URL shortners & short domains

Posted on July 28, 2016 by neozeed

I needed to get some business cards, and the usual thing is to use QR codes that have a tiny URL name, that then redirect to your real web site. Easy, right?

Well most people use ‘public’ servers like bit.ly & friends. In china many people I do business with use 1688.com . But this got me thinking, 1688 is a FOUR letter domain, unlike any of the three letter ones that seem to be more common. I know all the one, two and three letter domains are all gone, but are there any four letter domains?

Turns, out YES there are.

I used this site:

Domain Name Soup .com

And I was able to hammer though their UI, and find one, and register it with my usual registrar.

*This isn’t an AD, I’m not being paid to say any of this. I was more so surprised that I could not only find a four letter domain, but it’s the initials of my wife’s business.

The best part is that I could use YOURLS, a free PHP+Mysql app to quickly and easily manage the redirects.

Fun with regex substitutions in Apache

Posted on April 22, 2016 by neozeed

Continuing from my previous post, I was now able to access my AltaVista server, however from a web browser I was unable to actually view any of the documents remotely.

In the pages though I did get the MS-DOS path to the usenet article in question:

Now how do I turn that into a URL?

Well as it turns out mod_rewrite does support regex, which in turn can do variable re-ordering!

After a bit of googling I found this page on stackoverflow, on how to convert a date between UK/US formats:

s/(\d{4})-(\d{2})-(\d{2})/$1-$3-$2/

Simple, right? So what is going on here? The parenthesis define a variable set, and on the substitution part you can recall them with $1, $2 , $3 etc. So using this recipe I could take something like this:

u:\b227\comp\sys\laptops\3080

and convert it into the following:

http://debian7/usenet/b227/comp/sys/laptops/3080

The code for this would look something like this:

Substitute "s|>u:.([a-z]{1,}[0-9]{3,})\\\([0-9a-z]{1,})\\\([0-9]{1,})|---><a href="\"http://debian7/usenet/$1/$2/$3\""]Click for article|"

Although for some reason it’s embedding the URL’s even though I specified code formatting.

Now all I had to do was install IIS 4.0 off the Option Pack CD-ROM, onto my Windows NT 4.0 workstation, and create a virtual directory of /usenet which then pointed to the U: drive where AltaVista did it’s indexing.

So to this point that gives me a config file much like this:

ServerAdmin [email protected]
DocumentRoot /var/www
SSLProxyEngine On
ProxyPass "/altavista/" "https://10.12.0.16"
ProxyPassReverse "/altavista/" "https://10.12.0.16/"
ProxyRequests Off
RewriteEngine On

