Hi Bill,

About "Web access BBSs" of October 12:

Hello All. Are there any web-access BBSs, other than EleWeb...
...WildCat is too expensive just for a hobby.

Take a peek into the `FdN_SysOp.Rights' echo (it's available here):

http://fidonet.sensationcontent.com/echomail/sysop.rights/

On October 13, 2004, Winston Smith has received a message which was
titled "New TCPPort replacement". Eli Sanford seems to have sent it but
I happen to be the author and i didn't even notice this mistake before i
was to late! ~WEB~ BBSes are new to me, i thought i could tolerate this interface but the obvious lack of security is what i'd call a deterrent,
in favour of plain old DialUp/~TelNet~ BBSing, i mean... In any case, i inclose learlines from the post, it says: "Mail-ennium/32 v2.0-beta-r1"
and "Mail-ennium/32 v2 Beta Coming Soon! (1:379/1200.0)". I hope that's helping. When you're there, tell the SysOp about his wide-open hole!...

Salutations, :>

Michel Samson
a/s Bicephale
http://public.sogetel.net/bicephale/


... I BBS using LEGACY DOS+TCP/IP+TelNet+ZMoDem/Kermit+.QWK technologies
___ MultiMail/XT v0.45 - Let me try a TelNettable BBS with an OLMR door!
--- Maximus/2 3.01
* Origin: COMM Port OS/2 juge.com 204.89.247.1 (281) 980-9671 (1:106/2000)

Hello Michel,

MS> ~WEB~ BBSes are new to me, i thought i could tolerate this
> interface but the obvious lack of security is what i'd call a
> deterrent, in favour of plain old DialUp/~TelNet~ BBSing, i
> mean...

Telnet sends your password, everything that the remote system sends for display
on your screen and everything that you type, to and from the remote host in unencrypted clear text. How is this any more secure than an unencrypted HTTP connection?

A Web interface to a BBS could also be made less insecure by making use of SSL and HTTPS. A text-based BBS could be made less insecure by enabling SSH and disabling Telnet.

- Andy Ball.

* SLMR 2.1a *
--- BBBS/NT v4.01 Flag-5
# Origin: FamilyNet Sponsored by http://www.christian-wellness.net (8:8/2)
* Origin: BBS Networks @ www.bbsnets.com 808-839-6036 (1:10/345)

Re: WEB Access BBSes
By: Andy Ball to Michel Samson on Sun Oct 24 2004 19:58:46

Telnet sends your password, everything that the remote system sends for disp on your screen and everything that you type, to and from the remote host in unencrypted clear text. How is this any more secure than an unencrypted HTTP connection?

A Web interface to a BBS could also be made less insecure by making use of S and HTTPS. A text-based BBS could be made less insecure by enabling SSH and disabling Telnet.

I'm also planning on added digest auth support for Synchronets web server... which does not require the uid/pw to be transmitted in the clear.
--- SBBSecho 2.10-FreeBSD
* Origin: FreeBSD Synchronet - telnet://FreeBSD.synchro.net (1:140/17)

======>>> Michel Samson, 1:106/2000 wrote:

Originally to: Bill Gordon

...snip...
á á á á á
á á áOn October 13, 2004, Winston Smith has received a message which was
titled "New TCPPort replacement".á Eli Sanford seems to have sent it but
I happen to be the author and i didn't even notice this mistake before i
was to late!á ~WEB~ BBSes are new to me, i thought i could tolerate this interface but the obvious lack of security is what i'd call a deterrent,
in favour of plain old DialUp/~TelNet~ BBSing, i mean...á In any case, i inclose learlines from the post, it says:á "Mail-ennium/32 v2.0-beta-r1"
and "Mail-ennium/32 v2 Beta Coming Soon! (1:379/1200.0)".á I hope that's helping.á When you're there, tell the SysOp about his wide-open hole!...


...snip...

<<<====== end quote


What's the hole? I don't see it. If you're referring to the ability for a person to use another person's name on another node, that's nothing new or specific to web bbses....

Jon
-FOTW: read your
Fidonet On The Web!
http://www.theheatsinkbbs.ca :=-
--- Internet Rex 2.29
* Origin: The gateway at The HeatSink BBS (1:134/703)

What's the hole? I don't see it. If you're referring to the ability for a person to use another person's name on another node, that's nothing new or specific to web bbses....

wow. that is quite a security flaw. isn't that something that can be easily fixed? apparently, it happened by accident in this case (in michael's case)..

i know it's not that hard to do in php, anyway.

-todd

|07 --haliphax |15//|07rMRS
|02 cotm.dyndns.org
|07 vanguard mods
--- Mystic BBS v1.07.3 (Win32)
* Origin: constipation of the mind :: cotm.dyndns.org (1:2800/18)

Quoting Andy Ball from a message to Michel Samson <--

use of SSL and HTTPS. A text-based BBS could be made less insecure
by enabling SSH and disabling Telnet.

I've used SSH to connect to the system then telnet into the board across the LAN. Seemed pretty secure for what I was doing.

Later,
Sean

// hausmaus@midnightshour.org | ICQ: 19965647
--- Telegard/2 v3.09.g2-sp4/mL
* Origin: Outpost BBS - outpostbbs.us (1:18/200)

======>>> haliphax, 1:2800/18 wrote:

Originally to: Jon Watson

What's the hole? I don't see it. If you're referring to the ability for a person to use another person's name on another node, that's nothing new or specific to web bbses....

wow. that is quite a security flaw. isn't that something that can be easily fixed? apparently, it happened by accident in this case (in michael's case)..

i know it's not that hard to do in php, anyway.

-todd

|07á á á--haliphax |15//|07rMRS
|02á á á cotm.dyndns.org
|07á á á ávanguard mods


<<<====== end quote


See, I must be misunderstanding. Here's what I'm talking about:

I have an account on BBS A as Jon Watson. I'm a mean-spirited bastard, so I go to BBS B and create a new account under your name. Now any messages I post from
BBS B appear to come from you and unless someone is cognizant enough to notice that your node number has changed, you would get blamed for everything I post.

