Windows 10 Gets Core Console Host Enhancements

x0n writes: As of Windows 10 TH2 (10.0.1058), the core console subsystem has support for a large number of ANSI and VT100 escape sequences. This is likely to prepare for full Open SSH server/client integration, which is already underway over on github. It looks like xterm is finally coming to Windows. OpenSSH was previously announced (last year) by the very forward-looking PowerShell team. The linked article provides some context, and explains that the console host isn't the same as either cmd.exe or powershell.exe, but there is a lot of overlap in functionality.

News for Nerds

Is it just me, or is this actually news for nerds?

Re:News for Nerds

nerds have already cygwin, msys or something like that. nerds needed this functionality so long that they actualy resigned reminding m$ that terminal is a not a dirty word.
to paraphrase: a good console is like a good dog - very rare. a good console with a good language is like a dog speaking norwegian,sir - even rarer. i am mentioning this because in windows 10 they actually got cmd.exe so much better, but the underlying bat language feels like yesterday's vomit. i guess, that's where powershell comes in, but this dog speaks hungarian and i have no true will to learn yet another language specific for some minor platform.

so 2016 will be the year of the console on windows, a bit ironic

Re:News for Nerds

[davester666]

No. Nerds refuse to run Windows 10. They don't like being tracked like rats in a cage.

Re:News for Nerds

[flopsquad]

How dare you insult hungarians. We are a proud people!

And full of eels, just like our hovercraft!

Re: News for Nerds

[davester666]

He probably walks around complaining that he is being forced to wear clothes when he leaves the basement.

Re:News for Nerds

[dave420]

The problem with generalisations like yours is that it only takes one nerd who uses Windows 10 to prove you wrong. Just one. One single Windows 10-using nerd and you are incorrect. As it is, there are plenty, so you might want to think about not using such basic, childish logical arguments in future.

So Let Me Get This Straight

[MightyMartian]

So let me get this straight. Windows is getting the kind of terminal support *nix has had for nearly 50 years? Wow, I mean, how fucking innovative of MS.

Fuck fuck fuck.

Re:So Let Me Get This Straight

[MightyMartian]

Looks like the Redmondites are out in force with their mod points.

I just have to ask all you clever little MS types. As Microsoft moves Windows Server closer to a CLI-based operating system, what exactly is the point of Windows now, other than, I suppose Exchange?

Re: So Let Me Get This Straight

[mattcoz]

Why does it have to be innovative to be a good thing? Should they just not do it if it has already been done by someone else?

Re:So Let Me Get This Straight

Spyware and forced restrictions is the way everyone wanted it to go?

Re:So Let Me Get This Straight

[fnj]

I just have to ask all you clever little MS types. As Microsoft moves Windows Server closer to a CLI-based operating system, what exactly is the point of Windows now, other than, I suppose Exchange?

Exchange Server is one of the killer points, yes. The other one is Domain Login with the attendant domain-wide security model. As a *nix booster, I must say those two continue to absolutely show up *nix to this day. Those two give more than enough of a "point".

Re:So Let Me Get This Straight

This is actually a pretty big deal. Stolen from this post by a ReactOS developer:

why is command prompt so, command prompty i guess

it all goes back to a terrible, terrible architectural choice they made way back in Windows NT 3.1

Win32 consoles are implemented in user mode. god knows why simple, safe consoles are a user mode thing, while a ton of badly written GUI poo poo was violently forced down kernel mode's throat, but they probably hoped that text consoles were going to be a fad? nevermind. this alone wouldn't be an issue, in fact if anything it would make providing multiple implementations of console windows very easy, but they had to double down on the awful, and make console windows run in the user-mode part of the win32 subsystem (basesrv.dll), which runs in a hyper-privileged process, csrss.exe. how privileged?

* the system is immediately shut down with a fatal hard error if it terminates. regular hard errors (like "put the floppy back in, idiot", "executable imports non-existing function from dll", etc.) are passed from kernel mode back to csrss.exe, which turns them into message boxes (when you use MessageBox with the MB_SERVICE_NOTIFICATION flag, you are actually raising a STATUS_SERVICE_NOTIFICATION hard error); they are even interactive (you surely remember the infamous abort/retry/ignore), as in the thread that raised them is blocked waiting for your answer. the caller can even be a kernel mode driver (see IoRaiseHardError). fatal hard errors (passing OptionShutdownSystem to NtRaiseHardError/ExRaiseHardError) on the other hand can't be sent to anyone and result in an immediate shutdown (pretty fast because only drivers are notified, user mode processes are just killed) followed by a bugcheck. so technically it's wrong to say that terminating csrss.exe causes a BSOD because a BSOD is instant, while when you kill csrss.exe you can e.g. hear the disks flushing. little known fact: before Windows XP, crashing on termination of a critical process wasn't a kernel feature; instead, the startup process (smss.exe) would wait for the termination of csrss.exe and winlogon.exe, and hit you with a hard error if it ever returned from the wait. you'll notice a flaw: nobody watches the watcher (kernel don't gaf). you could totally kill smss.exe and then csrss.exe without a BSOD. back then, the debugging APIs were implemented in user mode for some loving reason, and for an even more inexplicable reason they were a RPC API and smss.exe was the server end, so killing smss.exe would have no visible effect, except breaking debugging until a reboot
* it has direct access to the real-mode address space (lowest 1 MB of physical address space), in fact it's mapped at virtual address 0 and everything. csrss.exe doesn't actually use this, it's a hack for calling the VGA BIOS from video drivers. the driver framework attaches to csrss.exe to get its address space (virtual address 0 is in the user mode range, and kernel processes like System have no user mode virtual memory range, so you need to attach to a user mode process for that) and then I have no idea what happens because I've never done VGA. there's a special flag to RtlCreateUserProcess (low level no-Win32 equivalent of CreateProcess, used to start winlogon.exe, csrss.exe, etc. you can tell a process has been launched by RtlCreateUserProcess instead of CreateProcess because its command line will include the full object namespace path, e.g. \??\C:\WINDOWS\System32\winlogon.exe), RTL_USER_PROCESS_PARAMETERS_RESERVE_1MB, whose entire purpose is to reserve the lowest 1 MB of virtual address space in the target process so that stacks, heaps, environment, etc. will be allocated somewhere else and win32k.sys can map the real-mode address space there (how do you allocate memory at address 0? just pass (PVOID)1 as the desired address to VirtualAlloc/NtAllocateVirtualMemo

Re:So Let Me Get This Straight

[Gadget_Guy]

So let me get this straight. Windows is getting the kind of terminal support *nix has had for nearly 50 years?

No, Windows has had the kind of terminal support for years, it is just been their own implementations. The difference now is that they are now using the same particular protocol as the *nix world. In other words, they are going from the kind of terminal support to the exact terminal support.

Re:So Let Me Get This Straight

[phantomfive]

Wait till you find out they'll actually let you resize the terminal window.

Re:So Let Me Get This Straight

[phantomfive]

SQL Server, is another reason.

It's been a mistake everywhere I've seen it used.
True, it's nicer than MySQL, but you pay for it.

Re:So Let Me Get This Straight

[Sarten-X]

The same as it's always been... full integration with the entire line of business-oriented Microsoft products (including Exchange) and support for the vital third-party software that requires Windows.

For many years, Microsoft's business model has been to promote a Microsoft-centric universe. If you use Office, you'll get the best service with an Exchange server, which must run on Windows Server, and really needs Active Directory, which supports your Windows workstations, which integrate with Office. It's not just that Windows is a GUI-based OS. Microsoft products are a part of a whole tangled mess of dependencies, and for years we've been stuck dealing with the downside of that glorious integration.

Every IT admin has a story about the vital business process that involved a human robot. Every day a human logs in, and runs an Excel macro to generate a spreadsheet, that he saves as a CSV file and loads into a third-party program, which generates a RTF document, that needs to be renamed to .txt and moved to a different folder for another program to find and render into a PDF, which the human has to open and read the third line on the fifth page to determine which managers need the report emailed to them. This is a GUI-based process, because the software runs on a GUI-based OS. It can't be automated, because the software doesn't support it. For decades, automation has been a "nice to have" feature, because it never fit into the Microsoft business model, so there was never a good framework to support it built into Windows.

