(date: 2024-06-16 13:04:23)
date: 2024-06-16, from: Alex Schroeder’s Blog
@lkh, @kyonshi and I have been trying to connect our servers using old tech for quite a while.
The latest effort has been in connecting them using Unix to Unix
copy (UUCP). The benefit is that once you have that, you can also
have remote command execution over UUCP using uux
and it is as terrifying as it sounds.
Let’s see whether I can reconstruct my setup.
I use Debian.
lkh has a “travelling laptop” that is mostly offline, but sometimes it’s online. That’s when he wants to exchange stuff with us. The laptop is called Dwalin.
My server is Campaign Wiki.
The documentation for peering between news servers via UUCP is available
via man 8 send-uucp.
This allows Dwalin to connect via ssh.
lkh sent me this.
# dwalins public key, ssh executes the remote
# uucico and hands over my login:
restrict,command="/usr/sbin/uucico -u Udwalin -l" ssh-rsa another-long-string-of-stuff uucp@dwalin
This is where Dwalin’s password is stored. This is important because there’s no actual Dwalin user on my system.
lkh sent me this.
# dwalins login on campaignwiki
Udwalin some-long-string-of-stuff
I kept the defaults and added Dwalin.
# dwalins system entry, no Port or
# credentials are given, since dwalin
# is expected to always call in.
system dwalin
called-login Udwalin
local-send /
local-receive /var/spool/uucppublic
remote-send /
remote-receive /var/spool/uucppublic
time any
forward ANY
protocol i
This is where I set my own node name.
lkh sent me some spool related entries. I’m not sure whether I needed them.
nodename campaignwiki
spool /var/spool/uucp
pubdir /var/spool/uucppublic
lockdir /var/spool/uucp/Lock
logfile /var/spool/uucp/Log # The UUCP log file
statfile /var/spool/uucp/Stats # The UUCP statistics file
debugfile /var/spool/uucp/Debug # The UUCP debugging file
In our case, lkh’s Dwalin is connected to kyonshi’s Erebor system and here’s me sending a file to Erebor via Dwalin (since I’m not connected to Erebor directly):
uucp some-local-file 'dwalin!ereborbbs.duckdns.org!~/'
Yes, we want to exchange news. That means we need to install INN.
Look at the requisites:
perldoc /usr/lib/news/bin/send-uucp.pl
This define the sites to send news to, how to compress them and how big the batches should be.
Add the following:
dwalin gzip 1048576
Determine the newsgroups to send to Dwalin:
# newsfeed entry for dwalin
dwalin\
:casa.*,campaignwiki.*,erebor.*\
:Tf,Wnb,B4096/1024:
Add the new newsgroups. We don’t do control messages.
Use the ctlinnd to control the INN daemon.
ctlinnd newgroup erebor.talk y
ctlinnd newgroup erebor.test y
Give the new newsgroups a tag line.
Add the following:
erebor.talk General talk for EreborBBS
erebor.test Testing connectivity with EreborBBS
Make sure the users connecting via NNTP can read the new groups, too. This is not necessary if you read news via the local spool, I think.
Add erebor.* to the “readonly” section.
auth "foreignokay" {
auth: "ckpasswd -f /var/lib/news/newsusers"
default: "<unauthenticated>"
}
access "authenticatedpeople" {
users: "*"
newsgroups: "*,!junk,!control,!control.*"
}
access "readonly" {
users: "<unauthenticated>"
read: "local.*,campaignwiki.*,casa.*,cosmic.*,erebor.*,rec.*,de.*,alt.*"
}
Check uulog. Here’s where a news article is put into the
queue and a few minutes later, Dwalin calls and the enqueued article is
sent:
uux dwalin news (2024-06-15 10:22:01.34 3832004) Queuing rnews (D.000R)
uucico - - (2024-06-15 11:05:07.00 3842142) Incoming call (login Udwalin port stdin)
uucico dwalin - (2024-06-15 11:05:07.05 3842142) Handshake successful (protocol 'i' sending packet/window 1024/16 receiving 1024/16)
uucico dwalin news (2024-06-15 11:05:07.05 3842142) Sending rnews (D.000R) (1548 bytes)
uucico dwalin - (2024-06-15 11:05:07.10 3842142) Protocol 'i' packets: sent 8, resent 0, received 6
uucico dwalin - (2024-06-15 11:05:07.10 3842142) Call complete (0 seconds 1548 bytes 0 bps)
Oh yes, we do.
Debian comes with Exim. Exim uses Perl’s “taint” mechanism wherein
user-supplied values cannot be used for commands. They must be untainted
by a lookup. For example, a user supplied sender name like “alex” is
tainted, but if you look it up in /etc/passwd it becomes
untainted. Perl keeps track of this for you, if you want to. Once you
run into the error, however, you need to figure out where you could be
looking up the values you have. Is the local part a user on the system,
is the domain a local domain? I spent way too much time on this.
This is the file generated by update-exim4.conf.
