A real solution to PowerShell SSH Remoting

March 30, 2008 at 11:05 PM | categories: windows, security, microsoft, system administration | View Comments

Can't wait for us to ship PowerShell Remoting? Want remoting to use SSH? Why wait for us? /N software has just announced a beta of their NetCmdlets V2.0 which provides PowerShell remoting over SSH today! They've had this for a while and V2 updates (and improves) the usability of the cmdlets as well as adding a bunch of new and exciting commands. For example, chances are that you won't ever see Microsoft ship the [get/send]-s3 cmdlets but /N software V2 does. :-)
http://blogs.msdn.com/powershell/archive/2008/03/27/powershell-remoting-using-ssh.aspx My blog post from 2006 is currently the #1 Google Result for PowerShell SSH, but finally there is a good solution out there from /N software. It also supports S3. Very cool :)
Read and Post Comments

Microsoft, true innovation

June 03, 2007 at 10:54 AM | categories: unix, philosophy, humor, microsoft | View Comments

Wes: check out introducing pipes Matt: "Those who do not understand Unix are condemned to reinvent it, poorly." Matt: I hear vista finally has symlinks. Wake me up when they invent mount points and finally kill drive letters Wes: I think you can do that somehow. Matt: yeah sure, and break everything *nerd rage* Wes: yeah, junction point. junction points (technet) Matt: "Those who do not understand Unix are condemned to reinvent it, poorly." Update, Wes says, if you want to know more see his blogs at:

Read and Post Comments

Microsoft's Intentional Ignorance of Other Operating Systems

July 11, 2006 at 10:03 AM | categories: windows, unix, microsoft | View Comments

I'm really happy that Microsoft employees are blogging more. Though I miss Robert Scoble. Microsoft really lost a lot of public relations points when Scoble left. Today, I came across a post by Raymond Chen, one of the great Microsoft guys that keeps new versions of Windows compatible with older applications. Truly, compatibility is a heroic task, one that most programmers don't want to deal with. However in recent discussions on Windows blindly overwriting the master boot record (and in the process screwing everyone with alternate operating systems), he says:

In the discussions following why Windows setup lays down a new boot sector, some commenters suggested that Windows setup could detect the presence of a non-Windows partition as a sign that the machine onto which the operating system is being installed belongs to a geek. In that way, the typical consumer would be spared from having to deal with a confusing geeky dialog box that they don't know how to answer. The problem with this plan is that not everybody with a non-Windows partition type is necessarily a geek. Many OEM machines ship with a hard drive split into two partitions, one formatted for Windows and the second a small non-Windows partition to be used during system diagnostics and recovery. The presence of this small non-Windows partition is typically not well-known, and it comes into play only when you boot from the manufacturer's "system recovery CD".
I would challenge Raymend Chen to install Linux, because this problem isn't difficult to solve and has been solved by every major Linux distribution years ago. This has been one of my biggest all time gripes with Microsoft. They put on blinders and ignore everything not invented at Microsoft (except when they steal Apple's GUI, but that's another entry). I've reproduced the common system partition types that Linux fdisk knows about. If Microsoft took this list and detected the top ten most common ones, they could solve this problem. If they decided to spend another couple hours implementing all of them, they would make installing Vista a breeze for those of us who know there is more than one Microsoft way. However, they won't because why would Microsoft care if they overwrite your grub/lilo boot record? That just means you will only be using Windows, right? I think they forget that I am a customer too, and I don't appreciate it when a product destroys my setup.
0 Empty 1e Hidden W95 FAT1 75 PC/IX be Solaris boot
1 FAT12 24 NEC DOS 80 Old Minix bf Solaris
2 XENIX root 39 Plan 9 81 Minix / old Lin c1 DRDOS/sec (FAT-
3 XENIX usr 3c PartitionMagic 82 Linux swap c4 DRDOS/sec (FAT-
4 FAT16 <32M 40 Venix 80286 83 Linux c6 DRDOS/sec (FAT-
5 Extended 41 PPC PReP Boot 84 OS/2 hidden C: c7 Syrinx
6 FAT16 42 SFS 85 Linux extended da Non-FS data
7 HPFS/NTFS 4d QNX4.x 86 NTFS volume set db CP/M / CTOS / .
8 AIX 4e QNX4.x 2nd part 87 NTFS volume set de Dell Utility
9 AIX bootable 4f QNX4.x 3rd part 8e Linux LVM df BootIt
a OS/2 Boot Manag 50 OnTrack DM 93 Amoeba e1 DOS access
b W95 FAT32 51 OnTrack DM6 Aux 94 Amoeba BBT e3 DOS R/O
c W95 FAT32 (LBA) 52 CP/M 9f BSD/OS e4 SpeedStor
e W95 FAT16 (LBA) 53 OnTrack DM6 Aux a0 IBM Thinkpad hi eb BeOS fs
f W95 Ext'd (LBA) 54 OnTrackDM6 a5 FreeBSD ee EFI GPT
10 OPUS 55 EZ-Drive a6 OpenBSD ef EFI (FAT-12/16/
11 Hidden FAT12 56 Golden Bow a7 NeXTSTEP f0 Linux/PA-RISC b
12 Compaq diagnost 5c Priam Edisk a8 Darwin UFS f1 SpeedStor
14 Hidden FAT16 <3 61 SpeedStor a9 NetBSD f4 SpeedStor
16 Hidden FAT16 63 GNU HURD or Sys ab Darwin boot f2 DOS secondary
17 Hidden HPFS/NTF 64 Novell Netware b7 BSDI fs fd Linux raid auto
18 AST SmartSleep 65 Novell Netware b8 BSDI swap fe LANstep
1b Hidden W95 FAT3 70 DiskSecure Mult bb Boot Wizard hid ff BBT
1c Hidden W95 FAT3
Read and Post Comments