SetOutputFilter INFLATE;SUBSTITUTE;DEFLATE
AddOutputFilterByType SUBSTITUTE text/html
#clean up urls
Substitute "s|127.0.0.1:6688|debian7/altavista|n"
Substitute "s|file:///C:\Program Files\DIGITAL\AltaVista Search\My Computer\images\|http://debian7/images/|n"
#protect the page
Substitute "s|launch=app||n"
Substitute "s|?pg=config&what=init|?pg=h|n"
#fix title
Substitute "s|<IMG src=\"http://debian7/images/av_personal.gif\" alt=\"[AltaVista] \"  BORDER=0 ALIGN=middle HEIGHT=72 VSPACE=0 HSPACE=0>|<a href=\"http://debian7/altavista\"><IMG src=\"http://debian7/images/av_personal.gif\" alt=\"[AltaVista] \"  BORDER=0 ALIGN=middle HEIGHT=72 VSPACE=0 HSPACE=0>|--->|n"
Substitute "s|u:.([a-z]{1,}[0-9]{3,})\\\([0-9a-z]{1,})\\\([0-9a-z]{1,})\\\([0-9a-z]{1,})\\\([0-9a-z]{1,})\\\([0-9a-z]{1,})\\\([0-9]{1,})|---><a href=\"http://debian7/usenet/$1/$2/$3/$4/$5/$6/$7\">Click for article|"
Substitute "s|>u:.([a-z]{1,}[0-9]{3,})\\\([0-9a-z]{1,})\\\([0-9a-z]{1,})\\\([0-9a-z]{1,})\\\([0-9a-z]{1,})\\\([0-9]{1,})|---><a href=\"http://debian7/usenet/$1/$2/$3/$4/$5/$6\">Click for article|"
Substitute "s|>u:.([a-z]{1,}[0-9]{3,})\\\([0-9a-z]{1,})\\\([0-9a-z]{1,})\\\([0-9a-z]{1,})\\\([0-9]{1,})|---><a href=\"http://debian7/usenet/$1/$2/$3/$4/$5\">Click for article|"
Substitute "s|>u:.([a-z]{1,}[0-9]{3,})\\\([0-9a-z]{1,})\\\([0-9a-z]{1,})\\\([0-9]{1,})|---><a href=\"http://debian7/usenet/$1/$2/$3/$4\">Click for article|"
Substitute "s|>u:.([a-z]{1,}[0-9]{3,})\\\([0-9a-z]{1,})\\\([0-9]{1,})|---><a href=\"http://debian7/usenet/$1/$2/$3\">Click for article|"
# Need links for the u:\news097f1\b120\comp\society\futures\1122
Substitute "s|>u:.(news[0-9]{3,}f[0-9])\\\([b0-9]{1,})\\\([a-z]{1,})\\\([a-z]{1,})\\\([a-z]{1,})\\\([a-z]{1,})\\\([a-z]{1,})\\\([0-9]{1,})|---><a href=\"http://debian7/usenet/$1/$2/$3/$4/$5/$6/$7/$8\">Click for article|"
Substitute "s|>u:.(news[0-9]{3,}f[0-9])\\\([b0-9]{1,})\\\([a-z]{1,})\\\([a-z]{1,})\\\([a-z]{1,})\\\([a-z]{1,})\\\([0-9]{1,})|---><a href=\"http://debian7/usenet/$1/$2/$3/$4/$5/$6/$7\">Click for article|"
Substitute "s|>u:.(news[0-9]{3,}f[0-9])\\\([b0-9]{1,})\\\([a-z]{1,})\\\([a-z]{1,})\\\([a-z]{1,})\\\([0-9]{1,})|---><a href=\"http://debian7/usenet/$1/$2/$3/$4/$5/$6\">Click for article|"
Substitute "s|>u:.(news[0-9]{3,}f[0-9])\\\([b0-9]{1,})\\\([a-z]{1,})\\\([a-z]{1,})\\\([0-9]{1,})|---><a href=\"http://debian7/usenet/$1/$2/$3/$4/$5\">Click for article|"
# Need links for  u:\news002f1\b1\fa.poli-sci\8
Substitute "s|>u:.(news[0-9]{3,}f[0-9])\\\([b0-9]{1,})\\\([a-z\.\-]{1,})\\\([0-9]{1,})|---><a href=\"http://debian7/usenet/$1/$2/$3/$4\">Click for article|"

<Location /usenet/>
    ProxyPass  http://10.12.0.16/usenet/
    RewriteEngine On
    SetOutputFilter INFLATE;SUBSTITUTE;DEFLATE
    AddOutputFilterByType SUBSTITUTE text/html
</Location>

bla bla rest of the 000-default crap....

Simple right?

Searching for AltaVista

So now I get a nicely formatted page, I can click the mountain icon, and I jump back to home, and I can click on the articles and, because I have no extensions or MIME types to intercept it’ll just download them to my PC. I guess I need to go through them all, convert them from UNIX format to MS-DOS, and stick a .txt extension on every single one of them.

I’m still thinking this thing is far too rickety to put on the internet, but we’ll see.

Fun with Apache, (mod_proxy, mod_rewrite), stunnel, And AltaVista Personal search

Posted on April 21, 2016 by neozeed

As you may remember from my prior attempt at using Altavista Search I ran out of space, and found out it only serves pages on 127.0.0.1:6688 and is pretty much hardcoded to do so. It’s a “fine” hyrid java 1.01 application, with the bulk of it being java. I finally got around to setting up a VM, and unpacking all of the utzoo archives, and indexing them. I should have done something about the IO because this took too long (KVM).

SIXTEEN HOURS!!!

So to cheat the system, I installed stunnel as a simple https to http proxy, which let me access my search VM anywhere. However it still embedded 127.0.0.1 in all the pages.

via stunnel

Enter an Apache reverse proxy to talk to stunnel to talk to AltaVista search!

