Kevin’s Blog » System Administration
| After an extensive Beta and Release Candidate cycle, the new release version of Parallels has now been finalized. This upgrade to the previous release of Parallels brings the following feature updates: |
- Coherence view - Hides your XP desktop and floats Windows windows alongside your OS X windows
- Windows apps appear in the OS X dock
- Parallels Transporter - allows easy migration of your existing XP setup from a PC into the Parallels environment
- Plug-and-play USB 2.0 support
- Use of Boot Camp partitions as the Parallels drive - this lets you use a single XP image either running virtually under Parallels, or natively if you reboot via Boot Camp
- Vista Compatability
- CD/DVD burning
Drag-and-Drop support (discussed previously here)
For those running Parallels RC3 (build 3170) won’t see much difference. Those still running the old Parallels public release (build 1970) will see amazing enhancements. As always, make sure you back up your full Parallels disk image, and your Mac just to be safe, before you upgrade.
| It sounds obvious that Parallels users who run Windows need to keep on top of Windows security and patches. However, a recent addition to the Parallels Beta, called Global Sharing, can open up OS X itself to possible attacks from the Windows side. |
The basic issue is that this Global Sharing option, which allows easy drag-and-drop app launching between OS X and Windows, is given carte blanche access to your Mac hard drive. Worse yet, this option is enabled by default, at least in beta build 3150 which I am currently running. Users upgrading from a previous version, to get awesome features like Coherence Mode, booting from Boot Camp partitions, and full USB support, may be vulnerable without even realizing this feature was slipped in.
The basic problem boils down to privilege separation. Parallels runs with the full rights of your OS X user, so in theory an attack could be developed and spread via Windows vulnerabilities that could then drop malicious code into OS X. It could also delete files or alter security and other settings.
Allowing Windows, known to be so insecure, to have this sort of access rights to the host operating system is a major misstep by the Parallels team. So if you run Parallels betas, please make sure you disable this feature (Edit -> Virtual Machine -> Shared Folders then uncheck the “Enable global sharing for drag-and-drop” checkbox and save. You’ll need to shut down the virtual machine to have access to change this setting.
Managing your company’s public DNS is serious business - a small typo or mistake can have serious consequences to your website, email, and other services.
For example, someone made what can only be assumed as a clueless mistake when updating their DNS - they added 127.0.0.1 to their records for the myspace.com. For those with weak network-fu, that is a special address which is only used for ‘localhost’ (your own computer). Since they had 5 hosts listed total, one out of five requests for their domain were going nowhere while this problem existed.
$ host -vv myspace.com
Trying “myspace.com”
;; ->>HEADER< <- opcode: QUERY, status: NOERROR, id: 24145
;; flags: qr rd ra; QUERY: 1, ANSWER: 5, AUTHORITY: 0, ADDITIONAL: 0;; QUESTION SECTION:
;myspace.com. IN A;; ANSWER SECTION:
myspace.com. 68350 IN A 216.178.32.51
myspace.com. 68350 IN A 216.178.32.50
myspace.com. 68350 IN A 216.178.32.49
myspace.com. 68350 IN A 216.178.32.48
myspace.com. 68350 IN A 127.0.0.1Received 109 bytes from 208.67.222.222#53 in 9 ms
I’m not sure why they’re still using round-robin DNS load balancing for their site with good ServerIron, Cisco, and F5 load balancers doing a much better job overall. We moved InfoWorld.com away from RRDNS years ago.
Fortunately either someone at MySpace noticed the issue quickly, or they saw the post at OpenDNS.com or on Digg and remedied the issue. But having such high TTLs in their DNS settings I’m sure the problem took a while to finally clear up completely.
At InfoWorld, we’ve been using Apple’s Disk Utility and Carbon Copy Cloner from Bombich Software to do system imaging and restores on our G5s and PowerBooks for some time now. Macs can boot from any attached drive, or even boot up and act as a FireWire drive for whatever machine you connect it to. This makes troubleshooting and system recovery a much easier process.
However, our methods of system recovery on our ThinkPads has been much less elegant. A combination of system restore CDs and online backups are used to get a system back up and running. The options for booting your Windows PC up in an emergency fix mode has been pretty limited. Safe Mode doesn’t really do much.
Recently when I was fixing a crashed PC I used Knoppix Linux to get in and copy vital data from the system before starting to try to fix the system. Knoppix is a bootable Live CD which gives you a full Linux environment (including the ability to mount NTFS drives).
Amit Singh posted recently about his team at IBM Research developing some very cool software that allows for the booting of your PC from external devices, similar to the built-in functionality of Apple systems. The PC boots up a customized rescue Linux OS, similar to Knoppix, but also includes a number of business-related enhancements.
Travelling employees can keep one of these recovery images on their iPod or a USB drive, and in a pinch can boot the system up and have full Web, email, etc access until their system can be repaired.
For the IT folks, this provides a quick and easy way to boot up a PC and recover data, or fix a virus infection, without having to have Windows operational on the PC.
Besides… who could complain about a valid reason for buying iPods for your IT staff? =)
“Blue Screen of Death” Rescues With Personal Devices
Webcast demo (recovery demo is about 25 minutes in)