Sure, we had some old tricks... Batch files, DDE, COM, OLE, WSH, VBA... but they never really enjoyed full support from Microsoft. They were supported features, but not supported enough that third-party vendors would feel pressure to support any automation.

Now, with PowerShell and the Core offering of Windows Server, there's the notion that everything should be able to be automated. Sure, we've had that idea from the very first days of Unix, and *nix has embraced the concept to maturity, but *nix still doesn't run every piece of business-critical third-party software. For those of us who are already firmly entrenched in that Microsoft-centric world, this is a much-needed good omen.

Re:So Let Me Get This Straight

[tlambert]

Exchange Server is one of the killer points, yes. The other one is Domain Login with the attendant domain-wide security model. As a *nix booster, I must say those two continue to absolutely show up *nix to this day. Those two give more than enough of a "point".

Both Mac OS X and RedHat Linux have answers to both domain login and domain-wide security. The Linux implementation is somewhat less robust (i.e. it's possible to escape exclusion groups, and there's no external group membership resolver like there is on Mac OS X, so there's still the 16 group limit), but it at least is a proof by existence that the claim is wrong. And you can always install the Samba implementation manually on any Linux or BSD box.

If you want to get technical, had Windows not added the proprietary field, we're just talking a KDC implementation, as in Heimdal Kerberos, or before that, MIT Kerberos, and that's been around since Project Athena, which means early 1980's, which means over 30 years. Microsoft's implementation was 1995 or so, and it was the late 90's before they made it non-interoperable with the proprietary field, so they are predated by at least a decade.

Kerberos was interesting, in that it abused the setgroups() and cr->ngroups to store the Kerberos key in the last two groups field, but at that point you were not really using groups anyway (since you were using remote Andrew FS or similar, and it was doing server side credentials enforcement).

So TL;DR: they absolutely did not, and do not, "show up *nix".

Re:So Let Me Get This Straight

[phantomfive]

Exchange Server is one of the killer points, yes.

What's so great about Exchange Server that other messaging systems don't have? Because from the client side, it doesn't seem all that special to me.......

Re:So Let Me Get This Straight

[Darinbob]

Well, I think they've decided to finally be useful to developers.

Re:So Let Me Get This Straight

[MightyMartian]

Windows had a Telnet server, to be sure. But you had to be pretty damned careful as to which commands you used. We did play around with Cygwin's bash script running in a TTY on Windows 2000, but it was clunky and slow (like everything in Cygwin was, and maybe still is, I dropped it years ago). In the end it just wasn't a very good CLI-based management platform because 1. there was no good native pure CLI-based toolset to administer a system, 2. no good TTY based text editor, and 3. it was bloody Telnet, and unless you were going to throw everything in an encrypted tunnel, it simply wasn't secure enough for production servers.

Re:So Let Me Get This Straight

Because AD and Exchange are a must? You run Exchange and AD in your business, or you don't have an enterprise, because nothing else out there scales.

It would be nice if there were a scalable directory solution that could compete... but nobody wants to dip their toe in that market.

Re:So Let Me Get This Straight

For a workgroup, OS X and RedHat is fine. For serious work, AD is the only game in town.

Re:So Let Me Get This Straight

[mlts]

SQL server is a database server, and some applications require it... but at least there are others, and one doesn't have to run their business on it. There are alternatives, from MySQL/MariaDB to Oracle, and the nice thing about Oracle is that there are no license keys to manage, so if there is a disaster, getting your RAC cluster back operable isn't dependent on licensing/activation.

This isn't to say SQL server is bad, but if one wants to move from Windows, there are RDBMS products which are just as good available. If you like NoSQL, but still want ACID... there is always MarkLogic.

Re:So Let Me Get This Straight

[mlts]

The Telnet server required an Expect script to use... and yes, you -can- do stuff that way... but it is a relative PITA compared to ssh, Python libraries, and Ansible. As the parent said, sending unencrypted passwords through a link (yes, one -could- do tunnels, but that is another bunch of hoops) was possible... but with SSH (especially with RSA authentication), it is far, far easier.

Re:So Let Me Get This Straight

[Hadlock]

Holy hell, someone mod parent up, please.

Re:So Let Me Get This Straight

[Gadget_Guy]

You are right that Telnet is not much use and very insecure, but it was not the only option for remote access.

Windows has also had Terminal Services (later Remote Desktop Protocol) since Windows NT 4.0, although it required a special server version. Windows 2000 Server had it in standard configuration, and Windows XP had it by default in workstation versions (except for the Home edition). XP also had the WSHContoller object for running Windows Scripting Host scripts remotely, but that was not much use for adhoc work. Finally, Powershell introduced remote interactive consoles in version 2.0 back in 2009.

Re:So Let Me Get This Straight

[Hadlock]

Tons of interesting stuff in that link, totally off topic, but details about rewriting win32 kernel with full unicode support as a realtime OS for Windows CE:

I do in fact know a little about Windows CE! from what I remember, it's a much simpler, cleaner design. its Win32 is a rewrite of a subset (for one: Unicode only, no ANSI), and the kernel is a hard realtime microkernel with some cool, unique features: for example, inter-process calls temporarily moved the calling thread to the server process, no roundtrips, no memory copies. this could only work because Windows CE had a single address space shared by all processes. this limited Windows CE to 4 GB of physical memory, but it was a necessity because it had to work on machines without a MMU. the fixed address space also limited Windows CE to 15 processes, don't know why so few (not threads though, you could create as many threads as would fit in memory, and you had 256 priority levels to choose from instead of Windows NT's meager 15)

this was until Windows CE 5. Windows CE 6 is a much more boring kernel, with separate address spaces and drivers running in kernel mode

Re:So Let Me Get This Straight

[MightyMartian]

So essentially it took until 2009 for Microsoft to even begin to admit that RPC, a few rather crappy scripting host options and RDP were inadequate, but it took them over six more years to finally implement what is pretty much the gold standard of encrypted TTY interfaces.

Maybe this is part of the turning over a new leaf, but I can't help but imagine that the next version of Microsoft's coursework will announce how innovative all of this, much as it went around declaring how innovative Powershell was, when all it really is is an overly complicated descendant of Bash, inelegant, overly verbose and unnecessarily convoluted. But yes, it is the best solution MS has ever come up with to remotely administer servers in a programmatic way.

What a bloody pity they just didn't admit their long battle against *nix was idiotic, and just implement Bash and the standard toolset. But then, I guess the obfuscation which has been so much a part of NT and its descendants' success would disappear as well.

I just hope all the Redmondites see the irony of MS sitting around for two decades declaring NT's superiority because, you know, Windows and all, and now essentially reinventing, badly in many cases, what the Unix ecosystem has had for decades.

Re:So Let Me Get This Straight

[MightyMartian]

Well, whenever it appears on Server, and by that I'm assuming our Server 2012 seats won't have it, so what this amounts to is "Shell out a bunch more money in operating systems and CALs, and we'll give you this nifty feature (which every other server grade OS has had for a couple of decades now)

Re:So Let Me Get This Straight

[realmolo]

Full integration with Active Directory, for fine-grained permissions over all aspects of the mail/calendar system.

For example, with Exchange and AD, I can create a distribution group, and delegate "ownership" of that group to a specific user, so they can add/remove users to that group. I can set that group to "open" or "closed", meaning users can either join it/leave it without owner approval, or not.

I can give an arbitrary user access to another users entire mailbox, or give them only permission to "send as" a different user, or distribution group.

I can allow only certain users to send to specific addresses, meaning I can have a "My Entire Company" distribution group that only specific people can send mail to.

And then there are similar permissions/delegation options for calendars, and Public Folders, and even Skype for Business. If you have VoIP phone systems, and compatible phones, you can even access all of your mail/calendar/Skype messages from your phone.

I can set deletion and archive polices for each user, or a group of users. I can set mailbox size limits per user, or per group. I can create a "discovery search", meaning I can allow access to a user's mailbox, but only for mails that meet a specific search criterion.

And of course, there is a cottage industry of add-ons for Exchange to do a million other things. Mimecast, for example, allows automatic off-site archiving of all email (with an Outlook plugin to search the mail), and automatic failover to Mimecast's servers if Exchange goes offline.

