On 21 Mar 21 13:45:27, Apam said the following to Atreyu:

Sure, if they don't offer an SSH option.

I offer telnet for those who don't care, I also offer SSH for those who
do.

LOL, every Sysop that puts up a telnet board doesn't care... but you do?

Your compassion just warms my heart...

Atreyu

--- Renegade vY2Ka2
* Origin: Joey, do you like movies about gladiators? (21:1/176)

On 03-21-21 13:45, apam wrote to Atreyu <=-

I offer telnet for those who don't care, I also offer SSH for those who do.

Same here. I actually don't use SSH often myself, but I'm either logging in locally on the LAN or on a virtual LAN, using an encrypted link - the latter is encrypted end to end, might as well be SSH.


... If you can't laugh at yourself, make fun of other people.
=== MultiMail/Win v0.52
--- SBBSecho 3.10-Linux
* Origin: Freeway BBS Bendigo,Australia freeway.apana.org.au (21:1/109)

I hope Seth Able never sees this! There goes my free turns playing LORD.

Bah. Let him see it. Dude sometimes expresses his love by sending me negative money.

Also, I have a sneaking suspicion that he's really just pursuing Jenny Garth.

--- Mystic BBS v1.12 A46 2020/08/26 (Linux/64)
* Origin: Storm BBS (21:2/108)

accept telnet connections. Will you lecture them all how insecure their systems are or will you just single out mine because I refuse the
paranoid party line?

This topic came up because someone asked, "Hey, how can I do x security
thing", and got a response of, "That's dumb".

This entire topic should never have come up, because people should be able to ask questions on how to do any random thing they want and unless it's
something harmful to others, get a useful response or positive conversation.

and to actually answer your question, it's because people feel as though
your actions are hypocritical, rather than it being about security or "the paranoid party line". They're aiming at the perceived hypocrisy, not the security.

--- Mystic BBS v1.12 A46 2020/08/26 (Linux/64)
* Origin: Storm BBS (21:2/108)

On 21 Mar 21 13:29:58, Adept said the following to Atreyu:

and to actually answer your question, it's because people feel as though your actions are hypocritical, rather than it being about security or "the paranoid party line". They're aiming at the perceived hypocrisy, not the security.

... And I would not of intervened in this silly thread entirely had it not been for tinfoil remarks about how telnet can be snooped on. Its such a captain-obvious remark that it can but for some to imply that hackers specifically target BBS's in 2021 is absurd. Family Guy cutaway absurd.

My removal of Sysop commands was back in the 90's when someone tried an MCI exploit. No hypocrisy in that because at the time BBS'ing was "a thing" and MCI exploits were becoming a "problem". BBS'ing is not "a thing" anymore
and since it runs on a dedicated virtual machine I could not care two shits
if someone snoops on what I'm doing on telnet. A hacker will not find anything here that could be used against me to negatively impact my life. My real-life, not the Sysop techie fantasy life where much of my time appears wasted.

Anyway when those people who perceive hypocrisy show me documented cases from cybersecurity professionals how BBS telnet snooping specifically is "a
thing", I will gladly retract. Until then I stand by my posts and "don't
care" to tow the line on BBS telnet snooping or how one's SSH means one has a bigger caring penis.

Atreyu

--- Renegade vY2Ka2
* Origin: Joey, do you like movies about gladiators? (21:1/176)

I hope Seth Able never sees this! There goes my free turns playing LO

Bah. Let him see it. Dude sometimes expresses his love by sending me negati money.

Also, I have a sneaking suspicion that he's really just pursuing Jenny Gart

HA

... I think I'll wait for the 80986.

--- Renegade v1.22/DOS
* Origin: PB Renegade (gapbbs.rdfig.net:2424) Mesquite, Tx (21:3/130)

This topic came up because someone asked, "Hey, how can I do x
security
thing", and got a response of, "That's dumb".

Ha, yeah, that was me. So awesome to be called an idiot for asking a
question.

Anyway, maybe it's time to put a stake in the heart of this thread.

TL;DR
Some people care about providing more modern security for BBSs, others
are ambivilant, and a few more are just downright nasty toward those who
care.

BBSing hasn't really changed much in 30 years


|15:: |13Alpha
|03TheDrunkenGamer.com|08:|078888
|08A Talisman BBS


--- Talisman v0.13-dev (Linux/x86_64)
* Origin: The Drunken Gamer BBS (21:4/158.1)

BBSing hasn't really changed much in 30 years

I think that'd require humanity changing.

Still, generally I'd say that FSXnet is pretty solid. Most of the time we're
on fairly good behavior.

Certainly this conversation is more of an outlier than the norm, and I'd hesitate to say that about anything on FIDOnet.

All the same, I'm sad that the conversation degraded as much as it did. My condolences.

--- Mystic BBS v1.12 A46 2020/08/26 (Linux/64)
* Origin: Storm BBS (21:2/108)

BY: Adept(21:2/108)


|11A|09> |10All the same, I'm sad that the conversation degraded as much as it did.|07
|11A|09> |10My|07
|11A|09> |10condolences.|07
Like we are acting like 15 year old kids.
:(


--- WWIV 5.7.0.3471
* Origin: inland utopia * socal usa * iutopia.duckdns.org:2023 (21:4/108)

On Sunday, March 21st Atreyu was heard saying...

Anyway when those people who perceive hypocrisy show me documented cases from cybersecurity professionals how BBS telnet snooping specifically is "a thing", I will gladly retract. Until then I stand by my posts and "don't care" to tow the line on BBS telnet snooping or how one's SSH means one has a bigger caring penis.

I worked professionally for a number of years on snoooping software. Telnet and many other protocols were absolutely slurped right up as previously described. SSH/TLS when MITM was available.