This isn't a security issue per se; it's an artifact of running individual, unconnected systems.

Surely we're talking about two different things, no?

Jon

-FOTW: read your
Fidonet On The Web!
http://www.theheatsinkbbs.ca :=-
--- Internet Rex 2.29
* Origin: The gateway at The HeatSink BBS (1:134/703)

Hello Sean,

SD> I've used SSH to connect to the system then telnet into the
> board across the LAN. Seemed pretty secure for what I was
> doing.

Telnet through an SSH tunnel? Effective, yet somehow perverse (but it makes sense if your BBS machine lacks support for SSH itself). I do something similar, tunnelling VNC through SSH to control computers at a remote site.

- Andy Ball

* SLMR 2.1a *
--- BBBS/NT v4.01 Flag-5
# Origin: FamilyNet Sponsored by http://www.christian-wellness.net (8:8/2)
* Origin: BBS Networks @ www.bbsnets.com 808-839-6036 (1:10/345)

Hello Michel,

MS> Considering the apparent lack of concern from authors/SysOps on
> who the BBSers depended for their SoftWare when the whole BBS
> community went thru the ~TelNet~ transition, euh...

What telnet transition? Telnet is just another way to get a connection into a BBS. I imagine that on many systems the BBS software does not even need to know that telnet is involved, it's just another tty.

MS> Pardon my negativism but it's not tempting to leave such people
> too much ground so that this adventure is repeated in the same
> exclusive fashion again!

After reading this paragraph several times I /think/ I understand what you were
trying to say. If you try to use English more simply, you may end up with more readable results (this is something that I have to remind myself at times too).

MS> I'd make the UpGrade Path INCLUSIVE. I'm thinking of a scheme
> like ~POP3~ before ~SMTP~...

Please explain that. Do you mean that you would have the user retrieve messages
from your BBS using the POP3 protocol, and post their replies via SMTP?

MS> ...but with a twist; i'd keep ~TelNet~ but require my LEGACY
> users to validate using ~SSH~ and then grant ~TelNet~ access
> only after the ~IP~ address is approved...

That would not work for the many, many people who are assigned IP addresses dynamically (not just dial-up users, but also many DSL customers).

MS> I can live with innovations since ~TelNet~ can be secure enough
> if combined with ~SSH~/~HTTPS~

SSH supercedes telnet for applications where security is a concern. Combining them is odd.

MS> ...i might even imagine other ways to adapt plain old ~TelNet~
> sessions without any newer protocols (via additionnal security
> macros/utilities, perhaps?)...

Why reinvent the wheel?

- Andy Ball

* SLMR 2.1a *
--- BBBS/NT v4.01 Flag-5
# Origin: FamilyNet Sponsored by http://www.christian-wellness.net (8:8/2)
* Origin: BBS Networks @ www.bbsnets.com 808-839-6036 (1:10/345)

Andy Ball wrote to Michel Samson <=-

Hello Michel,

MS> ...but with a twist; i'd keep ~TelNet~ but require my LEGACY
> users to validate using ~SSH~ and then grant ~TelNet~ access
> only after the ~IP~ address is approved...

That would not work for the many, many people who are assigned IP addresses dynamically (not just dial-up users, but also many DSL customers).

MS> I can live with innovations since ~TelNet~ can be secure enough
> if combined with ~SSH~/~HTTPS~

SSH supercedes telnet for applications where security is a concern. Combining them is odd.

MS> ...i might even imagine other ways to adapt plain old ~TelNet~
> sessions without any newer protocols (via additionnal security
> macros/utilities, perhaps?)...

Why reinvent the wheel?

My only thought to this is as you say, why re-invent the wheel?

From a quick search through apt-cache search telnet and ftp, I find:

telnet-ssl - The telnet client with SSL encryption support.
telnetd-ssl - The telnet server with SSL encryption support.
ftpd-ssl - FTP server with SSL encryption support.

etc...

I know that both ends have to have the SSL setup, but, that seems to
preclude the entire situation...

Just a thought.




... Anime Excuse #016: Training with Ranma
--- MultiMail/Linux v0.45
--- SBBSecho 2.00-Win32
* Origin: Killed in Action BBS telnet://kia.zapto.org (1:3613/52)

Andy Ball wrote to Sean Dennis:

<snip>

--- BBBS/NT v4.01 Flag-5
# Origin: FamilyNet Sponsored by http://www.christian-wellness.net (8:8/2)
* Origin: BBS Networks @ www.bbsnets.com 808-839-6036 (1:10/345)

Is this allowed? Two Origin lines? I'm not bitching, just curious because if so
then I have to redo my BBS <-> Web replicator. Not a biggy, but my preg search
just looks for Origin...not * Origin.

Thanks!



- HeatSink
MFWIC; The HeatSink BBS
Calgary, Alberta, Canada, eh?
--- MBSE BBS v0.61.4 (GNU/Linux-i386)
* Origin: telnet://TheHeatsinkBBS.ca -=Calgary,AB,Canada =- (1:134/703)

I've used SSH to connect to the system then telnet into the board across t LAN. Seemed pretty secure for what I was doing.

from what i can tell, though, this is only possible so far with a linux bbs system. i've had oodles of trouble getting f-secure (a windows ssh daemon)
to work with my setup in the least. :(

-todd

|07 --haliphax |15//|07rMRS
|02 cotm.dyndns.org
|07 vanguard mods
--- Mystic BBS v1.07.3 (Win32)
* Origin: constipation of the mind :: cotm.dyndns.org (1:2800/18)

wow. that is quite a security flaw. isn't that something that can be easil fixed? apparently, it happened by accident in this case (in michael's case <<<====== end quote

This isn't a security issue per se; it's an artifact of running individual unconnected systems.

gotcha. yeah, i completely misunderstood the context of the problem. :)

-todd

|07 --haliphax |15//|07rMRS
|02 cotm.dyndns.org
|07 vanguard mods
--- Mystic BBS v1.07.3 (Win32)
* Origin: constipation of the mind :: cotm.dyndns.org (1:2800/18)

Telnet through an SSH tunnel? Effective, yet somehow perverse (but it mak sense if your BBS machine lacks support for SSH itself). I do something similar, tunnelling VNC through SSH to control computers at a remote site.

it works like a charm. i know several linux bbss that have been doing it for quite some time. there's a bit of a wait at the very beginning of a user's connection to the board, but it picks back up once the telnet end of it is
all connected and transmitting.