It's just endless. Exchange has no real competition. Is it perfect? No. But it's better than anything else for corporate messaging, by a wide margin.

Re:So Let Me Get This Straight

[MightyMartian]

Gosh, what did we ever do before Windows 2000? Authentication by clay tablet?

It's the egocentric nature of MS's claims, that somehow computing couldn't be done without its products, that pisses me off the most. It denies an absolute vast amount of work done in these areas for decades before derivative technologies like AD even existed

Just like how Redmondites are doubtless cheering the innovation of giving Windows admins what everyone else has had for decades. This isn't a moment for pride at Redmond, but the moment when if fully recognizds just how shabbily it treated people stuck trying to do automation on its amazingly incoherent platform.

Re:So Let Me Get This Straight

[MightyMartian]

Perhaps if it came with a dose of humility.

Oh, and Bash.

Re: So Let Me Get This Straight

[corychristison]

I don't get it either... Outlook is a pile of shit, Exchange may "work" but it certainly is also a pile of shit. Years of cruft, and more added on every year.

I'm not a fan of Google, nor do I use their services, but they are at least based on open standards anyone can use... I don't just mean email, I mean calendars/appointments (CalDAV), contact syncronization (CardDAV), internal messaging (XMPP), etc.

Microsoft and their need to convolute everything until it crumbles in the users hand for the sake of locking everyone in to extract more license fees is frustrating, and a huge waste of company time/money.

Re:So Let Me Get This Straight

[Zontar+The+Mindless]

And you can always install the Samba implementation manually on any Linux or BSD box.

Don't some Linux distros install Samba support automatically? I seem to recall that mine (openSUSE) does, at least.

Re:So Let Me Get This Straight

[Zontar+The+Mindless]

We got along just fine for years at Sun without Exchange or AD. Outlook was strictly verboten, and our mail servers actually handled lists correctly.

Good times.

Re:So Let Me Get This Straight

[Zontar+The+Mindless]

I'm sure that MightyMartian feels only heartfelt pity and compassion for the kids on the short bus.

Re:So Let Me Get This Straight

[tlambert]

If you want to get technical, had Windows not added the proprietary field, we're just talking a KDC implementation, as in Heimdal Kerberos, or before that, MIT

_just_ ? Try setting setting up IPA sometime. That's just LDAP and Kerberos too. Have fun...

LDAP is really easy. Well, it is for me:

From the OpenLDAP commit logs:
===
1.1.4.1 Sat Aug 8 23:05:28 1998 UTC; 17 years, 6 months ago by kurt
CVS Tags: FreeBSD_3_3; Branch: FreeBSD
Changed since 1.1: +0 -0 lines
Diffs to 1.1 (colored diff)
Import of FreeBSD LDAP 3.3 Port
---
1.1 Sat Aug 8 22:43:17 1998 UTC; 17 years, 6 months ago by kurt
Initial revision
---
1.1.3.1 Sat Aug 8 22:43:17 1998 UTC; 17 years, 6 months ago by kurt
CVS Tags: LDAP_3_3+prerelease, UMICH_LDAP_3_3, BOOLEAN_LDAP, LDAP_POSTE, LDAPworld; Branch: UMICH ; Branch point for: RAGE
Changed since 1.1: +0 -0 lines
Diffs to 1.1 (colored diff)
Import of Umich LDAP 3.3
===

See that 1.1.4.1? Those are my patches to get OpenLDAP working from UMich LDAP sources. It added about 40 platforms. OpenLDAP started with the UMich LDAP, added my patches, and then went on from there. Originals of the (120K of) patches are HERE:

http://www.freebsd.org/~terry/...

Just because something is hard for you, doesn't make it hard for the rest of us. Some of us have been doing this for nearly two decades.

Re:So Let Me Get This Straight

[dbIII]

It's a massive suite of stuff that people like to pretend is one program whenever comparisons are made.
So if it performs worse than any other available MTA the excuse is "but can an MTA do this" when it's an entirely different part of the suite doing the job.

Exchange. The name itself is very good advice on what to do with it. A positive is it did lead to Volume Shadow Copy because there was no reliable way to back up MS Exchange files without stopping the services and not letting users open their mailboxes for the duration.

Re:So Let Me Get This Straight

[dbIII]

Mimecast, for example, allows automatic off-site archiving of all email

Which Sendmail could do with simple entries in the alias file long before MS Exchange even existed. It's about the only simple thing about Sendmail, but such things were core functions in other MTAs years ago.

Re:So Let Me Get This Straight

[dbIII]

If you use Office, you'll get the best service with an Exchange server

True, MS Outlook is very flaky at times doing normal email unless the server is in the same building. I've had to get users onto a VPN simply because MS Outlook does SSL so badly. Phones with 1/10 the CPU on congested networks perform better picking up mail than a fast machine with MS Outlook.

Re:So Let Me Get This Straight

[dbIII]

One of the funny moments on this site was a series of posts in a range of articles by an MS fanboy that kept saying the MS stuff was superior to *nix due to the "run as" functionality. He didn't seem to know that *nix has had the entirely equivalent "su" since before the MS stuff even had usernames, he'd only heard the preaching of another fanboy about how wonderful the feature was and how MS had invented it.
That summed up the attitude nicely.

Re:So Let Me Get This Straight

[Gadget_Guy]

So essentially it took until 2009 for Microsoft to even begin to admit that RPC, a few rather crappy scripting host options and RDP were inadequate, but it took them over six more years to finally implement what is pretty much the gold standard of encrypted TTY interfaces.

No, they have never stated that their previous technology was inadequate. They are just providing yet another option to their existing solutions. That you think that SSH is the one-and-only answer shows your biases rather than demonstrates any admissions of inadequacy by Microsoft.

Maybe this is part of the turning over a new leaf, but I can't help but imagine that the next version of Microsoft's coursework will announce how innovative all of this...

There is no way that they will attempt to claim that they invented SSH. Apart from being so easy to disprove (and thus ridicule), it would also go against the current Microsoft policy of working with standards.

...much as it went around declaring how innovative Powershell was, when all it really is is an overly complicated descendant of Bash, inelegant, overly verbose and unnecessarily convoluted.

Once again you have let your hatred and obvious lack of knowledge get the better of you. The basis of Powershell is that it treats everything as an object and is integrated with .NET so that it has access to virtually the same class structures that low level languages have. How it that being a descendant of bash? As you say, it has a verbose naming scheme for its commands and functions. How is that being a descendant of bash? Sure it has aliases to allow common *nix commands, but it also has them to allow CMD.EXE commands too. They are simply there to provide convenient shortcuts. Apart from those helpful aides, everything about Powershell is all its own.

I just hope all the Redmondites see the irony of MS sitting around for two decades declaring NT's superiority because, you know, Windows and all, and now essentially reinventing, badly in many cases, what the Unix ecosystem has had for decades.

For someone who thought that the only remote access that Windows had was telnet and that Powershell was a copy of something that it is almost completely unlike, I think that you need some more education before you can lecture anyone about the shortcomings of Windows.

Re: So Let Me Get This Straight

[MightyMartian]

Am I the only one who finds Powershell exceedingly slow? Load up is crazy, and try to load in extensions like Exchange, and holy shit it crawls.

Meanwhile Bash always seems snappy, despite being a fairly complex interpreter itself.

Re:So Let Me Get This Straight

[MightyMartian]

I was referring to TTY access. Your misrepresenting what I said.

Re:So Let Me Get This Straight

[Ash-Fox]

I mean, sure, it has no protection against MitM attacks whatsoever,

Windows Telnet server supports using NTLMv2. You're speaking non-sense.

Re:So Let Me Get This Straight

[modmans2ndcoming]

you miss the point that Exchange is doing that from AD, not some separate config for user access that is only useful to itself. AD is a central repository for access to everything you need to manage in an enterprise. Your SendMail solution is great for send mail. Can I use it to manage access to network shares, printers, applications, remote access, etc? no.

Re:So Let Me Get This Straight

[modmans2ndcoming]

business enterprises were far more fragmented back in the day. They handled scale by having site specific access for their large enterprises.

