A real solution to PowerShell SSH Remoting
March 30, 2008 at 11:05 PM | categories: windows, security, microsoft, system administration | View CommentsCan't wait for us to ship PowerShell Remoting? Want remoting to use SSH? Why wait for us? /N software has just announced a beta of their NetCmdlets V2.0 which provides PowerShell remoting over SSH today! They've had this for a while and V2 updates (and improves) the usability of the cmdlets as well as adding a bunch of new and exciting commands. For example, chances are that you won't ever see Microsoft ship the [get/send]-s3 cmdlets but /N software V2 does. :-)http://blogs.msdn.com/powershell/archive/2008/03/27/powershell-remoting-using-ssh.aspx My blog post from 2006 is currently the #1 Google Result for PowerShell SSH, but finally there is a good solution out there from /N software. It also supports S3. Very cool :)
Microsoft, true innovation
June 03, 2007 at 10:54 AM | categories: unix, philosophy, humor, microsoft | View Comments Wes: check out introducing pipes Matt: "Those who do not understand Unix are condemned to reinvent it, poorly." Matt: I hear vista finally has symlinks. Wake me up when they invent mount points and finally kill drive letters Wes: I think you can do that somehow. Matt: yeah sure, and break everything *nerd rage* Wes: yeah, junction point. junction points (technet) Matt: "Those who do not understand Unix are condemned to reinvent it, poorly." Update, Wes says, if you want to know more see his blogs at:Microsoft's Intentional Ignorance of Other Operating Systems
July 11, 2006 at 10:03 AM | categories: windows, unix, microsoft | View Comments I'm really happy that Microsoft employees are blogging more. Though I miss Robert Scoble. Microsoft really lost a lot of public relations points when Scoble left. Today, I came across a post by Raymond Chen, one of the great Microsoft guys that keeps new versions of Windows compatible with older applications. Truly, compatibility is a heroic task, one that most programmers don't want to deal with. However in recent discussions on Windows blindly overwriting the master boot record (and in the process screwing everyone with alternate operating systems), he says:In the discussions following why Windows setup lays down a new boot sector, some commenters suggested that Windows setup could detect the presence of a non-Windows partition as a sign that the machine onto which the operating system is being installed belongs to a geek. In that way, the typical consumer would be spared from having to deal with a confusing geeky dialog box that they don't know how to answer. The problem with this plan is that not everybody with a non-Windows partition type is necessarily a geek. Many OEM machines ship with a hard drive split into two partitions, one formatted for Windows and the second a small non-Windows partition to be used during system diagnostics and recovery. The presence of this small non-Windows partition is typically not well-known, and it comes into play only when you boot from the manufacturer's "system recovery CD".I would challenge Raymend Chen to install Linux, because this problem isn't difficult to solve and has been solved by every major Linux distribution years ago. This has been one of my biggest all time gripes with Microsoft. They put on blinders and ignore everything not invented at Microsoft (except when they steal Apple's GUI, but that's another entry). I've reproduced the common system partition types that Linux fdisk knows about. If Microsoft took this list and detected the top ten most common ones, they could solve this problem. If they decided to spend another couple hours implementing all of them, they would make installing Vista a breeze for those of us who know there is more than one Microsoft way. However, they won't because why would Microsoft care if they overwrite your grub/lilo boot record? That just means you will only be using Windows, right? I think they forget that I am a customer too, and I don't appreciate it when a product destroys my setup.