-todd

|07 --haliphax |15//|07rMRS
|02 cotm.dyndns.org
|07 vanguard mods
--- Mystic BBS v1.07.3 (Win32)
* Origin: constipation of the mind :: cotm.dyndns.org (1:2800/18)

MS> ...i might even imagine other ways to adapt plain old ~TelNet~
> sessions without any newer protocols (via additionnal security
> macros/utilities, perhaps?)...
Why reinvent the wheel?

not only that, but wouldn't this be a contradiction to his plan? if you
wanted to keep telnet around, but had to add security macros, those macros would need to be implemented on the client side, as well. therefore, these users would have to go with this new "super telnet" instead of the old
vanilla telnet, when they could have just gone with SSH in the first place.

:P

-todd

|07 --haliphax |15//|07rMRS
|02 cotm.dyndns.org
|07 vanguard mods
--- Mystic BBS v1.07.3 (Win32)
* Origin: constipation of the mind :: cotm.dyndns.org (1:2800/18)

Jon Watson wrote to Andy Ball <=-

Andy Ball wrote to Sean Dennis:

<snip>

--- BBBS/NT v4.01 Flag-5
# Origin: FamilyNet Sponsored by http://www.christian-wellness.net (8:8/2)
* Origin: BBS Networks @ www.bbsnets.com 808-839-6036 (1:10/345)

Is this allowed? Two Origin lines? I'm not bitching, just curious
because if so
then I have to redo my BBS <-> Web replicator. Not a biggy, but my
preg search
just looks for Origin...not * Origin.

That depends, on if its a gated message. Looks like its a message that originated in FamilyNet (8:8/2) and came through BBS Networks
(1:10/345).



... Cat list | grep nice >giftlist
--- MultiMail/Linux v0.45
--- SBBSecho 2.00-Win32
* Origin: Killed in Action BBS telnet://kia.zapto.org (1:3613/52)

Hello Michel,

MS> And now, for the ones who must cope with transitions on their
> own, euh... there's more to come: ~WEB~ access (which may go
> unnoticed by some people but not everyone) and then ~SSH~
> (idem). Considering the increasing number of these transitions,
> i shouldn't be surprized that you must happen to wonder about
> which it is!

You make it sound as though users are being forced to progress through dial-up

Telnet -> Web -> SSH, which is nonsense. Those technologies are simply

alternative means of connecting to a BBS. None are compulsory and there is certainly no need to progress through them in any kind of sequence.

MS> More than once! In that case i shall make my posts *LESS*
> legible!

:-(

MS> ...then grant ~TelNet~ access only after the ~IP~ address is
> approved...

AB> Please explain... That would not work for the many, many people
> who are assigned IP addresses dynamically...

MS> Instead of "like" i should have wrote "similar" as i wouldn't
> agree to depend on ~E-Mail~ myself (not before i tried some
> sturdier methods)!

You missed my point. Do you suggest that the user is authenticated on the basis of a static IP address? Perhaps you meant once each session, but you have still not explained what mechanisms you would use for authentication and encryption.

MS> Indeed, but i haven't tried to determine on which criteria the
> ~IP~ address should be approved just yet. What about Domain
> Names?

What about them. Do you expect BBS users users to register a domain name just so that they can connect to a BBS?

MS> This was only meant as an alternative to accomodate BBSers who
> must connect using ~SSH~ then ~TelNet~ *SEPARATELY*, for some
> reason...

What reason? Describe a scenario in which this makes sense.

MS> Combining them would accomodate BBSers who can't use file
> transfers over a same ~SSH~ session but who could ~SSH~ then
> ~TelNet~, separately.

Any client platform capable of running SSH should also be capable of running SFTP. It may also be possible to use traditional BBS file transfer protocols such as XModem, Kermit etc. over an SSH connection.

- Andy Ball

* SLMR 2.1a *
--- BBBS/NT v4.01 Flag-5
# Origin: FamilyNet Sponsored by http://www.christian-wellness.net (8:8/2)
* Origin: BBS Networks @ www.bbsnets.com 808-839-6036 (1:10/345)

Re: Telnet Vs SSH
By: Andy Ball to Michel Samson on Thu Oct 28 2004 01:36:20

SSH supercedes telnet for applications where security is a concern. Combinin them is odd.

More accurately, it supercedes rlogin, not telnet. Telnet has a good number of features that SSH doesn't.
--- SBBSecho 2.10-FreeBSD
* Origin: FreeBSD Synchronet - telnet://FreeBSD.synchro.net (1:140/17)

Re: Telnet Vs SSH
By: Andy Ball to Michel Samson on Fri Oct 29 2004 01:53:32

Any client platform capable of running SSH should also be capable of running SFTP. It may also be possible to use traditional BBS file transfer protocol such as XModem, Kermit etc. over an SSH connection.

Kermit and ZModem should run over any kind of connection at all.
--- SBBSecho 2.10-FreeBSD
* Origin: FreeBSD Synchronet - telnet://FreeBSD.synchro.net (1:140/17)

Hello, Andy.

28 Oct 04 01:19, you wrote to me:

Telnet through an SSH tunnel? Effective, yet somehow perverse (but it makes sense if your BBS machine lacks support for SSH itself). I do something similar, tunnelling VNC through SSH to control computers at
a remote site.

