Re: [Freedos-user] Announcements seen on BTTR: Lynx web browser, NDN file manager, DOSBOX emulator
On 11/24/2021 9:04 PM, dmccunney wrote: FTP is deprecated and is going away. It is ancient, ill maintained, and a yawning mass of security holes. Hmm, sounds like windows. HTTP is going away in favor of HTTPS, which adds encryption to the connection. SFTP never caught on. SCP is the protocol of choice in locked down corporate environments. Sure, but sftp *does* encrypt the connection. Essentially, *all* communications must now be encrypted *both* ways, which requires current encryption protocols baked in. Bare minimum, I believe this would require an SSH library for DOS. You missed the bit about the recent update of the DJGPP port of Lynx, where it said this: <...> I did *not* miss it. But it also said JavaScript was *not* supported. This breaks it for use all over, unless the site ahs accommodations for things like screen readers. the vast majority of websites in existence now require access over https, and support for HTML5, CSS3, SVG, and reasonably current JS engine.to provide anything like a satisfactory browsing experience. I disagree. It's perfectly possible to have a satisfactory browsing experience without javascript. Just because a lot of sites use it doesn't mean it's necessary. Html5 does the job just fine in most cases, the problem is that the web designers (or more likely), the software they use use javascript, and so that's why it's included. Remember how buggy and slow shockwave was? And yet, it flourished for years, not because it was secure, but because it was included by default in so many designers. Javascript is now in the same boat. Javascript is *not* necessary for a good web experience, it's just being used, because designers are using the tools they're given, and javascript just happens to be one of those tools. I'm fairly confident you could delete javascript from the web in it's entirity, and using other technologies, most sites could keep working exactly like they do now. And, for what it's worth, javascript has nothing to do with screen readers. FreeDOS (and any other form of DOS) is increasingly locked out of access to the wider world, because it does not and *cannot* support the methods now used. Not true. Saying it doesn't support doesn't mean it can't support them. Windows didn't/couldn't support said technology until someone wrote the code to do so. Dos is in the same boat. Everything has to start somewhere. Just because something doesn't do something else, that is no indication as to whether it *can* do that something else. (Most interest I see in DOS these days is in running old DOS *games*, where communication with the outside world is not a factor. Those folks won't care about FTP, and may have never used it.). Dos also has a very strong following in the industrial world, where security is important. Since there is no built-in TCP/IP stack in dos, if your application gets hacked, and crashes, there's no access to the os. This is a very strong reason for some uses of dos. ___ Freedos-user mailing list Freedos-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/freedos-user
Re: [Freedos-user] Announcements seen on BTTR: Lynx web browser, NDN file manager, DOSBOX emulator
On Wed, Nov 24, 2021 at 7:20 PM Rugxulo wrote: > On Wed, Nov 24, 2021 at 4:36 PM dmccunney wrote: > > On Wed, Nov 24, 2021 at 4:19 PM Eric Auer wrote: > > > > > Bocke adds this: (I think FTP is just broken in the major browsers now, > > > alas!) > > > > It is broken and will *not* be fixed. > > I assume this is moreso due to unneeded extra maintenance rather than > just dislike for it. No, it's because it is no longer *necessary*. You can do the same thing in other ways. If you can, why bother with FTP? And please note, I said it was deprecated and would not be fixed *in the browsers*. This does not mean it won't live on in other places. (Personally, I used a dedicated Windows FTP client, and did not try to access FTP sites through my browser except as a last resort.) > > FTP is deprecated and is going away. It is ancient, ill maintained, > > and a yawning mass of security holes. > > But not everything needs to be "secure". You mentioned below "games", > and as long as they run in a sandbox (DOSBox) where they can't delete > or format anything, who cares? Email is (usually) plain text, too! Are > you going to deprecate everything old? UNIX is 50! (It had some good > ideas, to say the least.) > Simple things don't need to be secure. A simple AWK script or a > (textual) "diff" to build, say, NASM in DOS is not worthy of ten > layers of encryption. When you are building it, certainly. Once