No „do you really want to leave“ windows any more, how nice is that!?
https://romanisthere.github.io

networking, computing, virtualization, automation
No „do you really want to leave“ windows any more, how nice is that!?
https://romanisthere.github.io
Don’t delete the content of „c:\windows\ccmcache\“ manually with the File-Explorer:
You need „local Administrator“ access to your computer.
Let SCCM to cleanup it’s cache for you:
1) open the „Control Panel“
2) select „Configuration Manager“
3) go to „Cache“-Tab
4) click „Delete Files“
Wait a second and the CCM-Cache is empty.
c:\Windows\ccmcache>dir
Volume in drive C is Windows
Volume Serial Number is 5Q4C-0K08
Directory of c:\Windows\ccmcache
23.09.2021 19:10 <DIR> .
23.09.2021 19:10 <DIR> ..
0 File(s) 0 bytes
2 Dir(s) 11.164.721.152 bytes free
While the „old“ SCAv1 built a virtual fence around all virtual processors („Intra VM Security Boundary“), SCAv2 lets processors of one virtual machine (VM) to run within a „common fence“ („Inter VM Security Boundary“) which balances security and performance for most workloads.
See https://www.vmware.com/content/dam/digitalmarketing/vmware/en/pdf/techpaper/performance/scheduler-options-vsphere67u2-perf.pdf for performance analysis.
esxcli system settings kernel set -s hyperthreadingMitigation -v TRUE
esxcli system settings kernel set -s hyperthreadingMitigationIntraVM -v FALSE
esxcli system settings kernel list -o hyperthreadingMitigation
esxcli system settings kernel list -o hyperthreadingMitigationIntraVM
[root@esx:~] esxcli system settings kernel list -o hyperthreadingMitigation
Name Type Configured Runtime Default Description
------------------------ ---- ---------- ------- ------- ----------------------------------------------------------------
hyperthreadingMitigation Bool TRUE TRUE FALSE Restrict the simultaneous use of logical processors from the
same hyperthreaded core as necessary to mitigate a security
vulnerability.
[root@esx:~] esxcli system settings kernel list -o hyperthreadingMitigationIntraVM
Name Type Configured Runtime Default Description
------------------------------- ---- ---------- ------- ------- ---------------------------------------------------------
hyperthreadingMitigationIntraVM Bool FALSE FALSE TRUE Restrict the simultaneous use of logical processors from
the same hyperthreaded core as necessary to mitigate a
security vulnerability within a single VM.
esxcli system settings kernel set -s hyperthreadingMitigation -v TRUE
esxcli system settings kernel set -s hyperthreadingMitigationIntraVM -v TRUE
Comments are greyed out by default, nobody should read them 😉 I don’t want to think about the comment-quality of the Atom-Sourcecode, just kidding 😉
To change the comment-colour to a fresh and visible green:
c:\>notepad c:\Users\<username>\.atom\styles.less
atom-text-editor::shadow { .punctuation.comment, .comment, .link.hyperlink { color: #88ff88; } }
Find the original source archive at https://www.chiark.greenend.org.uk/~sgtatham/putty/latest.html or get the Windows-Archive directly here: https://the.earth.li/~sgtatham/putty/latest/putty-src.zip
For example: Tweak the modal „Fatal Connection Error“ Dialog: Relax PuTTY: Suppress „Fatal Error“ Dialog
I’d chose MinGW to compile native Windows Applications: MinGW as build-environment for native Windows Applications
Using MinGw:
In PuTTY it’s all prepared for us – go to the „windows“ subdirectory:
C:\Program Files\mingw-w64\x86_64-8.1.0-win32-seh-rt_v6-rev0>echo off
Microsoft Windows [Version 10.0.19042.1110]
(c) Microsoft Corporation. Alle Rechte vorbehalten.