I could install SSH on the BBS machine (it's running OS/2), but it's rather difficult and time-consuming to do. It's easier when I had a Linux box running... you just SSH into the Linux box and over to the OS/2 machine. It was a matter of convience for me. <G>

Later,
Sean
--- GoldED+/W32 1.1.5-31012
* Origin: Stranded at the Outpost... (1:18/200)

SFTP. It may also be possible to use traditional BBS file transfer protoc such as XModem, Kermit etc. over an SSH connection.

leputty, available on sourceforge, i believe, has zmodem support as well as ssh1 and ssh2. for command-line ssh, there's bterm.. but it only supports
ssh1, and is very slow.

-todd

|07 --haliphax |15//|07rMRS
|02 cotm.dyndns.org
|07 vanguard mods
--- Mystic BBS v1.07.3 (Win32)
* Origin: constipation of the mind :: cotm.dyndns.org (1:2800/18)

JON WATSON wrote to ANDY BALL <=-

Is this allowed? Two Origin lines? I'm not bitching, just curious

Yeah, it is allowed for gates. Perfectly legal. :)

Later,
Sean


... I'm nowhere *near* as dumb as I look
--- MultiMail/Win32 v0.46
--- Telegard/2/QWK v3.09.g2-sp4/mL
* Origin: Outpost BBS - outpostbbs.us (1:18/200)

Re: Re: Telnet Vs SSH
By: Sean Dennis to Jon Watson on Fri Oct 29 2004 03:29 pm

JON WATSON wrote to ANDY BALL <=-

Is this allowed? Two Origin lines? I'm not bitching, just curious

Yeah, it is allowed for gates. Perfectly legal. :)

Only the Origin line with the '*' is a valid Origin line.

digital man

Snapple "Real Fact" #152:
In 1985, the fastest bicyclist was clocked at 154 mph.

======>>> haliphax, 1:2800/18 wrote:

Originally to: Jon Watson

wow. that is quite a security flaw. isn't that something that can be easil fixed? apparently, it happened by accident in this case (in michael's case
unconnected systems.

gotcha. yeah, i completely misunderstood the context of the problem. :)

-todd

|07á á á--haliphax |15//|07rMRS
|02á á á cotm.dyndns.org
|07á á á ávanguard mods


<<<====== end quote


I'm assuming that I have the right context, but perhaps not. I asked for clarification at one point and got none so I assume I'm correct.

-FOTW: read your
Fidonet On The Web!
http://www.theheatsinkbbs.ca :=-
--- Internet Rex 2.29
* Origin: The gateway at The HeatSink BBS (1:134/703)

Re: Re: Telnet Vs SSH
By: haliphax to Andy Ball on Fri Oct 29 2004 12:21:00

SFTP. It may also be possible to use traditional BBS file transfer prot such as XModem, Kermit etc. over an SSH connection.

leputty, available on sourceforge, i believe, has zmodem support as well as ssh1 and ssh2. for command-line ssh, there's bterm.. but it only supports ssh1, and is very slow.

And, of course, ZOC.
--- SBBSecho 2.10-FreeBSD
* Origin: FreeBSD Synchronet - telnet://FreeBSD.synchro.net (1:140/17)

Hello Michel,

MS> You fail to take into account the context where an analogy with
> the "~POP3~ before ~SMTP~" validation method is brought in, i
> wonder if it's obvious to you what "~POP3~ before ~SMTP~" is
> implying. ;-)

Then state this context, don't expect readers to divine it through psychic means!

MS> Throughout the years, Authors/SysOps have been acting like
> MicroSoft $hare holder$, or employee$: they took for granted
> that all BBSers are using `Windows' and it's even more specific
> than that since a BBSer's HardWare should be able to run a `Win
> 32' OS for ~SSH~/~HTTPS~;

BBS were around for years before MS Windows, and I continue to use software that knows nothing of MS Windows. For years I also used a BBS that was run on a non-PC hardware platform running non-Microsoft system software. Also note that SSH and HTTPS are in no way tied to MS Windows.

MS> There's no need to explore ways to make ~TelNet~ secure with
> help of ~SSH~ or ~HTTPS~ since authors/SysOps would just remove
> that LEGACY feature instead but i will because you insist...

I never "insisted" on that, since I already know how to tunnel Telnet through SSH. I merely observed that doing so makes little or no sense for most remote terminal applications (including access to a BBS).

MS> Lets start with the BBS system from where i'm posting right now.
> I got "69.75.117.170" when i fed `NSLookUp' with "BBSNets.COM"
> and then it led to two very distinct results when i used
> `TraceRt'...

And what makes you think that this is significant?

MS> I have access to two different ~ISP~s at home so i made this
> test with both and here's what i found: my 128 Kbps ~DSL~ feed
> gives two consistent strings which show up as "bellnexia.net"
> and "inet.qwest.net" in the listing;

...in the list of hosts that your packets are being routed through?

MS> ...with my DialUp account there were three of these, somehwere
> in the listing i got "sogetel.net", "vtl.net" and "level3.net".
> In both cases, it began with a Domain Name i could associate
> with the ~ISP~ i used to ~TelNet~ and it ended with what i
> believe to be the Domain Name of the ~ISP~ which gives access
> the remote BBS system.

Why do you think that this matters? Are you talking about the BBS host, or intermediate systems?

MS> Now, lets combine with this distinct patern a form of secure
> validation thru the previous ~SSH~ or ~HTTPS~ session (which
> took place MINUTES AGO);

Validation for an SSH or HTTPS session probably only lasts for the duration of that session. It is not a reasonable basis for anything that happens after that session has ended.

MS> ...if i were a SysOp, a validation method as selective as this
> would sound secure enough for the LEGACY BBSers to use ~TelNet~.
> In this context, it does make sense, no?

No.

