average admins

This is for you SAMBA people out there.

http://www.novell.com/coolsolutions/feature/18850.html

Before I start my little rant, first let me say that Red Hat has done a lot for the Linux community. My very first Linux install was Red Hat 5.2. It lasted about 2 days on my machine, but it was my first.

Red Hat is also deeply involved in the One Laptop Per Child (OLPC) project which I think is absolutely great. If you want to see the laptop in action there are two short videos posted on RH’s site: http://www.redhatmagazine.com/.

Now, on to my rant.

(more…)

Original articles:

http://dmiessler.com/archives/1315
http://dmiessler.com/archives/176

Maybe I’m alone here, but I had no clue about Firefox’s quicksearch ability. Apparently, just by typing ‘g keyword’ in the URL bar, you’ll automatically search Google.

Back in 2005 Daniel Miessler expanded this feature by configuring FF to also search MSN and Technorati, which are also both very cool.

Well, now Google has added the ability to use command-line switches to their search feature such as /img to search images, /maps to search Google’s maps, /groups to search Google newgroups database, and so on.

You can find a great explanation for all the search functions here: http://projects.felipc.com/gcl/

To quote Daniel’s 2005 post, this is how you configure FF to also search MSN and Technorati:

1. Create a new bookmark in Firefox.
2. For the URL, add the text below for MSN:
“http://search.msn.com/results.aspx?q=%s&FORM=QBRE”
3. For the prefix, add “m” (or whatever you want to use).
4. Create another bookmark.
5. Add this for the URL:
“http://www.technorati.com/cosmos/search.html?rank=&url=%s”
6. Use “t” for the prefix (or whatever you want to use).

Thanks, Daniel, for bringing this to my attention. I can see myself using this ALL the time.

http://www.security-database.com/toolswatch/Nipper-version-93-released.html

This software works both in Windows and Linux.

(more…)

http://www.ossim.net/

This thing looks too cool to not write about. It’s basically an all-in-one monitoring solution that includes a ton of the top Open Source applications.

Ossim stands for Open Source Security Information Management. Its goal is to provide a comprehensive compilation of tools which, when working together, grant a network/security administrator with detailed view over each and every aspect of his networks/hosts/physical access devices/server/etc…
Besides getting the best out of well known open source tools, some of which are quickly described below these lines, ossim provides a strong correlation engine, detailed low, mid and high level visualization interfaces as well as reporting and incident managing tools, working on a set of defined assets such as hosts, networks, groups and services.

All this information can be limited by network or sensor in order to provide just the needed information to specific users allowing for a fine grained multi-user security environment. Also, the ability to act as an IPS (Intrusion Prevention System) based on correlated information from virtually any source result in a useful addition to any security professional.

Components
Ossim features the following software components:

* Arpwatch, used for mac anomaly detection.
* P0f, used for passive OS detection and os change analisys.
* Pads, used for service anomaly detection.
* Nessus, used for vulnerability assessment and for cross correlation (IDS vs Security Scanner).
* Snort, the IDS, also used for cross correlation with nessus.
* Spade, the statistical packet anomaly detection engine. Used to gain knowledge about attacks without signature.
* Tcptrack, used for session data information which can grant useful information for attack correlation.
* Ntop, which builds an impressive network information database from which we can get aberrant behaviour anomaly detection.
* Nagios. Being fed from the host asset database it monitors host and service availability information.
* Osiris, a great HIDS.

To this we add a bunch of self developed tools, the most important being a generic correlation engine with logical directive support. Finally we take any other device you might have on your network which could contain useful data which, when fed to the system, could allow for a better undestanding of what’s going on on your network.

Profiles
Usually a typical ossim deployment consists of:

* A database host.
* A server which hosts the correlation, qualification and risk assesment engine.
* N agent hosts which do information collection tasks from a number of devices. For a list of plugins please refer to: http://www.ossim.net/dokuwiki/doku.php?id=roadmap:plugins
* A control daemon which does some maintenance work and ties some parts together. It’s called frameworkd.
* The frontend is web based, unifying all the gathered information and providing the ability to control each of the components.