C:\> cd C:\\Users\\user\\Downloads\\putty-src_0-76\
C:\Users\user\Downloads\putty-src_0-76> cd windows
C:\Users\user\Downloads\putty-src_0-76\windows> mingw32-make -f Makefile.mgw
gcc -Wall -O2 -std=gnu99 -Wvla -D_WINDOWS -DWIN32S_COMPAT -D_NO_OLDNAMES -D__USE_MINGW_ANSI_STDIO=1 -I.././ -I../charset/ -I../windows/ -I../unix/ -D_WIN32_IE=0x0500 -DWINVER=0x0500 -D_WIN32_WINDOWS=0x0410 -D_WIN32_WINNT=0x0500 -c ../ssh2userauth.c
gcc -s -o plink.exe -Wl,-Map,plink.map agentf.o aqsync.o \
be_all_s.o be_misc.o callback.o clicons.o cmdline.o conf.o \
console.o cproxy.o ecc.o errsock.o ldisc.o logging.o \
mainchan.o marshal.o memory.o misc.o miscucs.o mpint.o \
noterm.o nullplug.o pgssapi.o pinger.o plink.res.o portfwd.o \
proxy.o raw.o rlogin.o sessprep.o settings.o ssh.o ssh1bpp.o \
ssh1censor.o ssh1connection.o ssh1connection-client.o \
ssh1login.o ssh2bpp.o ssh2bpp-bare.o ssh2censor.o \
ssh2connection.o ssh2connection-client.o ssh2kex-client.o \
ssh2transhk.o ssh2transport.o ssh2userauth.o sshaes.o \
ssharcf.o sshargon2.o sshauxcrypt.o sshblake2.o sshblowf.o \
sshccp.o sshcommon.o sshcrc.o sshcrcda.o sshdes.o sshdh.o \
sshdss.o sshecc.o sshgssc.o sshhmac.o sshmac.o sshmd5.o \
sshprng.o sshpubk.o sshrand.o sshrsa.o sshsh256.o sshsh512.o \
sshsha.o sshsha3.o sshshare.o sshutils.o sshverstring.o \
sshzlib.o stripctrl.o supdup.o telnet.o timing.o tree234.o \
utils.o version.o wcwidth.o wildcard.o wincapi.o \
wincliloop.o wincons.o windefs.o wingss.o winhandl.o \
winhsock.o winmisc.o winmiscs.o winnet.o winnohlp.o \
winnoise.o winnojmp.o winnpc.o winnps.o winpgntc.o \
winplink.o winproxy.o winsecur.o winselcli.o winser.o \
winshare.o winstore.o wintime.o winucs.o winx11.o x11fwd.o \
-ladvapi32 -lcomdlg32 -lgdi32 -limm32 -lole32 -lshell32 \
-luser32
gcc -s -o pscp.exe -Wl,-Map,pscp.map agentf.o aqsync.o be_misc.o \
be_ssh.o callback.o clicons.o cmdline.o conf.o console.o \
cproxy.o ecc.o errsock.o logging.o mainchan.o marshal.o \
memory.o misc.o miscucs.o mpint.o nullplug.o pgssapi.o \
pinger.o portfwd.o proxy.o pscp.o pscp.res.o psftpcommon.o \
settings.o sftp.o sftpcommon.o ssh.o ssh1bpp.o ssh1censor.o \
ssh1connection.o ssh1connection-client.o ssh1login.o \
ssh2bpp.o ssh2bpp-bare.o ssh2censor.o ssh2connection.o \
ssh2connection-client.o ssh2kex-client.o ssh2transhk.o \
ssh2transport.o ssh2userauth.o sshaes.o ssharcf.o \
sshargon2.o sshauxcrypt.o sshblake2.o sshblowf.o sshccp.o \
sshcommon.o sshcrc.o sshcrcda.o sshdes.o sshdh.o sshdss.o \
sshecc.o sshgssc.o sshhmac.o sshmac.o sshmd5.o sshprng.o \
sshpubk.o sshrand.o sshrsa.o sshsh256.o sshsh512.o sshsha.o \
sshsha3.o sshshare.o sshutils.o sshverstring.o sshzlib.o \
stripctrl.o timing.o tree234.o utils.o version.o wcwidth.o \
wildcard.o wincapi.o wincliloop.o wincons.o windefs.o \
wingss.o winhandl.o winhsock.o winmisc.o winmiscs.o winnet.o \
winnohlp.o winnoise.o winnojmp.o winnpc.o winnps.o \
winpgntc.o winproxy.o winsecur.o winselcli.o winsftp.o \
winshare.o winstore.o wintime.o winucs.o x11fwd.o -ladvapi32 \
-lcomdlg32 -lgdi32 -limm32 -lole32 -lshell32 -luser32
gcc -s -o psftp.exe -Wl,-Map,psftp.map agentf.o aqsync.o \
be_misc.o be_ssh.o callback.o clicons.o cmdline.o conf.o \
console.o cproxy.o ecc.o errsock.o logging.o mainchan.o \
