Client Server mode

Have an idea or suggestion for features to be included in the upcoming The Major BBS v10? Let us know here
daniel_spain
Posts: 395
Joined: Sun Aug 09, 2020 2:39 am

Re: Client Server mode

Post by daniel_spain »

Abraxis wrote:
> [quote=banjaxster post_id=31 time=1596986575 user_id=66]
> I still use c/s mode mostly for importing user data and new user info
> I have a few games that will work in c/s mode for example the game called
> Spot
> I would love to see the c/s mode updated so more could use it,most people
> now days use windows or mac and a dos looking program scares them away
> [/quote]
>
> I really liked the C/S Sysop module. If something that worked in Active H
> could be made, that would remove my need for C/S. It would of course need
> adequate protection, like double passwords and few logins before locking
> out the hackers.
>
> As for games I like the idea of AH front end to telnet/RLogin for external
> and internal games.
>
> Abraxis

from your bbs pc goto. "http://ipaddress/remote" that's the built in remote sysop applet. I use it for everything.
as for a/h games I scrapped em, a while ago, the transport engine at least to me was a bit wonky in ways it
was "emulating" terminal mode. I need to modify galrlgnd for the web rlogin way to work so that you can directly
rlogin to the system worldgroup in its present form does not allow true rlogin but its been something I have been
tacking so we can support some other server to server game tech out there other bbs's are using.
And anyone that knows me knows I won't stop until I get her working. But I am working on it.

User avatar
Gangrif
Posts: 22
Joined: Sun Aug 09, 2020 2:25 am
Contact:

Re: Client Server mode

Post by Gangrif »

daniel_spain wrote:
> Abraxis wrote:
> > [quote=banjaxster post_id=31 time=1596986575 user_id=66]
> > I still use c/s mode mostly for importing user data and new user info
> > I have a few games that will work in c/s mode for example the game called
> > Spot
> > I would love to see the c/s mode updated so more could use it,most people
> > now days use windows or mac and a dos looking program scares them away
> > [/quote]
> >
> > I really liked the C/S Sysop module. If something that worked in Active H
> > could be made, that would remove my need for C/S. It would of course need
> > adequate protection, like double passwords and few logins before locking
> > out the hackers.
> >
> > As for games I like the idea of AH front end to telnet/RLogin for external
> > and internal games.
> >
> > Abraxis
>
> from your bbs pc goto. "http://ipaddress/remote" that's the built in remote
> sysop applet. I use it for everything.
> as for a/h games I scrapped em, a while ago, the transport engine at least to me was
> a bit wonky in ways it
> was "emulating" terminal mode. I need to modify galrlgnd for the web rlogin
> way to work so that you can directly
> rlogin to the system worldgroup in its present form does not allow true rlogin but
> its been something I have been
> tacking so we can support some other server to server game tech out there other bbs's
> are using.
> And anyone that knows me knows I won't stop until I get her working. But I am working
> on it.

I'd ignored the web system for wg for so long, and I actually didn't know this existed... And god is it ugly.
[Nate][VeNoM][Gangrif]
SySop of The Underground BBS
bbs.undrground.org

daniel_spain
Posts: 395
Joined: Sun Aug 09, 2020 2:39 am

Re: Client Server mode

Post by daniel_spain »

Gangrif wrote:
> Abraxis wrote:
> > [quote=banjaxster post_id=31 time=1596986575 user_id=66]
> > I still use c/s mode mostly for importing user data and new user info
> > I have a few games that will work in c/s mode for example the game called
> > Spot
> > I would love to see the c/s mode updated so more could use it,most people
> > now days use windows or mac and a dos looking program scares them away
> > [/quote]
> >
> > I really liked the C/S Sysop module. If something that worked in Active H
> > could be made, that would remove my need for C/S. It would of course need
> > adequate protection, like double passwords and few logins before locking
> > out the hackers.
> >
> > As for games I like the idea of AH front end to telnet/RLogin for external
> > and internal games.
> >
> > Abraxis
> Anything allowing remote sysop via web on MBBS would need some serious security
> re-vamping. These systems were "secure" in an era where 6-character
> passwords were considered good enough. by todays standards they're pretty terrible.
> Ideally, the entire board needs a securty upgrade.

if I am not mistaking passwords can be one character. not to mention I think you can send auth strings without encryption.......
?Userid=Sysop type thing.

User avatar
Gangrif
Posts: 22
Joined: Sun Aug 09, 2020 2:25 am
Contact:

Re: Client Server mode

Post by Gangrif »

daniel_spain wrote:
> Gangrif wrote:
> > Abraxis wrote:
> > > [quote=banjaxster post_id=31 time=1596986575 user_id=66]
> > > I still use c/s mode mostly for importing user data and new user info
> > > I have a few games that will work in c/s mode for example the game called
> > > Spot
> > > I would love to see the c/s mode updated so more could use it,most people
> > > now days use windows or mac and a dos looking program scares them away
> > > [/quote]
> > >
> > > I really liked the C/S Sysop module. If something that worked in Active H
> > > could be made, that would remove my need for C/S. It would of course need
> > > adequate protection, like double passwords and few logins before locking
> > > out the hackers.
> > >
> > > As for games I like the idea of AH front end to telnet/RLogin for external
> > > and internal games.
> > >
> > > Abraxis
> > Anything allowing remote sysop via web on MBBS would need some serious security
> > re-vamping. These systems were "secure" in an era where 6-character
> > passwords were considered good enough. by todays standards they're pretty
> terrible.
> > Ideally, the entire board needs a securty upgrade.
>
> if I am not mistaking passwords can be one character. not to mention I think you can
> send auth strings without encryption.......
> ?Userid=Sysop type thing.
Yea, I didn't mean that the board enforces any character limits, just that in the era, short passwords were ok, as long as you thought they were hard to guess. Now, it'd take seconds to break a password that short.

Or... you could just sniff it in the completely unencrypted communication with the board.. you know. :P So step 1 needs to be, get some encrypted protocols in place, by default. Step 2 would be better password policies, and ultimately, multi-factor auth.
[Nate][VeNoM][Gangrif]
SySop of The Underground BBS
bbs.undrground.org

daniel_spain
Posts: 395
Joined: Sun Aug 09, 2020 2:39 am

Re: Client Server mode

Post by daniel_spain »

Gangrif wrote:
> daniel_spain wrote:
> > Gangrif wrote:
> > > Abraxis wrote:
> > > > [quote=banjaxster post_id=31 time=1596986575 user_id=66]
> > > > I still use c/s mode mostly for importing user data and new user info
> > > > I have a few games that will work in c/s mode for example the game
> called
> > > > Spot
> > > > I would love to see the c/s mode updated so more could use it,most
> people
> > > > now days use windows or mac and a dos looking program scares them away
> > > > [/quote]
> > > >
> > > > I really liked the C/S Sysop module. If something that worked in
> Active H
> > > > could be made, that would remove my need for C/S. It would of course
> need
> > > > adequate protection, like double passwords and few logins before
> locking
> > > > out the hackers.
> > > >
> > > > As for games I like the idea of AH front end to telnet/RLogin for
> external
> > > > and internal games.
> > > >
> > > > Abraxis
> > > Anything allowing remote sysop via web on MBBS would need some serious
> security
> > > re-vamping. These systems were "secure" in an era where
> 6-character
> > > passwords were considered good enough. by todays standards they're pretty
> > terrible.
> > > Ideally, the entire board needs a securty upgrade.
> >
> > if I am not mistaking passwords can be one character. not to mention I think you
> can
> > send auth strings without encryption.......
> > ?Userid=Sysop type thing.
> Yea, I didn't mean that the board enforces any character limits, just that in the
> era, short passwords were ok, as long as you thought they were hard to guess. Now,
> it'd take seconds to break a password that short.
>
> Or... you could just sniff it in the completely unencrypted communication with the
> board.. you know. :P So step 1 needs to be, get some encrypted protocols in place,
> by default. Step 2 would be better password policies, and ultimately, multi-factor
> auth.

Not to mention all passwords are stored in plain text I did base64 storage in my global addon but that’s pretty ancient too I suppose. Net village did something with passwords in v5 so at some front at least it’s being addressed. Good news is this could be fixed quickly without a ton of difficulty. Change storage size in account.h then password rules in majorbbs.c then create your encryption method in same file and modify wgsusr2.bcr and create a conversion file........done

daniel_spain
Posts: 395
Joined: Sun Aug 09, 2020 2:39 am

Re: Client Server mode

Post by daniel_spain »

Gangrif wrote:
> daniel_spain wrote:
> > Abraxis wrote:
> > > [quote=banjaxster post_id=31 time=1596986575 user_id=66]
> > > I still use c/s mode mostly for importing user data and new user info
> > > I have a few games that will work in c/s mode for example the game called
> > > Spot
> > > I would love to see the c/s mode updated so more could use it,most people
> > > now days use windows or mac and a dos looking program scares them away
> > > [/quote]
> > >
> > > I really liked the C/S Sysop module. If something that worked in Active H
> > > could be made, that would remove my need for C/S. It would of course need
> > > adequate protection, like double passwords and few logins before locking
> > > out the hackers.
> > >
> > > As for games I like the idea of AH front end to telnet/RLogin for external
> > > and internal games.
> > >
> > > Abraxis
> >
> > from your bbs pc goto. "http://ipaddress/remote" that's the built in
> remote
> > sysop applet. I use it for everything.
> > as for a/h games I scrapped em, a while ago, the transport engine at least to me
> was
> > a bit wonky in ways it
> > was "emulating" terminal mode. I need to modify galrlgnd for the web
> rlogin
> > way to work so that you can directly
> > rlogin to the system worldgroup in its present form does not allow true rlogin
> but
> > its been something I have been
> > tacking so we can support some other server to server game tech out there other
> bbs's
> > are using.
> > And anyone that knows me knows I won't stop until I get her working. But I am
> working
> > on it.
>
> I'd ignored the web system for wg for so long, and I actually didn't know this
> existed... And god is it ugly.

its just a java applet i got the source code to it a while ago and its written in java 1.0.3 but that idea is what i'm recommending for replacement of the client. a web frontend. but as you said security becomes an issue, i mean even the html pages are framed and nasty. not a web dev but im pretty sure the tech active html uses is obsolete nowadays.

Questman
Posts: 160
Joined: Fri Aug 07, 2020 2:12 pm
Location: Raleigh, NC
Contact:

Re: Client Server mode

Post by Questman »

Dan you are correct. Active HTML is probably obsolete too. There's better approaches that can provide the benefit of web and client in a browser nowadays. We are investigating those.

We just need to build a dev team :)
Founder, The Major BBS Restoration Project
Owner, Elwynor Technologies ISV
Former Owner, Galacticomm IP (2005-2020)
Contributor, Galacticomm IP baseline

User avatar
Gangrif
Posts: 22
Joined: Sun Aug 09, 2020 2:25 am
Contact:

Re: Client Server mode

Post by Gangrif »

daniel_spain wrote:
> Gangrif wrote:
> > daniel_spain wrote:
> > > Gangrif wrote:
> > > > Abraxis wrote:
> > > > > [quote=banjaxster post_id=31 time=1596986575 user_id=66]
> > > > > I still use c/s mode mostly for importing user data and new user
> info
> > > > > I have a few games that will work in c/s mode for example the
> game
> > called
> > > > > Spot
> > > > > I would love to see the c/s mode updated so more could use
> it,most
> > people
> > > > > now days use windows or mac and a dos looking program scares them
> away
> > > > > [/quote]
> > > > >
> > > > > I really liked the C/S Sysop module. If something that worked in
> > Active H
> > > > > could be made, that would remove my need for C/S. It would of
> course
> > need
> > > > > adequate protection, like double passwords and few logins before
> > locking
> > > > > out the hackers.
> > > > >
> > > > > As for games I like the idea of AH front end to telnet/RLogin for
> > external
> > > > > and internal games.
> > > > >
> > > > > Abraxis
> > > > Anything allowing remote sysop via web on MBBS would need some serious
> > security
> > > > re-vamping. These systems were "secure" in an era where
> > 6-character
> > > > passwords were considered good enough. by todays standards they're
> pretty
> > > terrible.
> > > > Ideally, the entire board needs a securty upgrade.
> > >
> > > if I am not mistaking passwords can be one character. not to mention I
> think you
> > can
> > > send auth strings without encryption.......
> > > ?Userid=Sysop type thing.
> > Yea, I didn't mean that the board enforces any character limits, just that in
> the
> > era, short passwords were ok, as long as you thought they were hard to guess.
> Now,
> > it'd take seconds to break a password that short.
> >
> > Or... you could just sniff it in the completely unencrypted communication with
> the
> > board.. you know. :P So step 1 needs to be, get some encrypted protocols in
> place,
> > by default. Step 2 would be better password policies, and ultimately,
> multi-factor
> > auth.
>
> Not to mention all passwords are stored in plain text I did base64 storage in my
> global addon but that’s pretty ancient too I suppose. Net village did something with
> passwords in v5 so at some front at least it’s being addressed. Good news is this
> could be fixed quickly without a ton of difficulty. Change storage size in account.h
> then password rules in majorbbs.c then create your encryption method in same file and
> modify wgsusr2.bcr and create a conversion file........done

Yea, bright side to having them in text now, is that the conversion process is easy. Its when you're moving from one hash to another that it gets hard.

And i didn't expect it to be a difficult change, just a change that needs to happen.

We do need secure protocols though, otherwise its kinda for naught. Just makes the really easy hack, a slightly less easy hack.
[Nate][VeNoM][Gangrif]
SySop of The Underground BBS
bbs.undrground.org

daniel_spain
Posts: 395
Joined: Sun Aug 09, 2020 2:39 am

Re: Client Server mode

Post by daniel_spain »

Gangrif wrote:
> daniel_spain wrote:
> > Gangrif wrote:
> > > daniel_spain wrote:
> > > > Gangrif wrote:
> > > > > Abraxis wrote:
> > > > > > [quote=banjaxster post_id=31 time=1596986575 user_id=66]
> > > > > > I still use c/s mode mostly for importing user data and new
> user
> > info
> > > > > > I have a few games that will work in c/s mode for example
> the
> > game
> > > called
> > > > > > Spot
> > > > > > I would love to see the c/s mode updated so more could use
> > it,most
> > > people
> > > > > > now days use windows or mac and a dos looking program scares
> them
> > away
> > > > > > [/quote]
> > > > > >
> > > > > > I really liked the C/S Sysop module. If something that
> worked in
> > > Active H
> > > > > > could be made, that would remove my need for C/S. It would
> of
> > course
> > > need
> > > > > > adequate protection, like double passwords and few logins
> before
> > > locking
> > > > > > out the hackers.
> > > > > >
> > > > > > As for games I like the idea of AH front end to
> telnet/RLogin for
> > > external
> > > > > > and internal games.
> > > > > >
> > > > > > Abraxis
> > > > > Anything allowing remote sysop via web on MBBS would need some
> serious
> > > security
> > > > > re-vamping. These systems were "secure" in an era
> where
> > > 6-character
> > > > > passwords were considered good enough. by todays standards
> they're
> > pretty
> > > > terrible.
> > > > > Ideally, the entire board needs a securty upgrade.
> > > >
> > > > if I am not mistaking passwords can be one character. not to mention I
> > think you
> > > can
> > > > send auth strings without encryption.......
> > > > ?Userid=Sysop type thing.
> > > Yea, I didn't mean that the board enforces any character limits, just that
> in
> > the
> > > era, short passwords were ok, as long as you thought they were hard to
> guess.
> > Now,
> > > it'd take seconds to break a password that short.
> > >
> > > Or... you could just sniff it in the completely unencrypted communication
> with
> > the
> > > board.. you know. :P So step 1 needs to be, get some encrypted protocols
> in
> > place,
> > > by default. Step 2 would be better password policies, and ultimately,
> > multi-factor
> > > auth.
> >
> > Not to mention all passwords are stored in plain text I did base64 storage in my
> > global addon but that’s pretty ancient too I suppose. Net village did something
> with
> > passwords in v5 so at some front at least it’s being addressed. Good news is
> this
> > could be fixed quickly without a ton of difficulty. Change storage size in
> account.h
> > then password rules in majorbbs.c then create your encryption method in same
> file and
> > modify wgsusr2.bcr and create a conversion file........done
>
> Yea, bright side to having them in text now, is that the conversion process is easy.
> Its when you're moving from one hash to another that it gets hard.
>
> And i didn't expect it to be a difficult change, just a change that needs to happen.
>
> We do need secure protocols though, otherwise its kinda for naught. Just makes the
> really easy hack, a slightly less easy hack.

security is an issue im having in adding true rlogin to my test system. if someone comes in from their system as "Sysop" well yeah they are now on the sysop account.
from what im reading rlogin was never intended for "public" access synchronet combated this by adding a whitelist where only systems on that list could rlogin in but it doesnt help me when duplicate ids need to share the same system.
I need to see how Vircom handled DMA userids that were identical i almost want to say we should scrap rlogin and go with our own flavor of dma due to the security
issues it could impose. but i need it to work so we can create web instances of logging into the system from the html front end and playing games.
Wildcat, Synchronet, and a few others do this flawlessly.

Jbod
Posts: 2
Joined: Wed Sep 02, 2020 5:41 am

Re: Client Server mode

Post by Jbod »

Duckula wrote:
> Thanks for your feedback - how many of your users (percentage) would you
> think use c/s mode?

Are you asking the right questions? "How many of your users (percentage) would you think use c/s mode?"

I've been out of the loop for a bit. I had a MBBS / Worldgroup system with over 150+ telnet/dialin lines and vircom's software to offload programs on to other machines.

I'm curious .... Do you have a client that people today can access and make use of? People use cell phones and tablets to access most online platforms daily.

Does MBBS have a client that people can access easily through the devices they regularly use? If not you simply can not get to the people who might be interested in what you have created.

Post Reply