Re:So Let Me Get This Straight

[MightyMartian]

And it's not as if Exchange is easy. Yes, there's the brain dead configuration that comes out of the box, but if you want to do anything like advanced filtering it suddenly becomes very complex. We run Exchange 2010 where I work, and a few months ago I wanted to do some scripting on incoming emails to a specific mailbox. Certainly possible, but man oh man, between being forced to work in Powershell and the awkwardness of Exchange itself, I ended up implementing it on the Postfix server that sits between the Exchange server and the network. Postfix passes off the message via STDIO to my Bash script, I pulled out the attachments I need to save elsewhere for further processing, and it's been humming like a charm ever since.

Maybe some of it has to do with the fact that I'm a *nix guy, and it's more familiar terrain, but I really can't get over just difficult Powershell and Exchange can be, where the *nix philosophy just makes things so much easier.

Re:So Let Me Get This Straight

[MightyMartian]

I use MS products every bloody day. We upgraded to a Server 2012 network last year, we run Exchange 2010, all our workstations run Windows, with Office on them.

I have to deal with its often inelegant solutions to automation and remote administration (seriously, at one point we had GUI "scripting"). Yes, they've built better tools than they had, but all those tools ever seem to do is demonstrate the old maxim; those that don't understand Unix are doomed to re-implement it badly. Even Powershell is just gawdawful hard to use, and while it's better than the collection vbscript files, batch files, registry files and the like that came before it, I still find the process of Windows scripting just dreadful.

Windows needs Bash and the standard Unix toolkit, badly. Yes, there might be some kludges here and there, but WTF is the registry but just a bunch of setting/value pairs in a hierarchy. We were using text-based tools ten years ago to manipulate it, building registry files or using CLI registry utilities. Binary data was a pain, to be sure, but most of the registry is all just plain text.

Re:So Let Me Get This Straight

[sjames]

PostgreSQL.

Re:So Let Me Get This Straight

[Ash-Fox]

Full integration with Active Directory, for fine-grained permissions over all aspects of the mail/calendar system.

Have more in depth permission schemes in Zimbra actually.

For example, with Exchange and AD, I can create a distribution group, and delegate "ownership" of that group to a specific user, so they can add/remove users to that group. I can set that group to "open" or "closed", meaning users can either join it/leave it without owner approval, or not.

Can do that in Zimbra.

I can give an arbitrary user access to another users entire mailbox, or give them only permission to "send as" a different user, or distribution group.

Can do that in Zimbra, the sharing function are actually a much nicer set of ACL options than what Exchange/Outlook provides.

I can allow only certain users to send to specific addresses, meaning I can have a "My Entire Company" distribution group that only specific people can send mail to.

Can do that in Zimbra.

And then there are similar permissions/delegation options for calendars, and Public Folders, and even Skype for Business. If you have VoIP phone systems, and compatible phones, you can even access all of your mail/calendar/Skype messages from your phone.

You can do this in Zimbra, however for the VoIP stuff, you'll need a 3rd party addon (it exists, because I use it). As for the Skype for Business/Lync, I don't really know, but Zimbra has a built in instant messaging solution that works too.

I can set deletion and archive polices for each user, or a group of users. I can set mailbox size limits per user, or per group. I can create a "discovery search", meaning I can allow access to a user's mailbox, but only for mails that meet a specific search criterion.

Can do that in Zimbra.

And of course, there is a cottage industry of add-ons for Exchange to do a million other things. Mimecast, for example, allows automatic off-site archiving of all email (with an Outlook plugin to search the mail), and automatic failover to Mimecast's servers if Exchange goes offline.

Plenty for Zimbra too.

It's just endless. Exchange has no real competition.

Where Zimbra can't beat Exchange on is complete perfect integration with Outlook. It does however beat Exchange and Outlook on their offered functionality.

Re:So Let Me Get This Straight

[dbIII]

This one time, this one guy said something stupid. Therefore, Linux is better.

No, those half dozen times at least in as many different articles. Both things have it but he kept insisting that it was an MS only thing and linux had to "catch up". Amusing.

Re:So Let Me Get This Straight

[dbIII]

No. Just as MS Exchange is a suite with parts that do different things a different environment with LDAP and a mail transfer agent can also work together.
Sure you understand at least that much?
The truly amusing thing is in a thread about a third party addon for MS Exchange you seem to be demanding that I find a single application that provides everything the MS Exchange suite and it's addons can provide. How about we move away from marketing fiction and a bit closer to reality?

Re:So Let Me Get This Straight

[dave420]

So the linux implementation isn't nearly as robust and is terribly limited in scope. That's not a particularly good argument.

Re:So Let Me Get This Straight

[dave420]

So you are just flailing about trying to make an argument based on your personal recollections, extrapolating many poor arguments into an even poorer argument? Brilliant.

Re:So Let Me Get This Straight

[godefroi]

If you like NoSQL, but still want ACID... there is always MarkLogic.

I just threw up in my mouth a little. MarkLogic makes me think of ColdFusion.

Re:So Let Me Get This Straight

[dbIII]

An example is an example. In this case the fanboy had the fault and not either OS - so an example of that. What is your problem exactly?

Re:So Let Me Get This Straight

[throx]

Where Zimbra can't beat Exchange on is complete perfect integration with Outlook. It does however beat Exchange and Outlook on their offered functionality.

That's actually the key to the differentiation of Exchange. Integration with Outlook means integration with Office and the incredible morass of Office Automation that large businesses tend to build over time. Just as there was never a drop-in replacement for Notes, despite the detractors (usually Exchange fanboys) listing similar bullet-point by bullet-point comparisons and declaring victory, it's the ability for the groupware platforms like Notes and now Exchange to pull together a wide array of communication and messaging activities through desktop application integration that really gives them the leg up and lock in when it comes to the Enterprise.

Zimbra is, for sure, an outstanding messaging and communication solution that when you break down the bullets on the standalone Outlook/Exchange combo fares extremely well. Ain't always that simple. :)

Re:So Let Me Get This Straight

[Ash-Fox]

That's actually the key to the differentiation of Exchange. Integration with Outlook means integration with Office and the incredible morass of Office Automation that large businesses tend to build over time.

I understand and completely agree.

Zimbra is, for sure, an outstanding messaging and communication solution that when you break down the bullets on the standalone Outlook/Exchange combo fares extremely well. Ain't always that simple. :)

Yeah, I have encountered that myself more times than I can count in companies I have consulted with. The type of companies I see using solutions like Novell's Groupwise or Zimbra etc. tend to be companies that mostly operate using Cloud services (like, through a webbrowser) interestingly enough.

To say Exchange and Outlook has no competition though is a stretch. It's just that when it comes to offering products that work best with Microsoft products... Microsoft products tend to win most of the time.

Re:Turd

[MightyMartian]

I can only hope you can run a native version of Bash with a set of GNU or Posix versions of the toolset, and I can send Powershell to the shithole that horrible scripting language belongs.

Pooh-Pooh all you want. This is great news!

[slacka]

For those of us that have no choice but to manage Windows and *nix boxes, it's a pain in the ass to have to context switch between RDP and ssh'ing. This will make our job much easier. Between all the open source software, github, and stuff like this, I love the new MS. Of course our real servers will always run FreeBSD.

Re:Pooh-Pooh all you want. This is great news!

[Billly+Gates]

SSH and docker support will get the MBA types who fear change and spending cash to consider Server 2016.

I would rather MS innovate than to just EOL good products instead.

SSH support will go everywhere including the MMC SNMP tools and not just powershell for remote work. FOr any organization with security in mind this will be a HUGE reason to upgrade. Sadly, since Server 2016 is already in preview 4 I doubt this will see hte light of day on that release. It will be 2018 with Server 2016 R2 before we see SSH everywhere undearneath including AD authentication.

But I can hope it will be part of Server 2016.

Re:Pooh-Pooh all you want. This is great news!

[WaffleMonster]

For those of us that have no choice but to manage Windows and *nix boxes, it's a pain in the ass to have to context switch between RDP and ssh'ing.

Remote shells for Windows have been available for decades. Hell I remember telnet server was included with NT net tools a lifetime ago. A lifetime before that directing command interpreter thru modem ports.

Multiple vendors offer ssh servers for windows and all of the unix shells have been ported to windows. Anyone who really wanted one would already have one.

