I'm thinking out loud here. Would anyone be interested in an invite-only public Unix server along the lines of Super Defense Fortress? Something geared towards serving up content for vintage computers?
Thoughts:- Less about serving up vintage archives and more about modern content that can be served up to older machines.
- I could probably set up FreeBSD jails and provide gopher and non-ssl html pages. No mail, too risky.
- Is this interesting? Boring? Users would have to upload plain old html files and there wouldn't be the other fun stuff like messaging if we go the jails route.
Problems:- Many of the old machines don't support ssl. Jails and locked down user roles may solve this risk.
Thinking out loud here. I don't know if this is feasable, wildly irresponsible, or even worthwhile. I know that several other Tilde providers eventually stopped their projects (
https://tilde.club/~pfhawkins/defuncttildes.html)because users behaved so badly.
What are your thoughts? What risks do we face, and how to get around them? Serving non-ssl web pages is one thing, but logging into a server, even if it's a jail is another.
It's a cool idea. Looked at SDF and it's just SSH accounts yeah?
If there's isn't a TLS->HTTP gateway service available already, that would nice to try. I'm thinking it would be a reflector* for non-TLS clients, ie NeXT running non-TLS browsers.* The gateway would want to "dumb-down" pages too, to remove new incompatible stuff in HTML5 etc. Even if you just did a screen-reader translation, which is prevalent now in the modern browsers, that would be useful.
Security implications: traffic on the other side could be sniffed. Old browsers might be leaky, but you also don't put CC #s or passwords in them. No access to password-oriented services, which leaves a bit out, but it'd be sites that won't work anyway.
Was VPN a thing in the days of NeXT?
I would not try jails until later.
* but maybe the wrong term.
** another thread here says OmniWeb can do SSL (maybe 1.3?), a gateway/reflector would allow other historical browsers to work eg Mosaic (although they would probably need X11).
There is documentation on this site about creating an SSL gateway using a Raspberry Pi, I believe.
> There is documentation on this site about creating an SSL gateway using a Raspberry Pi, I believe
Indeed. Tried Squid deployed on a Pi and had some success. Maybe a single installation on a public-facing machine (no need for a Pi) could proxy Altexxa and the other retro sites that are behind TLS.
> OmniWeb can do SSL (maybe TLS 1.3?)
No, it looks like something far older.
> Tilde providers eventually stopped their projects
Yeah, definitely necessary to find a tractable approach to avoiding attack, abuse etc, or not go here on any formal scale.
I have a subdomain on Arvixe that is serving up NeXT files at next.haleblian.com . It is HTTP, no cert or SSL set up. I'm currently using it to serve content so that it is reachable from NEXTSTEP. I can provide a filesystem on that as at least a proving ground for non-secrets services. Arvixe doesn't provide enough in their jail to support running a Squid or WRP service there.
I would have fun with something of this sort!
And if I could just get CryptoAncienne fully running (my actual issue is with the microinetd daemon; I have CryptoAncienne/carl compiled & running on my TurboColor), then the SSL/TLS issue would be fixed for OmniWeb 2.7 under NS 3.3. Dr. Kaiser got it running under NS 3.3 on his HP workstation...
http://oldvcr.blogspot.com/2020/11/fun-with-crypto-ancienne-tls-for.html
So, how do other groups tackle the telnet/ssl problem? I still want to build this, but can't seem to get past obsolete ssl.
I provide a Squid SSL-Bump proxy for community members of another dead platform (webOS).
Its remarkably easy, but depends on being able to handle simpler HTTPS encryption and setting a system-wide (or browser-wide) proxy on the client.
http://www.webosarchive.com/docs/proxysetup/
OmniWeb can do TLS 1.0 with a plugin, and a proxy can be set for it....