Well, since I decided it was time to start documenting things, I've thrown up my first HOW-TO document. It's available via my blog or you can go directly to the URL here:
http://kb7sqi.com/kb7sqi/SBook.htmlThe page covers how to bring your contacts over from Mac OS X to NEXTSTEP/OPENSTEP using Apple AddressBook & SBook which is available on both platforms. Hope you enjoy it. Take care.
No feedback? I'm suprised. Upcoming articles will include Email setup, various security topics, local caching dns server, etc. Any opinions on what to write up next atleast?
Sorry for the long time! I read the article that is so interesting. I have an iBook G3 and will try sbook soon. I think that articles and howto like your (and all packages that you made) are very useful to bring the NeXT in the present. Elsewhere we have beautiful machine with so much powder on it!
Quote from: "Shuren"Sorry for the long time! I read the article that is so interesting. I have an iBook G3 and will try sbook soon. I think that articles and howto like your (and all packages that you made) are very useful to bring the NeXT in the present. Elsewhere we have beautiful machine with so much powder on it!
Hi Shuren. Thanks. I know people use my packages. They see the most action on the web server. :wink: I was just curious for feedback on howto articles. I didn't want to wast time if no one was interested. SBook5 on Mac OS X does make it really easy to transfer contacts to a NeXT system. Once you have them loaded into SBook on the NeXT, You can then transfer them to the "original" NeXT addressbook using StayInTouch.app. I've been waiting for the author to finish getting OS4.2 installed virtually under Fusion so I can get a license for StayInTouch. I'm still looking for a way to transfer information from iCal into a useable format for the NeXT running Chronographer/PencilMeIn. One thing that's funny about NEXTSTEP/OPENSTEP is that the "addressbook" for Mail.app is a seperate file compared to the addressbook for the operating system. Mail.app actually uses a file called .mailalias in ~/.NeXT/ I've been working on a proper conversion between something like an ldif/vcf file to .mailalias. I've found a few solutions, but nothing completely perfect yet. But that could be an article in its self. :lol: Take care.
Quote from: "kb7sqi"No feedback? I'm suprised. Upcoming articles will include Email setup, various security topics, local caching dns server, etc. Any opinions on what to write up next atleast?
I am interested to hear more about security issues, and how to fix or at least diminish them, as this area gives me some concern when thinking about using NS/OS more.
On the other hand, is NS/OS too "old" at this point to even be a target on a hackers radar?? Never did like the "security through obscurity" argument, so I guess not.
Quote from: "nextchef"Quote from: "kb7sqi"No feedback? I'm suprised. Upcoming articles will include Email setup, various security topics, local caching dns server, etc. Any opinions on what to write up next atleast?
I am interested to hear more about security issues, and how to fix or at least diminish them, as this area gives me some concern when thinking about using NS/OS more.
On the other hand, is NS/OS too "old" at this point to even be a target on a hackers radar?? Never did like the "security through obscurity" argument, so I guess not.
Oh I agree security is a real problem with NS/OS. Back in 200-2001 I left a Mono Turbo system hooked up to my cable modem out in the "DMZ." No firewalls, etc. I have to say, I was proud it never got "rooted." There's alot of things that need updated on NS/OS. A great place to start is here:
http://golem.ph.utexas.edu/~distler/progs/index.html Jacques Distler put the page up several years ago, but I'd say it holds true today. What's changed in NS/OS since then? Nothing. :wink: His page has several replacements I recommend. On my own particular systems, I've went beyond all that & I've tried to implement other things as well. It might be a good idea to break the security stuff into several articles. Just FYI, I'm looking to fix the telnet problem besides the ftpd problems on our systems. I've been re-collecting all the security stuff again in prep for the security articles. Thanks for the feedback. I'll hold off on the email setup & start w/ security next. I'll try to get the first article posted by the weekend.
I'm also particularly interested in the security aspects, as everything including passwords seems to transit unencrypted across the network with NS&OS. So if you've any intention of posting howtos, please do so! In the mean time I'm off to check out that link.