First to enable a few modules:

a2enmod substitute
a2enmod proxy
a2enmod ssl
a2enmod proxy_http
a2enmod rewrite

And adding this into the config:

SSLProxyEngine On
ProxyPass “/altavista/” “https://10.12.0.16”
ProxyPassReverse “/altavista/” “https://10.12.0.16/”
ProxyRequests Off
RewriteEngine On
SetOutputFilter INFLATE;SUBSTITUTE;DEFLATE
AddOutputFilterByType SUBSTITUTE text/html
Substitute “s/1997/2016/ni”
Substitute “s/97/16/ni”
Substitute “s|127.0.0.1:6688|debian7/altavista|n”
Substitute “s|file:///C:\Program Files\DIGITAL\AltaVista Search\My Computer\images\|http://debian7/images/|n”
Substitute “s|launch=app||n”
Substitute “s|<a href=http://debian7/altavista/?pg=q&what=0&fmt=d|<!—|n”
Substitute “s|><strong>|—>|n”
Substitute “s|</strong></a>||n”
Substitute “s|>u:\|->u:\|n”

This let me redirect all of those requests into a VM called debian7 on the /altavista path. I also copied the images to the apache server, and now I get something that looks correct!

Apache in the mix!

I cut the results short… But here is a search of something simple:

About 16598 documents match your query.

I also killed all the ‘working URL’s that simply open a desktop application on the index ‘server’. Naturally it was a personal service, but as a server this isn’t any good. As such you can’t click on any search results now. I need something else to figure out how to take the result blocks like “u:\b128\comp\databases\2852” and turn them into URL’s.

Also, as much as I want to re-index I would be best to cut off the headers, or most of them so the preview lines make sense. Xref, Path, even From & Newsgroups don’t interest me.

I hate to leave it as ‘good enough’ but if anyone has a solution…. I’ll be glad to make this wonderful resource available!

The client needs to access the internet!

Posted on October 22, 2015 by neozeed

But let’s not give them access to everything.

This is a common scenario I see, where someone needs to get updates to some magical software package on the internet. Great. And people just give them access to ANY site, which ends up being not only the internet (the intended destination) but the rest of their internal network. Granted a good defense in the SDN world is inbound rules as well for each VM, but everything is never 100%.

RFC1918 defines our friends, the private address ranges:

     10.0.0.0        -   10.255.255.255  (10/8 prefix)
     172.16.0.0      -   172.31.255.255  (172.16/12 prefix)
     192.168.0.0     -   192.168.255.255 (192.168/16 prefix)

However the solution to this fun filled problem is to grant them HTTP/HTTPS access to the inverse of this. Enter the netmask command. You can give it a range, and it’ll lay out what networks to you need to add like this:

     netmask -c 0.0.0.0:9.255.255.255
     0.0.0.0/5
     8.0.0.0/7

Now I can exclude everything right up until 10.0.0.0/8 !

It’s quite the handy tool, but I didn’t see any Windows version. So a few minutes with MinGW, and dealing with it’s weird Makefile’s way of linking things, and here you go!

This way you can permit internet access, not give them inside, access and still have a global DENY actually work.

YAY.

And if anyone is interested here are the networks:

     0.0.0.0/5
     8.0.0.0/7
    11.0.0.0/8
    12.0.0.0/6
    16.0.0.0/4
    32.0.0.0/3
    64.0.0.0/2
   128.0.0.0/3
   160.0.0.0/5
   168.0.0.0/6
  172.0.0.0/12 
 172.32.0.0/11
 172.64.0.0/10
 172.128.0.0/9
   173.0.0.0/8
   174.0.0.0/7
   176.0.0.0/4
   192.0.0.0/9
192.128.0.0/11
192.160.0.0/13
192.169.0.0/16
192.170.0.0/15
192.172.0.0/14
192.176.0.0/12
192.192.0.0/10
   193.0.0.0/8
   194.0.0.0/7
   196.0.0.0/6
   200.0.0.0/5
   208.0.0.0/4

Yes, I know it’s a LOT of typing.

More thoughts on Minecraft, compression and encryption

Posted on April 28, 2015 by neozeed

So earlier, I had touched on Minecraft, and lamented on how it doesn’t compress it’s network data very well. Well it turns out that yes, in the server.properties file, there is an option network-compression-threshold, which by default is set to 256, meaning packets larger than 256bytes are compressed

network-compression-threshold=256

So using this quick stunnel guide, I thought I’d try a quick experiment. So I loaded up Titan City, and ran some connection experiments:

First, the Minecraft server with a setting of 256000000 which I would imagine effectively turns off compression. I’m capturing one minutes worth of game play as it tries to render the spawn point. Then again with the threshold set to 256:

12M 28 Apr 13:44 minecraft-nocompression.cap
1.6M 28 Apr 13:46 minecraft-256compression.cap

So, uncompressed it’s 12MB worth of data! While with the Minecraft compression on, it’s 1.6 MB worth of data.

