22.10.2022 Wieder Kabel durchtrennt

Auch in Frankreich Anschläge auf wichtige Kabel

Vor drei Tagen gab es eine massive Störung des Internetverkehrs nachdem in Marseille nachts um 3 Uhr wichtige Glasfaserkabel des Anbieters Free 1337 zerstört wurden. Diese Kabel führten nach Mailand und Barcelona, aber sie wurden auch für den internationalen Verkehr nach Südostasien und Australien genutzt.

Der Anschlag erinnert an das Problem bei der Deutschen Bahn nach der zeitgleichen Zerstörung von Kabeln für den Bahnfunk GSM-R in Berlin und Herne. Doch auch in Frankreich gab es im April dieses Jahres bereits Anschläge, bei denen im Großraum Paris vier Glasfaserstrecken durchtrennt wurden.

Damals wurde auch deutscher Internetverkehr beeinträchtgt, weil auch Leitungen des deutschen Internetknotens DE-CIX betroffen waren. In der Regel sind das aus militärischer Forschung hervorgegangene Internetprotokoll TCP/IP und die zugehörigen Routingprotokolle robust genug, um solche Ausfälle in Sekunden durch andere Wege im vollvermaschten Internet auszugleichen.

Es ist immer nur die Frage, welche Maschen stehen noch zur Verfügung und wie voll wird der Verkehr auf diesen Ausfallstrecken. Mit Problemen auf einem so hohen Niveau musste sich der streng dreinblickende Hindenburg nicht auseinandersetzen - deshalb war die damalige Empfehlung nur dumm und nationalistisch.

Während man im April von etwa 300.000 betroffenen Kunden ausging, waren es nach Einschätzung von Nicolas Guillaume, CEO der Nasca-Gruppe zu der die betroffenen Anbieter gehören, Millionen von Endkunden. Sein Vorschlag, die Netzpläne geheim zu halten, kommt wohl zu spät und wurde scheinbar auch von den Ermittlungsbehörden falsch verstanden, denn diese geben nun keine Auskunft mehr über mögliche Zusammenhänge und Ermittlungsergebnisse.

Mehr dazu bei https://www.heise.de/news/Frankreich-Anschlag-auf-Glasfaserkabel-bremst-internationalen-Datenverkehr-aus-7315563.html

Kategorie[21]: Unsere Themen in der Presse Short-Link dieser Seite: a-fsa.de/d/3qp
Link zu dieser Seite: https://www.aktion-freiheitstattangst.org/de/articles/8186-20221022-wieder-kabel-durchtrennt.htm
Link im Tor-Netzwerk: http://a6pdp5vmmw4zm5tifrc3qo2pyz7mvnk4zzimpesnckvzinubzmioddad.onion/de/articles/8186-20221022-wieder-kabel-durchtrennt.htm
Tags: #Kabel #Anschlag #Sabotage #Frankreich #Deutschland #Bahn #Glasfaser #TCP #Frieden #Krieg #Ukraine #Russland

MinusBrowser 1.2 is Published

Minus is an alternative to, but not a replacement for, HTTP and Gemini.

• Tor now starts automatically. The option to keep Tor running after the browser window is closed still exists.
• Tor is now used for all connections, not just connections to .onion domains.
• Gopher is now supported, but not as fully as with a dedicated Gopher client. Gopher menus are presented as if they were Minus pages. You can click on Gopher links just as you do with Minus links. Search is also supported.
• Various annoying bugs are fixed. This includes bugs related to selected text.

The new version is available on Codeberg as a .tar.gz file.

https://codeberg.org/giXzkGsc/Minus-Protocol/raw/branch/main/MinusBrowser.tar.gz

There is no need to install MinusBrowser. Just download the .tar.gz file to your home folder and unpack it with

tar -xf MinusBrowser.tar.gz

or use your favorite GUI software to unpack it.

If you have an earlier version, unpack the .tar.gz file into the same directory as your present MinusBrowser folder. I plan to make future versions of MinusBrowser able to update themselves similarly to the way EasyGPG updates itself.

To follow the progress of the Minus Protocol Project, click on #minus-protocol or look at https://nerdpol.ch/tags/minus-protocol

#internet #protocol #tcp #hypertext #http #gemini #gopher #minus #minus-protocol #browser #minusbrowser #minus-browser

Bufferbloat, the Internet, and How to Fix It

#featured #interest #internethacks #networkhacks #bandwidth #bufferbloat #internet #latency #openwrt #tcp #tcpip #hackaday
posted by pod_feeder_v2

MinusBrowser 1.0 is Published

MinusBrowser is a browser for the Minus protocol written in Tcl/Tk that also requires curl.

