The Hive Archive

Can’t wait for us to ship PowerShell Remoting?

Want remoting to use SSH?

Why wait for us? /N software has just announced a beta of their NetCmdlets V2.0 which provides PowerShell remoting over SSH today! They’ve had this for a while and V2 updates (and improves) the usability of the cmdlets as well as adding a bunch of new and exciting commands.

For example, chances are that you won’t ever see Microsoft ship the [get/send]-s3 cmdlets but /N software V2 does.

http://blogs.msdn.com/powershell/archive/2008/03/27/powershell-remoting-using-ssh.aspx

My blog post from 2006 is currently the #1 Google Result for PowerShell SSH, but finally there is a good solution out there from /N software. It also supports S3. Very cool

Wes: check out introducing pipes
Matt: “Those who do not understand Unix are condemned to reinvent it, poorly.”
Matt: I hear vista finally has symlinks. Wake me up when they invent mount points and finally kill drive letters
Wes: I think you can do that somehow.
Matt: yeah sure, and break everything *nerd rage*
Wes: yeah, junction point. junction points (technet)
Matt: “Those who do not understand Unix are condemned to reinvent it, poorly.”

Update, Wes says, if you want to know more see his blogs at:

• www.brokenbuild.com/blog/category/windows-unixism
• www.brokenbuild.com/blog/2006/12/11/is-there-a-windows-equivalent-of-mount

I’m really happy that Microsoft employees are blogging more. Though I miss Robert Scoble. Microsoft really lost a lot of public relations points when Scoble left. Today, I came across a post by Raymond Chen, one of the great Microsoft guys that keeps new versions of Windows compatible with older applications. Truly, compatibility is a heroic task, one that most programmers don’t want to deal with. However in recent discussions on Windows blindly overwriting the master boot record (and in the process screwing everyone with alternate operating systems), he says:

In the discussions following why Windows setup lays down a new boot sector, some commenters suggested that Windows setup could detect the presence of a non-Windows partition as a sign that the machine onto which the operating system is being installed belongs to a geek. In that way, the typical consumer would be spared from having to deal with a confusing geeky dialog box that they don’t know how to answer.

The problem with this plan is that not everybody with a non-Windows partition type is necessarily a geek. Many OEM machines ship with a hard drive split into two partitions, one formatted for Windows and the second a small non-Windows partition to be used during system diagnostics and recovery. The presence of this small non-Windows partition is typically not well-known, and it comes into play only when you boot from the manufacturer’s “system recovery CD”.

I would challenge Raymend Chen to install Linux, because this problem isn’t difficult to solve and has been solved by every major Linux distribution years ago. This has been one of my biggest all time gripes with Microsoft. They put on blinders and ignore everything not invented at Microsoft (except when they steal Apple’s GUI, but that’s another entry). I’ve reproduced the common system partition types that Linux fdisk knows about. If Microsoft took this list and detected the top ten most common ones, they could solve this problem. If they decided to spend another couple hours implementing all of them, they would make installing Vista a breeze for those of us who know there is more than one Microsoft way. However, they won’t because why would Microsoft care if they overwrite your grub/lilo boot record? That just means you will only be using Windows, right? I think they forget that I am a customer too, and I don’t appreciate it when a product destroys my setup.

Introduction

Windows PowerShell is a new command-line shell and task-based scripting technology that provides comprehensive control and automation of system administration tasks. Windows PowerShell allows Windows administrators to be more productive by providing numerous system administration utilities, consistent syntax, and improved navigation of common management data such as the registry or Windows Management Instrumentation (WMI). Windows PowerShell also includes a scripting language which enables comprehensive automation of Windows system administration tasks. The Windows PowerShell language is intuitive and supports existing scripting investments. Exchange Server 2007 and System Center Operations Manager 2007 will be built on Windows PowerShell.

