Mac vs. PC (vs. Linux)

Posted on By Mark Wilson
This content is 18 years old. I don't routinely update old blog posts as they are only intended to represent a view at a particular point in time. Please be warned that the information here may be out of date.

A few months back, I wrote a post about the Mac vs. PC ads (which, funny as they are, as a user of Macintosh, Windows and Linux PCs, I find to be a little misleading sometimes and downright untruthful others) before following it up when I heard an amusing Mac vs. PC parody on BBC Radio 4’s The Now Show. It was interesting to hear that Mac Format magazine judged the ads as ineffective because the largest group of consumers to whom they appeal are already Mac users (although Apple’s continuation of the Get a Mac campaign would suggest that it is working for them) and, in the comments on my recent post about some of the consumer-targeted features in Windows Vista being just as good as the functionality offered by Mac OS X, I was criticised for saying:

“Apple’s Get a Mac campaign draws on far too many half truths that will only become apparent to users after they have made the decision to switch, splashed out on the (admittedly rather nice) Apple hardware and then found out that the grass is not all green on the other side.”

Regardless of the effectiveness (or honesty) of the original ads, late last night, whilst researching for my rebuttal of those comments, I came across some more Mac vs. PC ads:

I’ve said before that the whole “my operating system is better than your operating system” nonsense is quite ridiculous really but the TrueNuff guys have it all just about summed up:

“Why would you love a Mac? Computers are computers. Macs are great. So are PCs. So are toasters – what’s your point? It’s just a computer – get over it.”

I’m enjoying the spoof ads though!

Creating a FAT32 volume in excess of 32GB

Posted on By Mark Wilson
This content is 18 years old. I don't routinely update old blog posts as they are only intended to represent a view at a particular point in time. Please be warned that the information here may be out of date.

A few months back I wrote about some of the issues I was having with using FAT32-formatted disks for data transfer between Windows, Mac OS X (and Linux) PCs, because although FAT32 supports file systems up to 2TB in size, the format utilities within Windows support a maximum partition size of 32GB and FAT32 only supports files up to 4GB (which doesn’t sound like an issue until you start copying .ISO DVD images and digital video files around).

Even though I use MacDrive for reading OS X disks on Windows XP, I still find it useful to have a FAT32 disk to back up the VMware Server virtual machine which I use to run Windows XP on a Linux notebook PC for my daily work. I did find a great utility a few weeks back for reading ext3 disks on Windows (I think it was Explore2fs), but it’s the universal acceptance of FAT32 that makes it so easy to use everywhere. The trouble is that my virtual machine is about 31GB in size and growing – consequently I needed to create a partition larger than 32GB.

In my original post, I mentioned that FAT32 volumes in excess of 32Gb can be created – Windows is able to read or write larger volumes it just can’t create them natively (the workaround is to use another operating system or third-party tools). In my case, I used the Mac OS X Disk Utility – the important point is to ensure that the disk options are set to use as master boot record (not a GUID partition table or an Apple partition map) after which MS-DOS File System becomes available as a formatting option, allowing me to create a FAT32 disk which filled my entire 55.89GB disk – plenty of room for my virtual machine files and more.

SSH addendum

Posted on By Mark Wilson
This content is 18 years old. I don't routinely update old blog posts as they are only intended to represent a view at a particular point in time. Please be warned that the information here may be out of date.

Since my recent posts about using SSH to securely remote administer Mac OS X, Linux and Windows computers, a couple of extra points have come up that are probably worth noting:

  • To use the console interactively, it may be better to use PuTTY (putty) than PuTTY Link (plink). In seems that PuTTY Link is fine for setting up a tunnel and then connecting using VNC, RDP or another remote control method but I found that control codes were echoed to the console window when I connected to a Linux of Windows computer and the command line experience was generally better using PuTTY interactively. This is because (quoting from the PuTTY documentation) “The output sent by the server will be written straight to your command prompt window, which will most likely not interpret terminal control codes in the way the server expects it to […] Interactive connections like this are not the main point of Plink”.
  • For another method of generating SSH keys, an online SSH key generator is available (I haven’t tried it myself).

Secure, remote administration of a Windows computer

Posted on By Mark Wilson
This content is 18 years old. I don't routinely update old blog posts as they are only intended to represent a view at a particular point in time. Please be warned that the information here may be out of date.