The Software

I have developed a Minus server and a Minus browser for Linux distros. I am putting the Minus browser on Codeberg first. I will put a server there later.

My browser is written in Tcl/Tk, and it also requires curl. Like the Tor Browser, MinusBrowser includes its own copy of Tor. The protocol specification allows for the use of TLS, but MinusBrowser does not support it -- at least, not yet. My present Minus servers run as Tor Onion Services, and I have no plan to create clearnet servers in the future. However, MinusBrowser will also read from libraries on local networks.

There is no need to install the browser. Just download the .tar.gz archive and unpack it. The ReadMeFirst.txt file explains how to launch it on various distros.

MinusBrowser includes a list of known public Minus libraries. So far, I know of only my two libraries: the one for this project and the one for my EasyGPG project.

The Files

MinusBrowser
https://codeberg.org/giXzkGsc/Minus-Protocol/raw/branch/main/MinusBrowser.tar.gz

Minus Protocol Specification
https://codeberg.org/giXzkGsc/Minus-Protocol/raw/branch/main/minus-specification.md

What is Minus?

The Minus protocol is an alternative to Gopher, HTTP, and Gemini. It was inspired by Gopher. Gopher Plus was intended to add features to Gopher, but I wanted to subtract features. I wanted a Gopher Minus. I shortened this to Minus.

Minus is Gopher with only type 9 files. (This will make sense to you if you have ever implemented a Gopher server or client.)

As with Gopher and Gemini, a Minus client sends only one line of text that specifies the file to download. The server then sends back the requested file or a message in UTF-8 text explaining why the file was not sent. Notice that there is nothing at all like request and response headers.

The files served can be of any type, but only .minus, .txt, .text, and .asc files will be displayed by the client. Other types are saved to mass storage.

Minus files are UTF-8 text. There is no markup language apart from using # characters to indicate headers, and the back-tick (`) to delimit code snippets and similar text. Every character in the file is shown to the user.

The only hypertext feature is that all minus:// URLs, alone on a line, are automatically clickable links.

Minus defines its own MIME type, like HTTP's text/html. This is text/minus, and the file name suffix is .minus.

Minus URLs are of the form minus://domain.tld/something.minus. There is no optional authority component, nor are there any optional query or fragment components. The browser sends the part of the URL after the TLD to the server to specify the desired file.

The Minus equivalent of the HTTP web site and Gopher gopher hole is the Minus library.

The Future of this Project

As mentioned above, I will put my Minus server on Codeberg. I want to build a GUI for it soon, but I will probably upload it before that is finished.

I am thinking about several improvements to the browser. One is to enable the MinusBrowser to read pages aloud. This would be done by recording sound files with espeak and playing them with VLC or Audacious. I am also thinking about limited support for Gopher. This would translate Gopher menus into Minus pages and allow display of files that appear in Gopher menus as type 0. I definitely plan to make MinusBrowser able to update itself using Codeberg or using the Minus Library for this project.

I am also thinking about using gpg to display PGP messages and verify their signatures. This would require that the browser also import PGP keys.

Minus Protocol Project on Codeberg
https://codeberg.org/giXzkGsc/Minus-Protocol

Minus library for the Minus protocol project
minus://mvxpelpxu2f7kzotb2s2t6fkmggvrd7qdg2wjs6waiyf2nbhkawux4yd.onion/

Minus library for EasyGPG
minus://7hinc6ucgvwbcjjoe44lhzzxyjptb3da6tzl33oe7ezl2qgwlrkfe6yd.onion/

#internet #protocol #tcp #hypertext #http #gemini #gopher #minus #minus-protocol #browser #minusbrowser #minus-browser

Latest Version 2022-07-05

Minus Protocol Specification

The Name of the Minus Protocol

The name Minus was inspired by Gopher Plus. Gopher Plus added features to Gopher; Minus subtracts features from Gopher.

Minus Transactions

Server: listens for TCP connections on port 1990
Client: opens a TCP connection to the server on port 1990
Server: accepts the TCP connection
Client: sends a file specifier that specifies the file to be downloaded
Server: sends the specified file or a UTF-8 text message explaining why the specified file was not sent
Server: closes the TCP connection

The client may close the TCP connection before the entire file is received. The server must tolerate this.

The specifier is one line of text which can contain only the characters inside the following quotation marks.

"ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789-_/."

The specifier may be just /, but, otherwise, it should not end with /. The specifier should also not contain //, .., ./, or /..