The BBS has nothing to do with it really, the contents are pulled out and cross referenced very easily.




--
|08 â–  |12NuSkooler |06// |12Xibalba |08- |07"|06The place of fear|07"
|08 â–  |03xibalba|08.|03l33t|08.|03codes |08(|0344510|08/|03telnet|08, |0344511|08/|03ssh|08)
|08 â–  |03ENiGMA 1/2 WHQ |08| |03Phenom |08| |0367 |08| |03iMPURE |08| |03ACiDic
--- ENiGMA 1/2 v0.0.12-beta (linux; x64; 14.15.4)
* Origin: Xibalba -+- xibalba.l33t.codes:44510 (21:1/121)

Am 21.03.21 schrieb Alpha@21:4/158.1 in FSX_BBS:

Hallo,

Some people care about providing more modern security for BBSs, others
are ambivilant, and a few more are just downright nasty toward those who care.

I might add two reasons why I don't offer SSH access to my Synchronet BBS:

1.
I would have to explore how a guest login/"new user login" etc. could be accomplished to make it look "normal".

2.
My target audience especially includes retrocomputing people who very
often use "Wifi modems" - and I don't know a single Wifi modem (ESP8266 or ESP32 based) that offers a SSH mode; they only offer Telnet connections.

I would really be interested in a SSH Wifi modem, but I don't know any.

So I chose to stick to Telnet access.

(Access to the Synchronet web server indeed is HTTPS only with an Apache reverse proxy inbetween and the fTelnet connection is also using HTTPS
only, so this is a secure alternative here)

Regards,
Anna

--- OpenXP 5.0.49
* Origin: Imzadi Box Point (21:3/127.1)

Am 20.03.21 schrieb Atreyu@21:1/176 in FSX_BBS:

Hallo Atreyu,

Lol. Make sure you're not sitting in a coffee shop logged in to your board via telnet, someone will see how much you sexually harass Violet and then shame you on social media. Dox you, ruin your life, all because you use telnet.

Why sould I do such a thing without using a VPN to my home network? :)

Regards,
Anna

--- OpenXP 5.0.49
* Origin: Imzadi Box Point (21:3/127.1)

Re: Re: Anonymous SSH login
By: acn to Alpha on Mon Mar 22 2021 11:04 am

1. ac> I would have to explore how a guest login/"new user login" etc. could be ac> accomplished to make it look "normal".not related directly to your post per se. but i set up stunnel today for "telnet/ssl" .. basically accepts the ssl connection on port 992 and forwards it to port 23 locally. i know of one client that supports this, which is ZOC (and it costs money..) but it works perfectly. it also doesn't do anything special with auth like SSH does, so it connects and displays text immediately like you'd expect of a bbs.that said, ZOC at least didn't mention anything about the certificate. i might dig around in there to see if there's any info. so for at least off the top of my head the only way to verify the certificate is via using the openssl command: openssl s_client -connect <host>:992if anyone wanted to verify certificates they would need to check the hostname and match the certificates from the server to a local certificate store..free certificates can be had from letsencrypt so that's not really a problem, or i'm assuming just something like "trust this certificate" on first login would suffice for most people..now only if syncterm et al. supported it :)

--- SBBSecho 3.14-Linux
* Origin: Vertrauen - [vert/cvs/bbs].synchro.net (21:1/183)

On 22 Mar 21 11:06:00, Acn said the following to Atreyu:

Lol. Make sure you're not sitting in a coffee shop logged in to your board via telnet, someone will see how much you sexually harass Violet and then shame you on social media. Dox you, ruin your life, all because you use telnet.

Why sould I do such a thing without using a VPN to my home network? :)

You WANT the super hacker community to know you're banging a slut...

Atreyu

--- Renegade vY2Ka2
* Origin: Joey, do you like movies about gladiators? (21:1/176)

On 22 Mar 21 11:04:00, Acn said the following to Alpha:

Some people care about providing more modern security for BBSs, others
are ambivilant, and a few more are just downright nasty toward those who care.

I might add two reasons why I don't offer SSH access to my Synchronet BBS:

For me theres just something about being able to telnet into a BBS. I can
use anything, even the Windows command prompt. Ftelnet web scripts work perfectly whilest they would be broken on SSH. Even if the board wants to change from port 23 to something else thats fine... telnet "just works".

Atreyu

--- Renegade vY2Ka2
* Origin: Joey, do you like movies about gladiators? (21:1/176)

You WANT the super hacker community to know you're banging a slut...

You lose 30 charm!

(Besides, it's already well established in game that all sex in LoRD is
public. Evidently there's a creepy old man who spies in all the key holes to figure out what everyone is doing that the drunks find so mystifying.)

--- Mystic BBS v1.12 A46 2020/08/26 (Linux/64)
* Origin: Storm BBS (21:2/108)

Re: Re: Anonymous SSH login
By: acn to Alpha on Mon Mar 22 2021 11:04 am

I might add two reasons why I don't offer SSH access to my Synchronet BBS:

1.
I would have to explore how a guest login/"new user login" etc. could be accomplished to make it look "normal".

I just logged in as guest via ssh. I used the name guest and the password bogus.

I also logged in as new the same way and created a new account using the same bogus password.

Perhaps it would be more normal if the ssh server didn't require a password when logging in as guest or new?

That would be a good feature request for the developers. You could make that comment to Digital Man so he could give it some thought.

2.
My target audience especially includes retrocomputing people who very often use "Wifi modems" - and I don't know a single Wifi modem (ESP8266 or ESP32 based) that offers a SSH mode; they only offer Telnet connections.

I could be wrong but I think that using ssh even over an insecure wifi connection is secure end to end. We'd have to check with network savy people to be sure of that.

Is it not possible to use ssh over that link? I sometimes use ssh over my own wifi link although my wifi is secure.

So I chose to stick to Telnet access.

Telnet is OK. It's an old and well established/well behaved protocol. Just keep in mind it is insecure, use a throw away password.

(Access to the Synchronet web server indeed is HTTPS only with an Apache reverse proxy inbetween and the fTelnet connection is also using HTTPS only, so this is a secure alternative here)

Yes, the web server is a good and secure option.

Ttyl :-),
Al

... As easy as 3.1415926535897932384626433832795028841
--- SBBSecho 3.14-Linux
* Origin: The Rusty MailBox - Penticton, BC Canada (21:4/106.1)

*** Quoting Al from a message to acn ***

I could be wrong but I think that using ssh even over an insecure
wifi connection is secure end to end. We'd have to check with network
savy people to be sure of that.

Yup, that's right. You can use SSH on public wifi and it's still secure,
just like you can use HTTPS on public wifi and still be safe. The encryption is designed to be secure even if the key exchange is observed by a third party.

There's of course some caviets to this (MITM, verifying host keys, etc) - but nothing to really be too concerned about for BBSing.

Jay

... Deny thy father and forget thy tagline.

--- Telegard v3.09.g2-sp4/mL
* Origin: Northern Realms | 289-424-5180 | bbs.nrbbs.net (21:3/110)

Re: Re: Anonymous SSH login
By: Atreyu to Adept on Sun Mar 21 2021 11:04 am

Anyway when those people who perceive hypocrisy show me documented cases from cybersecurity professionals how BBS telnet snooping specifically is "a
thing", I will gladly retract. Until then I stand by my posts and "don't care" to tow the line on BBS telnet snooping or how one's SSH means one has
a bigger caring penis.

Well said..Well said. Cheers to that!

... Some men are discovered; others are found out.

---
þ Synchronet þ Havens BBS havens.synchro.net
* Origin: fsxNet FTN<>QWK Gateway (21:4/10)

This topic came up because someone asked, "Hey, how can I do x
security
thing", and got a response of, "That's dumb".

Ha, yeah, that was me. So awesome to be called an idiot for asking a question.
Anyway, maybe it's time to put a stake in the heart of this thread.

Man, Alpha... I don't think so - I mean sure, I don't like the flame thread part of it but... you weren't silly to ask the question, I think it was silly to be attacked/goated over it - if someone disagrees then fine, but you don't have to bugger someone else who DOES care about security.

You hold yer head high, I'm interested in SSH a BIT... I just turned it on, AT A USERS REQUEST - and it isn't always ONLY about security [Altho for his employer it was probably exactly that.]

I had a use request SSH because he couldn't telnet out at work. I mean, just that alone, that users are ASKING for it - Just want you to know that it isn't a dumb idea, it is worth working on and you have support, if I can help in any way.

The back and forth and stupid fighting in the thread tho... sure, I'm with you on that. Just wanted you to know that it wasn't your fault, at all, that the thread turned that way. Completely valid and useful, working with SSH on BBSes. Those who don't think so - then don't think so. It didn't require words, whatsoever.



|07p|15AULIE|1142|07o
|08.........

--- Mystic BBS v1.12 A47 2021/02/12 (Raspberry Pi/32)
* Origin: 2o fOr beeRS bbs>>>20ForBeers.com:1337 (21:2/150)

Annnnnndddd... I knew a Sysop at the time who would advertise their
board and purposely take the line off-hook sometimes. He would then call other boards pretending to be users complaining about they couldn't get in. Brilliant marketing on his part.

I was guily of this.. I had 2 lines maxx, and node1 was sometimes MY out line at night.

Jeez...



|07p|15AULIE|1142|07o
|08.........

--- Mystic BBS v1.12 A47 2021/02/12 (Raspberry Pi/32)
* Origin: 2o fOr beeRS bbs>>>20ForBeers.com:1337 (21:2/150)

On Monday, March 22nd acn said...

2. My target audience especially includes retrocomputing people who very
often use "Wifi modems" - and I don't know a single Wifi modem (ESP8266 or ESP32 based) that offers a SSH mode; they only offer Telnet connections.

Already pointed out, but the clients would pretty much have to tunnel through a SSH connection. Perfectly doable, but probably not something you're _generally_ going to do when connecting via C64 or what not :)

With that said, a lot of the WiFi modems are essentially Arduinos and the like that are perfectly capable of doing the SSH locally. Gives me ideas :)


--
|08 â–  |12NuSkooler |06// |12Xibalba |08- |07"|06The place of fear|07"
|08 â–  |03xibalba|08.|03l33t|08.|03codes |08(|0344510|08/|03telnet|08, |0344511|08/|03ssh|08)
|08 â–  |03ENiGMA 1/2 WHQ |08| |03Phenom |08| |0367 |08| |03iMPURE |08| |03ACiDic
--- ENiGMA 1/2 v0.0.12-beta (linux; x64; 14.15.4)
* Origin: Xibalba -+- xibalba.l33t.codes:44510 (21:1/121)

On 22 Mar 21 22:51:07, Adept said the following to Atreyu:

(Besides, it's already well established in game that all sex in LoRD is public. Evidently there's a creepy old man who spies in all the key holes to figure out what everyone is doing that the drunks find so mystifying.)

There used to be this guy who called my board all the time to play Lord... regliously. He ended up flirting with some other player, they became quite chummy. Sending Lord messages back and forth, real-time chat because I had a multi-line system at the time. Things progressed to where the convo's moved from Lord to the BBS message system.

Then there was crickets chirping for about a week or so, neither called
the board anymore. Then the woman called and posted a message akin to "You didn't tell me you were effin' married".

Atreyu

--- Renegade vY2Ka2
* Origin: Joey, do you like movies about gladiators? (21:1/176)

Am 22.03.21 schrieb Al@21:4/106.1 in FSX_BBS:

Hallo Al,

I just logged in as guest via ssh. I used the name guest and the
password bogus. I also logged in as new the same way and created a new account using the same bogus password.

I assume you didn't do that on my BBS :)

Perhaps it would be more normal if the ssh server didn't require a password when logging in as guest or new?

That would be a good feature request for the developers. You could make
that comment to Digital Man so he could give it some thought.

That might be an idea, but all in all it does collide with the "classic"
way of logging into a BBS, which is: connect to it, get the login ANSI
screen or matrix login etc.pp. and then enter username + password.

So what SSH should do here is: only check the host keys, create a secure connection and then display the rest.
This implies that no user certificate check would be possible.
But at least it would "feel" the old way.
And I don't know if it is possible with existing SSH clients :)

I could be wrong but I think that using ssh even over an insecure wifi connection is secure end to end. We'd have to check with network savy
people to be sure of that.

Yes it is. If you have an eye on the host keys. Sudden changes here could imply an MITM.

Regards,
Anna

--- OpenXP 5.0.49
* Origin: Imzadi Box Point (21:3/127.1)

Am 22.03.21 schrieb NuSkooler@21:1/121 in FSX_BBS:

Hallo Nuskooler,

Already pointed out, but the clients would pretty much have to tunnel through a SSH connection. Perfectly doable, but probably not something you're _generally_ going to do when connecting via C64 or what not :)

Yep, exactly.
I know how to accomplish this and could do it, but it's not something to
give out to anyone who just wants to connect to a BBS using the old retro
PC, Amiga, Atari or Z80 machine using some Wifi232 "modem".

With that said, a lot of the WiFi modems are essentially Arduinos and the like that are perfectly capable of doing the SSH locally. Gives me ideas :)

I just have not come by any implementation of SSH in a wifi modem firmware
up till now.
Zimodem, as one of the most advanced firmwares, doesn't have it.
Also "vintage-computer-wifi-modem" by TheOldNet, a fork of esp8266_modem, does not have it:
https://github.com/ssshake/vintage-computer-wifi-modem

If you could add this functionality to any of these firmwares, that would
be great :)

Regards,
Anna

--- OpenXP 5.0.49
* Origin: Imzadi Box Point (21:3/127.1)

Re: Re: Anonymous SSH login
By: acn to Al on Tue Mar 23 2021 10:13 am

So what SSH should do here is: only check the host keys, create a secure ac> connection and then display the rest.this should be possible. the library that everyone in the bbs scene seems to use for ssh just either doesn't seem to support it or nobody decided to use it that way. i did read up a bit on it and it did make it sound like it was designed for simplicity of implementation..kind of unfortunate really that support is all over the place. maybe i should be writing sample code and distributing it far and wide instead of hootin' and hollerin ;) (for whoever might be watching: libbsh. though not libssh2! should do this just fine. heck you can ignore what the client says and just say "you're logged" in without ever checking anything)

--- SBBSecho 3.14-Linux
* Origin: Vertrauen - [vert/cvs/bbs].synchro.net (21:1/183)

Then there was crickets chirping for about a week or so, neither called the board anymore. Then the woman called and posted a message akin to
"You didn't tell me you were effin' married".

Ouch.

...but also pretty entertaining, so many years on.

--- Mystic BBS v1.12 A46 2020/08/26 (Linux/64)
* Origin: Storm BBS (21:2/108)

Then there was crickets chirping for about a week or so, neither called the board anymore. Then the woman called and posted a message akin to
"You didn't tell me you were effin' married".
Atreyu

It all began on BBSes. :P Lol.



|07p|15AULIE|1142|07o
|08.........

--- Mystic BBS v1.12 A47 2021/02/12 (Raspberry Pi/32)
* Origin: 2o fOr beeRS bbs>>>20ForBeers.com:1337 (21:2/150)

So what SSH should do here is: only check the host keys, create a secure
connection and then display the rest.
This implies that no user certificate check would be possible.
But at least it would "feel" the old way.
And I don't know if it is possible with existing SSH clients :)

I agree with you here, fully. I wish BBSes didn't use the SSH login/pw, or even if it were some standard... BBS/BBS - or however people worked it out; point is, I like typing my user name and password, like I always have had to do, on BBSes. Call me old fashioned, or... I like to do that. Something different about just pressing a button and being 'logged in'.

:P

I do remember, however, using Terminate when it came out and having some crazy scripts that like... typed my UN/PW, and then pressed the spacebar specific to each BBS to just get me to the front page. :P At one point, I'd even capture some of the screens on certain boards (like the door game scores and other login info...) and just have them saved for my later viewing.

I thought I was so high tech. :P

lulz.



|07p|15AULIE|1142|07o
|08.........

--- Mystic BBS v1.12 A47 2021/02/12 (Raspberry Pi/32)
* Origin: 2o fOr beeRS bbs>>>20ForBeers.com:1337 (21:2/150)

On 23 Mar 21 15:56:56, Paulie420 said the following to Atreyu:

Then there was crickets chirping for about a week or so, neither called the board anymore. Then the woman called and posted a message akin to "You didn't tell me you were effin' married".
Atreyu

It all began on BBSes. :P Lol.

When there was nothing to watch on TV, I'd watch the BBS console. *Plenty* of entertainment. Especially at midnight when the door games roll-over the turns, the lines used to get slammed with calls.

Atreyu

--- Renegade vY2Ka2
* Origin: Joey, do you like movies about gladiators? (21:1/176)

When there was nothing to watch on TV, I'd watch the BBS console.
*Plenty* of entertainment. Especially at midnight when the door games roll-over the turns, the lines used to get slammed with calls.
Atreyu

You know, being 16 years old or so and running a halfway decent 2-line BBS in Toledo, OH... it was totally a 'bube toob' for me to watch back then! I haven't used the nodespy software since coming back to BBSes in recent years, but I'd be a fibber if I said I never did that in my lifetime!

Lol, I remember having parties at the house... or at least friends being over, looking at that screen just going 'what the heck it this Paulie'??? :P Back then non-BBSers just couldn't understand that people were 'in' my computer.

Good times... :P
I do wish that the boards were more popular now-a-days, as I'm sure that there is still some entertainment value in all those button presses!
Good post.



|07p|15AULIE|1142|07o
|08.........

--- Mystic BBS v1.12 A47 2021/02/12 (Raspberry Pi/32)
* Origin: 2o fOr beeRS bbs>>>20ForBeers.com:1337 (21:2/150)

On 24 Mar 21 16:46:27, Paulie420 said the following to Atreyu:

You know, being 16 years old or so and running a halfway decent 2-line BBS i Toledo, OH... it was totally a 'bube toob' for me to watch back then! I haven't used the nodespy software since coming back to BBSes in recent years but I'd be a fibber if I said I never did that in my lifetime!

I never used Nodespy, I'll review the logs every day or so but thats it. Needless to say its just "not the same" as it used to be back in the 90's.

Only thing interesting here lately is some guy that calls mine and really
plays the heck out of LORD 2. That one where its the overhead-map Zelda
clone. He calls and plays that for at least 2 to 3 hours.

Its almost like at the time, you could judge a good board in the area based on how busy the lines were at midnight.

Annnnnndddd... I knew a Sysop at the time who would advertise their board and purposely take the line off-hook sometimes. He would then call other boards pretending to be users complaining about they couldn't get in. Brilliant marketing on his part.

Atreyu

--- Renegade vY2Ka2
* Origin: Joey, do you like movies about gladiators? (21:1/176)

Re: Re: Anonymous SSH login
By: Atreyu to Paulie420 on Wed Mar 24 2021 09:30 pm

Only thing interesting here lately is some guy that calls mine and really At> plays the heck out of LORD 2. That one where its the overhead-map Zelda At> clone. He calls and plays that for at least 2 to 3 hours.in some ways we're pretty spoiled. if LORD 2 was the ONLY game on a system available to you, it'd be the BEST game. not to take away from the game itself, it is really quite cool.

--- SBBSecho 3.14-Linux
* Origin: Vertrauen - [vert/cvs/bbs].synchro.net (21:1/183)

Re: Re: Anonymous SSH login
By: Fusion to Atreyu on Wed Mar 24 2021 10:11 pm

Howdy,

I thought I'd let you know that your messages are unreadable for some reason. I see you are using the new fork of SBBS - so not sure if that is related - but I cannot determine the difference between what you quoted and what you replied to. I've seen it a few times so I thought I'd mention it.

Here is an example from this message:

Only thing interesting here lately is some guy that calls mine and really

plays the heck out of LORD 2. That one where its the overhead-map

Zelda At> clone. He calls and plays that for at least 2 to 3 hours.in some ways we're pretty spoiled. if LORD 2 was the ONLY game on a system available to you, it'd be the BEST game. not to take away from the game itself, it is really quite cool.

...ëîåï

... The world looks as if it has been left in the custody of trolls.
--- SBBSecho 3.13-Linux
* Origin: I'm playing with ANSI+videotex - wanna play too? (21:2/116)

Re: Re: Anonymous SSH login
By: deon to Fusion on Thu Mar 25 2021 07:52 pm

I thought I'd let you know that your messages are unreadable for some de> reason. I see you are using the new fork of SBBS - so not sure if that is de> related - but I cannot determine the difference between what you quoted de> and what you replied to. I've seen it a few times so I thought I'd mention de> it. eek. probably this one too. i don't run the board i'm currently posting on fsxnet from (it's the main synchronet board) so i've reached out to Digital Man. thanks for letting me know!

--- SBBSecho 3.14-Linux
* Origin: Vertrauen - [vert/cvs/bbs].synchro.net (21:1/183)

Re: Re: Anonymous SSH login
By: deon to Fusion on Thu Mar 25 2021 07:52 pm

Re: Re: Anonymous SSH login
By: Fusion to Atreyu on Wed Mar 24 2021 10:11 pm

Howdy,

I thought I'd let you know that your messages are unreadable for some reason. I see you are using the new fork of SBBS - so not sure if that is related - but I cannot determine the difference between what you quoted and what you replied to. I've seen it a few times so I thought I'd mention it.

Here is an example from this message:

Only thing interesting here lately is some guy that calls mine and really

plays the heck out of LORD 2. That one where its the overhead-map

Zelda At> clone. He calls and plays that for at least 2 to 3 hours.in some ways we're pretty spoiled. if LORD 2 was the ONLY game on a system available to you, it'd be the BEST game. not to take away from the game itself, it is really quite cool.

His messages look fine here. Maybe they're being reformatted in-route to your system.
--
digital man

Sling Blade quote #21:
Karl: Coffee makes me nervous when I drink it. Mmm.
Norco, CA WX: 58.1øF, 54.0% humidity, 4 mph NW wind, 0.00 inches rain/24hrs
--- SBBSecho 3.14-Linux
* Origin: Vertrauen - [vert/cvs/bbs].synchro.net (21:1/183)

Re: Re: Anonymous SSH login
By: Fusion to deon on Thu Mar 25 2021 05:46 am

Re: Re: Anonymous SSH login
By: deon to Fusion on Thu Mar 25 2021 07:52 pm

I thought I'd let you know that your messages are unreadable for some reason. I see you are using the new fork of SBBS - so not sure if that is related - but I cannot determine the difference between what you quoted and what you replied to. I've seen it a few times so I thought I'd mention it.

eek. probably this one too. i don't run the board i'm currently posting on fsxnet from (it's the main synchronet board) so i've reached out to Digital Man. thanks for letting me know!

Looks fine to me.
--
digital man

Synchronet/BBS Terminology Definition #80:
Telix = Commercial MS-DOS and Windows communications/terminal program
Norco, CA WX: 58.1øF, 54.0% humidity, 4 mph NW wind, 0.00 inches rain/24hrs
--- SBBSecho 3.14-Linux
* Origin: Vertrauen - [vert/cvs/bbs].synchro.net (21:1/183)

Re: Re: Anonymous SSH login
By: Digital Man to deon on Thu Mar 25 2021 11:41 am

His messages look fine here. Maybe they're being reformatted in-route to your system.

Odd indeed.

I'm pretty sure I've noticed it in a couple of nets. I'll pay more attention and see if there is something else in common, other than VERT (if that's where they originate) and me.

...ëîåï

... All work and no play make Jack a dull boy and Jill a wealthy widow.
--- SBBSecho 3.13-Linux
* Origin: I'm playing with ANSI+videotex - wanna play too? (21:2/116)

Odd indeed.

I'm pretty sure I've noticed it in a couple of nets. I'll pay more
attention and see if there is something else in common, other than
VERT (if that's where they originate) and me.

For what it's worth, they are all joined together for me too. It's as if
there are no line breaks at all.

Andrew

--
|03Andrew Pamment |08(|11apam|08)
|13Happy|10Land |14v2.0|08!


--- Talisman v0.14-dev (Linux/x86_64)
* Origin: HappyLand v2.0 - telnet://happylandbbs.com:11892/ (21:1/182)

Re: Re: Anonymous SSH login
By: deon to Digital Man on Fri Mar 26 2021 12:04 pm

Re: Re: Anonymous SSH login
By: Digital Man to deon on Thu Mar 25 2021 11:41 am

His messages look fine here. Maybe they're being reformatted in-route to your system.

Odd indeed.

I'm pretty sure I've noticed it in a couple of nets. I'll pay more attention and see if there is something else in common, other than VERT (if that's where they originate) and me.

I think it was my configuration of SlyEdit (the editor he's using) here on Vertrauen. Should be fixed now.
--
digital man

This Is Spinal Tap quote #18:
Sustain, listen to it. Don't hear anything. You would though were it playing. Norco, CA WX: 47.7øF, 81.0% humidity, 0 mph ENE wind, 0.00 inches rain/24hrs --- SBBSecho 3.14-Linux
* Origin: Vertrauen - [vert/cvs/bbs].synchro.net (21:1/183)

Annnnnndddd... I knew a Sysop at the time who would advertise their
board and purposely take the line off-hook sometimes. He would then call other boards pretending to be users complaining about they couldn't get in. Brilliant marketing on his part.

He only forgot to edit his last callers listing ....

Gtx!

--- Mystic BBS v1.12 A46 2020/08/26 (Linux/64)
* Origin: -.sOUNDGARDEn.- (21:1/116)

Am 25.03.21 schrieb Digital Man@21:1/183 in FSX_BBS:

Hallo Digital Man,

eek. probably this one too. i don't run the board i'm currently posting on >> fsxnet from (it's the main synchronet board) so i've reached out to Digital >> Man. thanks for letting me know!

Looks fine to me.

Here, the messages from him also do look garbled.
It looks like the linebreaks are stripped out or are converted wrongly
en route to my point (I'm using OpenXP which has my SBBS as uplink).

Regards,
Anna

--- OpenXP 5.0.49
* Origin: Imzadi Box Point (21:3/127.1)

Re: Re: Anonymous SSH login
By: acn to Digital Man on Fri Mar 26 2021 11:11 am

Am 25.03.21 schrieb Digital Man@21:1/183 in FSX_BBS:

Here, the messages from him also do look garbled.
It looks like the linebreaks are stripped out or are converted wrongly
en route to my point (I'm using OpenXP which has my SBBS as uplink).

hello! from what i hear everything is good in the world now :)

thanks for letting me know everyone.

Alex
--- SBBSecho 3.14-Linux
* Origin: Vertrauen - [vert/cvs/bbs].synchro.net (21:1/183)

Since this silly convo is about holding obsolete BBS stuff to the same cybersecurity practices of today, "no", BBS software was never made to
be secure.

Perhaps it wasn't secure, but it wasn't for lack of trying. Why have a
password at all if not at least trying to keep private things private?

It seems to me this is more about resistance of change, those who "don't
care" about security look like they're using old BBS software from the 90s, where as those who are looking to be more secure are using more modern software.

If you don't care about security that's fine, don't care.. but don't make out like there is some logic to deliberatly be insecure.

I don't really see the difference between running remote access, telegard or renegade over telnet vs say piping it over ssh or something (except maybe
that it would take a bit of effort to get it setup).

Really, people might not care about reading your private bbs messages, but
they might like to sniff your sysop password, especially if you're running a bbs system that allows you to drop to shell.

Andrew

--- Mystic BBS v1.12 A46 2020/08/26 (Windows/32)
* Origin: Agency BBS | Dunedin, New Zealand | agency.bbs.nz (21:1/101)

On Friday, March 19th Al was heard saying...

No it wasn't. Back then it was a direct call from point A to point B. There was no need for encryption.

POTS had always been routed through various points. Look into the various "boxes" from back in the day. One could easily tap lines as a layman.


--
|08 â–  |12NuSkooler |06// |12Xibalba |08- |07"|06The place of fear|07"
|08 â–  |03xibalba|08.|03l33t|08.|03codes |08(|0344510|08/|03telnet|08, |0344511|08/|03ssh|08)
|08 â–  |03ENiGMA 1/2 WHQ |08| |03Phenom |08| |0367 |08| |03iMPURE |08| |03ACiDic
--- ENiGMA 1/2 v0.0.12-beta (linux; x64; 14.15.4)
* Origin: Xibalba -+- xibalba.l33t.codes:44510 (21:1/121)

On Friday, March 19th Atreyu was heard saying...

There is a difference between one caring about traffic snooped on for personal/commercial/enterprise things and traffic that resides on a silly BBS that has not been designed with any security beyond text-passwords or has any innovation beyond being executable by an equally silly telnet server.

You literally included "personal" in your example list, which is what BBSing is.

The way it works is this:
- All available points of information are fed into a system.
- This system links the points of data as much as possible.
- This allows for example your FB post or your work traffic, so on to still be "you". This includes telnet traffic.

Of course your telnet traffic on a board often makes this quite easy as it often includes your name. People recycle their passwords, your associates, etc. are all into this network of nodes of information on you.



--
|08 â–  |12NuSkooler |06// |12Xibalba |08- |07"|06The place of fear|07"
|08 â–  |03xibalba|08.|03l33t|08.|03codes |08(|0344510|08/|03telnet|08, |0344511|08/|03ssh|08)
|08 â–  |03ENiGMA 1/2 WHQ |08| |03Phenom |08| |0367 |08| |03iMPURE |08| |03ACiDic
--- ENiGMA 1/2 v0.0.12-beta (linux; x64; 14.15.4)
* Origin: Xibalba -+- xibalba.l33t.codes:44510 (21:1/121)

Fusion around Friday, March 19th...

your idea that the bbs is stuck in a fixed point in time that you're fond of simply isn't based on facts.

This.

ENiGMA 1/2 came out the gate with SSH, PBKDF2, etc. A number of other modern systems have as well.

Some older systems that are no longer maintained still can do things like run behind a SSH or WSS proxy.



--
|08 â–  |12NuSkooler |06// |12Xibalba |08- |07"|06The place of fear|07"
|08 â–  |03xibalba|08.|03l33t|08.|03codes |08(|0344510|08/|03telnet|08, |0344511|08/|03ssh|08)
|08 â–  |03ENiGMA 1/2 WHQ |08| |03Phenom |08| |0367 |08| |03iMPURE |08| |03ACiDic
--- ENiGMA 1/2 v0.0.12-beta (linux; x64; 14.15.4)
* Origin: Xibalba -+- xibalba.l33t.codes:44510 (21:1/121)

On Saturday, March 20th Atreyu was heard saying...

As someone running a 24/7 board since 1993 on the same software, sporadically patched over decades... the idea that some hacker is going to snoop and somehow gain access to my personal crap via my board is totally laughable.

Your argument is you haven't been hacked yet? This dodges the point of data being collected, but you're also probably not a target. If you become one for one reason or another, you're open to the world and absolutely will get hacked. It's childs play.


--
|08 â–  |12NuSkooler |06// |12Xibalba |08- |07"|06The place of fear|07"
|08 â–  |03xibalba|08.|03l33t|08.|03codes |08(|0344510|08/|03telnet|08, |0344511|08/|03ssh|08)
|08 â–  |03ENiGMA 1/2 WHQ |08| |03Phenom |08| |0367 |08| |03iMPURE |08| |03ACiDic
--- ENiGMA 1/2 v0.0.12-beta (linux; x64; 14.15.4)
* Origin: Xibalba -+- xibalba.l33t.codes:44510 (21:1/121)

On 20 Mar 21 17:07:04, Nuskooler said the following to Atreyu:

You literally included "personal" in your example list, which is what BBSing is.

Personal, as in, someone who hacks my board is not going to gain anything personal of mine for their own gain.

- All available points of information are fed into a system.
- This system links the points of data as much as possible.
- This allows for example your FB post or your work traffic, so on to still "you". This includes telnet traffic.

I'm not on any social media other than Linkedin for work. I'm not afraid of anyone looking at any of my messages or regret anything I write on a BBS that is publically available or searchable. As far as the world is concerned, I'm the author of a Fido mailer and I live and work in downtown Toronto.

Atreyu

--- Renegade vY2Ka2
* Origin: Joey, do you like movies about gladiators? (21:1/176)

On 20 Mar 21 17:12:36, Nuskooler said the following to Atreyu:

Your argument is you haven't been hacked yet? This dodges the point of data being collected, but you're also probably not a target. If you become one fo one reason or another, you're open to the world and absolutely will get hacked. It's childs play.

There is no "argument" because I'm not "arguing" anything. I'm actually
finding all of this hilarious that in 2021 suddenly apparently its a problem to be running a telnet system with 90's-era software that one can supposedly "snoop on". The idea that some blackhat is going to snoop someone's telnet session while they trade barbs on some silly net or cheat at Tradewars is beyond absurd. I'll take a pass on whatever is being smoked here.

Atreyu

--- Renegade vY2Ka2
* Origin: Joey, do you like movies about gladiators? (21:1/176)

Re: Re: Anonymous SSH login
By: Atreyu to Apam on Sat Mar 20 2021 08:14 am

All Sysop commands and shell have been gutted here completely and I do not At> remote into my own board from outside my LAN.he says:> security isn't important> why bother it's just a bbsand then takes steps to prevent things we're suggesting could happen

--- SBBSecho 3.14-Linux
* Origin: Vertrauen - [vert/cvs/bbs].synchro.net (21:1/183)

There is no "argument" because I'm not "arguing" anything. I'm actually finding all of this hilarious that in 2021 suddenly apparently its a proble to be running a telnet system with 90's-era software that one can supposedl "snoop on". The idea that some blackhat is going to snoop someone's telnet session while they trade barbs on some silly net or cheat at Tradewars is beyond absurd. I'll take a pass on whatever is being smoked here.