It’s really cool to see people/companies build stuff like this. They even provide a VMware image so you don’t have to do any of the building of it yourself. The VMware Player is free and works on any operating system, however you really should be using VMware Workstations since it offers a ton more features than the little player does.

Originally posted at techsays.com on February 25nd, 2007.

As you might have read from an earlier post, I’ve been given the task of building a Proxy server and an Anti-Spam/Anti-Virus server for a client.

I haven’t picked a software application for the mail portion of this server, but I’m going to be using Squid for proxying web traffic. I’m also going to use Sarg to parse the Squid logs and make pretty graphs for me.

So let’s get right to it.

Squid Configuration
Here’s my Squid configuration template that I use:

cat /etc/squid/squid.conf

# /etc/squid/squid.conf

# To find what these entries mean, see /etc/squid/squid.conf.original

http_port 3128
# visible_hostname sub.domain.local

log_ip_on_direct off
log_fqdn on

error_directory /etc/squid/errors
cache_access_log /var/log/squid/access.log
cache_log /var/log/squid/cache.log

# This entry means that by invoking squid -k rotate, the logfiles
# will get rotated. Remove the logrotate.d/squid file and call
# squid -k rotate after the sarg.monthly job
logfile_rotate 1

# These are default values from the original squid.conf file
hierarchy_stoplist cgi-bin ?
acl QUERY urlpath_regex cgi-bin \?
no_cache deny QUERY
refresh_pattern ^ftp: 1440 20% 10080
refresh_pattern ^gopher: 1440 0% 1440
refresh_pattern . 0 20% 4320

#———-[ ACCESS LISTS
acl all src 0.0.0.0/0.0.0.0
acl manager proto cache_object
acl localhost src 127.0.0.1/255.255.255.255
acl to_localhost dst 127.0.0.0/8
acl purge method PURGE
acl CONNECT method CONNECT

# acl GROUP1_SRC src 1.1.1.102 # Chris

# acl GROUP2_SRC src 1.1.1.102 # Chris
# acl GROUP2_DST dstdomain .google.com # Give only group2 access to Google

#———-[ SPYWARE
acl SPYWARE_LIST_1 dstdomain “/etc/squid/spyware_list_1.txt”
acl SPYWARE_LIST_2 dstdomain “/etc/squid/spyware_list_2.txt”

#———-[ ALLOWED DOMAINS
acl ALLOWED_LIST_1 dstdomain “/etc/squid/allowed_domains.acl”

#———-[ ALLOWED PORTS
acl ssl_ports port 443
acl safe_ports port 80
acl purge method PURGE
acl CONNECT method CONNECT
no_cache deny all

#———-[ ALLOW/DENY LIST
http_access allow manager localhost
http_access deny manager
http_access allow purge localhost
http_access deny purge
http_access deny !safe_ports
http_access deny CONNECT !ssl_ports
http_access allow localhost

#———-[ SPECIAL ALLOWS
# Block all access from this source
#http_access deny GROUP1_SRC all

# Normal allow lists
#http_access allow GROUP2_SRC GROUP2_DST
#http_access deny GROUP2_SRC all

# Allow everyone else access to whitelisted sites
#http_access allow ALLOWED_LIST_1

#———-[ DENY
# Deny everyone access to these sites

# This list is updated by an script that runs every night
http_access deny SPYWARE_LIST_1

# This list is updated manually by me
http_access deny SPYWARE_LIST_2

# Show these error messages
deny_info ERR_SPYWARE_ACCESS_DENIED SPYWARE_LIST_1
deny_info ERR_SPYWARE_ACCESS_DENIED SPYWARE_LIST_2

#———-[ DEFAULT ALLOW
# If you weren’t blocked, then you’re allowed out

http_access allow all
icp_access allow all

#———-[ MISC SETTINGS
coredump_dir /var/spool/squid
cache_mgr root

Blocking malicious sites
The purpose of the SPYWARE_LIST_1 and 2 are for automatically blocking bad sites that the MVPS group finds. They provide a list of malicious sites that they find and they create a HOSTS file for Windows that you can import to protect yourself. I’ve taken that list and wrote a parser that turns it into something Squid can use.