The result of me answering the questions:
dc_eximconfig_configtype='internet'
dc_other_hostnames='alexschroeder.ch;campaignwiki.org;communitywiki.org;transjovian.org'
dc_local_interfaces='127.0.0.1 ; ::1'
dc_readhost=''
dc_relay_domains=''
dc_minimaldns='false'
dc_relay_nets=''
dc_smarthost=''
CFILEMODE='644'
dc_use_split_config='true'
dc_hide_mailname=''
dc_mailname_in_oh='true'
dc_localdelivery='mail_spool'
Note that the MX records for my domains point to Migadu because that’s where SMTP mail should go.
UUCP is what lkh, kyonshi and I use.
A new router for UUCP mail that has to come before
200_exim4-config_primary. If it comes after the primary,
then it won’t work because the primary router ends with
no_more and as the comment at the end of the file says:
The
no_moreabove means that all later routers are for domains in the local_domains list
This router only accepts mail destined for domains listed in the new
file /etc/exim4/uucp.
### uucp
### based on /usr/share/doc/exim4-base/README.Debian.gz
uucp_router:
debug_print = "R: uucp_router for $local_part@$domain"
driver=accept
require_files = +/usr/bin/uux
domains = wildlsearch;/etc/exim4/uucp
transport = rsmtp
This is a file that translates the domain names I use for recipients to UUCP names.
It only works for Dwalin:
dwalin dwalin
This means that a mail for lkh@dwalin gets recognised as
such (because of the first column) and it will be sent to the UUCP
system dwalin (because of the second column).
The UUCP system dwalin is correct because
/etc/uucp/sys has a section for system dwalin
(see above).
The route above says that the transport to use is rsmtp.
Define this using a new transport config file:
### uucp
### based on /usr/share/doc/exim4-base/README.Debian.gz
rsmtp:
debug_print = "T: rsmtp for $pipe_addresses"
driver=pipe
command = /usr/bin/uux - -r -a${lookup{$sender_address_local_part}lsearch,ret=key{/etc/passwd}} -gC $domain_data!rsmtp
use_bsmtp
return_fail_output
user=uucp
batch_max = 100
This was the biggest problem for me. The examples I saw for the
-a argument to uux used
$sender_address, resulting in an error about the third
argument to uux being tainted. You can see these error
messages in the exim main log (followed by a log entry showing that exim
sends me a en error message):
2024-06-15 00:37:11 1sIFXj-00CzBd-26 <= alex@alexschroeder.ch U=alex P=local S=461
2024-06-15 00:37:11 1sIFXj-00CzBd-26 ** lkh@dwalin R=uucp_router T=rsmtp: Tainted arg 3 for rsmtp transport command: '-aalex@alexschroeder.ch'
2024-06-15 00:37:11 1sIFXj-00CzBh-2Q <= <> R=1sIFXj-00CzBd-26 U=Debian-exim P=local S=1695
2024-06-15 00:37:11 1sIFXj-00CzBd-26 Completed
2024-06-15 00:37:11 1sIFXj-00CzBh-2Q => alex <alex@alexschroeder.ch> R=local_user T=mail_spool
2024-06-15 00:37:11 1sIFXj-00CzBh-2Q Completed
I guess the examples I had seen would only work for older Exim versions that didn’t do taint checking.
The code I’m using means that I’m looking up the sender local part
(“alex” or “root”) in /etc/passwd and if a match is found,
the untainted key is returned (instead of the value from the password
list).
You can test these expressions on the command-line:
exim -d+all -be '${lookup{$sender_address_local_part}lsearch,ret=key{/etc/passwd}}'
As an ordinary user, use mail on the command line to send
mail to lkh@dwalin.
Poor lkh. So many test mails.
As root, check the exim log:
root@sibirocobombus:~# tail /var/log/exim4/mainlog
Here’s a mail being enqueued successfully:
2024-06-15 14:08:42 1sISD4-00GIbQ-1a <= alex@alexschroeder.ch U=alex P=local S=513
2024-06-15 14:08:42 1sISD4-00GIbQ-1a => lkh <lkh@dwalin> R=uucp_router T=rsmtp
2024-06-15 14:08:42 1sISD4-00GIbQ-1a Completed
Note the uucp_router and the rsmtp transport
being used.
