Yearly Archives: 2016

Usborne collection of 1980’s computer books!

Posted on by
2

usborne

Back in the 1980’s home computers were a new and exciting thing, and with these machines came very technical manuals.  But us young children wanted to program, and thankfully companies like Usborne filled the gap by providing programming books geared towards kids!  It was a golden age as every machine had a basic interpreter.  Then for some reason software companies (Microsoft/IBM) didn’t think it was a good thing anymore bundling in languages with their OS’s, or worse thinking that development tools should be a source of revenue and pricing amateurs out of the market (seriously SCO, $5000 for a C compiler?)  But now thanks to the common carrier network we all have (the internet) the rise of open and free software hackers have taken things into their hands, and we are back to empowering users.

So I thought it was interesting that Usborne opened up a bunch of it’s older books.  All available in PDF, free for personal use.

First computer library

Introductions to programming

Games

Adventure games

You can see their page with full details here.

 

Just saw this gallery of old MS-DOS viruses on archive.org

Posted on by
Reply

And I have to say Casino is pretty funny…

From wikipedia:
The casino computer virus is a malicious virus that upon running the infected file, copies the File Allocation Tables (FATs) to random-access memory (RAM), then deletes the FAT from the hard disk. It challenges the user to a game of Jackpot of which they have 5 credits to play with, hence the name. No matter if they win or lose, the computer shuts down, thereby making them have to reinstall their DOS.

Visit the rest of the malware museum at archvie.org

 

So today I came across a ‘new’ 4.1 BSD tape on bitsavers: 4.1_BSD_19810710.zip

Posted on by
Reply
4.1 BSD tape

4.1 BSD tape

The label is dated 7/10/81, so I thought this would be fun to install on SIMH.  I chose with the starunix 4.0BSD as a starting point thinking that this should be close enough to boot up 4.1.  However I could not get the boot code to correctly work.  So failing that, I went ahead and ran the 4.0 mkfs, and restor programs, and then swapped tapes to the 4.1 to restore it’s root. dump.  And using the 4.0 disk boot program it worked pretty well!

So I went ahead, and extracted the boot program from the 4.0 tape, and rebuilt the 4.1 tape with the 4.0 standalone boot programs so you can install it from SIMH, if you want to cook up your own install.  You can download it from my site (read the 404 message for the current password) or from sourceforge.

And for those of you who like dmesg output:

 

VAX 11/780 simulator V4.0-0 Beta        git commit id: b8049645

Boot
: hp(0,0)vmunix
123060+27528+24628 start 0xF5C
Berkeley VAX/UNIX Version 4.9  Wed Feb 17 15:27:46 PST 1982
real mem  = 8322048
avail mem = 7738368
mcr0 at tr1
mcr1 at tr2
uba0 at tr3
dz0 at uba0 csr 160100 vec 300, ipl 15
mba0 at tr8
hp0 at mba0 drive 0
hp1 at mba0 drive 1
hp2 at mba0 drive 2
hp3 at mba0 drive 3
mba1 at tr9
ht0 at mba1 drive 0
tu0 at ht0 slave 0
tu1 at ht0 slave 1
root on hp0
WARNING: clock lost 153 days -- CHECK AND RESET THE DATE!
WARNING: should run interleaved swap with >= 2Mb
Automatic reboot in progress...
Mon Feb  2 00:59:55 GMT 1976
/dev/hp0a: 676 files 4278 blocks 3345 free
/dev/rhp0g: 3605 files 18925 blocks 122653 free
Mon Feb  2 00:59:56 GMT 1976
Mounted /usr on /dev/hp0g
preserving editor files
clearing /tmp
starting daemons: update cron accounting network mail printer.
Mon Feb  2 00:59:56 GMT 1976


Berkeley 4.1 VAX/UNIX (Amnesia-Vax)

login: root

Welcome to Berkeley Vax/UNIX (4.1bsd revised 1 Sept. 1981)
Erase is delete
Kill is control-U
#

For the brave the direct link is here to the original tape image on bitsavers.

 

Updated build of Linux 0.11 on Windows 10

Posted on by
1
Building & Running Linux

Building & Running Linux

I’ve updated my project for compiling Linux 0.11 on Windows 10.  In this version it builds a lot better with TDM MinGW 5.1.0 + MSYS.

The big improvements is that you can compile Linux without the full MinGW/MSYS install by running the ‘blind’ script which will compile the kernel without make and friends.

The build process for the kernel works as well so now with the included Qemu 0.12.5, no need to link under Linux anymore.  I fixed up some of the build processes as I thought I’d re-build and some stuff bombed so it’s all fixed up.

For those interested, I just updated the original download here:

MinGW-aout-linux-011.7z

End of the line for VMware Player, Workstation and Fusion?

Posted on by
6

It looks like in the wake of a declining stock price EMC/VMware is already laying off divisions, to ‘cut costs’ and I just received word from a friend that the “Hosted UI” group responsible for all these great products, and the former VMware Server/GSX products were all let go.