The difference between list 1 and list 2 is that list 1 is overwritten daily by the MVPS file and list 2 is manually updated by me. That way I can add custom hosts to block that I know will always be blocked.

The MVPS list is very similar to AdBlock for Firefox. If you visit a site that has a lot of advertisements, with AdBlock you can pick these advertisement sites out of the list to block. With my MVPS list, I don’t have to worry about keeping up with distributing these lists to all of my users running Firefox and, with the list being on the proxy, it also applies to the users running Internet Explorer, obviously.

I wrote a custom error message for the sites that get blocked by my spyware lists which simply consists of a bunch of blank lines. Without my custom error message, the blocked elements of a site will contain the Squid error message and with poorly written sites that don’t specify table sizes, the error message can take up a lot more space than the advertisement did. All you’ll see with my error message is a blank spot on the page. There are probably more elegant ways to pull this off, but I’ve been running my stuff this way for at least 2 years with no problems.

Thanks to Luke from http://terminally-incoherent.com/blog/ my snippet below actually looks like HTML code.

cat /etc/squid/errors/ERR_SPYWARE_ACCESS_DENIED

<html>
<head>
<title> </title>
</head>
<body topmargin=”0″ leftmargin=”0″ marginheight=”0″ marginwidth=”0″>
<br><br><br><br><br><br><br>
<br><br><br><br><br><br><br>
<br><br><br><br><br><br><br>
<br><br><br><br><br><br><br>
<br><br><br><br><br><br><br>
<br><br><br><br><br><br><br>
<br><br><br><br><br><br><br>
<br><br><br><br><br><br><br>
<br><br><br><br><br><br><br>
<br><br><br><br><br><br><br>
<br><br><br><br><br><br><br>
<br><br><br><br><br><br><br>
<br><br><br><br><br><br><br>
</body>
</html>

The script that I use to download and parse the MVPS hosts file:

cat bin/update_spyware_rules.sh

#!/bin/bash

#———[ Changelog
# Created 2007.02.18 by Chris Davis

#———-[ Notes
# Here is the cronjob for this script
# Make sure the cronjob script is executable
# cat /etc/cron.d/update_spyware_rules
# 1 2 * * * root /home/user/bin/update_spyware_rules.sh

#———-[ Variables
URL1=http://everythingisnt.com/hosts
URL2=http://www.mvps.org/winhelp2002/hosts.txt
SPYWARE_DIR=/home/user/spyware/
TEMP_SPYWARE_LIST_2=$SPYWARE_DIR/temp_spyware_list_2.txt
SPYWARE_LIST_2=$SPYWARE_DIR/spyware_list_2.txt
SQUID_SPYWARE_LIST_2=/etc/squid/spyware_list_2.txt
EMAIL_THIS=$SPYWARE_DIR/email_this.txt
ADMIN_EMAIL=user@domain.local

#———-[ Script
# If the spyware directory doesn’t exist, create it.
if [ ! -e $SPYWARE_DIR ]
then mkdir $SPYWARE_DIR
fi

# Download the MVPS HOSTS file
wget $URL2 -O $TEMP_SPYWARE_LIST_2

# Parse the newly downloaded file to work with Squid
cat $TEMP_SPYWARE_LIST_2 | grep 127.0.0.1 | sed ’s/127.0.0.1 //g’ > $SPYWARE_LIST_2
cat $SPYWARE_LIST_2 | grep -v localhost | cut -d “#” -f 1 > $SQUID_SPYWARE_LIST_2

# Get a few stats about the new file and email them to the admin
wc -l $SPYWARE_LIST_2 > $EMAIL_THIS
echo “—- ” >> $EMAIL_THIS
ls -lt /etc/squid >> $EMAIL_THIS
cat $EMAIL_THIS | mail -s SQUID $ADMIN_EMAIL

# Reload Squid to load the new files
/etc/init.d/squid reload

If you don’t have the mail command, you can find it in the Debian mailx package.