Ok I need some more input here. I've made quite a bit of headway getting several replacement commands/daemons to fix several of the nasty security bugs in NEXTSTEP/OPENSTEP. Now, my question to everyone. I'm serious, I need feedback! Would you like these to be individual packages or would you like one jumbo package to replace the original commands. My take on this, is that Apple is never going to give us any more patches. NeXT was never big on fixing the security problems as well. I was thinking of creating a script to move all the vulnerable stuff to *.OFF, chmod -x everything & then install the replacement commands in the proper place like /usr/bin, /etc/, etc. That way none of the vulnerable daemons/commands can still be accessed. Or I can simply create individual packages & everyone can be take on the task of updating their inetd.conf, rc.local to make sure the new stuff is used. It don't matter to me. Several smaller packages will be just as easy as one big one. Just in case you're curious, I was succesful at compiling logdaemon-5.13 so I have a working replacements for rlogind, rexecd, rshd, telnetd, login, etc. All compiled w/ s/key support and the telnetd daemon is working fine on my system at the moment. Once I got the logdaemon stuff compiled, I updated wu-ftpd to support s/key as well. You don't have to use by default, but it's there if you want to. I also have newer rdist-6.1.5 compiled as well. I personally don't like using telnet/r* commands & I shut all that off in /etc/inetd.conf, but it's nice to have the option. So, feedback will decide on how I go further on package creation. Take care.
My vote would be for rolling them all up into one "patch", as you described.
I agree with the single update as well. I'm decent at the command line, but still need work. Being able to upgrade the security without a lot of line-altering would be awesome.
I'm interested in any how-to you want to make :) Like an indepth one into setting up mail.app and associated programs for SSL pop3 support and the like.
Two votes for a single update. Ok I'm going to wait till the weekend so I can get more feedback. That also give me more time to get everything organized in the scripts. I did notice some differences in the new telnetd daemon. It's documented in the docs, but I didn't read them first. :wink: The telnetd daemon has some features removed to make it more about security. While doing initial testing everything thing seemed fine, but there's one thing I don't like. The telnetd daemon don't pass environment settings. This is a good/bad thing. I really never use telnet so I'm fine w/ it. Telnet should be replaced by ssh. But saying that, the daemon does work and definately brings it into this decade. LogDaemon-5.13 was released in 2002. I'm going to include it in the update package, but I'm going to stress that it should be disabled & use ssh instead. :lol:
Helf don't worry, after I get the security package/tutorial done, I'm going to start an email tutorial as well. I know it's something that can cause confusion on a NeXT system when starting out. I'm going to cover everything from using the stock sendmail that comes w/ the system, a newer version of sendmail/postfix, and using fetchmail/msmtp and pine/elm. I think that'll cover email on a NeXT! 8) Take care.
The mail setup How To would be nice... I've tried it a few times with some of the documentation that's out there but never really got far. Think the furthest I got was being abel to send but not retrieve mail. None the less, updates and a How To would be glorious. (makes me wish the NeXT eZine from the org board didn't die after only one issue).
Another thing I would like see discussed more is how to "run" remote apps on my next systems. I had some success using CubX to "run" apps off of my linux box on my TurboColor, but it required some very insecure settings on both ends in order to get it working even marginally, which I did not like. Another option would be to use a VNC solution, but I have not tried that. I do see that you have a version available for m68k, but I did not see a packaged version as of yet.
So how about some sort of guide on how to run remote apps on our NS/OS systems, with possibly pgp tunneling or something similar for security. If one combines this with all the software you have ported (many thanks BTW), I can see myself using my NeXT system more and more as a primary machine, which I would like.
Just a thought, since we were throwing out ideas.
dravier fetching email is easy! PopOver works perfect for that unless you have mail provider that uses SSL/a secure connection. If that's the case, you can use my fetchmail package. It's compiled against OpenSSL specifically for that reason. :lol: Check out the thread on GMAIL is Possible w/ a NeXT. I explained on using both fetchmail/msmtp & stunnel w/ PopOver.