And now with stunnel using zlib compression, we get the following results:

2.1M 28 Apr 13:42 stunnel-nocompressioninserver.cap
1.5M 28 Apr 13:48 stunnel-256compression.cap

2.1MB worth of traffic relying on zlib in this case to do all the compression, and 1.5MB with zlib compressing the Minecraft compression. And for the heck of it, why not compress the data again?
964K 28 Apr 13:46 minecraft-256compression.cap.gz
993K 28 Apr 13:44 minecraft-nocompression.cap.gz
938K 28 Apr 13:48 stunnel-256compression.cap.gz
1.5M 28 Apr 13:42 stunnel-nocompressioninserver.cap.gz

Well, now that is strange, why is the stunnel traffic even compressible, after it’s been encrypted? Kind of weird to me. At any rate, here is some more data thanks to the capinfos program:
# capinfos *cap
File name: minecraft-nocompression.cap
File type: Wireshark/tcpdump/… – pcap
File encapsulation: Ethernet
Packet size limit: file hdr: 1520 bytes
Number of packets: 14 k
File size: 12 MB
Data size: 12 MB
Capture duration: 59 seconds
Start time: Tue Apr 28 13:43:30 2015
End time: Tue Apr 28 13:44:29 2015
Data byte rate: 211 kBps
Data bit rate: 1,689 kbps
Average packet size: 844.05 bytes
Average packet rate: 250 packets/sec
SHA1: ffb5542c47da69ddc93da902136e1173d76b56e0
RIPEMD160: bc2102185a924096a8cf145c54375a05ab90e3c6
MD5: ba0e1addfcb36e7db6314764941fa6af
Strict time order: True

File name: minecraft-256compression.cap
File type: Wireshark/tcpdump/… – pcap
File encapsulation: Ethernet
Packet size limit: file hdr: 1520 bytes
Number of packets: 10 k
File size: 1,686 kB
Data size: 1,524 kB
Capture duration: 54 seconds
Start time: Tue Apr 28 13:45:28 2015
End time: Tue Apr 28 13:46:22 2015
Data byte rate: 28 kBps
Data bit rate: 226 kbps
Average packet size: 150.91 bytes
Average packet rate: 187 packets/sec
SHA1: 5b5e51f53f0716fd84a39120afd68eadbfaf9816
RIPEMD160: f2bf3839c084b1d7b31fce0a8a8ce959316643a7
MD5: dc6f56a5a1c10e642548e0eeb979629b
Strict time order: True

And now let’s look at the stunnel captures:

File name: stunnel-nocompressioninserver.cap
File type: Wireshark/tcpdump/… – pcap
File encapsulation: Ethernet
Packet size limit: file hdr: 1520 bytes
Number of packets: 9,949
File size: 2,159 kB
Data size: 1,999 kB
Capture duration: 59 seconds
Start time: Tue Apr 28 13:41:13 2015
End time: Tue Apr 28 13:42:12 2015
Data byte rate: 33 kBps
Data bit rate: 270 kbps
Average packet size: 201.02 bytes
Average packet rate: 168 packets/sec
SHA1: 418cc249c3393d85e6e59a6e02c02060b7b7ce4f
RIPEMD160: bf7f56af412734260e0e96d1a0c7d2f28be3ba95
MD5: 1b96fce1db9d38d8dbbecf9bb2278079
Strict time order: True

File name: stunnel-256compression.cap
File type: Wireshark/tcpdump/… – pcap
File encapsulation: Ethernet
Packet size limit: file hdr: 1520 bytes
Number of packets: 9,585
File size: 1,554 kB
Data size: 1,401 kB
Capture duration: 59 seconds
Start time: Tue Apr 28 13:47:35 2015
End time: Tue Apr 28 13:48:34 2015
Data byte rate: 23 kBps
Data bit rate: 189 kbps
Average packet size: 146.21 bytes
Average packet rate: 162 packets/sec
SHA1: 19b2bbfff8cd9c5c0e460d64ad0f4b966cf3a141
RIPEMD160: e31c226101daea9327a8b13a4a1012a24bea11c1
MD5: a7b4b0d5ecf3e6a472255cff13466b51
Strict time order: True

Well for me this is still interesting. The stunnel connection sent less packets, and smaller. I know that this is horrible to ‘measure’ like this, and yes none of the datasets are the same, making this kind of bogus. However, honestly compressing with stunnel does feel faster.