marshal.o memory.o misc.o miscucs.o mpint.o nullplug.o \
pgssapi.o pinger.o portfwd.o proxy.o psftp.o psftp.res.o \
psftpcommon.o settings.o sftp.o sftpcommon.o ssh.o ssh1bpp.o \
ssh1censor.o ssh1connection.o ssh1connection-client.o \
ssh1login.o ssh2bpp.o ssh2bpp-bare.o ssh2censor.o \
ssh2connection.o ssh2connection-client.o ssh2kex-client.o \
ssh2transhk.o ssh2transport.o ssh2userauth.o sshaes.o \
ssharcf.o sshargon2.o sshauxcrypt.o sshblake2.o sshblowf.o \
sshccp.o sshcommon.o sshcrc.o sshcrcda.o sshdes.o sshdh.o \
sshdss.o sshecc.o sshgssc.o sshhmac.o sshmac.o sshmd5.o \
sshprng.o sshpubk.o sshrand.o sshrsa.o sshsh256.o sshsh512.o \
sshsha.o sshsha3.o sshshare.o sshutils.o sshverstring.o \
sshzlib.o stripctrl.o timing.o tree234.o utils.o version.o \
wcwidth.o wildcard.o wincapi.o wincliloop.o wincons.o \
windefs.o wingss.o winhandl.o winhsock.o winmisc.o \
winmiscs.o winnet.o winnohlp.o winnoise.o winnojmp.o \
winnpc.o winnps.o winpgntc.o winproxy.o winsecur.o \
winselcli.o winsftp.o winshare.o winstore.o wintime.o \
winucs.o x11fwd.o -ladvapi32 -lcomdlg32 -lgdi32 -limm32 \
-lole32 -lshell32 -luser32
gcc -mwindows -s -o putty.exe -Wl,-Map,putty.map agentf.o \
aqsync.o be_all_s.o be_misc.o callback.o cmdline.o conf.o \
config.o cproxy.o dialog.o ecc.o errsock.o ldisc.o logging.o \
mainchan.o marshal.o memory.o minibidi.o misc.o miscucs.o \
mpint.o nullplug.o pgssapi.o pinger.o portfwd.o proxy.o \
putty.res.o raw.o rlogin.o sessprep.o settings.o sizetip.o \
ssh.o ssh1bpp.o ssh1censor.o ssh1connection.o \
ssh1connection-client.o ssh1login.o ssh2bpp.o ssh2bpp-bare.o \
ssh2censor.o ssh2connection.o ssh2connection-client.o \
ssh2kex-client.o ssh2transhk.o ssh2transport.o \
ssh2userauth.o sshaes.o ssharcf.o sshargon2.o sshauxcrypt.o \
sshblake2.o sshblowf.o sshccp.o sshcommon.o sshcrc.o \
sshcrcda.o sshdes.o sshdh.o sshdss.o sshecc.o sshgssc.o \
sshhmac.o sshmac.o sshmd5.o sshprng.o sshpubk.o sshrand.o \
sshrsa.o sshsh256.o sshsh512.o sshsha.o sshsha3.o sshshare.o \
sshutils.o sshverstring.o sshzlib.o stripctrl.o supdup.o \
telnet.o terminal.o timing.o tree234.o utils.o version.o \
wcwidth.o wildcard.o wincapi.o wincfg.o winctrls.o windefs.o \
windlg.o window.o wingss.o winhandl.o winhelp.o winhsock.o \
winjump.o winmisc.o winmiscs.o winnet.o winnoise.o winnpc.o \
winnps.o winpgntc.o winprint.o winproxy.o winsecur.o \
winselgui.o winser.o winshare.o winstore.o wintime.o \
winucs.o winutils.o winx11.o x11fwd.o -ladvapi32 -lcomdlg32 \
-lgdi32 -limm32 -lole32 -lshell32 -luser32
C:\Users\user\Downloads\putty-src_0-76\windows>
C:\Users\user\Downloads\putty-src_0-76\windows> dir putty.exe
Datenträger in Laufwerk C: ist Windows
Volumeseriennummer: 1E1B-0142
Verzeichnis von C:\Users\user\Downloads\putty-src_0-76\windows
16.08.2021 20:16 981.504 putty.exe
1 Datei(en), 981.504 Bytes
0 Verzeichnis(se), 265.798.283.264 Bytes frei
C:\Users\user\Downloads\putty-src_0-76\windows>
C:\Users\user\Downloads\putty-src_0-76\windows> putty.exe
It is possible 😉 to donate to the original PuTTY developers – look here: https://www.chiark.greenend.org.uk/~sgtatham/putty/faq.html#faq-donations
It is possible to complie open source software like „PuTTY“ using the famous gcc open source compiler.
There are several „distribution“-like packages available on the web.