– Windows Server 2003 Technologies - PowerShell

I come from UNIX, where the text shell is the preferred way to do system administration. I’ve been following Powershell née Monad for some time. Windows has needed a powerful shell since before MS-DOS (not sure what the default shell in Xenix was). The PowerShell team seems to be laying out some of the architecture that will be needed to bring Microsoft forward on this front. I’ve argued before that one of the reasons Google is beating Microsoft is the easy scriptability and command line interface on Google’s Platform, Linux. If Microsoft wants to play seriously with admins like me and compete with Apple and Google, they will have to continue building on PowerShell.

One of the key components of System Administration is remote access. It would be absurd to have to physically walk up to every machine you were responsible for and use the keyboard and mouse to configure or install anything. There are some pretty good tools for working with Windows remotely, but most of them require a video card and mouse. I can type upwards to 100 words a minute, anytime I have to move my hands off the home row to the mouse, I am losing productivity. Anytime I have to stream video, I am wasting bandwidth. I can administer a UNIX box from a palmtop device like a Sidekick over a slow cell phone connection.

One of the first things that an admin wants to do with PowerShell is run remotely. To do this securely, you must encrypt your data. SSH has been the proven way to do this. So the question becomes, how do I connect SSH and PowerShell together? With a little bit of kludge, it is possible. Why this wasn’t included by default in version 1.0, I have no idea. My advice and plea to the Microsoft developers is to just use SSH. Please don’t invent a proprietary Microsoft only tool to do this. Please please please please!

Note: The following assumes that you have logged in as a local admin and this account has a password.

Download and Install Cygwin

Fire up Firefox (or your favorite browser) and choose a Cygwin Mirror.

• Select a mirror
• Download setup.exe
• Run setup.exe
• Most of the defaults can be left as is

However, make sure to select SSH under the Network category. It will select the other required dependencies for you.

Configure Cygwin

Right click My Computer, select Properties -> Advanced -> Environment Variables.

Next, click the New button and add:

name: CYGWIN value: ntsec

Select the Path variable and click Edit then append ;c:\cygwin\bin (assuming you installed Cygwin here) at the end of the existing string.

Download and Install Microsoft Tools

Note: The following requires Microsoft Passport aka Live ID

• Download .Net 2.0 Framework
• Download PowerShell

Unzip the downloads and run their respective setup. I used all the defaults.

Run Cygwin

• Either click the green Cygwin icon or run c:\cygwin\cygwin.bat
• Run ssh install script: $ ssh-host-config
• Answer “yes” to every question except for the last one, which should be ntsec

Should privilege separation be used? (yes/no) yes
Should this script create a local user ’sshd’ on this machine? (yes/no) yes
Do you want to install sshd as service?
(Say “no” if it’s already installed as service) (yes/no) yes

Which value should the environment variable CYGWIN have when
sshd starts? It’s recommended to set at least “ntsec” to be
able to change user context without password.
Default is “ntsec”. CYGWIN=ntsec

Start SSHD

$ net start sshd
The CYGWIN sshd service is starting.
The CYGWIN sshd service was started successfully.

Run Powershell

Start -> Programs-> Windows Powershell. Choose to always accept Microsoft signed code. Close PowerShell

Test SSH and Powershell

Run Putty or your favorite ssh client and connect to localhost. Accept the hash and login. If everything works, you should be at a bash prompt in Cygwin.

Next run PowerShell. Due to the limitations of PowerShell v1.0 we have to tell it that we are redirecting the input. Note that you won’t get any output from PowerShell indicating that it started up, including a command prompt!

$ /cygdrive/c/Program Files/Windows PowerShell/v1.0/powershell.exe -Command -

Try a PowerShell one-liner:

• [System.Net.Dns]::GetHostbyAddress(”207.46.198.30″)
• [System.Net.Dns]::GetHostAddresses(”www.msn.com”)
• dir | where {$_.PsIsContainer}

Links

• Using MSH Interactively From Within Other Programs
• PowerShell Remoting

Credits

Big shout out and thanks to Lee Holmes for answering my e-mail and pointing me in the right direction, and PigTail Cygwin SSHD Instructions for clearing up some of the finer points in the SSH install.