So, want to try? I guess I can let people try if they want, but you’ll need stunnel. I’ve read horror stories on griefers and I figure if i raise the bar to connect it’ll be somewhat distractionless.

So here is my stunnel.conf I’m using on the client side.

client = yes
compression = zlib
foreground = yes
debug = 6

[minecraft]
accept = 127.0.0.1:25565
connect = virtuallyfun.com:25566
cert = minecraft.pem

And of course, you need my certificate pair, so here is minecraft.pem:

And I run it something like this from the client side…

# stunnel mine.conf
2015.04.28 14:25:23 LOG5[ui]: stunnel 5.16 on x86_64-apple-darwin14.3.0 platform
2015.04.28 14:25:23 LOG5[ui]: Compiled/running with OpenSSL 0.9.8zd 8 Jan 2015
2015.04.28 14:25:23 LOG5[ui]: Threading:PTHREAD Sockets:SELECT,IPv6 TLS:ENGINE,OCSP
2015.04.28 14:25:23 LOG5[ui]: Reading configuration from file mine.conf
2015.04.28 14:25:23 LOG5[ui]: UTF-8 byte order mark not detected
2015.04.28 14:25:23 LOG6[ui]: Compression enabled: 1 method(s)
2015.04.28 14:25:23 LOG6[ui]: Initializing service [minecraft]
2015.04.28 14:25:23 LOG6[ui]: Loading certificate from file: mine.pem
2015.04.28 14:25:23 LOG6[ui]: Loading key from file: mine.pem
2015.04.28 14:25:23 LOG4[ui]: Insecure file permissions on mine.pem
2015.04.28 14:25:23 LOG5[ui]: Configuration successful

Now with stunnel connected, you just have to add a server, but you connect to ‘localhost’. This will have you talking to the stunnel program which then talks to my server, which then redirects to the VM running Minecraft.

Setup a server to ‘localhost’ to access stunnel

Now you can connect to the stunnel server

No promises on how long it’ll be up though.

Titan City!

For normal clients… (shhhh!)

AltaVista Personal Indexer

Posted on October 29, 2014 by neozeed

Probably not a good idea..

I never got into the whole ‘desktop search’ thing as I used to know where my stuff was. But now we live in the future where not only can you just go out and buy terrabytes worth of storage but downloading 10 years worth of usenet is something you can accomplish in a few minutes (on a good connection) but storing it as flat files only takes 20 minutes to decompress some 2,070,332 worth of files is a trivial manner. It’s really cool to live in the future.

Total Files Listed: 2070332 File(s) 5,429,376,673 bytes 
                    168164 Dir(s) 1,119,884,468,224 bytes free

Now what about finding something in those files?

I should be embarrassed as I was using grep.

Yes in my hunt for obscure information grep was my tool of choice.

So after Frank had mentioned it in passing, if I’d ever used AltaVista Personal Search 97 before I thought I’d give it a bit of a test. First I unpacked some BSD source code, and had it index that. The results were incredibly FAST. So the next thing to do was to try the UTZOO archives. I should have expanded my NT 4.0 VM’s disk first, but I got this far until I was down to 200MB of free disk space

I should add that I’m sharing the UTZOO archvie over the network. Not the fastest way at all. And I only made it about 40% the way through the archive. Even at this point the search database is only 1.2GB

So how does it run? Well it’s a localized web service that resides on your desktop. Of course it only works when you request from 127.0.0.1 as they sold a network searchable version of AltaVista, the Workgroup Edition. Even this was a retail product at one point retailing for $29 to $35

Show me the Xenix!

So you hit the web page, type in your search, and you answers like immediately. It really is scary how fast this thing is. Although the results can need a lot of tweaking but we are talking 800,000 files.

But needless to say there was the disastrous Compaq buyout of DEC, and the entrance of Google, and it was over. From what I understand people are still selling the workgroup/enterprise search. I can see why even though the 97 is rough it still has promise.

What a bargain!

For anyone who cares, it’s geared to Windows 95, or Windows NT 4.0.. 2000 and beyond is at your own risk. It uses a Win16 setup program, so Windows 7 x64 was out of the question, but you can download it here.

Exchange 5.5 OWA vs Outlook 2003

Posted on September 14, 2014 by neozeed

ASP 0115

error ‘ASP 0115’

Unexpected error

/exchange/USA/root.asp

A trappable error occurred in an external object. The script cannot continue running.