Using PowerShell through SSH

July 03, 2006 at 03:24 PM | categories: microsoft | View Comments

Introduction

Windows PowerShell is a new command-line shell and task-based scripting technology that provides comprehensive control and automation of system administration tasks. Windows PowerShell allows Windows administrators to be more productive by providing numerous system administration utilities, consistent syntax, and improved navigation of common management data such as the registry or Windows Management Instrumentation (WMI). Windows PowerShell also includes a scripting language which enables comprehensive automation of Windows system administration tasks. The Windows PowerShell language is intuitive and supports existing scripting investments. Exchange Server 2007 and System Center Operations Manager 2007 will be built on Windows PowerShell. -- Windows Server 2003 Technologies - PowerShell
I come from UNIX, where the text shell is the preferred way to do system administration. I've been following Powershell née Monad for some time. Windows has needed a powerful shell since before MS-DOS (not sure what the default shell in Xenix was). The PowerShell team seems to be laying out some of the architecture that will be needed to bring Microsoft forward on this front. I've argued before that one of the reasons Google is beating Microsoft is the easy scriptability and command line interface on Google's Platform, Linux. If Microsoft wants to play seriously with admins like me and compete with Apple and Google, they will have to continue building on PowerShell. One of the key components of System Administration is remote access. It would be absurd to have to physically walk up to every machine you were responsible for and use the keyboard and mouse to configure or install anything. There are some pretty good tools for working with Windows remotely, but most of them require a video card and mouse. I can type upwards to 100 words a minute, anytime I have to move my hands off the home row to the mouse, I am losing productivity. Anytime I have to stream video, I am wasting bandwidth. I can administer a UNIX box from a palmtop device like a Sidekick over a slow cell phone connection. One of the first things that an admin wants to do with PowerShell is run remotely. To do this securely, you must encrypt your data. SSH has been the proven way to do this. So the question becomes, how do I connect SSH and PowerShell together? With a little bit of kludge, it is possible. Why this wasn't included by default in version 1.0, I have no idea. My advice and plea to the Microsoft developers is to just use SSH. Please don't invent a proprietary Microsoft only tool to do this. Please please please please! Note: The following assumes that you have logged in as a local admin and this account has a password.

Download and Install Cygwin

Fire up Firefox (or your favorite browser) and choose a Cygwin Mirror.
  • Select a mirror
  • Download setup.exe
  • Run setup.exe
  • Most of the defaults can be left as is
However, make sure to select SSH under the Network category. It will select the other required dependencies for you.

Configure Cygwin

Right click My Computer, select Properties -> Advanced -> Environment Variables. Next, click the New button and add:
name: CYGWIN value: ntsec
Select the Path variable and click Edit then append ;c:\cygwin\bin (assuming you installed Cygwin here) at the end of the existing string.

Download and Install Microsoft Tools

Note: The following requires Microsoft Passport aka Live ID Unzip the downloads and run their respective setup. I used all the defaults.

Run Cygwin

  • Either click the green Cygwin icon or run c:\cygwin\cygwin.bat
  • Run ssh install script: $ ssh-host-config
  • Answer "yes" to every question except for the last one, which should be ntsec
Should privilege separation be used? (yes/no) yes Should this script create a local user 'sshd' on this machine? (yes/no) yes Do you want to install sshd as service? (Say "no" if it's already installed as service) (yes/no) yes Which value should the environment variable CYGWIN have when sshd starts? It's recommended to set at least "ntsec" to be able to change user context without password. Default is "ntsec". CYGWIN=ntsec Start SSHD $ net start sshd The CYGWIN sshd service is starting. The CYGWIN sshd service was started successfully.