I found https://sourceforge.net/projects/mingw-w64/files/Toolchains%20targetting%20Win32/Personal%20Builds/mingw-builds/installer/mingw-w64-install.exe/download which worked „out of the box“.
Just a few settings to think about, I chose:
I changed from the default-settings:
to
I should contain C:\\Program Files\\mingw-w64\\x86\_64-8.1.0-win32-seh-rt\_v6-rev0\\mingw64\\bin
Using the following shortcut
When using PuTTY in „Multi-Tabbed“-Wrapper-Applications like MRemote-NG, Super-Putty, Putty-Connection-Manager, you name it, it’s absolute annoying that every connection-timeout pushes a modal pop-up window to the front (for every opened connection!) like this:
Since in those Applications the PuTTY-Window/Tab won’t get closed, or with „only on clean exit“
these modal alerts are absolutely pointless – when:
So there is some code required, to distinguish between:
Find it in „/windows/window.c“ – notice, that the modal popup will appear even when the PuTTY-Window won’t get closed.
/*
* Print a message box and close the connection.
*/
static void win_seat_connection_fatal(Seat *seat, const char *msg)
{
char *title = dupprintf("%s Fatal Error", appname);
show_mouseptr(true);
MessageBox(wgs.term_hwnd, msg, title, MB_ICONERROR | MB_OK);
sfree(title);
if (conf_get_int(conf, CONF_close_on_exit) == FORCE_ON)
PostQuitMessage(1);
else {
queue_toplevel_callback(close_session, NULL);
}
}
Much better for daily use – no annoyance anymore:
/*
* Print a message box and close the connection.
*/
static void win_seat_connection_fatal(Seat *seat, const char *msg)
{
char *title = dupprintf("%s Fatal Error", appname);
if (conf_get_int(conf, CONF_close_on_exit) == FORCE_ON) {
//show MessageBox before closing the PuTTY-Window
show_mouseptr(true);
MessageBox(wgs.term_hwnd, msg, title, MB_ICONERROR | MB_OK);
PostQuitMessage(1);
} else {
//print message into the PuTTY-Console
win_seat_output(seat,true,"\r\n\r\n",4);
win_seat_output(seat,0,"------------------- ",20);
win_seat_output(seat,0,title,strlen(title));
win_seat_output(seat,0," ------------------\r\n",22);
win_seat_output(seat,0,"- ",2);
win_seat_output(seat,0,msg,strlen(msg));
win_seat_output(seat,0,"\r\n\r\n",4);
queue_toplevel_callback(close_session, NULL);
}
sfree(title);
}
Take a deep breath 🙂
isn’t it beautiful?
It is possible 😉 to donate to the original PuTTY developers – look here: https://www.chiark.greenend.org.uk/~sgtatham/putty/faq.html#faq-donations
I’ve been wondering about the differences between the (free) Microsoft-Azure Online-Training and the (paid) AZ-303 Instructor-Led Training. After having a quick look at the „AZ-303 Exam Skills Outline“ there seems to be an 1:1-Mapping between „Exam Skills Outline“ and the instructor led training.
According to https://query.prod.cms.rt.microsoft.com/cms/api/am/binary/RE4psD6 the exam is made up from 15 modules:
The changes to the schedule starting at 25th of May 2021 are of cosmetic nature, Microsoft fixed some typos and removed some minor AAD-sub-topics…
1) Implement and Monitor an Azure Infrastructure (50-55%)
1.1) Cloud infrastructure monitoring
1.2) Storage accounts
1.3) VMs for Windows and Linux
1.4) Automate deployment and configuration of resources
1.5) Virtual networking
1.6) Azure Active Directory
1.7) Implement and manage hybrid identities (~Azure AD Connect)
2) Implement Management and Security Solutions (25-30%)
2.1) Manage workloads in Azure
2.2) Load balancing and network security
2.3) Implement and manage Azure governance solutions
2.4) Manage security for applications
3) Implement Solutions for Apps (10-15%)
3.1) Implement an application infrastructure
3.2) Container-based applications
4) Implement and Manage Data Platforms (10-15%)
4.1) Implement NoSQL databases
4.2) Implement Azure SQL databases
The official Microsoft Instructor-Led Training for AZ303 is made up of 15 Modules:
It should be possible to repeat a 5day class within 28 days
My WIFI is bound to my Internet-Router and it is seperated from my home-office by an routed stateful-firewall. Some WIFI devices (for example my printer) need access to this home-office ip-range.
The DHCP-Service of my pi-hole server usually offers just dhcp-option #3 – the default-gateway.