So, call me crazy, but I’ve been running an Exchange 5.5 server a home for a while without issues. It’s perfect for a single user, I can keep up to 16GB worth of email on there, and best of all I can use real email clients like Outlook (or is it LookOut!?). Anyways I noticed something weird which is that Outlook 2003 always is unsure if the server is there, and I have to tell it that it’s OK to connect. Also once the Outlook 2003 client connects, it kills OWA, giving me these weird ASP 0115 Unexpected errors.

googling around for a fix was a bit futile, and I’d largely written off OWA, as in this day & age, who really wants some ASP 3.0 app? But for some reason, today was going to be the day to fix it, as I don’t have Outlook on my macbook air.

So with the Outlook 2003 clue in mind I finally found KB-818709, aka “Outlook Web Access stops responding when you try to access a mailbox on an Exchange 5.5 computer”.

As the cause states:

This problem occurs when you try to access a user account that was previously accessed by a client computer that is running Microsoft Office Outlook 2003.

Outlook 2003 adds a fourth entry to the PR_FREEBUSY_ENTRYIDS property. PR_FREEBUSY_ENTRYIDS is a multi-valued MAPI property that is stored on the Inbox folder. CDO expects three entries. The unexpected fourth entry causes heap corruption that causes OWA or the third-party program to stop responding.

Well how about that?

So with the hotfix in hand, and a reboot, it now works perfectly, like it did back in 1997. And the best part is that it works great in Chrome.

And for anyone crazy like me with Exchange 5.5, remember to install SP4, and of course the KB829436 hotfix!

Playing around with Gopher

Posted on September 13, 2014 by neozeed

My Gopher Site, via proxy

Back in the day, if you were ‘hip’ and ‘cool’ and had a UNIX shell account back in 1993 there was this cool way of getting around various computer systems around the world called gopher. What was really cool, is that it offered search services, indexing and even gateways into various libraries (where they kept physical books) where you could search their card catalogs for various tomes you were looking for.

Some colleges even had various services that you could connect to, offering things like news, weather and whatnot. It was pretty neat, however there was one stumbling block, which is gopher was a VERY controlled environment, where most universities locked their client to only starting at one particular gopher server, and to get anywhere else you had to memorize an insane number of keystrokes that would make 1800 operators go crazy. Also there was nothing like virtual hosting, so the idea of having your own gophersite was most likely out of the question. The other issue is that the University of Minnesota, where boombox resided (the master gopherserver) saw they had something good going, and unlike UCB’s CSRG which gave BSD away for free, they were going to license the server for $100 for a educational institution, and $500 for a commercial institution.

Needless to say, this CERN thing called HTTP which they were trying to distance themselves from, which wanted no money for became the next big thing, and with the freedom and ease of setting up website, gopher became a ghost of the past.

But as the world was starting to build web clients, many understood gopher, including Microsoft’s Internet Explorer. Although starting with version 7 (gopher was also disabled with some updates in IE6), gopher has since been removed. But thanks to the Utilu IE Collection, and this quick registry setting you too can surf gopher space with IE 4.0 (or 5,5.5..) like it’s the mid 1990s.

My gopher site via IE 4.0

So needless to say with a client in hand, I wanted to setup my own server. And keeping with it being old, I decided to use the old 2.3.1 gopher server. I also compiled it with freeWAIS support, although I haven’t quite worked out how to get that fully working right now. Compiling this stuff on 32bit i386 Linux was trivial to say the least, but if you need binaries or anything they are here.

the next thing was to get both wais, and gopherd running from xinetd, which was easy once I knew how. These are the service files I created:

service gopher
{
socket_type = stream
protocol = tcp
wait = no
user = gopher
server = /usr/local/etc/gopherd
server_args = -I -l /var/log/gopherd.log -u gopher /gopher-data 70
instances = 20
}

And for wais:

service wais
{
socket_type = stream
protocol = tcp
wait = no
user = root
server = /usr/local/bin/waisserver
server_args = -d /gopher-data/wais /gopher-data/wais.log -l 10 -p 210
instances = 20
}

Easy, right?

Gopher likes to be a named service, so I went with my virtuallyfun.com domain, as it is easier to type. I guess I could have gone with gopher.superglobalmegacorp.com but that is… LONG. Another cool thing is that there are several gopher proxies out there for HTTP only people, so you can also get to my gopher page here (via gopher.floodgap.com).

The harder part was figuring out how the directory mapping works, but luckily there was enough in the test directory to get something working, changing this

ls

About decode-n-scripts install mspl tmp
bin ftp-horrors lib pids

Into this:

The old UNIX gopher client

The secret is all in the .names and .Links files. The .names file will map a directory name to something more pleasing, such as changing mspl to the “Microsoft Programmer’s Libary”.