Now that Squid is installed and configured, we need a way to create pretty HTML reports from the logs. I use a script called Sarg for this task.

I installed Sarg using Debian’s package management system so all of my files ended up in /etc/squid/. You’ll also need to manually download and edit the sarg-reports file here: http://www.initzero.it/products/opensource/sarg-reports/download/sarg-reports

Read the file for instructions on how to set everything up, including the cron job.

There are four jobs that are going to run: today, daily, weekly, and monthly.
The Today job runs every hour from 8am to 6pm. This keeps your Squid reports updated every hour.
The Daily job runs at midnight of every day.
The Weekly job runs on the first hour of the first day of every week.
The Monthly job runs on the 30th minute of the second hour of the first day of every month.

Since you’re going to be processing Monthly reports, it is very important to update your logrotation schedule to NOT rotate the logs on a daily basis.

After you edit the sarg-reports script, which I keep in /etc/squid with the rest of the squid files, you’ll need to edit the /etc/logrotate.d/squid file. Basically, I comment out everything in the logrotate.d/squid file. This way, an apt-get update won’t create the file without telling me, thus messing up my sarg logfile rotation. Debian’s apt-get is good about telling me when a conf file is about to be updated so by commenting out the contents of the file, I’m pretty sure that I’ll be notified if the file is ever updated.

I add the squid -k rotate job at the end of the monthly report creation to make sure the logs are rotated immediately afterwards.

grep sarg /etc/crontab

00 08-18/1 * * * root /etc/squid/sarg-reports today
00 00 * * * root /etc/squid/sarg-reports daily
00 01 * * 1 root /etc/squid/sarg-reports weekly
30 02 1 * * root /etc/squid/sarg-reports monthly && squid -k rotate

And you’re done. The only step left to do is to reconfigure your browser (I highly recommend SwitchProxy for Firefox) to use your new proxy.

[EDIT]

Oh yeah, I forgot to include the Webmin part of this. If you read the SoW that Jeff originally sent me, then you’ll know that they want to have control over what gets blocked and what doesn’t.

So I installed Webmin and the webmin packages for postfix and sarg. I don’t have access to a Linux box right now but if you search for them you’ll find them.

apt-cache search webmin postfix; apt-cache search webmin sarg

I just followed the defaults to install them.

The cool thing about Webmin is that you don’t need Apache to use it (for those that don’t want to run unnecessary services on your servers).

I had to edit the /etc/webmin/miniserv.conf file to give my IP access to the GUI. After editting the file make sure you restart Webmin using /etc/init.d/webmin restart.

And that’s literally it. I didn’t need to edit anything to make Webmin recognize my spyware config files. If you click on one of the filenames, Webmin opens its own text editor and lets you edit the files directly. Perfect for what the client needs.

Webmin is not pretty (by default, there are a lot of themes for it) but it definitely gets the job done.

[/EDIT]

Originally posted at techsays.com on February 25nd, 2007.

At work we have a rack mounted CD player that we’ve used for years to play music for people that get placed on hold.

In order to not burn up the thing, every morning we have to turn it on, wait for it to initialize, press play, wait for it to start playing, and then press repeat twice. Oh yeah, it’s mounted on the very bottom of a rack in the back of the data center. Every night we have to turn it off.

Since I just built a server for a client, I was in the mood to fix this small problem at work. I checked our existing servers to see if they had sound cards and not a single one does. We just replaced all of the client workstations at two of our remote locations and one of the systems we replaced, if you can believe it, was an OLD Optiplex GX100. I can’t believe the user of this workstation wasn’t complaining every single day about this thing. It’s OLD and SLOW! Perfect for an mp3 server.