MS> Anyway, as i explained, ~SSH~/~HTTPS~ and ~TelNet~ ARE available
> separately, probably under most of the OSes i can think of and
> even under DOS i might add! I see no reason why i'd be unable to
> validate thru ~SSH~ and then call a BBS thru unsecure ~TelNet~
> SoftWare...

I never said that you couldn't. Tunnelling through an SSH connection is common
practice. Tunnelling telnet through an SSH connection to a host that is accessible via SSH to the outside world makes no sense, since in order to connect you need a working SSH client, which will do the same thing as telnet in any case!

MS> So far, once a session is initiated i wouldn't care that my
> BBSer's ~IP~ is changing as long as his partern is going to be
> the same.

Define 'partern'.

MS> Do you still fail to see where the "~POP3~ before ~SMTP~"
> analogy fits here...

Yes, you have failed to explain what you mean by that.

MS> i rarely launch `Windows' just to get a message-packet (the wait
> is very long and is measured in minutes because INet acces under
> `Windows' would require that i use a Fire-Wall, an Anti-Virus
> and also an Anti-PopUp, if the only option left is a ~WEB~
> BBS)...

Use of the Web does not require MS Windows.

- Andy Ball

* SLMR 2.1a *
--- BBBS/NT v4.01 Flag-5
# Origin: FamilyNet Sponsored by http://www.christian-wellness.net (8:8/2)
* Origin: BBS Networks @ www.bbsnets.com 808-839-6036 (1:10/345)

leputty, available on sourceforge, i believe, has zmodem support as wel ssh1 and ssh2. for command-line ssh, there's bterm.. but it only suppor ssh1, and is very slow.

And, of course, ZOC.

i've never been satisfied with zoc's font set.

-todd

|07 --haliphax |15//|07rMRS
|02 cotm.dyndns.org
|07 vanguard mods
--- Mystic BBS v1.07.3 (Win32)
* Origin: constipation of the mind :: cotm.dyndns.org (1:2800/18)

Michel,

MS> Oh! My crysal ball shows you're becoming somewhat
> apprehensive, as if your life would depend on it!

I am not apprehensive, just confused. What you are suggesting makes no sense.

MS> Why must you keep making me look as if i made a
> statement or another and then steer topics in all
> directions?!?

I may be misunderstanding you because your use of English does not convey the meaning that you intend.

MS> i don't try to make ~TelNet~ secure - only safer!...

?!!

MS> Anyway, i favour the prolonged support of this
> protocol, not a revision of it.

Telnet has its place. Secure terminal connections to a remote host (e.g. a BBS) are not that place.

MS> The objection over UserNames/PassWords being sent
> legibly over ~TelNet~ was noted, you got my reply.
> Yet, the validation step can be done elsewhere via
> ~SSH~.

But if your client platform can support SSH (and most can), why not use that alone for the remote terminal connection?

MS> I sense a trace of irritation while LEGACY BBSers are
> mentioned...

I am in favor of supporting as wide a range of client platforms as we can. For
dial-up users that could mean anything from a VT-100 terminal onwards (or even a teletype if people build their menus accordingly). For access over the Internet, any client platform that can run SSH (or perhaps an SSL-equipped Web browser) makes sense to me.

MS> Who wants to "Tunnel"? It's OKay if "~POP3~ before
> ~SMTP~" doesn't remind you of anything...

So you expect to "validate" a connection on the basis of an already terminated SSH session? Senseless.

MS> I'll have to ignore the rest, i find futile to correct
> more assertions about what i'm supposed to think!

So, because you can't back up your suggestions or answer any of my perfectly reasonable questions you're going to ignore my posts? Fine! You have proven that you belong back on my twit list in any case.

- Andy Ball.

* SLMR 2.1a *
--- BBBS/NT v4.01 Flag-5
# Origin: FamilyNet Sponsored by http://www.christian-wellness.net (8:8/2)
* Origin: BBS Networks @ www.bbsnets.com 808-839-6036 (1:10/345)

Michel,

MS> Oh! My crysal ball shows you're becoming somewhat
> apprehensive, as if your life would depend on it!

I am not apprehensive, just confused. What you are suggesting makes no sense.

MS> Why must you keep making me look as if i made a
> statement or another and then steer topics in all
> directions?!?

I may be misunderstanding you because your use of English does not convey the meaning that you intend.

MS> i don't try to make ~TelNet~ secure - only safer!...

?!!

MS> Anyway, i favour the prolonged support of this
> protocol, not a revision of it.

Telnet has its place. Secure terminal connections to a remote host (e.g. a BBS) are not that place.

MS> The objection over UserNames/PassWords being sent
> legibly over ~TelNet~ was noted, you got my reply.
> Yet, the validation step can be done elsewhere via
> ~SSH~.

But if your client platform can support SSH (and most can), why not use that alone for the remote terminal connection?

MS> I sense a trace of irritation while LEGACY BBSers are
> mentioned...

I am in favor of supporting as wide a range of client platforms as we can. For
dial-up users that could mean anything from a VT-100 terminal onwards (or even a teletype if people build their menus accordingly). For access over the Internet, any client platform that can run SSH (or perhaps an SSL-equipped Web browser) makes sense to me.

MS> Who wants to "Tunnel"? It's OKay if "~POP3~ before
> ~SMTP~" doesn't remind you of anything...

So you expect to "validate" a connection on the basis of an already terminated SSH session? Senseless.

MS> I'll have to ignore the rest, i find futile to correct
> more assertions about what i'm supposed to think!

So, because you can't back up your suggestions or answer any of my perfectly reasonable questions you're going to ignore my posts? Fine! You have proven that you belong back on my twit list in any case.

- Andy Ball.

* SLMR 2.1a *
--- BBBS/NT v4.01 Flag-5
# Origin: FamilyNet Sponsored by http://www.christian-wellness.net (8:8/2)
* Origin: BBS Networks @ www.bbsnets.com 808-839-6036 (1:10/345)

Chip Hearn wrote to Jon Watson:

Is this allowed? Two Origin lines? I'm not bitching, just curious because if so
then I have to redo my BBS <-> Web replicator. Not a biggy, but my preg search
just looks for Origin...not * Origin.