Path=./mspl
Name=Microsoft Programmer’s Library

Easy, right?

And the .Links file creates links to various content, from a telnet example (to my bbs….)

Type=8
Name=QemuOS/2 BBS (My BBS!)
Host=bbs.superglobalmegacorp.com
Port=23
Numb=100
Abstract=My Synchronet BBS running on OS/2 inside of Qemu! #100
Path=

To another gopher system

Name=My lame SDF.org site
Type=1
Host=sdf.org
Port=70
Path=/users/jsteve
Abstract=My personal SDF gopherspace (itsucks) #-11
Numb=-11

To even doing some crude ascii art!

Name= # # # ##### ##### # # ## # # # #
Type=3
Path=
Numb=5
#
Name= # # # # # # # # # # # # # #
Type=3
Path=
Numb=6

.. and so on.

So yes, to be difficult, all the links in this post are gopher:// links. I don’t know if that’ll deter the likes of Gerhard W. Recher, but I’d like to think that his poorly constructed automated tests will be unable to connect to gopher resources.

Now if I can figure out how to setup my own jughead or veronica to search my own wais of information, that’d be excellent.

If I had the virtual space I’d host the whole thing on a virtual VAX…. or something equally insane. Word is Shoebill just got ethernet support, so running my gopher space on A/UX would be cool.

I guess you’ve all heard by now

Posted on August 13, 2014 by neozeed

that the internet broke pretty good yesterday. Apparently someone added some new routes, and it broke the 500,000 route limit in most BGP routers.

Oops.

But this has been a long time coming, even back in 2003 when I had a full BGP load I was running on a 7206vxr with 512MB of ram.

So if you had connectivity problems, that is what was going on.

Fun times for sure!

Running Microsoft Exchange from home.

Posted on May 7, 2014 by neozeed

Well thanks to my latest outage, I’ve gone back from having an Exchange server in the “cloud” (well really a server I rented), to a Virtual Server at home.

First my ‘plan’ is to get a VPS that I can run OpenVPN on. From there I’m going to build a VM at home that will also run OpenVPN, and it will connect to the VPS. I will then setup routing, so that the Exchange server can then communicate with the VPS’s internal interface, and the VPS can communicate directly with the exchange server. I’ll then configure postfix to store & forward email to the Exchange server. This way if the link drops, the VPS will just spool the mail. Finally I’ll setup SpamAssasin to filter out the SPAM.

First you will need to have a tun0 interface in your VPS. Almost everyone supports this these days so it shouldn’t be too hard… If you cannot get a tun0 interface, perhaps ppp0 with pptp..?

I followed these instructions on setting up OpenVPN on Debian 6. Now granted, I’m using Debian 7, but the instructions are pretty much the same. Basically you have to setup a CA (Certificate Authority), and then you generate a Server certificate, and a client certificate. For my needs, I’m going to issue single certificates for everything(one) that connects into my VPN. I also have a network at home that I want routed to the VPS, so this is included (192.168.0.0/24).

A simple server.conf looks like this:

port 1194
proto udp
dev tun
ca ca.crt
cert server.crt
dh dh1024.pem
server 10.8.0.0 255.255.255.0
ifconfig-pool-persist ipp.txt
client-config-dir ccd
route 192.168.0.0 255.255.255.0
keepalive 10 120
comp-lzo
persist-key
persist-tun
status openvpn-status.log
verb 3

And a the client configuration I’m using is this:

client
dev tun
proto udp
remote MYHOST MYPORT
resolv-retry infinite
nobind
persist-key
persist-tun
ca ca.crt
cert hong-kong-home.crt
key hong-kong-home.key
ns-cert-type server
comp-lzo
verb 3

In the directory /etc/openvpn/ccd on the server, I have to ensure that I have a file called ‘homefw’ which is the common name of the client certificate. It has to contain the following line to ensure that my home network is routed to the VPS.

iroute 192.168.0.0 255.255.255.0

Don’t forget to turn on ip forwarding on both the VPS, and the local ‘tunnel router’. For Linux based stuff you need to make sure that “/proc/sys/net/ipv4/ip_forward ” is a 1. You can just do a simple “echo 1 > /proc/sys/net/ipv4/ip_forward ” in “/etc/rc.local” or go through your distributions networking documentation to make sure you set it up ‘correctly’.