I was going to call this post “secure, remote administration of a Windows computer from within Windows” but that sounds a bit odd, unless you realise that the last two posts have been “secure, remote administration of a Linux computer from within Windows” and “secure, remote administration of a Mac OS X computer from within Windows“. Basically, after getting SSH tunneling to work for administering Mac OS X and Linux machines, I thought that it would make sense to apply the same principles to Windows.

John Fitzgibbon’s comparison of free SSH and SCP programs for Windows 9x, NT, ME, 2000 and XP explains the various SSH server options for Windows but one option he doesn’t mention is Tevfik Karagülle’s CopSSH, which I found on a list of free SSH implementations recommended by OpenSSH.

CopSSH bundles parts of OpenSSL, OpenSSH and Cygwin into a Windows installer. It’s straightforward to install, and includes a GUI interface to activate a user for SSH, including the generation of a public/private key pair (saved to %programfiles%\copSSH\username\username.key and %programfiles%\copSSH\username\username.key.pub). The private key needs to be imported into PuTTYgen after which it can be saved in PuTTY’s .PPK format and used as previously described for Mac OS X and Linux. The only other point to note is that the sshd_config file is stored in %programfiles%\copSSH\etc and requires the same AllowTcpForwarding yes and PasswordAuthentication no settings as seen previously.

To access the desktop via VNC, I installed UltraVNC Server on the target machine noting there are two settings that need to be configured for a successful connection through the SSH tunnel:

  • A password must be defined for VNC connections.
  • Loopback connections must be allowed.

That’s fine for using an SSH tunnel to secure a VNC session, but why not tunnel remote desktop (RDP) connections to Windows servers instead of using VNC? In theory, all that should involve is changing the forwarded source port from 5900 (VNC) to 3389 (RDP) and setting the corresponding SSH port forwarding destination to localhost:3389 but Windows doesn’t like that, producing an error message as follows:

Remote Desktop Disconnected

The client could not connect. You are already connected to the console of this computer. A new console session cannot be established.

One suggested fix is to change the destination to use another address from the loopback range (e.g. 127.0.0.2) but I found this just directed me to my own machine (as might be expected with a loopback). For a while, it looked as though the resolution would be related to a change made in Windows XP service pack 2, which prevents connections to loopback addresses other than 127.0.0.1, and Microsoft knowledge base article 884020 includes a hotfix that alters this behaviour but I don’t think it helped me much (I later removed the hotfix and didn’t notice any differences). Eventually I got things working by creating a new forwarded source port of 3390 and destination of localhost:3389 for SSH port forwarding, after which I could connect using mstsc /v:loopback:3390.

It’s been an interesting few days getting acquainted with using SSH tunnels to securely connect to remote systems running a variety of operating systems – hopefully posting my experiences here will be useful to others.

Secure, remote administration of a Linux computer from within Windows

Posted on By Mark Wilson
This content is 18 years old. I don't routinely update old blog posts as they are only intended to represent a view at a particular point in time. Please be warned that the information here may be out of date.

Yesterday I wrote about using SSH to securely connect to a Mac from a Windows PC. At the time, I suggested that the advice should be equally applicable to a Linux system, or even to a Windows Server with an SSH server installed and I’ve since tested it with a Linux machine (running Fedora Core 5).

The Linux process is almost identical to my original post for Mac OS X, except that:

  • The sshd_config file is found in /etc/ssh.
  • SSH is enabled in the firewall using the system-config-securitylevel command.
  • The SSH deamon is restarted using the service sshd restart command.
  • GNOME includes a VNC server called vino, which needs to be enabled (users of other graphical environments will need to choose an alternative VNC server).

(Also… RTFM… I spent a lot of time trying to work out why I couldn’t connect, only to find that I’d neglected to place the public key in ~/.ssh/authorized_keys).

Falko Timme has written an excellent tutorial on key-based SSH logins with PuTTY which outlines all the key steps (in fact, if I knew that existed then I wouldn’t have spent so much time writing up the process here!) but Jeremy Mates’ OpenSSH public key authentication article includes a useful troubleshooting guide for public key authentication problems.