nextchef, the *tgz archive of VNC on my server is already compiled. Just extract & move it to your ~/Apps or /LocalApps. The 1.24 version is for OPENSTEP only though. Not NEXTSTEP. You can find a version for NEXTSTEP on one of the archives. If not, let me know & I'll throw it up on the site. Now, as far as securing stuff between a newer box & the NeXT, you have a few options. ssh forwarding does work w/ my package. I've used it many times w/ X11 & CubX. You can also again use stunnel. Stunnel is like a swiss knife of securing stuff w/ SSL. :P You can secure your telnet, ftp, vnc, mail, etc all w/ stunnel. It's a pretty handy program. I've got the latest 4.x compiled quad-fat in my packages. I'm going to be compiling the latest 3.x release for the mail article. Why? Well, 4 works great, but the 3.x release has a great deal more flags that can be passed & I'm going to use that for email from inetd.conf. Instead of having it startup on boot up. It can be used as needed that way. The NeXT is definately showing it's age in the *nix area, but there's still quite a bit of stuff that can be compiled & help extends its usefulness. Hope that helps. Take care. 8)
One thing I forgot to mention. If you have Cub-X installed, I also have rdesktop compiled as a package. It lets you connect to an winsux system running Terminal Services. It's not as fast as sitting in front of a PC, but it's usable. I compiled that back when the other forums were going specifically for Markus/Hanul. :D Markus is a windows admin. He was able to use OPENSTEP on his laptop that way & still get his work done. Hanul had even tested it on the Gecko for me before I got my 712 up & running. Since then, I've used quite a few times. But, I really don't have a need for it since I don't have any winsux systems in the house to connect to. :wink: Take care.
kb7sqi, i always got a RND error trying to use openssl on my NeXT :( I'll have to get the exact error message again. I might have just set something up horribly wrong :P
btw, is your nick a HAM call sign?
Quote from: "helf"kb7sqi, i always got a RND error trying to use openssl on my NeXT :( I'll have to get the exact error message again. I might have just set something up horribly wrong :P
btw, is your nick a HAM call sign?
You apparently didn't read the instructions in my packages directory about OpenSSL/OpenSSH needs prngd also. There's even an example of how I have it starting on boot up in /etc/rc.local. :wink: Just razzing you helf. You also need prngd if you want to use stunnel, fetchmail, apache w/ mod_ssl enabled, etc. Basically anything that's linked against OpenSSL. Why? Because the NeXT don't have a /dev/random or /dev/urandom so prngd serves that purpose.
Yes, kb7sqi is my ham call sign. I've had it since 1992. Back when I was in the Air Force & stationed in Alaska, I was very active in the packet community. I used to do alot of tcp/ip over packet. Pretty cool stuff. Nothing like being out in the middle of no where & being able to connect to your system. Do email, irc, etc. It's amazing what you can do w/ technology. I do this stuff daily & still get amazed at times. :D Take care.
oh, cool. I've always wanted to mess with packet radio! :)
I thougth I had prngdD installed... hrm..
I'll have to look it over. heh
Quote from: "helf"oh, cool. I've always wanted to mess with packet radio! :)
I thougth I had prngdD installed... hrm..
I'll have to look it over. heh
You probably need to start it on boot up like I show in the example. In all the packages compiled so far, I have yet to use any pre/post install scripts. So that way I wasn't modifying anything on your system. I leave that upto you.
:wink:
Yeah, packet is pretty cool. I need to dig all that stuff out one of these days. I have wampes compiled for my NeXT. It's a TCP/IP package for packet. So much to do/so little time. :shock:
Quote from: "kb7sqi"You can find a version for NEXTSTEP on one of the archives. If not, let me know & I'll throw it up on the site.
A little direction in finding it would be great. I have searched my local copies of the Peak and funet NeXT archive sections but cant seem to find a vnc client.
http://kb7sqi.com/files/m68k/VNCViewer.app-1.24.m68k.tgzI dunno if that one works... I've never gotten one to work on my NeXT :)
Quote from: "nextchef"Quote from: "kb7sqi"You can find a version for NEXTSTEP on one of the archives. If not, let me know & I'll throw it up on the site.
A little direction in finding it would be great. I have searched my local copies of the Peak and funet NeXT archive sections but cant seem to find a vnc client.
It's on Frank Siegerts Area 51 Download page. Here's a direct link. This is for NEXTSTEP 3.3. :D
http://www.wizards.de/~frank/NXVNCViewer0.91.NISH.b.tar.gzNow posted in my misc archive as well. Here's a link for that also:
http://kb7sqi.com/files/misc/NXVNCViewer0.91.NISH.b.tar.gzI will say that if you have OPENSTEP 4.2, the VNCViewer-1.24 is a better program. Since I'm not a Obj-C kinda guy, I'm not sure how much work it'd take to convert it to a NEXTSTEP program. But I've used Frank's port several times on my HP Gecko & it does work. It is on my todo list to one day take the time to learn proper "NeXT/Mac OSX" programming, but it's kinda low on the list. I'd love to be able to write some new stuff though. Hope that helps. Take care.