The pi-hole Web-GUI doesn’t allow to specify additional dhcp-options, so first disable offering the default-gateway-option:
which is not allowed (my opinion: a bug since this is no feature)
Stop here and use another dhcp-service?
Fortunately RFC3442 („The Classless Static Route Option for Dynamic Host Configuration Protocol (DHCP) version 4“) https://datatracker.ietf.org/doc/html/rfc3442 states:
If the DHCP server returns both a Classless Static Routes option and a Router option, the DHCP client MUST ignore the Router option.
So this can stay enabled, it’ll be ignored – and, just for the case an old DHCP-Client doesn’t implement the Classless Static-Routes Option it’ll ignore it and can use the Default-Gateway-option.
adminname@pi-hole-server:/etc/dnsmasq.d $ ls -l
total 16
-rw-r--r-- 1 root root 1524 May 22 13:16 01-pihole.conf
-rw-r--r-- 1 root root 490 May 22 13:16 02-pihole-dhcp.conf
-rw-r--r-- 1 root root 143 Dec 8 14:04 04-pihole-static-dhcp.conf
adminname@pi-hole-server:cat 01-pihole.conf
# Pi-hole: A black hole for Internet advertisements
# (c) 2017 Pi-hole, LLC (https://pi-hole.net)
# Network-wide ad blocking via your own hardware.
#
# Dnsmasq config for Pi-hole's FTLDNS
#
# This file is copyright under the latest version of the EUPL.
# Please see LICENSE file for your rights under this license.
###############################################################################
# FILE AUTOMATICALLY POPULATED BY PI-HOLE INSTALL/UPDATE PROCEDURE. #
# ANY CHANGES MADE TO THIS FILE AFTER INSTALL WILL BE LOST ON THE NEXT UPDATE #
# #
# IF YOU WISH TO CHANGE THE UPSTREAM SERVERS, CHANGE THEM IN: #
# /etc/pihole/setupVars.conf #
# #
# ANY OTHER CHANGES SHOULD BE MADE IN A SEPARATE CONFIG FILE #
# WITHIN /etc/dnsmasq.d/yourname.conf #
###############################################################################
addn-hosts=/etc/pihole/local.list
...
So lets add „/etc/dnsmasq.d/yourname.conf“:
I’d like to create
sudo echo "
dhcp-option=option:classless-static-route,0.0.0.0/0,172.16.1.1,10.0.0.0/8,172.16.1.2,172.16.0.0/12,172.16.1.2,192.168.0.0/16,172.16.1.2" > 99-user-settings.conf
sudo service pihole-FTL reload
Horrible – Windows 10 states a „default-gateway“ to be set 🙁
C:\Users\user>ipconfig /renew "WLAN"
Windows-IP-Konfiguration
Drahtlos-LAN-Adapter WLAN:
Verbindungsspezifisches DNS-Suffix: prod.local
IPv4-Adresse . . . . . . . . . . : 172.16.1.14
Subnetzmaske . . . . . . . . . . : 255.255.255.0
Standardgateway . . . . . . . . . : 172.16.1.1
But the ip routing-table is fine: even Windows 10 implements RFC3442:
C:\Users\user>route print
===========================================================================
IPv4-Routentabelle
===========================================================================
Aktive Routen:
Netzwerkziel Netzwerkmaske Gateway Schnittstelle Metrik
0.0.0.0 0.0.0.0 172.16.1.1 172.16.1.14 35
10.0.0.0 255.0.0.0 172.16.1.2 172.16.1.14 36
127.0.0.0 255.0.0.0 Auf Verbindung 127.0.0.1 331
127.0.0.1 255.255.255.255 Auf Verbindung 127.0.0.1 331
172.16.0.0 255.240.0.0 172.16.1.2 172.16.1.14 36
192.168.0.0 255.255.0.0 172.16.1.2 172.16.1.14 36
172.16.1.0 255.255.255.0 Auf Verbindung 172.16.1.14 291
255.255.255.255 255.255.255.255 Auf Verbindung 172.16.1.14 291
===========================================================================
Forget it, Google seems to not priotize fixing basic low-level IP-Stack issues, it’s embarrassing: https://issuetracker.google.com/issues/36920068
According to https://docs.microsoft.com/en-us/learn/certifications/azure-solutions-architect/ two exams
are required.
Online Training, free of charge – sponsored by Microsoft – is available: Surprisingly the same 9 modules for both exams, i’ve been putting them in a slightly different order:
The official Microsoft Instructor-Led Training for AZ303 is made up of 15 Modules:
The free training – 9 Modules for both AZ303 and AZ304 – the paid training for AZ303: 15 Modules: