights the following entries as new:

1e0e56190ad18b2598b20444ff668a0417995f3f    LU    LuxTrust Global Root 2
5463283b6793ff55277cede39098e80422f912f7    CO    AC Raiz Certicamara S.A.
3143649becce27eced3a3f0b8f0de4e891ddeeca    TR    TUBITAK Kamu SM SSL Kok Sertifikasi  Surum 1
e252fa953feddb2460bd6e28f39ccccf5eb33fde    HR    SZAFIR ROOT CA2
3f0feb17a7ef5804cfd90a77b7bb021ea69c6418    GR    BYTE Root Certification Authority 001
a69e0336c4e59023ff653c71f928eb73f21c00f0    CA    Carillon Information Security Inc.
d99b104298594763f0b9a927b79269cb47dd158b    TW    ePKI Root Certification Authority - G2
81ac5de150d1b8de5d3e0e266a136b737862d322    TW    ePKI Root Certification Authority - G2
c3197c3924e654af1bc4ab20957ae2c30e13026a    US Root Certification Authority ECC
b7ab3308d1ea4477ba1480125a6fbda936490cbb    US Root Certification Authority RSA
4cdd51a3d1f5203214b0c6c532230391c746426d    US EV Root Certification Authority ECC
1cb7ede176bcdfef0c866f46fbf980e901e5ce35    US EV Root Certification Authority RSA
d3dd483e2bbf4c05e8af10f5fa7626cfd3dc3092    PL    Certum Trusted Network CA 2
d496592b305707386cc5f3cdb259ae66d7661fca    ES    ACA ROOT

Trusting new CAs is always a big deal, so advanced users and enterprise admins may use the above list to research these new roots and decide which ones they actually want to trust. And I'm currently working on a trust store hardening product, which will make it easy to drastically reduce your exposure to unnecessary CAs. Stay tuned!

Follow @hexatomium for more updates and the occasional crazy thought.

Read the whole story
402 days ago
Share this story
Next Page of Stories