Quote from: "kb7sqi"It's on Frank Siegerts Area 51 Download page. Here's a direct link. This is for NEXTSTEP 3.3. :D
Thanks for the link, will have to try it out tonight when I get home.
Just a quick update, I didn't get a chance to finish packaging everything up this weekend & do a write up. I got tied up w/ work & I was also trying to resolve a few minor things I don't like in the telnet daemon. If might have to be an optional install. It works, but I don't like when you telnet into a system, and from there try to telnet/ssh out. It fails to pass env settings, etc. I know it was done because of security reasons, but it's kind of annoying also. Also, for those that know where the archives are, I've posted a complete 4 gig VM image of OS4.2/EOF1.1 User/EOF 2.2 User/Dev/WebObjects 3.5.1 Deployment/Developer complete w/ Y2K patches & the 2007 DST Time Zone patch for North America as well. It's also got the Literature package from NS3.1 also. :D No extra 3rd party apps like OmniWeb, etc. I was asked about it several times & needed to create a bare image, so I've posted a copy. There's a readme in the directory explaining everything about the image. All the VMWare drivers are installed/configured. I prefer Parallels on my Mac, because it's faster, but I have to say it was fun streaming audio while installing stuff under Fusion. :P I've tested the image under the latest Fusion & Server on linux as well. The total size is under 700 megs and around 230 megs bzip'ed . I created the image for the testing of all the security stuff & a few other things I'm working on.
You are truly "the man" ... all hail kb7sqi :D
This should give me a "sane" build environment to start working on a few things myself.
Thanks again for all the work you have put into the NS/OS stuff, and the OpenSolaris suggestions as well.
Chef
Quote from: "nextchef"You are truly "the man" ... all hail kb7sqi :D
This should give me a "sane" build environment to start working on a few things myself.
Thanks again for all the work you have put into the NS/OS stuff, and the OpenSolaris suggestions as well.
Chef
Thanks. I do most of it because I enjoy using the OS. Just remember that it's a 100% x86 OPENSTEP base. I didn't install any of the NEXTSTEP 3.3 dev stuff for dual-development. If I get time, I can dupe the image & add that as well if there's enough interest. It can be easily added. If you look in the misc section on my site, I have the scripts I use for creating a Dual-Development setup. Since I finally started creating packages, I can honestly say I wish I would've done it a long time ago. It cuts my dev time down alot. I no longer have to shuffle stuff from one system to another to compile it. Sure, there still those occasional problems & you need to compile something on another system for testing, but I live w/ that. :lol:
Can you post a package of the lit stuff from NS3.1? I've been wanting that..
Quote from: "helf"Can you post a package of the lit stuff from NS3.1? I've been wanting that..
I'll make a copy of the package later & post in misc section. For m68k I take it? :wink:
hi
any news regarding the security patches, I finally got my cube with apache and I'm hosting a personal website on it
but security is something that I take very seriously and i don't want something happen to my NS 3.3 OS
thanks
Quote from: "NeXTnewbe"hi
any news regarding the security patches, I finally got my cube with apache and I'm hosting a personal website on it
but security is something that I take very seriously and i don't want something happen to my NS 3.3 OS
thanks
lol, best of luck there! There hasn't been a patch since 1999! And that was Y2k related.
Id stick a statefull firewall infront of it..... If I was scared, but you know up until I left Miami, my cube was directly on the internet... The only thing I had to do was shutdown sendmail, and after that nobody hit it.
Quote from: "NeXTnewbe"hi
any news regarding the security patches, I finally got my cube with apache and I'm hosting a personal website on it
but security is something that I take very seriously and i don't want something happen to my NS 3.3 OS
thanks
Hi NeXTnewbie,
Well atleast you have the latest version of apache running. Too be honest, time has been pretty lacking the last 2 months. That's why I haven't had time to do a whole lot w/ my NeXT's. :-( I spent some free time on dropbear since it was requested, & was a little bit of a challenge. But I knew it was doable since it's been compiled on tons of systems. ;-) Kinda like ngircd. The pine updates I did is because I happen to use pine a great deal for email while away from home. I haven't forgotten about finishing a mega "patch/update" package. I also still want to write a howto article on email. Seems a great deal of people have problems w/ this. Once you have fetchmail/msmtp/stunnel, it's actually pretty easy. :-) But thanks for the nudge. When I get some more free time, I'll do some more work on this stuff. Sorry time has been limited, but work always comes first. :-( Take care.