After installing Debian on it I was off to find an mp3 daemon. I finally settled on MPD as the backend and ncmpc, and mpc as front ends.

When installing the software, I used the command (taking the defaults):

apt-get install mpd ncmpc mpc

I looked at a few of the web frontends but I couldn’t find any that I really liked. I didn’t look at Ampache, but I did try phpMp2 and couldn’t get it to create playlists without creating duplicates or just not working at all.

I don’t rip a lot of CDs so I just used Windows Media Player to rip the CDs into mp3 format. I don’t have any problems with the player as a video player or mp3 ripper, but I don’t care for it at all when put to the task of playing music. Winamp and Foobar both do a much better job of it.

After ripping the music, I SCP’d it to my home directory and moved it to /usr/share/mpd/music/.

I didn’t really spend the time to learn how to create playlists and such. Instead, I used a set of commands I found on some website:

mpc search artist elvis | mpc add -; mpc play

That works great, as long as you use id3 tags when ripping your music.

And finally, I wanted to make sure that music started playing automatically if the server was ever rebooted.

I wrote a small script and put it in /etc/init.d.

cat /etc/init.d/mpc.sh

#!/bin/bash
mpc clear
mpc search artist elvis | mpc add -
mpc play

I made sure to make the script executable with

chmod +x /etc/init.d/mpc.sh

And finally, with Debian, I made sure to create the symlinks in /etc/rc2.s:

upudate-rc.d mpc.sh defaults

Now I have a server that will play hold music for us automatically.

Originally posted at techsays.com on February 25nd, 2007.

Twice in the past week I’ve needed to start a script automatically if the server was ever rebooted.

I haven’t had to do that in quite a while so I had to look it up.

Lucky for me, a user of the JustLinux forums already answered the question for someone else. Except instead of just answering his question with a simple answer, he supplied a well written howto with great examples.

You can find his post here: http://justlinux.com/forum/showthread.php?t=40831

And if you know me, I don’t like relying on remote websites to have the information when I need it years from now. I like pulling the information down so if JustLinux crashes next month, I’ll still know how to do this.

Craig McPherson
01-11-2001, 11:31 PM
Alternate, more “standard” solutions:

If you want to run SSHD from your inetd server rather than as a standalone server (this is a good way to save memory if you’ll be accepting SSH connections only occasionally — the daemon is only started when a connection comes in, which makes the connection take a split second longer to establish, but saves memory when there’s no active SSH connection), just add an entry for it to your inetd configuration file.

For the standard inetd, in your inetd.conf:

ssh stream tcp nowait root /usr/sbin/sshd

(Adjust path accordingly, make sure “ssh” is in your /etc/services)

For xinetd, which cool people use, in your xinetd.conf:

service ssh
{
socket_type = stream
protocol = tcp
wait = no
user = root
server = /usr/sbin/sshd
}

Restart your inetd program after changing its configuration file.

The ssh program on my system claimed it needed to be passed the “-i” flag to be run from inetd, but that wasn’t my experience. If it’s required with your version of ssh, just add -i to the inetd.conf, or the line “server_args = -i” to your xinetd.conf.

If you want to run your sshd as a standalone daemon, you should make an init script for it in /etc/init.d. A very simple /etc/init.d/ssh could be just this:

#!/bin/sh
/usr/sbin/sshd&

Of course, if you were going to do something that simple, you might as well just call your init script “/etc/init.d/local”, and add any other commands that you want run at bootup to it.

Then you just go to the init directory for the runlevel you boot into (check /etc/inittab for this), ie /etc/rc2.d for runlevel 2. Now create a symlink there pointing to your init script, and call it something like “S90local” or “S90ssh”. It has to start with a capital S, and the number following that determines when during the boot process the script should be run.