VNC is all very well for forwarding the entire desktop, but X11 forwarding can be used to run individual X applications on the Windows machine. Because Microsoft Windows doesn’t include an X Window server, it is necessary to download an X11 port for Windows – I used XMing. Once XMing (and the XMing fonts) were installed and running, I edited my PuTTY connection to enable X11 forwarding and ensured that the sshd_config file on the Linux box included X11Forwarding yes (that was the default on my Fedora Core 5 installation) and could launch an xapplication from within the PuTTY terminal window with xapplicationname & (e.g. xeyes &) (I found this information at the Linux Documentation Project). XEyes is nothing special, so how about running a Linux application on the Windows desktop… try mozilla & or gimp & – it feels “wrong” but it’s also pretty impressive and oh so “right” at the same time!

Using XMing to run X11 applications on a Windows XP machine

Secure, remote administration of a Mac OS X computer from within Windows

Posted on By Mark Wilson
This content is 18 years old. I don't routinely update old blog posts as they are only intended to represent a view at a particular point in time. Please be warned that the information here may be out of date.

In a recent post about multimedia file format conversions, ripping DVDs, playback and more, I linked to a number of Mark Pilgrim’s “How To” articles; however there was one which wasn’t relevant to that particular post – how to use your Mac from anywhere (although it is intended for remote control of a Mac the advice should be equally applicable to a Linux system, or even to a Windows Server with an SSH server installed).

A few months back, I blogged about using creating an SSL VPN to access my network but Mark’s video explains how to open a single firewall port and use SSH to provide a secure tunnel through which other protocols (in this case VNC) can be run for remote administration of a single computer. I tried it earlier and it’s very straightforward. Best of all, the software involved is all freely available under open source licensing agreements!

I recommend downloading Mark Pilgrim’s video for a full explanation but the notes below explain what is involved (some of the Unix concepts may be unfamiliar to those more used to a graphical environment and my quick introduction to Linux for Windows administrators might be useful):

  1. Download and install the PuTTY, PuTTYgen, Pageant and Plink SSH utilities on a Windows PC.
  2. Using puttygen, generate a public/private key pair and protect it with a passphrase. Save the private key to a file on the Windows PC and copy the public key to the remote computer (e.g. within a text file transmitted via e-mail or FTP).
  3. On the Mac, open a terminal session (either using the OS X Terminal application or an alternative such as iTerm) and enter the following commands from the home (~) directory:
    • mkdir .ssh (this was already present on my machine as I already had the SSH server running).
    • chmod 700 .ssh (again, I didn’t need to do this).
    • chmod 600 publickeyfilename (the default permission set is 640).
    • mv publickeyfilename .ssh/authorized_keys
    • sudo nano /etc/sshd_config (non-admin users may need to su - to an admin account first as explained in my earlier post about running sudo as a standard user) and make the following edits:
      • Allow SSHtunnelling (also known as TCP forwarding or port forwarding) by changing #AllowTcpForwarding yes to AllowTcpForwarding yes
      • (Optionally) Prevent the use of usernames and passwords for login (the public/private key pair and passphrase will provide the security for the connection) by changing #PasswordAuthentication yes to PasswordAuthentication no
      • (OS X 10.4 only) Disable pluggable authentication modules by changing #UsePAM no to UsePAM no
    • Exit nano and save the changes to /etc/sshd_config (exit to the original shell if su was previously used to escalate privileges).
    • Generate an SSH key fingerprint (to prevent man-in-the-middle attacks) using ssh-keygen -l -f /etc/ssh_host_rsa_key.pub and make a note of the fingerprint.
  4. Open TCP port 22 on any firewalls/routers between the Windows and Macintosh computers and enable port forwarding to the appropriate internal IP address (it may be necessary to apply a static IP address to the Mac but I prefer to use a DHCP reservation).
  5. If the external IP address for the network is not static (mine is) then use a dynamic DNS service to assign a DNS name so that it may be located on the Internet.
  6. Within the OS X System Preferences, Open Sharing and enable Remote Login (restart the service if it is already running in order to pick up the changes made earlier to /etc/sshd_config). Because password authentication has been disabled, remote login (SSH) will only be possible from a machine with the appropriate private key.
  7. Although OS X includes Apple Remote Desktop, which is a VNC server, alternatives such as Vine Server (OSXvnc) offer additional functionality. In particular, VNC is insecure by default; however by selecting to only allow local connections (require SSH) and start the system server (i.e. run as a service, rather than in the context of a particular user), it is possible to run a secure VNC server each time the system is restarted.
  8. At this stage, it should be possible to create an SSH tunnel to the Mac. On the Windows PC, run pageant which is a PuTTY helper application (SSH agent) to cache the passphrase for the private key, which adds a level of security if the PC is compromised but which would also become a nuisance if it needed to be repetitively entered. Add a key using the private key file generated in step 2 and enter the passphrase that was used when created the key.
  9. Next, run putty and enter:
    • The hostname/ipaddress in the basic session options.
    • The auto-login username for the Macintosh for the connection data.
    • The privatekeyfilename for SSH authentication.
    • A new forwarded source port of 5900 and destination of localhost:5900 for SSH port forwarding.
  10. Save the session with an appropriate sessionname and open the connection. On the first connection, the host key will be unknown; however the reported key can be compared with the one generated earlier to ensure that the host is the intended target computer. Assuming that all is well and the connection is allowed to continue, then a Welcome to Darwin! greeting should be displayed, along with a shell prompt.
    • If the connection fails and there is a prompt for the private key then Pageant is not correctly configured.
    • If there is a prompt for a password then /etc/sshd_config was not correctly edited.
  11. Unless command line interaction with the Mac is required, the PuTTY window can be minimised. In order to create the SSH tunnel automatically at login, a startup shortcut can be created with the target of "%programfiles%\PuTTY\pageant.exe" privatekeyfilename -c "%programfiles%\PuTTY\plink.exe" sessionname
  12. Finally, a graphical connection may be initiated with a VNC viewer such as UltraVNC. The connection should be made to localhost; however because localhost:5900 has been defined as the forwarded port in the SSH tunnel, the request is securely transferred to the VNC server on the Mac.