Run Powershell

Start -> Programs-> Windows Powershell. Choose to always accept Microsoft signed code. Close PowerShell

Test SSH and Powershell

Run Putty or your favorite ssh client and connect to localhost. Accept the hash and login. If everything works, you should be at a bash prompt in Cygwin. Next run PowerShell. Due to the limitations of PowerShell v1.0 we have to tell it that we are redirecting the input. Note that you won't get any output from PowerShell indicating that it started up, including a command prompt!
$ /cygdrive/c/Program Files/Windows PowerShell/v1.0/powershell.exe -Command -
Try a PowerShell one-liner:
  • [System.Net.Dns]::GetHostbyAddress("207.46.198.30")
  • [System.Net.Dns]::GetHostAddresses("www.msn.com")
  • dir | where {$_.PsIsContainer}

Links

Credits

Big shout out and thanks to Lee Holmes for answering my e-mail and pointing me in the right direction, and PigTail Cygwin SSHD Instructions for clearing up some of the finer points in the SSH install.
Read and Post Comments

Microsoft Frustration

July 03, 2006 at 01:34 PM | categories: microsoft | View Comments

After writing an article about Microsoft's PowerShell, I kept getting search referrals from people trying to get PowerShell working with SSH. Since I had some free time, I thought an article describing how to do this would be useful. I just spent the past hour trying to get PowerShell working with Cygwin's sshd. It seems to be impossible. Cmd.exe works fine. I'm trying to track down the technical reason this won't work, until then I'm going to keep my cussing to myself. I'm stunned this doesn't work. Update: I contacted one of the PowerShell developers and got a work around to make this work.  I'll clean up the article and post it.  The work around is a little ugly, but it will get you PowerShell through sshd.

Read and Post Comments

Microsoft adCenter Labs Analysis of Hivearchive.com

June 26, 2006 at 03:15 AM | categories: microsoft | View Comments

Microsoft adCenter Labs has interesting demos of algorithms they are using to help target their ads. Google obviously has similar tools, but they have kept them internal (probably to keep spammers and SEO guessing). I ran through some of them for this site. Results follow. Content Categorization:

Categories Confidence
Computing\Software 0.110
People & Chat\Homepages 0.063
Computing\Internet 0.061
Entertainment\Games 0.050
Computing\Computer Science 0.050
Computing\Networks & Comm. 0.036
Computing\Sales 0.032
People & Chat\Email 0.029
People & Chat\Forums & Lists 0.027
Computing\Multimedia 0.025
Entertainment\Humor & Fun 0.024
Computing\Hardware 0.023
People & Chat\Chat 0.022
Entertainment\Music 0.020
Computing 0.01
Demographics Prediction: Gender: Male Oriented Age: 25~34 Oriented Online Commercial Intention: Result: NonCommercial (Page) Probabilities for Each OCI Type: NonCommercial                    Prob.: 0.91448 Commercial-Informational    Prob.: 7.6531e-002 Commercial-Transactional    Prob.: 8.9882e-003
Read and Post Comments

17 Mistakes Microsoft Made in the Xbox Security System

June 21, 2006 at 01:29 PM | categories: security, microsoft | View Comments

The folks at xbox-linux have a great article on the 17 Mistakes Microsoft Made in the Xbox Security System. Following is an excerpt of just one back and forth between hackers and Microsoft Security.

The history of Microsoft's reactions to the font vulnerability is the perfect lesson of how to do it wrong.

  1. After MechInstaller had been released, Microsoft fixed the buffer vulnerability in the Dashboard and distributed this new version over the Xbox Live network and shipped it with new Xboxes.
  2. For the hackers, this was no major problem: It was possible to downgrade the Dashboard of a new Xbox to the vulnerable version. Just run Linux using a savegame exploit, and "dd" the old image. Some people felt downgrading on new Xboxes was not piracy, because after all, Microsoft upgraded Xbox Live users' hard disks to the new version without asking.
  3. As the next step, Microsoft blacklisted the old Dashboard in the new kernel. It was impossible to just "dd" an old Dashboard image onto newer Xboxes.
  4. Still no major problem for hackers: The second executable on the hard disk, "xonlinedash", which is used for Xbox Live configuration, had the same bug, so it was possible to copy the old "xonlinedash" and to rename it to "xboxdash" to make it crash because of the faulty fonts.
  5. Microsoft consequently blacklisted the vulnerable version of "xonlinedash".
  6. Again, no major problem for hackers: All Xbox Live games come with the "dashupdate" application, which adds Xbox Live functionality to the Dashboard for the first Xboxes which came without it. This update application has the same font bug, and it can be run from hard disk. So it is possible to copy the file from any Xbox Live game DVD, rename it to "xboxdash" and let it crash.
  7. Microsoft could not blacklist this one. Xbox Live enabled games run the update application every time they start, making sure the Xbox has the Xbox Live functionality. Blacklisting "dashupdate" would break these games.
We won.
Read and Post Comments

Next Page »