This will make our job much easier. Between all the open source software, github, and stuff like this, I love the new MS.

You mean the Microsoft that thinks it owns the users computer and can force spying and updates on people unwittingly and or against their will? Yea real swell...

Re:Pooh-Pooh all you want. This is great news!

[slacka]

Remote shells for Windows have been available for decades. Hell I remember telnet server was included with NT net tools a lifetime ago. A lifetime before that directing command interpreter thru modem ports.... Anyone who really wanted one would already have one.

Remote shells? Yes! But SECURE, Remote shells? They have never had that built-in. I don't think you realize what a bad idea it is to communicate with you company's servers over plain text. And VPNs aren't always an option. I can always get ssh through, but I've been on plenty of networks that block VPNs. Not to mention needing additional VPN software and hardware key fobs. Give me pure ssh any day!

Re:Pooh-Pooh all you want. This is great news!

[Gadget_Guy]

Remote shells? Yes! But SECURE, Remote shells? They have never had that built-in.

Powershell's remote shell is secure, and that is built-in to Windows.

Re:Pooh-Pooh all you want. This is great news!

[guruevi]

But why in the hell do you want to shell out thousands of dollars on Windows Server ($6k or so to run unlimited virtualized environments?) for something that runs perfectly fine on (free) Linux.

Re:Pooh-Pooh all you want. This is great news!

[Anne+Thwacks]

Because Microsoft!

Re:Pooh-Pooh all you want. This is great news!

Mainly tools. VMWare and Hyper-V have a princely cost... but they come with tools, and the expertise to obtain people who know how to use them is pretty easy to get. OpenStack has a lot of promise, but it really isn't there yet, especially with features that the enterprise wants/needs like vMotion [1]. OpenStack also cannot be brought into compliance with PCI-DSS, or other standards as of Liberty/Mitaka, which makes it worthless for a lot of uses.

The ironic thing is that Oracle has their own virtualization technology with VirtualBox... and all they need to do is make a L1 hypervisor with that with various tools to manage it, and they would kick VMWare to the curb, provided their licensing fees were reasonable.

[1]: Yes, pets/cattle is a buzzword, and it works well for things like static web servers that keep synced via Varnish/lsync... but there are things like Oracle RAC which cannot really be Docker-ized.

Re:Pooh-Pooh all you want. This is great news!

[Hadlock]

It's probably an R2 feature, so right, 2018. I can't possibly see them shoe horning something as foundational as SSH in to Windows at the last minute and expecting it to be secure and with low overhead.

Re:Pooh-Pooh all you want. This is great news!

[bloodhawk]

tools and management. The licenses are a pittance compared the cost of the hardware and the peoples time running them.

Re:Pooh-Pooh all you want. This is great news!

[WaffleMonster]

Remote shells? Yes! But SECURE, Remote shells?

Everyone used telnet at the time.

They have never had that built-in. I don't think you realize what a bad idea it is to communicate with you company's servers over plain text.

As I said in the text you didn't bother quoting multiple vendors offer ssh servers for windows. Anyone who wants ssh access to windows already has it. What does it matter if it is built in or not?

Re:Pooh-Pooh all you want. This is great news!

[Billly+Gates]

It is $6,500 plus per core cpu costs for VMWare. Hyper-V comes free with the server license

Re:Pooh-Pooh all you want. This is great news!

[Bert64]

Your losing a lot of the flexibility and security of SSH by doing it via RDP, eg if your using key based auth then your key must be stored on the rdp host, and you can't pipe stuff back and forth to your local machine..
Also, putty is pretty dated when it comes to encryption ciphers it supports, so you need to maintain a weak ssh configuration on your hosts.

Re:Pooh-Pooh all you want. This is great news!

The ironic thing is that Oracle has their own virtualization technology with VirtualBox... and all they need to do is make a L1 hypervisor with that with various tools to manage it, and they would kick VMWare to the curb, provided their licensing fees were reasonable.

I work for Oracle, and I don't understand this any better than you do. All we hear from PMs is that we have to support running our products inside VMs, and "VMs" *always* means "VMWare VMs". They don't appear to give a shit about their own virtualisation product, even though we all use it ourselves and think it rocks. Talk about a disconnect...

Re:Pooh-Pooh all you want. This is great news!

[Zontar+The+Mindless]

You mean the Microsoft that thinks it owns the users computer and can force spying and updates on people unwittingly and or against their will? Yea real swell...

That would be the Microsoft that lets you pay for the system, then purports to rent it back to you, hoping you'll not notice, yes.

Re:Pooh-Pooh all you want. This is great news!

[AmiMoJo]

Because $6k is s small change compared to the cost of a few admins familiar with Linux. There are far more admins familiar with Windows, so you can pay them less, so your $6k is saved in a few months max.

Oh, and there is the option to move your virtualized servers into the cloud. Microsoft makes it really easy to migrate, or just buy extra capacity from Azure. I'm sure there are people offering something similar for Linux, but you can bet it's not as good.

Re:Pooh-Pooh all you want. This is great news!

Hardware? The ironic thing is that the biggest reason why I've seen some places keep and maintain a SPARC Oracle RAC cluster is due to Oracle's licensing. Licensing a SPARC CPU meant a lot more bang for the megabuck (and with Oracle DB servers, I'm talking seven digits) as opposed to x86. Same with POWER. It actually is cheaper to have those architectures in place compared to x86 because of Oracle's licensing.

On a different note, Oracle reminds me a lot about Symantec. A lot of cool technologies, but they just never use them. Oracle can be out there slashing VMWare's throat just by throwing a few devs at VirtualBox, adding features to compete with VMotion, HA, and fault tolerance, and charging significantly less for license fees. If Oracle does this, they will actually get businesses who are tired of AWS's costs moving their stuff back in-house because it would be cheaper overall [1]. Heck, Oracle could put VirtualBox into the x86 BIOS/UEFI so machines can ship ready to go with just a minimum of provisioning needed and a hypervisor ready to go.

With ownership of the entire stack from the hardware on up, Oracle could even make dedicated boxes optimized from the ground up for compute node work, or add Infiniband (a la EMC Isilons), and this would allow for drives to be added to one node, expanding the space on all in a cluster (with redundancy across nodes and drives baked in.) A SAN would still be needed, but it would give a tier of relatively cheap drives available as an alternative.

Wish Oracle would do something with all the cool stuff they have. It would earn them more money in the long run.

[1]: Yes, AWS is great for peak load, but someone has to pay for those servers, somewhere.

Re:Pooh-Pooh all you want. This is great news!

[thegarbz]

Does Exchange run on Linux yet?
What about Sharepoint?

Re:Pooh-Pooh all you want. This is great news!

[guruevi]

Can you pay Windows sysadmins minimum wage? Wherever I look, I don't see 120k/year difference in wages (I assume a full time sysadmin would have to handle at least 10, if not 100 servers). And a sysadmin that just knows Windows is a bad sysadmin, I would never hire someone that is a one trick pony.

Re:Pooh-Pooh all you want. This is great news!

[guruevi]

Sure: OpenChange, Zimbra can pretty much drop-in replace Exchange. For Sharepoint, there are plenty of wiki's and document management systems around, Sharepoint isn't even the best (or most used) at it.

Re:Pooh-Pooh all you want. This is great news!

[thegarbz]

OpenChange, Zimbra can pretty much drop-in replace Exchange

Yep, every time I've heard something like that it has ended in tears. Exchange remains a killer app with no real comparison. It's not an email server, it's a complete communications hub which puts the company in control of email management and policy.

For Sharepoint, there are plenty of wiki's and document management systems around, Sharepoint isn't even the best (or most used) at it.

Wiki? Sharepoint isn't a wiki or a document management system. It's an all things to all people behemoth that people use to run their entire companies. As soon as someone hears that it integrates with SAP that's the end of it. In terms of flexibility it's the best thing out there. A true nasty piece of shit to get working and to use, but quite frankly still a killer app for any business that uses it.

The biggest thing you're missing is the end users. The point of the Windows server ecosystem isn't that it provides some servers, it's that it seamlessly integrates with end user apps in ways only Microsoft can (because Microsoft control those end user apps).