A more complex init script would be something like this, from the Debian SSH package:

#! /bin/sh

# /etc/init.d/ssh: start and stop the OpenBSDh “secure shell(tm)” daemon

test -x /usr/sbin/sshd | | exit 0
( /usr/sbin/sshd -\? 2>&1 | grep -q OpenSSH ) 2>/dev/null | | exit 0

# forget it if we’re trying to start, and /etc/ssh/NOSERVER exists
if expr “$1″ : ‘.*start$’ >/dev/null && [ -e /etc/ssh/NOSERVER ]; then
echo “Not starting OpenBSD Secure Shell server (/etc/ssh/NOSERVER)”
exit 0
fi

# Configurable options:

case “$1″ in
start)
test -f /etc/ssh/sshd_not_to_be_run && exit 0
echo -n “Starting OpenBSD Secure Shell server: sshd”
start-stop-daemon –start –quiet –pidfile /var/run/sshd.pid –exec /usr/sbin/sshd
echo “.”
;;
stop)
echo -n “Stopping OpenBSD Secure Shell server: sshd”
start-stop-daemon –stop –quiet –oknodo –pidfile /var/run/sshd.pid –exec /usr/sbin/sshd
echo “.”
;;

reload|force-reload)
echo -n “Reloading OpenBSD Secure Shell server’s configuration”
start-stop-daemon –stop –signal 1 –quiet –oknodo –pidfile /var/run/sshd.pid –exec /usr/sbin/sshd
echo “.”
;;

restart)
echo -n “Restarting OpenBSD Secure Shell server: sshd”
start-stop-daemon –stop –quiet –oknodo –pidfile /var/run/sshd.pid –exec /usr/sbin/sshd
sleep 10
start-stop-daemon –start –quiet –pidfile /var/run/sshd.pid –exec /usr/sbin/sshd
echo “.”
;;

*)
echo “Usage: /etc/init.d/ssh {start|stop|reload|force-reload|restart}”
exit 1
esac

exit 0

Then symlink it as before.

Anyway, what you did broke a number of Linux and Unix standards. The Linux Standards Base people aren’t going to come to your door with a gun, but you might run into problems down the line.

1. Symlinks in the various rc boot directories (rc.boot, rcS.d, rc0-6.d) can’t point directly to binaries. They have to point to scripts, which generally in turn start binaries. Of course, nothing will break if you do this but it violates the standards.

2. You shouldn’t use rc.boot. I believe its use is deprecated and is only for backwards compatibility while programs finish switching over to the standards. rc.boot will probably be removed at some point. Use the normal runlevel rc directories (rc2.d through rc5.d) for normal stuff, rcS.d for stuff that will be started in EVERY runlevel, even single user mode (stuff like SSH should NOT start in single user mode), rc0.d and rc6.d should be used for stuff that needs to be run when shutting down or rebooting.

Clear enough?

——————
http://users.ipa.net/~cmcpher/paminv.gif DEBIAN (http://www.debian.org/) http://users.ipa.net/~cmcpher/paminv.gif
It turns girls into statues!

[This message has been edited by Craig McPherson (edited 11 January 2001).]

I’m a little late with this, but there’s a new version of PuTTY that’s finally been released. According to their changelog, there hasn’t been a PuTTY release since beta 0.58 was released in 2005-04-05.

You can download the file from here:
http://the.earth.li/~sgtatham/putty/latest/x86/putty.exe

And here’s a copy of the changelog. The feature I’m really looking forward to is the serial support (I currently use a program called TuTTY and another one called TeraTermPro).