Damn it Nick .... they came knocking at the door today about a message I posted in 1994. Said I spelled Miscellaneous wrong. I told them since 1994 I made sure I knew the correct spelling of the word. Then we all sat down, laughed and giggled a bit about the old days. Then just like that, I woke up in a field 3 miles from my house .... with the letters SSH wrote on a piece of paper .... do you think this all ties together?!

... Ways to skin a cat: #27 --- Use a belt sander.

--- Renegade v1.22/DOS
* Origin: PB Renegade (gapbbs.rdfig.net:2424) Mesquite, Tx (21:3/130)

All Sysop commands and shell have been gutted here completely and

I do not

remote into my own board from outside my LAN.

he says
security isn't important why bother it's just a bbs and then takes
steps to prevent things we're suggesting could happen

I noticed that. I don't think we're going to change anyones minds though.

Andrew

--
|03Andrew Pamment |08(|11apam|08)
|13Happy|10Land |14v2.0|08!


--- Talisman v0.13-dev (Linux/x86_64)
* Origin: HappyLand v2.0 - telnet://happylandbbs.com:11892/ (21:1/182)

On 20 Mar 21 18:35:35, Fusion said the following to Atreyu:

All Sysop commands and shell have been gutted here completely and I do

not At> remote into my own board from outside my LAN.he says:> security isn' important> why bother it's just a bbsand then takes steps to prevent things we're suggesting could happen

Huh? I did this years ago when I obtained the source code.

You are more likely to have people try Sysop-exploits than you are to be hacked via telnet snooping, which what this whole nonsense was about.

Atreyu

--- Renegade vY2Ka2
* Origin: Joey, do you like movies about gladiators? (21:1/176)

On 20 Mar 21 20:31:57, Exodus said the following to Atreyu:

Damn it Nick .... they came knocking at the door today about a message I posted in 1994. Said I spelled Miscellaneous wrong. I told them since 199 I made sure I knew the correct spelling of the word. Then we all sat down, laughed and giggled a bit about the old days. Then just like that, I woke u in a field 3 miles from my house .... with the letters SSH wrote on a piece paper .... do you think this all ties together?!

Lol. Make sure you're not sitting in a coffee shop logged in to your board via telnet, someone will see how much you sexually harass Violet and then shame you on social media. Dox you, ruin your life, all because you use telnet.

Atreyu


--- Renegade vY2Ka2
* Origin: Joey, do you like movies about gladiators? (21:1/176)

On 21 Mar 21 12:06:09, Apam said the following to Fusion:

he says
security isn't important why bother it's just a bbs and then takes
steps to prevent things we're suggesting could happen

I noticed that. I don't think we're going to change anyones minds though.

Noticed what?

Atreyu

--- Renegade vY2Ka2
* Origin: Joey, do you like movies about gladiators? (21:1/176)

I noticed that. I don't think we're going to change anyones minds

though.

Noticed what?

That you do seem to care about your own security, just not that of anyone
else who may connect to your board.

But whatever, you do you.

Andrew

--
|03Andrew Pamment |08(|11apam|08)
|13Happy|10Land |14v2.0|08!


--- Talisman v0.13-dev (Linux/x86_64)
* Origin: HappyLand v2.0 - telnet://happylandbbs.com:11892/ (21:1/182)

Damn it Nick .... they came knocking at the door today about a message I posted in 1994. Said I spelled Miscellaneous wrong. I told them since 19 I made sure I knew the correct spelling of the word. Then we all sat down, laughed and giggled a bit about the old days. Then just like that, I woke in a field 3 miles from my house .... with the letters SSH wrote on a piece paper .... do you think this all ties together?!

Lol. Make sure you're not sitting in a coffee shop logged in to your board telnet, someone will see how much you sexually harass Violet and then shame you on social media. Dox you, ruin your life, all because you use telnet.

I hope Seth Able never sees this! There goes my free turns playing LORD.

... Ask me anything: if I don't know, I'll make up something.

--- Renegade v1.22/DOS
* Origin: PB Renegade (gapbbs.rdfig.net:2424) Mesquite, Tx (21:3/130)

On 21 Mar 21 12:44:20, Apam said the following to Atreyu:

That you do seem to care about your own security, just not that of anyone else who may connect to your board.

Uhh that could be said for the vast majority of boards out there that accept telnet connections. Will you lecture them all how insecure their systems are or will you just single out mine because I refuse the paranoid party line?

Atreyu

--- Renegade vY2Ka2
* Origin: Joey, do you like movies about gladiators? (21:1/176)

On 20 Mar 21 21:51:34, Exodus said the following to Atreyu:

I hope Seth Able never sees this! There goes my free turns playing LORD.

Didn't he move to Japan or something? Married some cute chick and enjoys life writing games... good on him.

Atreyu

--- Renegade vY2Ka2
* Origin: Joey, do you like movies about gladiators? (21:1/176)

Uhh that could be said for the vast majority of boards out there that
accept
telnet connections. Will you lecture them all how insecure their
systems are
or will you just single out mine because I refuse the paranoid party

Sure, if they don't offer an SSH option.

I offer telnet for those who don't care, I also offer SSH for those who
do.

Andrew

--
|03Andrew Pamment |08(|11apam|08)
|13Happy|10Land |14v2.0|08!


--- Talisman v0.13-dev (Linux/x86_64)
* Origin: HappyLand v2.0 - telnet://happylandbbs.com:11892/ (21:1/182)