Brilliant move to break encryption

[nashv]

This, friends is how you break SSH security.

You use Windows to SSH , and Windows 10 "telemetries" to Microsoft, thereby given them access to the encrypted traffic. What do you call this strategy where you fool people into initiating secure communications on an insecure device?

Stuff that matters

This is.

Re: Windows 10

[spectrum-]

A lot of people clung to XP up to the end too. Some even pay to keep it supported by MS or third party. But all OS have a usable lifespan in normal home or corporate implementations.

Re: Turd

[spectrum-]

Powershell has some great features and ideas. And whilst it can be great to script in, it is very long winded to just type and use in an adhoc fashion. Sure there's aliases but its still a bit tedious.

The other thing power shell needs is more social interaction and perhaps just a bit more fun. I guess it's still quite new and evolving. Bash is ancient relatively speaking.

I'd like to see stuff like figlet, write, wall, mutt natively in powershell so it becomes more of a destination than a mere dull workhorse of productivity.

When?

[ChunderDownunder]

Still running the general release 10240 build.

Allegedly there was some November update that was aborted.

Re: Turd

[Ol+Olsoc]

I'd like to see stuff like figlet, write, wall, mutt natively in powershell so it becomes more of a destination than a mere dull workhorse of productivity.

Be patient - they have to get the keylogger working correctly first.

Re: Windows 10

[ChunderDownunder]

DOSBox?

Microsoft stopped shipping MSDOS (via Windows Millennium Edition) a long time ago. If you've had 15 years to transition off DOS and Win16 applications that worked only via a compatibility mode of XP then I don't think you can blame MS for not giving your customers ample time to update.

Pity there isn't a -1 ; Conspiracy Theory mod

[Sycraft-fu]

Slashdot needs ones. Seriously, for a community that claims to hate FUD, the OSS types sure like spreading it when it is about the "right" groups. If you actually care about what kinds of things the telemetry communicates back at various settings, the information is all out there for you. No, SSH data isn't one of them. However I am going to imagine you don't, and this is just crap you want to fling at "the bad guys" because you can.

Also a thought for you: Your OS, by definition, has access to anything any program on the system is doing. What would stop it from looking in at any 3rd party SSH server you ran, if you think it does that?

Re:Pity there isn't a -1 ; Conspiracy Theory mod

"Also a thought for you: Your OS, by definition, has access to anything any program on the system is doing. What would stop it from looking in at any 3rd party SSH server you ran, if you think it does that?"
*My* OS doesn't send data off to 50 different IP addresses when I've disabled all the phone-home settings (e.g. looking for updates, setting time via NTP, etc). I can't say the same for the latest batch of MS products, and I can't tell what in the holy hell the purpose for these 50 odd connections is. So while it is *technically* possible for some 3rd party SSH to do this, I could tell if it were since I can eliminate any variables. With Microsoft and the 50 fucking IP addresses of fuck-knows-what, I have to take it on blind faith that it's *not.*

Re:Pity there isn't a -1 ; Conspiracy Theory mod

[sonamchauhan]

You: "I'm your new owner, don't call home"
Windows 7 et al: "OK"
  "Hmm... it obeyed me"

You: "I'm your new owner, don't call home"
Linux et al: "OK"
  "Hmm... it obeyed me"
  "Hmm... its meant to obey me"

You: "I'm your new owner, don't call home"
Windows 10: "OK, jump through these extra hoops"

  "No, not obeying me"

Re:Pity there isn't a -1 ; Conspiracy Theory mod

[Ol+Olsoc]

telemetry communicates back at various settings, the information is all out there for you.

Where? Where is the specific information? The Microsoft Privacy policy is so vague it is laughable.

You have a Donald Trump Level of denialism, coward.

Re:Pity there isn't a -1 ; Conspiracy Theory mod

[nashv]

Please point me to the place where the information where Microsoft provides the detailed information about what telemetry data is collected. I don't think you can because I've checked and such a document does not exist. It is not 'out there' and while I only present a hypothesis, you are simply factually wrong (aka full of shit).

>Also a thought for you: Your OS, by definition, has access to anything any program on the system is doing. What would stop it from looking in at any 3rd party SSH server you ran, if you think it does that?

Exactly. The point is that it shouldn't be doing anything remotely close to that. And with Windows, I have no way of knowing if it is. You just supported my point.

Re:Pity there isn't a -1 ; Conspiracy Theory mod

[penguinoid]

FUD is only a bad thing when it is manufactured artificially with no regard to truth. Vaccines causing autism, preached by someone selling a "safer" alternative? FUD. CO2 increasing average global temperatures? Uncomfortable truth. A little CO2 might cause the collapse of civilization/end of the world? FUD.

Re:Pity there isn't a -1 ; Conspiracy Theory mod

[Ol+Olsoc]

And you are avoiding the question, Olsoc.

No avoidance at all, I'd provide you a link, but I can only access that on my W10 computer. They might block it from other browsers/OS'. They say they collect information about you, and say they collect keystroking. If that doesn't say keylogging to you, your Check is waiting for you.

Re: Windows 10

[Gadget_Guy]

Backwards compatibility isn't one of the important goals, and in some cases, incompatibility is the goal.

And yet the link you supplied to support this theory states that the AARD code only affected a particular beta version of the operating system. That situation was more about targeting tests than lack of backwards compatibility.

A lot of code that stopped working (for example in the change to Vista) was because the developers did things that were outside the published API and often specifically discouraged by the official documentation. Despite what a lot of people say, Microsoft does work hard to ensure backwards compatibility. I have been able to run programs written for Windows 3.1 on my Windows 7 system. It would probably work on the 32-bit version of Windows 10 too, but I haven't tested that.

cygwin

[dltaylor]

I needed that functionality on Win 7, along with other tools.

Dropped Cygwin onto it, and it works pretty well.

http://cygwin.com/

Re:cygwin

[GeekBoy]

And you can get a bash shell.....

SSH into windows to get a powershell? No thanks.

Re:cygwin

Cygwin fucking sucks

Meet Shino, the Surveillance Turd

I wouldn't trust Microsofts SSH implementation, it seems every new day reveals some surveillance feature. From disks that encrypt, but send off the password to Microsoft, to Telemetry that continues to send data to UK servers (which is in the grip of GCHQ mass surveillance), even if you opt out.

So what would their SSH server do? Backup passwords to Microsoft? Clone the stream to a UK server?

Re:Meet Shino, the Surveillance Turd

[Lennie]

The implementation of OpenSSH will use the Windows encryption libraries and random number generator, just like their implementation of SSL/TLS used by their webserver and browsers. If you are using Windows, a least some lof of the time you'll probably using at least one of those. Even if it's just to retrieve and verify Windows Updates.

So if you don't trust those... why would you use Windows in the first place ?

Re: Windows 10

[ChunderDownunder]

No but I wouldn't expect a company to indefinitely support a compatibility module for a technology that they haven't actively developed for over 2 decades. I don't hear anyone complaining in 2016 that OS X won't natively run Mac OS 7.1 applications from the early 90s.

Yes, we are still a long way from Mars

[Provocateur]

isn't the same as either cmd.exe or powershell.exe, but there is a lot of overlap in functionality

Sorry, Major Tom, we have a long way to go
when we still have to apologize for their efforts.

It has been an interesting journey, Ground Control.

Another Dimension

[Etherwalk]

Pity there isn't a -1; Conspiracy Theory mod

Modding should really be happening along more than one dimension. With a nerd crowd you could easily have multiple scoring systems side-by-side. For example, a 543 might be 5 (insightful or informative), 4(funny), 3(mainstream v. conspiracy). Someone can have an insightful comment that is a bit conspiracy theorist--like most accurate comments about spying that would have been made pre-Snowden, for example.

For some definition of 'forward-looking'

[Junta]

I applaud them finally embracing a sensible remote shell strategy. I recall many heated debates where MS would say all sorts of nasty things about ssh.

However, I can't say that implementing decades old terminal function and ssh is 'forward looking'.

Re:For some definition of 'forward-looking'

[arth1]

Didn't they already do this, though?
I seem to remember that Microsoft Services For Unix (SFU) had an optional ssh component too.

