
Kali Linux 2020.3 - ashitlerferad
https://www.kali.org/news/kali-2020-3-release/
======
idoubtit
I think the move of Kali Linux from bash to zsh is sane. I sometimes have to
use the default shell of Linux distribution, especially on servers, and my
main pain points with bash are:

\- The history is editable by default. If I move to a previous history line
and change it, the old line disappears. Hitting Ctrl-c will remove it from the
history.

\- If I use simultaneous shells (screen, tmux, or several ssh connections),
the history saved will be the one of the last shell to quit. The bash config
`histappend` should be the default, IMO.

\- Most of the time, I search the history by the beginning of the command I
just typed, which zsh maps to alt-p and which bash does not map by default. I
rarely use the ctrl-r search.

\- No way to pause a command and view the man. With zsh, `git clone<alt-h>`
will display `man git-clone`, then return to the incomplete command line.

\- No way to set a command aside. E.g. if I realise while typing that I'm not
in the right directory, `git clone<alt-q>cd src<return>`.

~~~
mapolone
Not to mention:

\- Oh-my-zsh has a lot of plugins for auto-completion

\- FZF (fuzzy finder), for command history is a big hit (supports bash too)

~~~
ti_ranger
> \- Oh-my-zsh has a lot of plugins for auto-completion

As does bash-completion, which is available in many (but not all :-/) Linux
distros and via Homebrew on MacOS and [pre-
dates]([https://github.com/scop/bash-
completion/tree/09b07d57a7031d9...](https://github.com/scop/bash-
completion/tree/09b07d57a7031d904223b31c3a240adab0533546)) [oh-my-
zsh]([https://github.com/ohmyzsh/ohmyzsh/tree/5da20b9dddb1f7a91106...](https://github.com/ohmyzsh/ohmyzsh/tree/5da20b9dddb1f7a9110675ded5df59c4c3ed1b83))
by about 6 years.

But, zsh users and oh-my-zsh fan-boys seem to be entirely ignorant of bash-
completion.

~~~
sbarre
I never understand comments like these. Why do you have to twist this to be
about "ignorant fan boys"?

Not enough drama in the world already?

~~~
ti_ranger
Sorry, but I've read too many posts that say "bash sucks, it doesn't do <thing
that bash has done for years before zsh did it> like zsh does".

~~~
sbarre
And there's a constructive way to respond to those posts, if you must
absolutely respond.

Yours ain't it.

~~~
dbtc
Ironic response.

~~~
sbarre
Fair point

------
Timpy
I always thought Kali wasn't really for daily use. Not a vehicle for every day
driving around town, more like a secondary vehicle you only use for work.
HiDPI, tool icons, and gnome themes make it seem otherwise. Sure, these things
are nice whether you're using it for work or play, but I wonder. Is anybody
running kali as their daily driver?

~~~
julianh95
You definitely shouldn't use it as a daily. However, Offensive Security is
trying to make it a smooth experience given that quite a bit of time is spent
using it for penetration tests, CTFs, etc in addition to "competition" from
ParrotOS. Most folks that I know would switch to it anyway so having it be the
default makes it easier.

~~~
Teever
Can you elaborate why someone shouldn't use it as a daily driver?

I have used Linux for a decade now and I just got a friend interested in it
and his pick was Kali because he was interested in learning about security
stuff.

I took a quick look at it and saw that it was debian based and XFCE is my
favourite desktop environment so I figured he'd be alright with it.

~~~
_salmon
It used to be that Kali would start a ton of services at boot and open those
ports up to the LAN interface. Stuff like Postgresql that you probably don't
want to expose any wider than localhost.

It also defaulted to running as a root user for everything, but they recently
changed that.

~~~
Botnet4Lunch
Hmm I don't remember that ever being true. Items like Postgress would listen
on localhost only. No services outside of DHCP were even enabled by default
going all the way back to BackTrack.

------
ggm
Fascinating that the conversation goes to zsh over bash.

You'd think a decent Bluetooth risk tool was more relevant given the covid19
dependency on more bt always on and so more bt drive-by

~~~
DominikD
People who don't use Kali comment on whether move from one shell to another
was right for the Kali users. This drive by commenting is sadly omnipresent in
the open source world. OpenBSD uses CVS? They should use git. XServer? Why not
Wayland? Oh, libsdl is using Mercurial, but they should totally use git. And
on, and on.

~~~
50ckpuppet
Drive by comments are typically from people who want to _sound_ like an
expert.

~~~
exikyut
I find it extremely amusing that your comment has been sufficiently downvoted
that it's grey...

------
saagarjha
With a heavy heart I join the rest of the zsh discussion because these aren’t
even factual:

> You can do a lot of advanced things with bash, and customize it to do even
> more, but ZSH allows you to do even more.

Bash can do a lot of things zsh can’t, and vice versa.

> Fish is a nice shell (probably nicer than ZSH), but realistically it was not
> a real consideration due to the fact that it is not POSIX compatible.

Neither is zsh, really. There’s emulation modes but I never got the impression
that fidelity was a goal there.

~~~
pletnes
Zsh isn’t posix compatible? Citation needed?

Also what can bash do that zsh can’t? Genuinely curious, after using both for
years.

~~~
ti_ranger
> Also what can bash do that zsh can’t?

I have noticed that a lot of the features listed in
[https://www.gnu.org/software/bash/manual/bash.html#Major-
Dif...](https://www.gnu.org/software/bash/manual/bash.html#Major-Differences-
From-The-Bourne-Shell) aren't present in zsh, but I am not sure of all the
ones that aren't in zsh.