| 0 Empty | 1e Hidden W95 FAT1 | 75 PC/IX | be Solaris boot |
| 1 FAT12 | 24 NEC DOS | 80 Old Minix | bf Solaris |
| 2 XENIX root | 39 Plan 9 | 81 Minix / old Lin | c1 DRDOS/sec (FAT- |
| 3 XENIX usr | 3c PartitionMagic | 82 Linux swap | c4 DRDOS/sec (FAT- |
| 4 FAT16 <32M | 40 Venix 80286 | 83 Linux | c6 DRDOS/sec (FAT- |
| 5 Extended | 41 PPC PReP Boot | 84 OS/2 hidden C: | c7 Syrinx |
| 6 FAT16 | 42 SFS | 85 Linux extended | da Non-FS data |
| 7 HPFS/NTFS | 4d QNX4.x | 86 NTFS volume set | db CP/M / CTOS / . |
| 8 AIX | 4e QNX4.x 2nd part | 87 NTFS volume set | de Dell Utility |
| 9 AIX bootable | 4f QNX4.x 3rd part 8e | Linux LVM | df BootIt |
| a OS/2 Boot Manag | 50 OnTrack DM | 93 Amoeba | e1 DOS access |
| b W95 FAT32 | 51 OnTrack DM6 Aux | 94 Amoeba BBT | e3 DOS R/O |
| c W95 FAT32 (LBA) | 52 CP/M | 9f BSD/OS | e4 SpeedStor |
| e W95 FAT16 (LBA) | 53 OnTrack DM6 Aux | a0 IBM Thinkpad hi | eb BeOS fs |
| f W95 Ext'd (LBA) | 54 OnTrackDM6 | a5 FreeBSD | ee EFI GPT |
| 10 OPUS | 55 EZ-Drive | a6 OpenBSD | ef EFI (FAT-12/16/ |
| 11 Hidden FAT12 | 56 Golden Bow | a7 NeXTSTEP | f0 Linux/PA-RISC b |
| 12 Compaq diagnost | 5c Priam Edisk | a8 Darwin UFS | f1 SpeedStor |
| 14 Hidden FAT16 <3 | 61 SpeedStor | a9 NetBSD | f4 SpeedStor |
| 16 Hidden FAT16 | 63 GNU HURD or Sys | ab Darwin boot | f2 DOS secondary |
| 17 Hidden HPFS/NTF | 64 Novell Netware | b7 BSDI fs | fd Linux raid auto |
| 18 AST SmartSleep | 65 Novell Netware | b8 BSDI swap | fe LANstep |
| 1b Hidden W95 FAT3 | 70 DiskSecure Mult | bb Boot Wizard hid | ff BBT |
| 1c Hidden W95 FAT3 | |||
Using PowerShell through SSH
July 03, 2006 at 03:24 PM | categories: microsoft | View CommentsIntroduction
Windows PowerShell is a new command-line shell and task-based scripting technology that provides comprehensive control and automation of system administration tasks. Windows PowerShell allows Windows administrators to be more productive by providing numerous system administration utilities, consistent syntax, and improved navigation of common management data such as the registry or Windows Management Instrumentation (WMI). Windows PowerShell also includes a scripting language which enables comprehensive automation of Windows system administration tasks. The Windows PowerShell language is intuitive and supports existing scripting investments. Exchange Server 2007 and System Center Operations Manager 2007 will be built on Windows PowerShell. -- Windows Server 2003 Technologies - PowerShellI come from UNIX, where the text shell is the preferred way to do system administration. I've been following Powershell née Monad for some time. Windows has needed a powerful shell since before MS-DOS (not sure what the default shell in Xenix was). The PowerShell team seems to be laying out some of the architecture that will be needed to bring Microsoft forward on this front. I've argued before that one of the reasons Google is beating Microsoft is the easy scriptability and command line interface on Google's Platform, Linux. If Microsoft wants to play seriously with admins like me and compete with Apple and Google, they will have to continue building on PowerShell. One of the key components of System Administration is remote access. It would be absurd to have to physically walk up to every machine you were responsible for and use the keyboard and mouse to configure or install anything. There are some pretty good tools for working with Windows remotely, but most of them require a video card and mouse. I can type upwards to 100 words a minute, anytime I have to move my hands off the home row to the mouse, I am losing productivity. Anytime I have to stream video, I am wasting bandwidth. I can administer a UNIX box from a palmtop device like a Sidekick over a slow cell phone connection. One of the first things that an admin wants to do with PowerShell is run remotely. To do this securely, you must encrypt your data. SSH has been the proven way to do this. So the question becomes, how do I connect SSH and PowerShell together? With a little bit of kludge, it is possible. Why this wasn't included by default in version 1.0, I have no idea. My advice and plea to the Microsoft developers is to just use SSH. Please don't invent a proprietary Microsoft only tool to do this. Please please please please! Note: The following assumes that you have logged in as a local admin and this account has a password.
Download and Install Cygwin
Fire up Firefox (or your favorite browser) and choose a Cygwin Mirror.- Select a mirror
- Download setup.exe
- Run setup.exe
- Most of the defaults can be left as is
Configure Cygwin
Right click My Computer, select Properties -> Advanced -> Environment Variables. Next, click the New button and add:name: CYGWIN value: ntsecSelect the Path variable and click Edit then append ;c:\cygwin\bin (assuming you installed Cygwin here) at the end of the existing string.
Download and Install Microsoft Tools
Note: The following requires Microsoft Passport aka Live ID Unzip the downloads and run their respective setup. I used all the defaults.Run Cygwin
- Either click the green Cygwin icon or run c:\cygwin\cygwin.bat
- Run ssh install script: $ ssh-host-config
- Answer "yes" to every question except for the last one, which should be ntsec
Should privilege separation be used? (yes/no) yes Should this script create a local user 'sshd' on this machine? (yes/no) yes Do you want to install sshd as service? (Say "no" if it's already installed as service) (yes/no) yes Which value should the environment variable CYGWIN have when sshd starts? It's recommended to set at least "ntsec" to be able to change user context without password. Default is "ntsec". CYGWIN=ntsec Start SSHD $ net start sshd The CYGWIN sshd service is starting. The CYGWIN sshd service was started successfully.