Re: Turd

I've been wanting Windows to get full Unix emulation, and even better, built in compiler support like a Unix box. I want to be able to test and run python scripts that will run on Unix vms on my box through pycharm without having to use a remote vm environment. Right now, it's easier to use a macbook pro. You'd think some monkey in marketing would have caught on to this fact.

Of course ntfs file permissions behave differently than Unix file permissions but I think that is reconcilable. I know there is cygwin but that's not the same, it's more effort with that, and a lot if things can't live in both worlds.

Re: Turd

Sycraft-fu says that you are an idiotic, paranoid, conspiracy theorist for daring to state that Windows 10 contains spyware.

Re: Turd

[ArmoredDragon]

I've done a lot of neat stuff with powershell, for example I created a powershell script that gathered information about one system (using the Get-WmiObject Win32_SystemEnclosure to retrieve i.e. a computer's brand name, serial number, bios version, etc) and opened a TCP socket to feed that information to another system across the network that had a listening server which was also written in powershell.

But yeah, it totally violates the KISS principle. It's hard as fuck to look up certain information about the system because the way it's stored and retrieved is almost never intuitive (for example, you literally have to generate an XML file and then parse said file in order to get some stuff.)

It's also very hard to figure out how to do something you might not have done before, or have done very rarely, because the command names are so long that they're difficult to remember. There are shorter aliases, but they don't have any consistent naming (for example, Get-WmiObject can be shorthanded as gwmi, whereas a command like Add-PSSnapIn is shorthanded as asnp) making them also harder to remember.

I would much rather just have bash, and do that server stuff I did with tools like netcat, which although uses a separate binary, is FAR simpler than the method I used with powershell, while also having tools like dd to be able to manipulate binary blobs, and dummy block devices like /dev/zero, /dev/random, and even the ability to directly read/write to hard disks as if they were ordinary files.

If Microsoft did that, and had a good package manager for command line tools with the ability to add third-party repositories (like aptitude does) with options to compile from source (like portage does) I might actually consider using it for servers now and then. But because it doesn't, I only use it for servers either when an application requires it (as in, no Linux version available, but this is quite rare for applications meant for servers) or for active directory (also only occasionally needed.)

Re: Turd

[Ol+Olsoc]

Sycraft-fu says that you are an idiotic, paranoid, conspiracy theorist for daring to state that Windows 10 contains spyware.

He's just practicing the latest version of denialism.

Re: Turd

[arglebargle_xiv]

I've done a lot of neat stuff with powershell, for example I created a powershell script that gathered information about one system (using the Get-WmiObject Win32_SystemEnclosure to retrieve i.e. a computer's brand name, serial number, bios version, etc) and opened a TCP socket to feed that information to another system across the network that had a listening server which was also written in powershell.

You work for Microsoft on Windows 10 then?

Re: Turd

[mlts]

This. I'd love the ability to provision a Windows box, toss a SSH key on it and have it ready to be managed via Ansible.

On the development side, being able to Vagrant up a Windows box as easily as I do other boxes would be nice, and make life a -lot- easier when it comes to testing. If I need to create a Windows box to make sure a certain set of Registry settings works, it would be nice to create a base box, boot it, have Vagrant provision it, and have it ready to go. Then, when I want to prove my stuff works to another developer, I point them to the repository with my Vagrantfile and provisioning scripts.

Vagrant is a wonderful tool for testing in the UNIX environment. It (pretty much) guarantees that I will have the exact same environment for testing as the developer, and if their code works in a Vagrant box, it will work in mine. I'd love to have the same ease of use on the Windows side. The closest I can come to this is a WIM image and a directory full of MSI files.

A famous old quote comes to mind

Those who do not learn from Unix are doomed to re-invent it.... poorly.

Maybe next decade they will let more than 2-3 folks login via RDP at once without paying Citrix or MS buku bucks, but I don't want to go crazy here. They almost have all the features of LVM in their new storage model, now also... almost. Maybe in the 2020's they'll port over an ancient copy of ZFS.

Fuck MS they cannot be forgiven for previous skulduggery. I can see all the MS Powershell hipsters patting each other on the ass for this, but I could give a fuck what 20-40 year old features they are finally able to reproduce.... poorly.

Re: Turd

[chispito]

It's also very hard to figure out how to do something you might not have done before, or have done very rarely, because the command names are so long that they're difficult to remember. There are shorter aliases, but they don't have any consistent naming

How can you complain that PS cmdlets are both too long to type and difficult to discover? They for the most part follow a very straightforward convention of [approved verb]-[specific noun]. Like Get-childitem, add-content, export-csv, etc. There is no rhyme or reason to the naming on Unix commands. Good luck discovering the utility you're looking for the first time without Google. And you really can set aliases quickly in PS so I see that method as being the best of both worlds. Complain all you want about ps performance or lateness on ssh or whatever, but it is incredibly easy when it comes to discovery.

Re: Turd

[MightyMartian]

What do you mean no rhyme or reason? The basic toolset; cat, sh, mv, rm, and so forth are mnemonics. The point being to make the commands as short as possible while retaining some semblance of meaning. For me Powershell's absurdly verbose naming scheme is as good a sign as any that Microsoft has never really understood CLI work.

Re:Turd

[Provocateur]

not flamebait; just the facts, ma'am.

The surprise is, MS servers want to collect data on this turd. Very dis turding...

Windows Is Dead.

Windows Is Dead.

Re:Windows 10

[sonamchauhan]

Exactly! Using Windows 7 Pro at home and at work here.

but why ?

[steveoc]

Not sure why anyone would care ... the whole "Windows 10 experience" is such a horrific platform to try and do any work done on ... fixing the shell is a noble step indeed, but there are so many other show stoppers on that system, that its just a drop in the ocean.

Re:but why ?

[modmans2ndcoming]

Like?

Re:but why ?

[thegarbz]

Why? Putting all the privacy shit aside I don't see Windows 10 any different for getting work done than Windows 7. Both of which have the edge over Vista with better window handling.

There's a lot of things to complain about on Windows 10, getting work done on it is not on that list.

Re: Windows 10

[Bert64]

Microsoft try very hard to retain backwards compatibility, and there are all kinds of nasty hacks for that purpose...
The problem is that many things in windows were just so poorly designed that improvements can't really be made without breaking compatibility, scroll up and look at the post about console windows for instance.

Fifteen mentions of Windows on the front page ..

[tetraverse]

Fifteen mentions of Windows on the front page. Is this how slashot is going to re-connect with the technology sector?

FORWARD looking?

[tigersha]

OpenSSH came out in 1999. We are now in 2016. Which means Windows in 17 years behind the curve. When OpenSSH was available for BSD Windows ME was the new hotness and Windows 2000 did not exist yet, never mind XP and 7.

What part of "Forward" am I missing?

Re:FORWARD looking?

[Ash-Fox]

I've had OpenSSH running on Windows for many, many years now. I don't know what your problem is?

Re: Turd

[zifn4b]

For me Powershell's absurdly verbose naming scheme is as good a sign as any that Microsoft has never really understood CLI work.

Once upon a time in a galaxy long long ago there was an operating system that had batch scripting and short terse commands like: DEL, DIR, TYPE, CD, ATTRIB, COPY, ECHO... It ran on machines that had 640K of memory because that ought to be enough for anyone...

I think Microsoft did actually understand at one time but somehow that was lost somewhere along the way...

Re: Turd

[IamTheRealMike]

They haven't. When I first tried to use PowerShell it frustrated me so much I wrote an entire article about it. Calling PowerShell a shell is a huge stretch: it's really just a strange and verbose scripting language.

You have to laugh

[simpz]

When Windows NT first made an appearance all the Unix people were told your obsession with terminals is so outmoded that we haven't put support into NT.

I think the Unix guys are getting the last laugh...

Re:You have to laugh

[modmans2ndcoming]

Then Microsoft grew up and became a completely different company that values the needs of their enterprise customers.

Re: Turd

[ArmoredDragon]

LOL I did that in an IT shop that was primarily Microsoft driven. I was working Tier 2 tech support (also called Desktop Support) and because I wasn't a Tier 3 tech (system engineer they were called) I had to work within the limitations of what the systems already had installed. The actual system engineers were retarded though and didn't know how to manage active directory worth shit, so I ended up finding broken shit all the time and having to build workarounds for said broken shit.