That depends, on if its a gated message. Looks like its a message that originated in FamilyNet (8:8/2) and came through BBS Networks
(1:10/345).

Crap...OK....which one is considered the 'real' originator? I'm not sure I
can
keep both...hmm...

Jon


- HeatSink
MFWIC; The HeatSink BBS
Calgary, Alberta, Canada, eh?
--- MBSE BBS v0.61.4 (GNU/Linux-i386)
* Origin: telnet://TheHeatsinkBBS.ca -=Calgary,AB,Canada =- (1:134/703)

Sean Dennis wrote to Jon Watson:

Yeah, it is allowed for gates. Perfectly legal. :)

Bummer.....where'd I put my drawing board.....

Jon


- HeatSink
MFWIC; The HeatSink BBS
Calgary, Alberta, Canada, eh?
--- MBSE BBS v0.61.4 (GNU/Linux-i386)
* Origin: telnet://TheHeatsinkBBS.ca -=Calgary,AB,Canada =- (1:134/703)

Rob Swindell wrote to Sean Dennis:

Only the Origin line with the '*' is a valid Origin line.

OK....will there only ever be one * Origin line? Is it spec that if there are more that they start with # ?

Thanks

Jon

- HeatSink
MFWIC; The HeatSink BBS
Calgary, Alberta, Canada, eh?
--- MBSE BBS v0.61.4 (GNU/Linux-i386)
* Origin: telnet://TheHeatsinkBBS.ca -=Calgary,AB,Canada =- (1:134/703)

ROB SWINDELL wrote to SEAN DENNIS <=-

Only the Origin line with the '*' is a valid Origin line.

Well, I assumed that was assumed. :)

Later,
Sean


... Jesus saves sinners and redeems them for VALUABLE prizes!
--- MultiMail/Win32 v0.46
--- Telegard/2/QWK v3.09.g2-sp4/mL
* Origin: Outpost BBS - outpostbbs.us (1:18/200)

Re: Re: Telnet Vs SSH
By: Jon Watson to Rob Swindell on Sun Oct 31 2004 11:56 am

Only the Origin line with the '*' is a valid Origin line.

According to FTS-4, yes.

OK....will there only ever be one * Origin line? Is it spec that if there ar more that they start with # ?

No, but that is a common practice.

digital man

Snapple "Real Fact" #3:
Beavers can hold their breathe for 45 minutes under water.

======>>> Rob Swindell, 1:0/0 wrote:

Originally to: Jon Watson

á Re: Re: Telnet Vs SSH
á By: Jon Watson to Rob Swindell on Sun Oct 31 2004 11:56 am

Only the Origin line with the '*' is a valid Origin line.

According to FTS-4, yes.

OK....will there only ever be one * Origin line? Is it spec that if there ar more that they start with # ?

No, but that is a common practice.

<<<====== end quote


OK, cool. So...before I go jumping into my code.....

For the sake of argument, am I required to keep all origin lines, or just the one starting with the '*'?

Thanks!
Jon
-FOTW: read your
Fidonet On The Web!
http://www.theheatsinkbbs.ca :=-
--- Internet Rex 2.29
* Origin: The gateway at The HeatSink BBS (1:134/703)

So, because you can't back up your suggestions or answer any of my perfect reasonable questions you're going to ignore my posts? Fine! You have pro that you belong back on my twit list in any case.

you guys are funny.

|07 --haliphax |15//|07rMRS
|02 cotm.dyndns.org
|07 vanguard mods
--- Mystic BBS v1.07.3 (Win32)
* Origin: constipation of the mind :: cotm.dyndns.org (1:2800/18)

Re: Re: Telnet Vs SSH
By: Jon Watson to rob swindell on Sun Oct 31 2004 07:50 pm

Only the Origin line with the '*' is a valid Origin line.

According to FTS-4, yes.

OK....will there only ever be one * Origin line? Is it spec that if there more that they start with # ?

No, but that is a common practice.

<<<====== end quote

OK, cool. So...before I go jumping into my code.....

For the sake of argument, am I required to keep all origin lines, or just th one starting with the '*'?

I would keep (and convert) any existing origin lines as it helps track gated messages and other potential problems.

digital man

Snapple "Real Fact" #166:
Before mercury, brandy was used to fill thermometers.

======>>> Rob Swindell, 1:0/0 wrote:

Originally to: Jon Watson

I would keep (and convert) any existing origin lines as it helps track gated messages and other potential problems.


<<<====== end quote


Convert? How so?

Jon
-FOTW: read your
Fidonet On The Web!
http://www.theheatsinkbbs.ca :=-
--- Internet Rex 2.29
* Origin: The gateway at The HeatSink BBS (1:134/703)

Re: Re: Telnet Vs SSH
By: Jon Watson to rob swindell on Tue Nov 02 2004 06:50 am

======>>> Rob Swindell, 1:0/0 wrote:

Originally to: Jon Watson

I would keep (and convert) any existing origin lines as it helps track gated messages and other potential problems.

<<<====== end quote

Convert? How so?

Replace the '*' with a '#' (before adding your own Origin line).

Example (in C):

if(!strncmp((char *)buf+l," * Origin: ",11))
buf[l+1]='#'; /* Convert " * Origin" into " # Origin" */

digital man

Snapple "Real Fact" #93:
A Kangaroo can jump 30 feet.

Rob Swindell wrote to Jon Watson:

Convert? How so?

Replace the '*' with a '#' (before adding your own Origin line).

Example (in C):

if(!strncmp((char *)buf+l," * Origin: ",11))
buf[l+1]='#'; /* Convert " * Origin" into " # Origin" */

Ahh, I see. My BBS software (MBSE) takes care of the origin and stuff. Everything that leaves my BBS is processed by MBSE first. This is largely to ensure that it leaves here in the proper format. My code only deals with replicating messages between the BBS and my web forums. My question was pointed
in that direction to make sure that the messages I was presenting on my web forums meet the standards.