again, the requirement kicks in when you wish to communicate across the *Internet* It should be quite possible to create a local network of machines used for development and testing that happily use FTP to sling things around internally. But that network will be behind a router and firewall, and nothing *outside* it can get in, and stuff inside it goes through a secure gateway machine to get out. (Does the machine you use to participate here connect directly to your ISP with no firewall and all ports open? I didn't think so. Why should machines on your local network?) As far as current development is concerned, anything traveling over the Internet needs to be secure. That means encryption both ways, using current encryption methods (and those are continually changing, as folks find vulnerabilities.) Do *you*. need it? Possibly not. Does every website you browse really *need* https, and plain http with no encryption may be fine? Possibly. But what you and I might need do not drive these decisions. > > HTTP is going away in favor of HTTPS, which adds encryption to the > > connection. SFTP never caught on. SCP is the protocol of choice in > > locked down corporate environments. > > > > Essentially, *all* communications must now be encrypted *both* ways, > > which requires current encryption protocols baked in. Bare minimum, I > > believe this would require an SSH library for DOS. > > You missed the bit about the recent update of the DJGPP port of Lynx, > where it said this: <...> I did *not* miss it. But it also said JavaScript was *not* supported. This breaks it for use all over, unless the site ahs accommodations for things like screen readers. the vast majority of websites in existence now require access over https, and support for HTML5, CSS3, SVG, and reasonably current JS engine.to provide anything like a satisfactory browsing experience. Lynx under Windows or Linux would not work for me, because I need precisely the things it does not support. Fortunately, I don't *have* to use Lynx, and don't *care*. FreeDOS (and any other form of DOS) is increasingly locked out of access to the wider world, because it does not and *cannot* support the methods now used. > > If you are using a DOS emulator like DOSbiox X, you can rely on the > > host to imp[lement such things. > > DOSBox-X also runs atop FreeDOS, thanks to HX (yes, I tried it). So > does that mean DOS is now magically secure? Not in that config, it doesn't. I assume DOSBox X will run under something like a current version of Windows, (And in fact, I have it installed here for testing and it seems to work.) Linux, or OS/X. They can be adequately secured, and if something you do under DOS needs to reach the outside world, it has a secure host to reach it through. I suppose it's significant that you *could* get DOSBox X to run on top of FreeDOS using HX, but why would you *do* that? What do you get from doing it?. I am honestly curious about what use case you might have beyond "Let's see whether I *can*... ' (I wouldn't. I have too many other things I want to do to devote the time to that sort of testing.) > > If you are running DOS on the bare metal, you will have problems. You > > may still be able to set up an FTP server on a host that your pure DOS > > machine can connect to, but it will *not* be part of a browser. > > BIOS and CSM are basically dead, so it's probably under emulator (e.g. > QEMU). So what? Better than nothing (especially since most new > computers "supposedly" have VT-X! Great!) If you *can* run DOS under e
Re: [Freedos-user] Announcements seen on BTTR: Lynx web browser, NDN file manager, DOSBOX emulator
Hi, On Wed, Nov 24, 2021 at 4:36 PM dmccunney wrote: > > On Wed, Nov 24, 2021 at 4:19 PM Eric Auer wrote: > > > Bocke adds this: (I think FTP is just broken in the major browsers now, > > alas!) > > It is broken and will *not* be fixed. I assume this is moreso due to unneeded extra maintenance rather than just dislike for it. > FTP is deprecated and is going away. It is ancient, ill maintained, > and a yawning mass of security holes. But not everything needs to be "secure". You mentioned below "games", and as long as they run in a sandbox (DOSBox) where they can't delete or format anything, who cares? Email is (usually) plain text, too! Are you going to deprecate everything old? UNIX is 50! (It had some good ideas, to say the least.) Simple things don't need to be secure. A simple AWK script or a (textual) "diff" to build, say, NASM in DOS is not worthy of ten layers of encryption. > HTTP is going away in favor of HTTPS, which adds encryption to the > connection. SFTP never caught on. SCP is the protocol of choice in > locked