This particular script was meant as part of a system to automate provisioning employee laptops, because their existing process was rather manual, and usually took about 30 minutes. After I wrote up a bunch of powershell scripts, I turned it into a 1 minute job. This is what the tech 3 guys should have been doing, and if so they could have come up with a more elegant solution. But then again, I found that they had a very narrow understanding of Microsoft infrastructure, of which I care little for myself as I'm mainly a network guy (speak of which, I was frustrated when they had all of about zero understanding of the OSI model, which when it came down to troubleshooting a problem with NTLM authentication, they blamed it on a wifi driver when it was obviously a session layer problem, and they had no fucking clue what "session layer" even means.)

But you know, they're Tech 3 and I'm only Tech 2, so they're right of course. Fortunately I don't work there anymore.

Re: Turd

[ArmoredDragon]

How can you complain that PS cmdlets are both too long to type and difficult to discover? They for the most part follow a very straightforward convention of [approved verb]-[specific noun]. Like Get-childitem, add-content, export-csv, etc.

Ok here's the problem: It's never clear when you need to get content or get object or get whatever other verb they want to use. There's so much different ways of retrieving information because the way its stored is never consistent. For example, if I want information about the CPU, that's a WMI object. If I want information about running processes, that's another type of object.

But bash? Everything can be treated as an ordinary file. EVERYTHING. All system objects that you want to examine can be grabbed using THE SAME COMMANDS, thus parsing those objects feels identical and very consistent. Once you are familiar with cat, dd, grep, sort, sed, and awk, that's it, you can manipulate any object you want however you want.

But with powershell, with a new object type comes a new command to learn along with its syntax and quirks.

Re: Windows 10

[Ash-Fox]

I guess you don't use vi.

Why would you use vi instead of vim?

Re: Windows 10

[Ash-Fox]

Every Windows upgrade the past 15 years has been a disaster wrt backwards compatibility

Most applications seem to be running fine here?

If you want to see a few decades of disaster (or lack of) with backwards compatibility though... Just look at OS X.

I hope it has a lot of features

[modmans2ndcoming]

If it is feature-ful enough to complete with the 3rd party terminal clients companies could save a lot of money when they migrate to windows 10.

Re: Turd

[chispito]

The basic toolset; cat, sh, mv, rm, and so forth are mnemonics.

Funny you used those examples. Three out of the four of those work out of the box in PowerShell because MS included them as aliases. You can be as sleek and incomprehensible as you would like in PS. Nobody is stopping you.

For me Powershell's absurdly verbose naming scheme is as good a sign as any that Microsoft has never really understood CLI work.

Again... see comment re: aliases. New-Alias [alias] [cmdlet].

Having both the long name when you are trying to discover commands and shorter aliases for day to day work is convenient. I use PowerShell day in and day out at work, and there are lots of problems with it. The uniform naming convention is a strength, not handicap.

Re:What good is SSH when there's no security?

[kheldan]

Hey, buddy, don't come crying to me when you come home one day and discover that Clippy has gone through your underwear and sock drawers, neatly folded and organized all the above, discarded the ones with holes in them, ordered replacements, and emailed you a recommendation for brands of non-chlorine bleach to get those nasty stains out of the crotch of your tighty-whities.

Windows has native sshd, Linux has Systemd.

[See+Attached]

Windows will get a boost, and Linux gets generified?

Re: Turd

[MightyMartian]

And I can create Powershell like aliases in Bash. What precisely is your point? The naming scheme is terribly verbose.

Re: Turd

[chispito]

It is verbose so you can find new commands on your own, and so you know the general function of something by its name. If someone learns the help system (get-help) and command discovery (get-command), it is usually easy to find a command. All information retrieval commands start with Get. All commands that change settings start with Set.

Please tell me, because I have a lot to learn in *nix, how would I figure out to use chmod to change permissions if I was previously unaware of the command name? How do I discover the correct commands without asking someone online or offline? By the way, the command to change file permissions (or other system object permissions) in PS, set-acl, is really unwieldy. If I were having to use it a lot on the fly in the command line, I would probably end up writing a helper function to make it simpler to supply the user and permissions level.

Re: Turd

[MightyMartian]

If you are that unaware of the system, anything less than a book isnt going to help. It's a crap analogy.

Re: Turd

[chispito]

For example, if I want information about the CPU, that's a WMI object.

That's a perfect example of were MS dropped the ball. WMI is very powerful, very inconsistent, and very slow. You use Get-WMIObject because there is no PS native command to get that information like there should be. It's duct tape for your duct tape.

Re: Turd

[ArmoredDragon]

Is that to say all config files in Unix are consistent?

They're all consistent in that they're all just plain text. All you have to do is open it and you'll know what sed parameters you want to use to extract the value you want. For example, I wrote a script that does autodiscovery of your mythtv mysql username and password by pulling it directly from a config xml file, and I didn't even need to get a special xml parser to do it. That code looks like this:

DBUSER="$(awk -F '[]' '/UserName/{print $3}' $CONFIGXML)"
DBPASS="$(awk -F '[]' '/Password/{print $3}' $CONFIGXML)"

I didn't know how to do this before I wrote that, by the way, I just looked up the syntax for awk and got it to work. I tried parsing XML in a similar manner in powershell once, and could never figure it out and just gave up.

Re: Turd

[unrtst]

I'm not sure you chose the best examples...

Please tell me, because I have a lot to learn in *nix, how would I figure out to use chmod to change permissions if I was previously unaware of the command name?

You said "change permissions", so maybe try "ch[tab][tab]", where you'll find a bunch of commands that change things (attributes, permissions, group, password, virtual terminal, etc).
Though I've never got into the habit of using it, I believe the recommended way, via the shell at least, is to use "info". So, you would type "info", it'd bring up the default page, then you'd search for "permission" by typing "/" for search (which is a common idiom) then typing permission and hitting enter. The first entry on my system is for "File permissions: (coreutils)File permissions.". Hit enter on it. It gives some brief into and another menu. Select the "Symbolic Names", and then there's info on that and links to how to set, copy, change special bits, etc.

By the way, the command to change file permissions (or other system object permissions) in PS, set-acl...

How would you find that? I assume you'd start by typing "set-", but then what? Why would you think to type "acl" for file permissions?

And yes, I know what "acl" stands for, but that's no more clear to someone searching for the command than chmod. Even if you were looking for "acl", you'd still end up finding "chacl", which does the same job as chmod.

forward looking....

[The_Revelation]

I'm not sure if the Powershell team could ever be considered 'forward looking' if all they ever manage to do is port more parts of *nix into Windows - I mean, thats all Microsoft does. "How can we make Windows 3.1 more like *nix?". At the same time they appear to pull in both directions "easier to use, touch interfaces, tiles-the-size-of-your-face" all the way over to "Windows version without GUI, poorly documented proprietary CLI with invisible dependencies".

I think if the Powershell team were forward looking in the slightest, they would have implemented SSH has the base of powershell, and created powershell commands into that environment, rather than deploying Powershell as it is, which is a bastardization of bash that duplicates the functionality of Open SSH with a stack of proprietary WMI instrument abstractions. In fact, I'd go a step further, Microsoft. Either fire the Powershell team, or ditch the Open SSH effort, because the two environments are not necessary, and I can only predict that it will expose more attack surface rather than providing a useful management interface.

Re: Turd

[bingoUV]

Please tell me, because I have a lot to learn in *nix, how would I figure out to use chmod to change permissions if I was previously unaware of the command name?

apropos permission
apropos file
apropos change

Re:What good is SSH when there's no security?

[kheldan]

Microsoft is the troll here, NOT ME! Will someone please boot the Microsoft shills off the site or something?

Re: Turd

[chispito]

Please tell me, because I have a lot to learn in *nix, how would I figure out to use chmod to change permissions if I was previously unaware of the command name?

apropos permission apropos file apropos change

Thank you so much. This is immensely helpful.

Re: Turd

[beastofburdon]

That was funny, but the scary part is that you may be right about it.

Re: Turd

[beastofburdon]

Except that DOS was bought from someone else. Micro$oft simply did not change the commands.