A Tribute to VMware Workstation, Fusion, and Hosted UI

Which to me is kind of crazy as this eliminates the only desktop product that could run VMware ESX on the desk for building virtual clusters.  I further guess it means that for what I like to do, I’ll eventually have to find one of those super expensive video cards that works with ESX to passthrough.  Or just drop any and all VMware stuff, and head straight into KVM territory and just get used to OpenStack being a fragmented disaster.

In addition they also closed the Burlington tech support centre.

Oh well, nothing lasts forever.

Getting dot1q to work between VMware and GNS3

Posted on by
Reply

So I had this fun episode where I was using Qemu to emulate an ASA, and it worked OK but it was incredibly slow, and I couldn’t put in multiple gigabytes of RAM.  So I thought I’d just dump Qemu and load it up on VMWare.

Well simple ethernet connections work just fine, but the dot1q interface (as this setup has about 50 different connections) doesn’t work at all.

The closest thing I could find was this interesting post, which states:

As I have attached previously there are 802.1q packets leaving the GNS emulated 7200 router but they are not being interpreted by the HOST-ONLY Adapter that is installed with workstation 11 nor does the HOST-ONLY adapter then TAG the l2 frames with the 802.1q ID.

So the host only adapters that I’m creating to give VMWare interfaces that GNS3 can latch onto, strip dot1q!

Well this is no good!

So I thought I’d try the older standby solution, which is the MS Loopback adapter, and try it that way.

Adding the adapter wasn’t too hard in 10, but they renamed it to the KM-TEST Loopback Adapter for some reason.  Anyways with the adapter installed, I removed all the bindings other than the VMware Bridge Protocol.

bindings for the loopback

bindings for the loopback

With that done, the next thing to do was run vmnetcfg, and bind the tunnel interface to a VMnet interface but not in the Host-only connection but bridged directly to the loopback adapter.

vmnetcfg

vmnetcfg

Now with the VMware part configured, it’s a matter of configuring a Cloud object in GNS3, and binding it to the loopback adapter, which in my case has the great name of ‘Ethernet 2’.

vmnetcfg

GNS3 bindings

From there I just attach the cloud to a dot1q ‘trunk’ interface on a GNS3 virtual ethernet switch.

With this proverbial house of cards built up, I can fire-up another VMware machine, in this case a Windows 2000 computer that is bound to a ‘normal’ VMnet adapter, with no fancy dot1a and..

It works!

It works!

I can get IE6 and all it’s glory on the internet.

Installing Microsoft Java on Windows 2000 SP4

Posted on by
3

So yeah, I’m using some old crap software, and it wants MS Java. Great. Ive installed Windows 2000 + SP4, IE6, and then to install MS Java and I get this error:

protected system component?

protected system component?

The Microsoft VM you are attempting to install is a protected system component and can only be updated with a later release of the operating system or service pack.

Well as far as I know, msjavx86-5.0.3810.0 is the last release of MS Java, so what to do?

Apparently all you have to do is rename it to ‘msjavwu.exe’ and it’ll install.

MS Java on IE6

MS Java in action

And there we go, Microsoft Java is working.

Thanks to the java test site that I’ve used over the years:

http://hp.vector.co.jp/authors/VA012735/applet/applets_en.htm

John Romero releases new DooM level

Posted on by
1
DooM!

DooM!

From his twitter post:

It’s been 21 years since I made a DOOM level. Here’s my version of E1M8 using DOOM1.WAD.

The download link on dropbox:

https://www.dropbox.com/s/2x2ee3r51986dkt/e1m8b.zip?dl=0

From the readme:

===========================================================================
Advanced engine needed : Limit-removing source ports
Primary purpose : Single Player, Co-op, Deathmatch
===========================================================================
Title : Tech Gone Bad
Filename : e1m8b.wad
Release date : Jan 15, 2016
Authors : John Romero
Email Address : [email protected]
Others Files By Author : doom1.wad, doom2.wad
Misc. Author Info : My previous Doom levels were made in 1995 for The
Ultimate Doom (e4m2, e4m6), so this is a warm-up.

Additional Credits to : John C., Adrian C., Tom H., Kevin C., Sandy P., Dave T.
Pascal “CodeImp” vd Heiden for Doom Builder
The Doomworld Community
Linguica and J.P. LeBreton for Testing expertise

General Description : My Boss level replacement for e1m8…22 years later

After exiting the Computer Station you knew the worst was up ahead. You still hadn’t
reached the place where the demons were coming from. The steel door shuts
behind you as you realize you’re there; you’re at the Phobos Anomaly. Cracks from
hell are all over the place as seepage from the portal invades the entire installation.
Now it’s time to find the portal and stop the demons from coming through. You know
UAC had hundreds of scientists working at a high-tech lab somewhere in this area, and
the portal must be connected to it somehow. Time to lock and load.

===========================================================================
* What is included *

New levels : 1
Sounds : No
Music : No
Graphics : No
Dehacked/BEX Patch : No
Demos : No
Other : No
Other files required : Doom1.wad or Doom.wad

* Play Information *

Game : Doom 1
Map # : E1M8
Single Player : Designed for
Cooperative 2-4 Player : Designed for
Deathmatch 2-4 Player : Designed for
Other game styles : No
Difficulty Settings : Yes

* Construction *

Base : New from scratch
Build Time : 2 weeks, in spare time
Editor(s) used : DooM Builder 2
May Not Run With : Doom2.exe
Tested With : ZDoom 2.7.1, Crispy Doom
Known bugs : No

* Copyright / Permissions *

Authors may NOT use the contents of this file as a base for
modification or reuse. Permissions have been obtained from original
authors for any of their resources modified or included in this file.