down corporate environments. > > Essentially, *all* communications must now be encrypted *both* ways, > which requires current encryption protocols baked in. Bare minimum, I > believe this would require an SSH library for DOS. You missed the bit about the recent update of the DJGPP port of Lynx, where it said this: "* with OPENSSL support (requires WATT-32, which requires a DOS packet driver)" The full (non-lite) DJGPP port of Links2 [sic] also supports HTTPS/SSL, last I checked. > If you are using a DOS emulator like DOSbiox X, you can rely on the > host to imp[lement such things. DOSBox-X also runs atop FreeDOS, thanks to HX (yes, I tried it). So does that mean DOS is now magically secure? > If you are running DOS on the bare metal, you will have problems. You > may still be able to set up an FTP server on a host that your pure DOS > machine can connect to, but it will *not* be part of a browser. BIOS and CSM are basically dead, so it's probably under emulator (e.g. QEMU). So what? Better than nothing (especially since most new computers "supposedly" have VT-X! Great!) I wish I knew how to run FreeDOS on a generic Chromebook like this one. (I've tried Linux cmdline support [beta] before, it wasn't bad, but it needs 10 GB of space, yikes!) > (Most interest I see in DOS these days is in running old DOS *games*, > where communication with the outside world is not a factor. Those > folks won't care about FTP, and may have never used it.). I hope Jim (and Eric and Tom and Jerome and Bart and Jeremy and Robert and ...) all realize how much I adore FreeDOS and have appreciated it over the years. My only complaint is that I couldn't contribute more. FreeDOS is great! (Now if only the rest of the world knew that.) ___ Freedos-user mailing list Freedos-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/freedos-user
Re: [Freedos-user] Announcements seen on BTTR: Lynx web browser, NDN file manager, DOSBOX emulator
On Wed, Nov 24, 2021 at 4:19 PM Eric Auer wrote: > Bocke adds this: (I think FTP is just broken in the major browsers now, > alas!) It is broken and will *not* be fixed. FTP is deprecated and is going away. It is ancient, ill maintained, and a yawning mass of security holes. HTTP is going away in favor of HTTPS, which adds encryption to the connection. SFTP never caught on. SCP is the protocol of choice in locked down corporate environments. Essentially, *all* communications must now be encrypted *both* ways, which requires current encryption protocols baked in. Bare minimum, I believe this would require an SSH library for DOS. If you are using a DOS emulator like DOSbiox X, you can rely on the host to imp[lement such things. If you are running DOS on the bare metal, you will have problems. You may still be able to set up an FTP server on a host that your pure DOS machine can connect to, but it will *not* be part of a browser. (Most interest I see in DOS these days is in running old DOS *games*, where communication with the outside world is not a factor. Those folks won't care about FTP, and may have never used it.). __ Dennis ___ Freedos-user mailing list Freedos-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/freedos-user
[Freedos-user] Announcements seen on BTTR: Lynx web browser, NDN file manager, DOSBOX emulator
Hi! In case you have missed them earlier this month, here is a collection of announcements found on BTTR :-) https://www.bttr-software.de/forum/forum_entry.php?id=18453 > *Both DOS packages for DOSBox-X 0.83.19 are now available* > posted by Wengier(R) 10.11.2021, 09:51 > > DOSBox-X 0.83.19 has been released recently. Designing to be a cross-platform > DOS emulator, it is the goal of DOSBox-X to cover essentially everything in > the DOS scene, and also intends to implement accurate emulation, accurate > enough to help make new DOS developments possible with confidence the program > will run properly on actual DOS systems. > > DOSBox-X provides official DOS versions in addition to other platforms. > Despite a short delay, by now you can download both the latest HX-DOS and > LOADLIN DOS packages for DOSBox-X 0.83.19 from the DOSBox-X project homepage: > > https://dosbox-x.com/ > > There are quite a lot of new features and other improvements in this latest > version, and you can find the release notes for this version (containing the > change history) here: > > * https://dosbox-x.com/release-0.83.19.html > > Both HX-DOS and LOADLIN DOS package are self-contained so that you can simply > unzip the file and type DOSBOX-X to run in DOS. It is confirmed to work in > DOS, and read the included README.TXT file for more information. The printing > function is also supported in