* PuTTY can now connect to local serial ports as well as making network connections.
* Windows PuTTY now supports “local proxying”, where a network connection is replaced by a local command. (Unix PuTTY has supported this since it was first released in 0.54.) Also, Plink has gained a “-nc” mode where the primary channel is replaced by an SSH tunnel, which makes it particularly useful as the local command to run.
* Improved speed of SSH on Windows (particularly SSH-2 key exchange and public-key authentication).
* Improved SFTP throughput.
* Various cryptographic improvements in SSH-2, including SDCTR cipher modes, a workaround for a weakness in CBC cipher modes, and Diffie-Hellman group exchange with SHA-256.
* Support for the Arcfour cipher in SSH-2.
* Support for sending terminal modes in SSH.
* When Pageant is running and an SSH key is specified in the configuration, PuTTY will now only try Pageant authentication with that key. This gets round a problem where some servers would only allow a limited number of keys to be offered before disconnecting.
* Support for SSH-2 password expiry mechanisms, and various other improvements and bugfixes in authentication.
* A change to the SSH-2 password camouflage mechanism in 0.58 upset some Cisco servers, so we have reverted to the old method.
* The Windows version now comes with documentation in HTML Help format. (Windows Vista does not support the older WinHelp format. However, we still provide documentation in that format, since Win95 does not support HTML Help.)
* On Windows, when pasting as RTF, attributes of the selection such as colours and formatting are also pasted.
* Ability to configure font quality on Windows (including antialiasing and ClearType).
* The terminal is now restored to a sensible state when reusing a window to restart a session.
* We now support an escape sequence invented by xterm which lets the server clear the scrollback (CSI 3 J). This is useful for applications such as terminal locking programs.
* Improvements to the Unix port:
o now compiles cleanly with GCC 4
o now has a configure script, and should be portable to more platforms
* Bug fix: 0.58 utterly failed to run on some installations of Windows XP.
* Bug fix: PSCP and PSFTP now support large files (greater than 4 gigabytes), provided the underlying operating system does too.
* Bug fix: PSFTP (and PSCP) sometimes ran slowly and consumed lots of CPU when started directly from Windows Explorer.
* Bug fix: font linking (the automatic use of other fonts on the system to provide Unicode characters not present in the selected one) should now work again on Windows, after being broken in 0.58. (However, it unfortunately still won’t work for Arabic and other right-to-left text.)
* Bug fix: if the remote server saturated PuTTY with data, PuTTY could become unresponsive.
* Bug fix: certain large clipboard operations could cause PuTTY to crash.
* Bug fix: SSH-1 connections tended to crash, particularly when using port forwarding.
* Bug fix: SSH Tectia Server would reject SSH-2 tunnels from PuTTY due to a malformed request.
* Bug fix: SSH-2 login banner messages were being dropped silently under some circumstances.
* Bug fix: the cursor could end up in the wrong place when a server-side application used the alternate screen.
* Bug fix: on Windows, PuTTY now tries harder to find a suitable place to store its random seed file PUTTY.RND (previously it was tending to end up in C:\ or C:\WINDOWS).
* Bug fix: IPv6 should now work on Windows Vista.
* Numerous other bugfixes, as usual.

I have been running Microsoft Windows XP in Parallels, a virtual machine application for Intel based Macs, on my MacBook and have been very pleased. I do however have a question about Windows XP specifically, although this question may apply to other versions of Windows. Why does Windows XP seem to run better in virtual machines than on actual PC hardware?

I use Win4BSD, a virtual machine application from the makers of Win4Lin for FreeBSD, on my FreeBSD 6.x laptop to run Windows XP and have experienced the same result there. I ran Qemu before that with the same results.

I know Chris uses VMware Workstation on Debian Linux with Windows XP installed and has expressed the same thing about his experiences. Actually, Chris said he had even better performance out of Windows XP by running Windows XP in his VMware virtual machine and then using rdesktop, an open source Remote Desktop Connection client, to connect to the virtual machine. Crazy!

I haven’t used VMware on a Windows box in quite sometime so I don’t know if there are performance gains by running Windows XP in a virtual machine on Windows XP. So, maybe someone out there in aa land can chime in on that. But, the question remains: why does it run better? Is the virtual hardware more fine tuned to run the necessities of Windows XP? If anyone out there has any knowledge behind Virtual Machine internals, please let us in on the secret.

I am also very interested to see if anyone else’s experiences mimic my own. Is it just me? Am I getting lucky? What’s the 411?!

Until next time…