You MAY distribute this file, provided you include this text file, with
no modifications. You may distribute this file in any electronic
format (BBS, Diskette, CD, etc) as long as you include this file
intact. I have received permission from the original authors of any
modified or included content in this file to allow further distribution.

Cool, right!

I tried it with DooM v1.1 and v1.9 and they both load up the level but at certain points may bomb out with a R_FindPlane: no more visplanes.  So you’ll want to use ZDoom or Crispy Doom as indicated in the readme.

But for those who want vanilla, remember to load up the WAD like this:

DOOM -file e1m8.wad -warp 1 8

Or alternatively you can jump to the level by typing in idclev18

E1M8 28 years later

E1M8 28 years later

OpenSSH: client bugs CVE-2016-0777 and CVE-2016-0778

Posted on by
Reply

Update from undeadly.org:

This is the most serious bug you’ll hear about this week: the issues identified and fixed in OpenSSH are dubbed CVE-2016-0777 and CVE-2016-0778.

An early heads up came from Theo de Raadt in this mailing list posting.

Until you are able to patch affected systems, the recommended workaround is to use

# echo -e 'Host *\nUseRoaming no' >> /etc/ssh/ssh_config

That is, add the option UseRoaming no to your /etc/ssh/ssh_config (or your user’s ~/.ssh/config) file, or start your ssh client with -oUseRoaming=no included on the commandline.

We will be updating this article with more information as it becomes available.

UPDATE: This affects OpenSSH versions 5.4 through 7.1.

UPDATE: The following commit from deraadt@ has just gone in:

CVSROOT:        /cvs
Module name:    src
Changes by:     [email protected] 2016/01/14 07:34:34

Modified files:
        usr.bin/ssh    : readconf.c ssh.c

Log message:
Disable experimental client-side roaming support.  Server side was
disabled/gutted for years already, but this aspect was surprisingly
forgotten. Thanks for report from Qualys

UPDATE: Errata patches for 5.8 and 5.7 have been published.

UPDATE: Portable OpenSSH 7.1p2 has been released:

 * SECURITY: ssh(1): The OpenSSH client code between 5.4 and 7.1
   contains experimential support for resuming SSH-connections (roaming).

   The matching server code has never been shipped, but the client
   code was enabled by default and could be tricked by a malicious
   server into leaking client memory to the server, including private
   client user keys.

   The authentication of the server host key prevents exploitation
   by a man-in-the-middle, so this information leak is restricted
   to connections to malicious or compromised servers.

   MITIGATION: For OpenSSH >= 5.4 the vulnerable code in the client
   can be completely disabled by adding 'UseRoaming no' to the global
   ssh_config(5) file, or to user configuration in ~/.ssh/config,
   or by passing -oUseRoaming=no on the command line.

UPDATE: Fixed versions are available for OpenBSD snapshots dated 2016-01-12 and later. M:Tier has binpatches for OpenBSD 5.7-stable and 5.8-stable. Debian, Ubuntu, RHEL, and many other Linux distros have it now or will soon.

UPDATE: The roaming code has been stripped out of OpenBSD -current:

CVSROOT:   /cvs
Module name:    src
Changes by: [email protected]  2016/01/14 09:17:40

Modified files:
    usr.bin/ssh    : clientloop.c kex.c kex.h monitor.c 
                     monitor_wrap.c opacket.c opacket.h packet.c 
                     packet.h readconf.c readconf.h serverloop.c 
                     ssh.c ssh2.h sshconnect.c sshconnect2.c sshd.c 
    usr.bin/ssh/lib: Makefile 
    usr.bin/ssh/ssh: Makefile 
    usr.bin/ssh/ssh-keyscan: Makefile 
    usr.bin/ssh/ssh-keysign: Makefile 
    usr.bin/ssh/sshd: Makefile 
Removed files:
    usr.bin/ssh    : roaming.h roaming_client.c roaming_common.c 
                     roaming_dummy.c roaming_serv.c 

Log message:
remove roaming support; ok djm@

UPDATE: The FreeBSD port has been updated, but the version in their base system remains vulnerable.

UPDATE: Qualys Security has posted their full report on the issues.

UPDATE: While the information leak is much more difficult to exploit on systems with ASLR, like OpenBSD, some users may want to consider rotating their key pairs. If you use ssh-agent(1), however, the man page offers some good news:

The agent will never send a private key over its request channel. Instead, operations
that require a private key will be performed by the agent, and the result will be
returned to the requester. This way, private keys are not exposed to clients using the
agent.

UPDATE: For Mac OS X, the version of OpenSSH in MacPorts has been updated. Since Apple typically delays security fixes, you’re advised to apply the workaround if using the bundled OpenSSH instead.

So yeah, time to patch and update.