Check uulog. Here’s where four mails are put into the queue
and a few minutes later, Dwalin calls the enqueued messages are sent:
uux dwalin uucp (2024-06-15 09:50:47.05 3824697) Queuing rsmtp (D.000N)
uux dwalin uucp (2024-06-15 09:53:57.11 3824786) Queuing rsmtp (D.000O)
uux dwalin uucp (2024-06-15 09:53:57.14 3824790) Queuing rsmtp (D.000P)
uux dwalin uucp (2024-06-15 09:53:57.16 3824794) Queuing rsmtp (D.000Q)
uucico - - (2024-06-15 10:05:09.11 3828242) Incoming call (login Udwalin port stdin)
uucico dwalin - (2024-06-15 10:05:09.16 3828242) Handshake successful (protocol 'i' sending packet/window 1024/16 receiving 1024/16)
uucico dwalin uucp (2024-06-15 10:05:09.16 3828242) Sending rsmtp (D.000N) (552 bytes)
uucico dwalin uucp (2024-06-15 10:05:09.16 3828242) Sending rsmtp (D.000O) (538 bytes)
uucico dwalin uucp (2024-06-15 10:05:09.16 3828242) Sending rsmtp (D.000P) (530 bytes)
uucico dwalin uucp (2024-06-15 10:05:09.16 3828242) Sending rsmtp (D.000Q) (545 bytes)
uucico dwalin - (2024-06-15 10:05:09.21 3828242) Protocol 'i' packets: sent 14, resent 0, received 10
uucico dwalin - (2024-06-15 10:05:09.23 3828242) Call complete (0 seconds 2165 bytes 0 bps)
https://alexschroeder.ch/view/2024-06-15-uucp
date: 2024-06-16, from: Heather Cox Richardson blog
https://heathercoxrichardson.substack.com/p/june-15-2024-5f1
@Dave Winer’s Scripting News (date: 2024-06-16, from: Dave Winer’s Scripting News)
Buffalo Springfield: “You make the rules, you say what’s fair.”
http://scripting.com/2024/06/16.html#a130536
@Dave Winer’s Scripting News (date: 2024-06-16, from: Dave Winer’s Scripting News)
Cat Stevens: “Look at me, I am old, but I’m happy.”
http://scripting.com/2024/06/16.html#a130150
date: 2024-06-16, from: Dan Rather’s Steady
A Reason To Smile
https://steady.substack.com/p/the-incomparable-ella-fitzgerald
date: 2024-06-16, from: Dave Winer’s Scripting News
RSS has never been on the cover of a magazine, so you can’t say ChatGPT is stealing this from anyone. In fact I’m offended on behalf of ChatGPT that the press has chosen to focus on the bullshit idea that it’s plagiarizing journalists. Such narcissists. Everything is about them. It’s sick because the ideas journalists write about do not belong to them. If they’re doing their jobs, they’re reporting facts that exist whether or not they wrote a story about it. A simple example. I may have read in a local paper that the Mets swept the Dodgers in the NLCS. I don’t owe a news org anything because I read the news on their site. The news doesn’t belong to them.
The idea that RSS could be on the cover of a magazine isn’t so far-fetched, but no one ran a press release and there were no billionaires involved, so they didn’t consider it newsworthy I guess. Someday we’re going to have to accept that we have to make our own news, in the sense of Scoop Nisker’s famous line – “If you don’t like the news go out and make some of your own.” So here we go. I asked ChatGPT to imagine a magazine with RSS as the cover story.
PS: Does the concept of a cover story even exist now that we rarely read printed magazines?
http://scripting.com/2024/06/16/112755.html?title=imagineRssAsACoverStory
@Dave Winer’s Scripting News (date: 2024-06-16, from: Dave Winer’s Scripting News)
I’ve
written a crawler for the network of blogrolls via
connective links in HTML
and/or RSS feeds. When I started the project, I had no idea what I’d
find. How many blogrolls of what quality. I still don’t know the extent
of it, but there’s a non-trivial number of blogrolls out there. I’m
thinking about ways to get a handle on all the feeds in all the
blogrolls, and see what we get from that. And I’m beginning to see the
utility of FeedLand as a feed operating system, which is what I wanted
it to be. It’s not just a feed reader. It’s able to do things most feed
readers don’t do, maybe none do. We don’t have a good grasp of the depth
of the feed products either. I will of course share the results when
they are shareable.
http://scripting.com/2024/06/16.html#a112207
@Dave Winer’s Scripting News (date: 2024-06-16, from: Dave Winer’s Scripting News)
Three movies I’ve watched in the last few days: 1. Fight Club. 2. The Matrix. 3. The Devil’s Advocate. I had seen all of them before. But they go together. And they’re all about the same thing, about choosing to live in a dream, or to live the life you’re actually living. All three are excellent movies that I watched straight through from beginning to end, which is really unusual for me these days.
http://scripting.com/2024/06/16.html#a112014
@Dave Winer’s Scripting News (date: 2024-06-16, from: Dave Winer’s Scripting News)
This would make a great campaign ad. Remember how lost we were. Understand what you’re voting for when you go MAGA and what you could get if you sit this one out or cast a protest vote of some kind.
http://scripting.com/2024/06/16.html#a110232
date: 2024-06-16, from: Robert Reich’s blog
And last week’s winner
https://robertreich.substack.com/p/sunday-caption-contest-taking-stock
date: 2024-06-16, from: Heather Cox Richardson blog
I spent so much time in my friend Mike’s house growing up that I knew his parents as Mama and Papa. His father, Kenneth Edward Nyboe, was born in 1924 in New York City but spent his summers in Maine, where he knew my mother and my aunt and where he met, and secretly married, my aunt’s friend Helen Bryant just before he shipped overseas to be in the tank corps with Patton’s Third Army in World War II.
https://heathercoxrichardson.substack.com/p/june-15-2024
date: 2024-06-16, updated: 2024-06-16, from: Daring Fireball
date: 2024-06-16, updated: 2024-06-16, from: Daring Fireball