Ones that I have used in bash that aren't in zsh (there may be many more, I
stopped using zsh in many scenarios because of some of these):

* Some of [https://www.gnu.org/software/bash/manual/bash.html#Shell-Par...](https://www.gnu.org/software/bash/manual/bash.html#Shell-Parameter-Expansion) (e.g at least ${LOGNAME^^}, `(FOO=BAR;echo ${FOO,,})`)

* -p option to read for the prompt, e.g. `read -s -p "Enter the DB password: " PW`

------
em500
> Q.) Why did you make the switch? What’s wrong with bash? A.) You can do a
> lot of advanced things with bash, and customize it to do even more, but ZSH
> allows you to do even more. This was one really large selling point.

AFAICT this is the entire motivation provided. Since they start with stating
that it's a very large change, It would be useful to flesh out the motivation
a bit. For instance, some concrete examples of those "even more" things that
you can do with zsh but not with bash would go a long way.

------
daffy
One nice thing in zsh is that you can type `/u/lo/b<tab><return>` and be in
`/usr/local/bin`.

~~~
enriquto
Bash does the same thing here, typing tabs instead of slashes.

    
    
        /u<TAB>lo<TAB>b
    

same number of keystrokes actually

~~~
Nullabillity
Not quite. Zsh can use the subfolders to disambiguate which parent you meant,
bash can't.

~~~
enriquto
Wow. While this is quite slick (and must have been funny to implement), I
actually hate this kind of "magic" behavior.

~~~
polack
I usually hate magic too, but I have to say this is one of the cases where I
like it. It's convenient without any danger attached to it since you're just
switching directory and not actually executing something against this
"unknown" path.

------
BossingAround
Can anyone recommend training for offensive security and/or Kali Linux
pentesting?

I've been wanting to explore that branch for a long time, I'd really
appreciate some great resources for an engineer with no pentesting experience.

~~~
greedo
No better place than the source: [https://www.offensive-security.com/courses-
and-certification...](https://www.offensive-security.com/courses-and-
certifications/)

~~~
BossingAround
I'm honestly quite skeptical. Unless I hear personal recommendations, I'd be
very wary of spending 1k+ on a training in "pentesting"...

~~~
swesecnerd
I did the OSCP (the course was called Pentesting with Kali Linux [PWK]) back
in 2017. Costly, but the resources were top notch. A pdf with several hundred
pages covering everything from basic Linux commands to modifying existing
exploit code to suit your use case. Metasploit was included but the course was
not Metasploit heavy. Writing your own remote exploit backend forces you to
really understand the mechanics so it felt a bit old school in a good way.

Bundled with this I also got several (i.e many) hours of recorded and narrated
video to accompany the pdf.

The best part though is the lab network. During the course I had access to a
huge number of virtual machines to scan and exploit. The courseware really
encourages you to experiment and evolve. The exam, if you want to try it, is
an all out practical pentest from start to finish and 24h to complete. A
comprehensive report covering the entire pentest is mandatory.

All in all the OSCP was totally worth the $ IMHO.

I do however recommend that total beginners should start with the free
resources and other great sites like overthewire. Get your feet REALLY wet
before you pay the $ and lab days start ticking.

------
fomine3
I'm totally fine with bash if it could share history between processes by
default. That's pain when I operate in someone's server.

------
refresher
Their image says 'zsh auto-suggestions rocks!' but I had to add quite a bit to
my .zshrc (in macOS at least) to get them to be good.

------
bartvk
That's a funky prompt they're showing there. Since it came by default on
macOS, I'm using zsh. But to be honest, my Linux box still remains on bash.
The differences, to my usage, are minimal.

~~~
kristopolous
Fun fact: That's a legacy openstep thing. I was using an x86 version of
openstep in a VM just for fun a few months back and it had a 1994 copy of zsh
on it. I also remember using it on OS X server 1.0 in around 1999.

I have an actual nextstation in my parents garage. I wonder if it's on that...

~~~
xenadu02
OS X used tcsh as the default shell way back. Later it used bash 3.x as the
default up until Catalina. As of Catalina zsh is the default for new users
(and the version of zsh that ships with macOS is relatively up to date).

~~~
kristopolous
Alright. I never claimed it was the default shell... That was obviously csh,
everyone knows that. It's a bsdism. FreeBSD's default was tcsh essentially
until I stopped using it maybe 15 years ago.

Zsh was placed onto the hard drive of the computer by the operating system
installation cd and was an available executable program that could be invoked
from the terminal.

There, is that better?

------
beagle3
Still my OS of choice for my first-ever generation Samsung Chromebook
(exynos). Unfortunately, they stopped providing images - does anyone know if
the build scripts still work for exynos based chromebook? (Or if other distros
do?)

------
aww_dang
Aren't the people who know and understand the tools they use, the same people
who can install security utilities on any distro?

What is the purpose of this distro in regards to that?

~~~
Taek
Less hassle. Plus if you are part of the community you get a better view on
what tools are getting more prominent and what fixes or updates are being
released.

I'm sure nobody who uses Kali needs it to exist, but that doesn't mean it
doesn't add value.

------
enriquto
Since this has turned into a bash/zsh thread...

The only _real_ (non-cosmetic) feature missing in bash that zsh has is process
substitution using files. In bash you can use <() to capture the output of a
pipeline into a filename, but it is implemented as a non-seekable pipe. In
zsh, you have that, but you also have =() that gives you a real, temporary
file. It is extremely useful in the rare cases when it is needed.

------
GekkePrutser
I wonder why this zsh thing is such a huge change. Bash is just a chsh command
away :)

------
sivizius
Kali Linux still exists? I thought after it was used in so many more or less
good films and series it is not cool any more. :D

~~~
toyg
It's very lively and actually the cancer of certain parts of the internet
(like the subreddit dedicated to Virtualbox).

~~~
itomato
i just took a look. wow, the number of people who have just discovered fire
over there.