Thanks!

Jon

PS - I just installed webalizer for kicks today on my server. I had no idea that I was getting 40 some odd unique sites per day. Guess the web forums are more popular than I thought :)



- HeatSink
MFWIC; The HeatSink BBS
Calgary, Alberta, Canada, eh?
--- MBSE BBS v0.61.4 (GNU/Linux-i386)
* Origin: telnet://TheHeatsinkBBS.ca -=Calgary,AB,Canada =- (1:134/703)

<snip>

--- BBBS/NT v4.01 Flag-5
# Origin: FamilyNet Sponsored by http://www.christian-wellness.net
(8:8/2)
* Origin: BBS Networks @ www.bbsnets.com 808-839-6036 (1:10/345)

Is this allowed? Two Origin lines?

that is proper FTN<->FTN gateing...

I'm not bitching, just curious because if so then I have to redo
my BBS <-> Web replicator. Not a biggy, but my preg search just
looks for Origin...not * Origin.

the leading space and star are significant as well as the defacto standard use of the hash mark for additional origin lines on gated messages...

' * Origin: '

is what should be keyed on as well as a confirmation of locating the proper line by looking to the end of the line for a FTN formatted address within the parenthesis... ;)

)\/(ark
* Origin: (1:3634/12)

Is this allowed? Two Origin lines? I'm not bitching, just curious CH>> JW> because if so
then I have to redo my BBS <-> Web replicator. Not a biggy, but my CH>> JW> preg search
just looks for Origin...not * Origin.

That depends, on if its a gated message. Looks like its a message that CH>> originated in FamilyNet (8:8/2) and came through BBS Networks
(1:10/345).

Crap...OK....which one is considered the 'real' originator?

properly gated FTN<->FTN echomail will carry one or more origin lines... the first one is the true originator... the last one is the valid one for the system doing the gateing... all the origin lines are valid and show a trail of the echo between FTN networks carrying it... note, also, that the echotag will be different in each FTN network...

you may find info in the FTN-FTN echomail gateing program blackhole... i have it available on my system and have used it in the past with no problems... it is an old application and one of extremely few that i know of that do FTN<->FTN
echomail gateing...

I'm not sure I can keep both...hmm...

that i can't help with ;)

)\/(ark
* Origin: (1:3634/12)

Only the Origin line with the '*' is a valid Origin line.

OK....will there only ever be one * Origin line?

not supposed to be...

Is it spec that if there are more that they start with # ?

yes but pretty much defacto, IIRC... i don't recall anything specifically written in the FTSC specs and proposals...

)\/(ark
* Origin: (1:3634/12)

OK, cool. So...before I go jumping into my code.....

For the sake of argument, am I required to keep all origin
lines, or just the one starting with the '*'?

on your own system, the tearline and everything after it can be torn off and not displayed at all... that information, however, may be needed to be stored somewhere so that it might be used with a reply to get the reply back to the originator (ie: private netmail reply)...

it has been common practise to retain that info as well as the control line info and simply not display the control line info unless the user specifically toggled it on...

by not retaining that info, users can't tell if the message is from someone local (on the same board) or in some far away place... this is one reason why it has been kept and displayed to the users...

)\/(ark
* Origin: (1:3634/12)

Convert? How so?

Replace the '*' with a '#' (before adding your own Origin
line).

but only when you are gateing echomail from one network to another...

)\/(ark
* Origin: (1:3634/12)

PS - I just installed webalizer for kicks today on my server.
I had no idea that I was getting 40 some odd unique sites per
day. Guess the web forums are more popular than I thought :)

they may be spiders from the search engines as well as spammer spiders looking for email addresses "in the clear" that they can harvest... it is also possible
that they are infected machines trying to infect your server... and then there are the whitehat machines checking that your server isn't already infected ;)

)\/(ark
* Origin: (1:3634/12)

Re: Telnet Vs SSH
By: mark lewis to Rob Swindell on Wed Nov 03 2004 09:57 am

Convert? How so?

Replace the '*' with a '#' (before adding your own Origin
line).

but only when you are gateing echomail from one network to another...

Actually, when exporting any mail to an FTN network. :-) If a user types
* Origin: some bogus value (using a '*')
The '*' should be automatically converted to something else. As I expect SBBSecho to do with this message (or is that only following a tear line?).

digital man

Snapple "Real Fact" #94:
Lizards communicate by doing push-ups.

Hi,

the leading space and star are significant as well as the defacto

standard

use of the hash mark for additional origin lines on gated messages...

' * Origin: '

is what should be keyed on as well as a confirmation of locating the proper line by looking to the end of the line for a FTN formatted address within the parenthesis... ;)

Yes, I see that now. I was being sloppy because I didn't think there would ever
be more than one Origin line. That is until I saw 8:8/8 show up in my web forums :)

Good to know, thanks for all the other info too. I'll get to work sometime soon
and fix that

Jon

- HeatSink
MFWIC; The HeatSink BBS
Calgary, Alberta, Canada, eh?
--- MBSE BBS v0.61.4 (GNU/Linux-i386)
* Origin: telnet://TheHeatsinkBBS.ca -=Calgary,AB,Canada =- (1:134/703)

mark lewis wrote to Jon Watson:

PS - I just installed webalizer for kicks today on my server.
I had no idea that I was getting 40 some odd unique sites per
day. Guess the web forums are more popular than I thought :)

they may be spiders from the search engines as well as spammer spiders looking for email addresses "in the clear" that they can harvest... it is also possible that they are infected machines trying to infect your server... and then there are the whitehat machines checking that your server isn't already infected ;)

Yeah....or my web forums could be more popular than I thought, no?