It’s worth noting that when I originally tried to test this configuration from a remote network I was unable to get past my employer’s firewall; however there are plenty of unsecured wireless networks around which I could use to test the connection!

Note that the original information that provided inspiration for writing this post is licensed under a creative commons attribution sharealike 2.5 license and consequently so is the information contained in this post.

My computer is better than your computer…

Posted on By Mark Wilson
This content is 18 years old. I don't routinely update old blog posts as they are only intended to represent a view at a particular point in time. Please be warned that the information here may be out of date.

A couple of weeks back, I posted some clips of spoof Mac vs. PC ads, as well as pointing out that the Apple campaign is a little… how can I put this… untruthful… at times. I couldn’t be bothered to report Bill Gates getting annoyed on US television over the whole Mac vs. PC thing but I can tell this whole episode has gone mainstream when British comedians start poking fun at the Mac vs. PC ads on BBC Radio 4.

I was laughing out loud when I heard last Friday’s The Now Show – so much so that I thought I’d share a short segment of the show here – thereby illustrating that the whole “my operating system is better than your operating system” nonsense is quite ridiculous really:

Jon Holmes: Let’s take two letters at the same time…

Mac: Dear Jon, I’m a Mac.
PC: And I’m a PC.
Mac: I wonder if you could settle, once and for all, the controversial debate that’s been raging as to which one of us is better for the home and which one is better for the office?
PC: Well it really is a tricky one that, isn’t it? Umm.

Jon Holmes: But the Mac or PC argument has of course been a source of techie conflict for years; personally I couldn’t give less of a t*ss either way – they both let you download p*rn don’t they – what’s not to like? But speccy computer enthusiasts on either side treat the Mac and PC divide like open war…

(gunfire/explosions)

Admiral Horatio Nelson: The Battle is won Mr Hardy. Those Mac-loving scum have taken their stupid mouse that has only one clicky button and turned tail and fled. We can claim victory over those who would dare prefer an OS X operating system that utilises GUI and Unix underpinnings.

(explosion)

(Windows exclamation sound)

Arghh!

Admiral Horatio Nelson: Mr Hardy! I’ve been hit by a spam e-mail! I thought this ship’s Windows anti-worm and virus software had been configured to prevent unsolicited e-mails. I am done for.

Captain Thomas Hardy: Sorry Sir, the ship’s firewall was down. IT say there was a .DLL file error in the hold.

Admiral Horatio Nelson: It is over Mr Hardy. My battle is lost. Kiss me Hardy.

Captain Thomas Hardy: No thanks Sir, someone might film it on their phone camera and put it on YouTube and we’d look well gay.

Jon Holmes: PC or Mac, Mac or PC it’s causing a national divide pitching brother against brother, cousin against cousin, spoddy geek against spoddy geek…

Geek: At my signal, unleash Dell.