Run Powershell
Start -> Programs-> Windows Powershell. Choose to always accept Microsoft signed code. Close PowerShellTest SSH and Powershell
Run Putty or your favorite ssh client and connect to localhost. Accept the hash and login. If everything works, you should be at a bash prompt in Cygwin. Next run PowerShell. Due to the limitations of PowerShell v1.0 we have to tell it that we are redirecting the input. Note that you won't get any output from PowerShell indicating that it started up, including a command prompt!$ /cygdrive/c/Program Files/Windows PowerShell/v1.0/powershell.exe -Command -Try a PowerShell one-liner:
- [System.Net.Dns]::GetHostbyAddress("207.46.198.30")
- [System.Net.Dns]::GetHostAddresses("www.msn.com")
- dir | where {$_.PsIsContainer}
Links
Credits
Big shout out and thanks to Lee Holmes for answering my e-mail and pointing me in the right direction, and PigTail Cygwin SSHD Instructions for clearing up some of the finer points in the SSH install.Microsoft Frustration
July 03, 2006 at 01:34 PM | categories: microsoft | View Comments After writing an article about Microsoft's PowerShell, I kept getting search referrals from people trying to get PowerShell working with SSH. Since I had some free time, I thought an article describing how to do this would be useful. I just spent the past hour trying to get PowerShell working with Cygwin's sshd. It seems to be impossible. Cmd.exe works fine. I'm trying to track down the technical reason this won't work, until then I'm going to keep my cussing to myself. I'm stunned this doesn't work. Update: I contacted one of the PowerShell developers and got a work around to make this work. I'll clean up the article and post it. The work around is a little ugly, but it will get you PowerShell through sshd.Microsoft adCenter Labs Analysis of Hivearchive.com
June 26, 2006 at 03:15 AM | categories: microsoft | View Comments Microsoft adCenter Labs has interesting demos of algorithms they are using to help target their ads. Google obviously has similar tools, but they have kept them internal (probably to keep spammers and SEO guessing). I ran through some of them for this site. Results follow. Content Categorization:Demographics Prediction: Gender: Male Oriented Age: 25~34 Oriented Online Commercial Intention: Result: NonCommercial (Page) Probabilities for Each OCI Type: NonCommercial Prob.: 0.91448 Commercial-Informational Prob.: 7.6531e-002 Commercial-Transactional Prob.: 8.9882e-003
Categories Confidence
Computing\Software 0.110 People & Chat\Homepages 0.063 Computing\Internet 0.061 Entertainment\Games 0.050 Computing\Computer Science 0.050 Computing\Networks & Comm. 0.036 Computing\Sales 0.032 People & Chat\Email 0.029 People & Chat\Forums & Lists 0.027 Computing\Multimedia 0.025 Entertainment\Humor & Fun 0.024 Computing\Hardware 0.023 People & Chat\Chat 0.022 Entertainment\Music 0.020 Computing 0.01
17 Mistakes Microsoft Made in the Xbox Security System
June 21, 2006 at 01:29 PM | categories: security, microsoft | View CommentsThe folks at xbox-linux have a great article on the 17 Mistakes Microsoft Made in the Xbox Security System. Following is an excerpt of just one back and forth between hackers and Microsoft Security.
The history of Microsoft's reactions to the font vulnerability is the perfect lesson of how to do it wrong.
We won.
- After MechInstaller had been released, Microsoft fixed the buffer vulnerability in the Dashboard and distributed this new version over the Xbox Live network and shipped it with new Xboxes.
- For the hackers, this was no major problem: It was possible to downgrade the Dashboard of a new Xbox to the vulnerable version. Just run Linux using a savegame exploit, and "dd" the old image. Some people felt downgrading on new Xboxes was not piracy, because after all, Microsoft upgraded Xbox Live users' hard disks to the new version without asking.
- As the next step, Microsoft blacklisted the old Dashboard in the new kernel. It was impossible to just "dd" an old Dashboard image onto newer Xboxes.
- Still no major problem for hackers: The second executable on the hard disk, "xonlinedash", which is used for Xbox Live configuration, had the same bug, so it was possible to copy the old "xonlinedash" and to rename it to "xboxdash" to make it crash because of the faulty fonts.
- Microsoft consequently blacklisted the vulnerable version of "xonlinedash".
- Again, no major problem for hackers: All Xbox Live games come with the "dashupdate" application, which adds Xbox Live functionality to the Dashboard for the first Xboxes which came without it. This update application has the same font bug, and it can be run from hard disk. So it is possible to copy the file from any Xbox Live game DVD, rename it to "xboxdash" and let it crash.
- Microsoft could not blacklist this one. Xbox Live enabled games run the update application every time they start, making sure the Xbox has the Xbox Live functionality. Blacklisting "dashupdate" would break these games.
Next Page »