After writing an article about Microsoft’s PowerShell, I kept getting search referrals from people trying to get PowerShell working with SSH. Since I had some free time, I thought an article describing how to do this would be useful. I just spent the past hour trying to get PowerShell working with Cygwin’s sshd. It seems to be impossible. Cmd.exe works fine. I’m trying to track down the technical reason this won’t work, until then I’m going to keep my cussing to myself. I’m stunned this doesn’t work.

Update: I contacted one of the PowerShell developers and got a work around to make this work.  I’ll clean up the article and post it.  The work around is a little ugly, but it will get you PowerShell through sshd.

Microsoft adCenter Labs has interesting demos of algorithms they are using to help target their ads. Google obviously has similar tools, but they have kept them internal (probably to keep spammers and SEO guessing). I ran through some of them for this site. Results follow.

Content Categorization:

Categories Confidence
Computing\Software 0.110 People & Chat\Homepages 0.063 Computing\Internet 0.061 Entertainment\Games 0.050 Computing\Computer Science 0.050 Computing\Networks & Comm. 0.036 Computing\Sales 0.032 People & Chat\Email 0.029 People & Chat\Forums & Lists 0.027 Computing\Multimedia 0.025 Entertainment\Humor & Fun 0.024 Computing\Hardware 0.023 People & Chat\Chat 0.022 Entertainment\Music 0.020 Computing 0.01

Demographics Prediction:

Gender: Male Oriented

Age: 25~34 Oriented

Online Commercial Intention:

Result: NonCommercial (Page)

Probabilities for Each OCI Type:
NonCommercial                    Prob.: 0.91448
Commercial-Informational    Prob.: 7.6531e-002
Commercial-Transactional    Prob.: 8.9882e-003

The folks at xbox-linux have a great article on the 17 Mistakes Microsoft Made in the Xbox Security System. Following is an excerpt of just one back and forth between hackers and Microsoft Security.

The history of Microsoft’s reactions to the font vulnerability is the perfect lesson of how to do it wrong.

1. After MechInstaller had been released, Microsoft fixed the buffer vulnerability in the Dashboard and distributed this new version over the Xbox Live network and shipped it with new Xboxes.
2. For the hackers, this was no major problem: It was possible to downgrade the Dashboard of a new Xbox to the vulnerable version. Just run Linux using a savegame exploit, and “dd” the old image. Some people felt downgrading on new Xboxes was not piracy, because after all, Microsoft upgraded Xbox Live users’ hard disks to the new version without asking.
3. As the next step, Microsoft blacklisted the old Dashboard in the new kernel. It was impossible to just “dd” an old Dashboard image onto newer Xboxes.
4. Still no major problem for hackers: The second executable on the hard disk, “xonlinedash”, which is used for Xbox Live configuration, had the same bug, so it was possible to copy the old “xonlinedash” and to rename it to “xboxdash” to make it crash because of the faulty fonts.
5. Microsoft consequently blacklisted the vulnerable version of “xonlinedash”.
6. Again, no major problem for hackers: All Xbox Live games come with the “dashupdate” application, which adds Xbox Live functionality to the Dashboard for the first Xboxes which came without it. This update application has the same font bug, and it can be run from hard disk. So it is possible to copy the file from any Xbox Live game DVD, rename it to “xboxdash” and let it crash.
7. Microsoft could not blacklist this one. Xbox Live enabled games run the update application every time they start, making sure the Xbox has the Xbox Live functionality. Blacklisting “dashupdate” would break these games.

We won.