In OpenBSD I just simply uncomment the following line from /etc/sysctl.conf

net.inet.ip.forwarding=1 # 1=Permit forwarding (routing) of IPv4 packets

If you don’t have routing in place you’ll notice that you can only ping the tunnel interfaces, but not the IP’s on the LAN. While this may be fine for a p2p or client setup it isn’t good enough if you want to route traffic.

I’m running VMWare ESXi 5 at home, and thankfully it does support Windows NT 4.0 Server out of the box. I setup a Domain Controller running DNS & WINS. The VMWare tools won’t work properly with some service pack (4 I think?) but I went all the way to 6, along with the rollup. Until you load the service pack, the network adapter will *NOT* work.

I’m going with Exchange 5.5, so again I installed another NT 4.0 server, service packed it, and joined it with the domain controller. Remember to install IIS, and the ASP update, as 5.5 OWA needs asp. Be sure to apply the latest service pack for Exchange, SP4 – in the case of Exchange 5.5 .

Now for routing I could go with dynamic routing, or static routing. I chose static as I didn’t want to get too involved for this project, as I needed to get email flowing as quickly as possible.

route add 10.8.0.1 mask 255.255.255.255 192.168.0.49 -p

From Windows NT.

It is imperative no matter what version of Exchange you run, that you turn off the open relay “feature”. A great step by step guide is available here on msexchange.org .

With the basic routing in place you should be able to talk to the Exchange servers’ SMTP engine. You may want to setup either a local DNS and populate the VPS’s source address or put in some host entries for it.

# telnet 192.168.0.55 25
Trying 192.168.0.55…
Connected to 192.168.0.55.
Escape character is ‘^]’.
220 exchange.superglobalmegacorp.com ESMTP Server (Microsoft Exchange Internet Mail Service 5.5.2653.13) ready
HELO
250 OK

Now it would be insane to place an Exchange server directly onto the internet. Plus when the VPN link is down, it’d be nice to have the VPS store email and forward it when it can. So for this task I installed postfix.

For me the big changes in main.cf were:

mydestination = nodedeploy.superglobalmegacorp.com, localhost.superglobalmegacorp.com, , localhost
relayhost =
mynetworks = 127.0.0.0/8 [::ffff:127.0.0.0]/104 [::1]/128 10.8.0.0/24 192.168.0.0/24
mailbox_size_limit = 0
recipient_delimiter = +
inet_interfaces = all
relay_domains = superglobalmegacorp.com work.com
transport_maps = hash:/etc/postfix/transport
virtual_alias_domains = virtuallyfun.com
virtual_alias_maps = hash:/etc/postfix/virtual

This will permit my exchange server to relay out my VPS, and tell postfix that it’s OK to accept email for the various domains I have.

My transport database is very simple. For the email accounts I’m using two domains, so I simply instruct postfix to forward emails destined to these domains to the exchange server

superglobalmegacorp.com smtp:192.168.0.55
work.com smtp:192.168.0.55

And for domains I couldn’t be bothered to create mailboxes for, instead I have their email setup to forward to an existing box using a virtual domain in the ‘virtual’ file.

[email protected] [email protected]
[email protected] [email protected]

Now due to the nature of postfix you need to generate database hashes for it to work, so my script to kick this off is:

postmap hash:/etc/postfix/transport
postmap /etc/postfix/virtual
newaliases
postfix reload

Which isn’t too involved once you get the bits in the right place.

Assuming you’ve got your MX records setup on the outside, with any luck you should start seeing some mail flow through. If not telnet to port 25 and start talking to your mail server.

One problem I have is that superglobalmegacorp.com is an old domain, and it’s lapsed a few times to different idiots who not only added to the ridiculous spam lists I’m on, but also spammed from it as well. So to deal with SPAM, I went ahead and installed spamassassin, as described in this page.

As mentioned adding the two lines to master.cf got it going

smtp inet n – – – – smtpd -o content_filter=spamassassin -o syslog_name=postfix/submission
spamassassin unix – n n – – pipe
user=spamd argv=/usr/bin/spamc -f -e /usr/sbin/sendmail -oi -f ${sender} ${recipient}

And I did change the spamassasin local.cf

use_razor2 1
use_dcc 1
use_pyzor 1

As I do get a lot of spam.

I don’t think most people will care, but this is more so for me keeping my notes straight. So yeah I run Exchange 5.5 at home (which I got on ebay for $25!) with Outlook 2003 on Windows XP x64. It works well enough for me.

Virtually Fun

fun with virtualization

Category Archives: interenet