- HeatSink
MFWIC; The HeatSink BBS
Calgary, Alberta, Canada, eh?
--- MBSE BBS v0.61.4 (GNU/Linux-i386)
* Origin: telnet://TheHeatsinkBBS.ca -=Calgary,AB,Canada =- (1:134/703)

Actually, when exporting any mail to an FTN network. :-) If a user types
* Origin: some bogus value (using a '*')

haha.. it worked, 'cuz the message stopped right there.

|07 --haliphax |15//|07rMRS
|02 cotm.dyndns.org
|07 vanguard mods
--- Mystic BBS v1.07.3 (Win32)
* Origin: constipation of the mind :: cotm.dyndns.org (1:2800/18)

Re: Telnet Vs SSH
By: mark lewis to Rob Swindell on Wed Nov 03 2004 09:57 am

Convert? How so?

Replace the '*' with a '#' (before adding your own Origin
line).

but only when you are gateing echomail from one network to another...

Actually, when exporting any mail to an FTN network. :-) If a
user types
* Origin: some bogus value (using a '*')

there's where your message stopped... apparently your system didn't detect the above invalid origin line and add a proper and valid origin line ;) the above isn't proper or valid because it is missing a FTN formatted address within the ()'s ;)

ya gotta have both ends of the line correct for it to be valid... ;)

)\/(ark
* Origin: (1:3634/12)

Re: Re: Telnet Vs SSH
By: haliphax to Rob Swindell on Thu Nov 04 2004 12:42 pm

Actually, when exporting any mail to an FTN network. :-) If a user types
* Origin: some bogus value (using a '*')

haha.. it worked, 'cuz the message stopped right there.

Well I think it's only a valid Origin line if it follows a tear line (---).

digital man

Snapple "Real Fact" #125:
Pigeons have been trained by the U.S. Coast Guard to spot people lost at sea.

Re: Telnet Vs SSH
By: mark lewis to Rob Swindell on Thu Nov 04 2004 02:23 pm

Convert? How so?

Replace the '*' with a '#' (before adding your own Origin
line).

but only when you are gateing echomail from one network to another...

Actually, when exporting any mail to an FTN network. :-) If a
user types
* Origin: some bogus value (using a '*')

there's where your message stopped... apparently your system didn't detect t above invalid origin line and add a proper and valid origin line ;) the abo isn't proper or valid because it is missing a FTN formatted address within t ()'s ;)

ya gotta have both ends of the line correct for it to be valid... ;)

Actually, it's got to follow a tear line in order to be a valid origin line.

digital man

Snapple "Real Fact" #37:
A snail breathes through it's foot.

PS - I just installed webalizer for kicks today on my server. I had no

Webalizer? What would that be?

Later...
---
* Origin: Country Computer: www.country-computer.net (1:154/288)

Actually, when exporting any mail to an FTN network. :-) If
a user types
* Origin: some bogus value (using a '*')

haha.. it worked, 'cuz the message stopped right there.

actually, it didn't work as that wasn't the end of the message ;)

)\/(ark
* Origin: (1:3634/12)

Actually, when exporting any mail to an FTN network. :-)

If a user types

* Origin: some bogus value (using a '*')

haha.. it worked, 'cuz the message stopped right there.

Well I think it's only a valid Origin line if it follows a
tear line (---).

nope... tearlines are not required... origin lines must have the proper lead in
as the proper close with FTN address ;)

)\/(ark
* Origin: (1:3634/12)

there's where your message stopped... apparently your
system didn't detect the above invalid origin line and
add a proper and valid origin line ;) the about isn't
proper or valid because it is missing a FTN formatted
address within the ()'s ;)

ya gotta have both ends of the line correct for it to be valid... ;)

Actually, it's got to follow a tear line in order to be a
valid origin line.

actually, you're incorrect ;) according to the specs, the tearline is not required ;) ;)

)\/(ark
* Origin: (1:3634/12)

PS - I just installed webalizer for kicks today on my server. I had no

Webalizer? What would that be?

web server log file analyzer...

)\/(ark
* Origin: (1:3634/12)

======>>> Howard Scaggs, 1:154/288 wrote:

Originally to: Jon Watson

PS - I just installed webalizer for kicks today on my server. I had no

Webalizer? What would that be?

Later...



<<<====== end quote


It's a 'stats' program for your web server. It parses the apache log and shows a really nice break down of hits, sites, visits, who what where and when...it's
pretty cool.

Jon
-FOTW: read your
Fidonet On The Web!
http://www.theheatsinkbbs.ca :=-
--- Internet Rex 2.29
* Origin: The gateway at The HeatSink BBS (1:134/703)

Re: Re: Telnet Vs SSH
By: Jon Watson to howard scaggs on Sun Nov 14 2004 00:05:16

It's a 'stats' program for your web server. It parses the apache log and sho a really nice break down of hits, sites, visits, who what where and when...i pretty cool.

It also of course works with the Synchronet web log. :-)
--- SBBSecho 2.10-FreeBSD
* Origin: FreeBSD Synchronet - telnet://FreeBSD.synchro.net (1:140/17)

PS - I just installed webalizer for kicks today on my server. I had no

It's a 'stats' program for your web server. It parses the apache log and

shows a really nice break down of hits, sites, visits, who what where and

when...it's pretty cool.

Hi Jon,

Where might I find it?



Later...
---
* Origin: (1:154/288)

Howard Scaggs wrote to Jon Watson:

PS - I just installed webalizer for kicks today on my server. I had

no

It's a 'stats' program for your web server. It parses the apache log

and

shows a really nice break down of hits, sites, visits, who what where

and

when...it's pretty cool.

Hi Jon,

Where might I find it?

Wny right here:

http://www.mrunix.net/webalizer/

If you don't have web access I can upload a copy here for you.

Jon


- HeatSink
MFWIC; The HeatSink BBS
Calgary, Alberta, Canada, eh?
--- MBSE BBS v0.61.4 (GNU/Linux-i386)
* Origin: telnet://TheHeatsinkBBS.ca -=Calgary,AB,Canada =- (1:134/703)