The closest match for ‘matt michie’ is ‘Materishche [Zalesnaya], Novgorod, Russia’. If the closest match is incorrect, enter the complete address including country name and commas, and try again.

local.live.com

I was playing around with Microsoft’s new web search and was amused at this result. Of course my entry was nonsensical, but trying out some legit queries on the search engine side left me mildly impressed. The search results are returning more what I expect. I’m not completely sold on the AJAX interface, but it is novel and works on Firefox. The birds eye view of Local Live blows away Google Maps, at least for Albuquerque. Looks like we’ve got some competition going!

A comment I left on Wes Maldonado’s blog has started a conversation about grid computing. He posted on Digipede, a Windows centric way to do distributed computing and I responded that it would be “nice” not to be forced to do this type of work on an operating system that required a GUI. That set off another post about cost effectiveness and using existing infrastructure, points I don’t disagree with.

In an IT environment with a lot of computers running Windows and a problem that allows you to do distributed algorithms easily, Digipede seems pretty exciting. Ever since the original Distributed.net, I’d wondered if a company would bring a product like this to market. It is something that I would have a lot of fun playing with.

That said, my point on electricity and running super computer clusters on Windows still stands. My comment wasn’t intended to disparage Digipede so much as point out the problem that Microsoft is going to have competing with companies like Google and Yahoo for the next generation of Internet Services. Some have estimated that Google’s data centers have well over 100,000 COTS PC’s setup in a distributed grid. Google is running Linux, which can run headless without a video card, or the need to install any GUI package. Linux has been “designed” to be completely scriptable from a command line interface.

Windows however, appears to have a tight integration between the GUI layers and the NT kernel. As far as I know, it is impossible to install Windows on a machine without a video card. Obviously, the GUI layer will be paged to disk on all these machines, but the cost of a video card multiplied by several hundred thousand is needless. The other competitive advantage Google and Yahoo have is the scriptability of Linux and FreeBSD. While PowerShell is a step forward for Microsoft, my view is that the UNIX environment wins on system administration scriptability.

The key to building super computer clusters is easy system administration. Perhaps Microsoft can leverage their existing infrastructure and prove that GUI tools can do everything the UNIX ones can and more, but they are starting with less experience. Google has already proven they can do it effectively. My back of the envelope estimation is that Google Linux sysadmins are each responsible for between 1,000 and 2,000 servers. I don’t see a Microsoft solution for that yet, and I don’t think the Digipede product is intended to compete in that type of environment. Digipede also probably isn’t going to compete in the National Labs super computer arena either (at least yet).

The second problem is any kind of parallel programming is really hard. Even threads prove a huge challenge within a single application. While clever, I don’t think that Map/Reduce is a magic bullet either. A lot of algorithms simply don’t scale linearly with computing power, so adding more hardware just burns a hole in your wallet and in your data center’s air conditioning. All that said, there are plenty of places that products like Digipede would fit perfectly.

Mainly, I am interested to see how this all shakes out, as we see Microsoft, Google and Yahoo building their data centers close to hydro-electric power to cut costs. Sun is also a dark horse in this whole race, building out their grid infrastructure and custom chips that suck less juice. I can’t wait to see more!

I finally started fixing some of the computers I’ve had lying around the house. Someone asked me if I was embarassed that I had three broken systems. I guess that gave me some motivation, plus I wanted to play Tony Hawk Pro Skater 3 on my projector and I needed a Windows PC. I’ve been using my PowerBook G4 for almost two months now and it has done everything I’ve needed except hardcore gaming.

It took me about an hour to piece together all the parts into one working PC. I finally got XP to boot and then realized I had forgotten my password, and since I had increased the security settings to insane levels, I locked out all my accounts, including administrator. Sigh. So I spent another two hours downloading Linux boot CD-ROMS with utilities to “hack” the Windows password file. While I was burning one, I discovered that if you boot XP into safe mode, it happily ignores the account lockouts. I don’t know whether to laugh that I locked myself out of my own PC, or to cry that Windows would allow such an easy bypass.

Well maybe tomorrow I’ll get the energy to get OpenBSD on the G3 I have sitting in the corner. I expect OpenBSD running on PPC is slightly more secure than XP.