Jon Holmes: However, Mitchell and Webb aren’t the first double act to advertise computers either. Punt and Dennis did one some years ago, back when they were famous, in which they too had to pitch computer against computer but back then, there was no real contest as to which was the best…

Sinclair ZX-81: Hello, I’m a Sinclair ZX-81.
Space Invaders machine: And I’m a Space Invaders machine in the pub.
Sinclair ZX-81: I’ve got up to 1K of memory, an external cassette recorder (not supplied) and a lead to connect me to the back of the television.

(pause)

Space Invaders machine: Yeah but I’m in the pub.

Jon Holmes: No contest!

Notice
The above work has been copyrighted by the British Broadcasting Corporation and the author believes that the republishing of the script and low-quality recording on this page constitutes criticism, review and news reporting under the terms of fair dealing in the United Kingdom Copyright, Designs and Patents Act 1988 (CDPA). It also represents free publicity for one of the BBC’s excellent programmes!

Mac vs. PC

Posted on By Mark Wilson
This content is 18 years old. I don't routinely update old blog posts as they are only intended to represent a view at a particular point in time. Please be warned that the information here may be out of date.


PC guy - Mac guy

A few months back, I commented that Apple’s Mac vs. PC ads were amusing but it still strikes me as odd that a company with a brand as strong as Apple’s would drop to what is effectively bragging. Anyway, despite the rumours of Mac guy Justin Long being replaced (which he appears to deny on his website), new ads are running and they are still amusing… even if they do sometimes sail a little close to the wind (more on that in a moment).

The ads have grabbed the public attention so much that there are even spoof ads:
Even Microsoft seem to be getting in on the act, and although the original source of the Zune vs. iPod clip below is unclear, it was reported to have been shown at a Microsoft event (I can believe that):

Meanwhile, the United States’ campaign has been so successful that it is now being rolled out in other parts of the world – David Mitchell and Robert Webb have been brought in as PC guy and Mac guy for the UK ads and it seems to work well (my favourites so far are definitely “Restarting” and “Virus“).

I said that Apple are sailing close to the wind here and this is why… I have to restart my Mac far more often than my Windows XP or Windows Server 2003 PCs – so that’s one of the UK ads that’s a blatant lie then. I’ll accept that view is a little subjective, so let’s objectively consider the new “Security” ad in the US which pokes fun at Windows Vista’s user access control:

…and here’s a screen shot from my Mac, after I change the default behaviour which allows me to run as an administrator although admittedly not as root (and with the client firewall turned off):

OS X authentication

I know the ads are largely about fun but isn’t this a case of the pot calling the kettle black?

Belated birthday wishes to Microsoft Windows

Posted on By Mark Wilson
This content is 18 years old. I don't routinely update old blog posts as they are only intended to represent a view at a particular point in time. Please be warned that the information here may be out of date.

It’s my first day back at work after the Christmas holidays and I’m catching up on my administration. Whilst working through a pile of unread IT news I realised that late last year, in amongst all of the Windows Vista launch news and comment, I missed Windows’ 21st birthday. Whilst I don’t intend to turn this blog into a history of personal computing, I’ve previously noted significant anniversaries (35 years of the Internet, 30 years of Microsoft, 30 years of Apple, 15 years of the world wide web and 25 years of the IBM PC) and as Microsoft Windows has had such a huge impact on my computing life it seems that this is another birthday that should not pass un-announced. For those who are interested to read why this is so significant, Martin Veitch wrote an interesting article about Windows’ 21 eventful years in IT Week recently.

Windows for beginners

Posted on By Mark Wilson
This content is 18 years old. I don't routinely update old blog posts as they are only intended to represent a view at a particular point in time. Please be warned that the information here may be out of date.

Earlier today, I was looking for a complete list of Windows environment variables and a spot of googling turned up Victor Laurie’s Computer Education website, which describes itself as “an educational site that is intended for the home user of personal computers… teaching some basic points about how they and their Windows operating systems work”. From a cursory glance, it looks to be a useful resource, with information written in a clear and concise manner.

Among his collection of sites, Vic also has a site called Surf the Internet Safely with advice for those who are worried about security online and a Windows Tips and Tricks blog with “selected tips on making Windows safer and easier to use”.

All of these sites look to be useful resources for those who are just getting started with a Windows computer (and for some more advanced home users too).