the HX-DOS package in this version. https://www.bttr-software.de/forum/board_entry.php?id=18468&page=0&order=time&category=0 > *DJGPP port of Lynx 2.9.0dev.10* > > Juan Manuel Guerrero released this port on 12 November 2021. > > Summary of ANNOUNCE: DJGPP port of Lynx 2.9.0dev.10 uploaded. > > * LFN support > * default code page: cp850 (instead of iso-8859-1) > * supports HOME environment variable > * with BZIP2, ZIP and PDCURSES support > * without NLS (Native Language Support) support enabled > * with IDN (Internationalized Domain Names) support > * with OPENSSL support (requires WATT-32, which requires a DOS packet driver) > > Excerpt: >Lynx is a fully-featured World Wide Web (WWW) client for users running >cursor-addressable, character-cell display devices such as vt100 terminals >and vt100 emulators running on character-cell display. It will display >Hypertext Markup Language (HTML) documents containing links to files on the >local system, as well as files on remote systems running http, gopher, ftp, >wais, nntp, finger, or cso/ph/qi servers, and services accessible via > logins >to telnet, tn3270 or rlogin accounts. > > >DJGPP specific changes. >=== >This port is based on the current develop code of lynx (aka > lynx2.9.0dev.10) >available as: > https://invisible-mirror.net/archives/lynx/tarballs/lynx-cur.tar.bz2 > >... > >The lynx executable itself handles http:, https:, ftp:, file:, news:, nntp: >and gopher: protocols. You will need external programs if you want to > access >telnet:, tn3270:, or mailto: URLs. In this case a port of kermit may be >required. > >Please note that lynx does _NOT_ support javascr*** at all. So nothing > will >work that requires this feature. If you need this, look for a different >text web browser. > >It is important to realize that this port is a _PURE_ DOS port. If for > some >reason you want to use lynx under Windows, you should download a windows >port of lynx. > >... > >When connecting to a site via https, lynx will require that a file of >trusted certificates is available. It is your's responsability to create >such a file and the port will _NEVER_ provide one. This .PEM file is >created using openssl tools. Read the openssl documentation. A working >linux installation provides always one. It may be found by the name >"ca-bundle.pem" or similar. In the end it must be a file in PEM format. >Store it where you like and point to it by setting the corresponding lynx >environment variable like this: > set SSL_CERT_FILE=/dev/env/DJDIR/share/ssl/certs/ca-bundle.pem >Of course the value propossed is arbitrary and reflects the way I do it >for my own installation of lynx. A starting point for reading about how >to create your own PEM files is: > https://lists.gnu.org/archive/html/lynx-dev/2002-12/msg00043.html Bocke adds this: (I think FTP is just broken in the major browsers now, alas!) > I spent some time searching for direct download links as they weren't linked > in the announcement. Here they are: > > Binaries: > http://ftp.delorie.com/pub/djgpp/current/v2tk/lx290d10b.zip > > Development libraries and headers: > http://ftp.delorie.com/pub/djgpp/current/v2tk/lx290d10d.zip > > Source code: > http://ftp.delorie.com/pub/djgpp/current/v2tk/lx290d10b.zip > > I also tried accessing FTP server directly, but the anonymous login didn't > work for some reason. https://www.bttr-software.
[Freedos-user] SvarCOM - a nimble COMMAND.COM shell
Hello all, I tend to use FreeDOS mostly on old computers that often have no more than 1 MiB of RAM. On such setups FreeDOS doesn't leave much memory to applications, mostly due to FreeCOM. This is the main reason that led me to develop a new command interpreter named SvarCOM. This interpreter will soon become the standard shell of the SvarDOS distribution. It's resident size is under 2K. Today I published the first version of SvarCOM, version 2021.0. This version must be considered as a "functional preview", since there are still a few things missing. It is stable, though, and what is implemented works pretty well. I use it since a few days on my museum-grade machines without major troubles. The most annoying thing is probably the lack of an INT 24h handler: it may lead to surprising results if one tries to access an empty floppy drive. While I developed SvarCOM specifically for the SvarDOS distribution, it works just as well on plain FreeDOS. As such, the FreeDOS project is welcome to mirror it or use it as an alternative shell, should that be of any interest to the community. Read more on http://svardos.osdn.io/svarcom/ Mateusz ___ Freedos-user mailing list Freedos-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/freedos-user