If the specifier is / or zero-length, the specifier will default to index.minus. This is similar to index.html in HTTP.

The error message mentioned above should be UTF-8 text with \n at the end of lines, and not \r\n.

There must be no other communication between the server and client. Notice that no information about the client is sent to the server.

Avoiding Information Exfiltration

Exfiltration of information from the client is prevented by only allowing the transaction above, but indirectly exfiltrating information from the server is still possible.

This could happen if all the files served are kept in one directory, and the specifier is combined with the path name of this one directory to form the path name of the file served. This is obviously insecure, yet many file servers are designed this way. Such servers have to use various strategies to mitigate the insecurity created by this design.

A better design uses an index that contains an entry for each file that can be served. Each entry relates a specifier to the path name of the file it specifies. With this design, only files listed in the index can be served, and the specifier need not contain any part of the path name of the file.

Transport Security

Minus is insecure unless TLS is used or the server is run as a Tor Onion Service. Running as a Tor Onion Service is preferred because it makes everything easier. No registration of a domain name is necessary, no TLS certificate is required, and both server and client are easier to implement without TLS.

If TLS is used, the scheme in the URL should be minuss:// instead of minus://.

Minus URL Format

Here is an example of a Minus URL.

minus://vdvfh9y003nvebcctyc67mnpl1fuvfayoh2qzyo9ksyj3m1so5idkyef.onion/index.minus

(There is not a server at this domain. This is just an example.)

This has three parts: the protocol (or scheme) minus://, the host (an FQDN or an IP address) vdvfh9y003nvebcctyc67mnpl1fuvfayoh2qzyo9ksyj3m1so5idkyef.onion, and /index.minus (the specifier sent by the client to the server). See the section above for the complete list of characters allowed in a specifier.

Minus URLs must be the only thing on the line they appear in.

Minus URLs in .minus documents should be selectable links that open the specified document. In a GUI client, these should be clickable.

If TLS is used, the scheme in the URL should be minuss:// instead of minus://.

The .minus File Type

Files with the .minus filename extension should be UTF-8 text files. The server should not limit the line length of lines in these files (as in Gopher). However, the client should.

Lines in .minus files should end with \n and not \r\n.

Minus URLs must be the only thing on the line they appear in.

The client should recognize Minus URLs in the text of .minus files and make them easily selectable. Selecting them should download the specified file. If the file downloaded is a .minus file, it should be displayed. If it is a .txt, .text, or .asc file, it should also be displayed, but without necessarily making URLs in the text selectable. All other files should be downloaded and saved to mass storage. The file names of files saved to mass storage will be the part of the specifier after the last /. Clients should check that the downloaded file is not actually an error message sent by the server instead of the specified file.

Minus does not allow for embedding other files in a .minus file such that they are displayed in the same window as the text. No URLs in the text should ever be automatically downloaded.

Display of Text in .minus Files

How the text of .minus files is displayed should be controlled by the client and its user. However, the text of the .minus file may indicate, with markings, what functions parts of the text play in the document.

For example, the text could indicate what lines of the document are headings and subheadings. This could be done by beginning the line with a # or more than one #, followed by a space. The client and its user could decide how headings should be displayed. Similarly, the ` could indicate the beginning and end of a code snippet, and the client could display these snippets differently from the rest of the text.

It is also acceptable for the client not to display marked text or markings differently from the rest of the text.

Minus Compared to Gopher, Gemini, and HTTP

Gemini is meant to be less complex and easier to implement than HTTP, but more complex than Gopher. Minus, on the other hand, is meant to be less complex and easier to implement than all of these others, including Gopher.

This simplicity is essential if the Internet is to, once again, become human-friendly.

HTTPS 1.1 and HTML5 are so complex that no single person can implement a server or a client that supports the entire HTTPS 1.1 and HTML5 standards. In fact it requires a large team of people to do so. It is, therefore, not surprising that there are very few clients or servers not based on some other client or server.

Because complexity is the enemy of security, this software is also insecure.

Perhaps the worst problem with HTTPS 1.1 and HTML5 is the way, by design, that they spy on users of HTTPS 1.1 clients. In Minus, the only information communicated by the client to the server is the specifier that specifies the file to be downloaded. This is very different from HTTPS 1.1. Even worse, HTTPS 1.1 allows the server to download and store information onto the client machine that is not explicitly requested by the user.

When I implemented my own Gopher server, I found that even Gopher has complexity I do not need or want. This is why I am doing this.

#internet #protocol #tcp #file-server #hypertext #http #gemini #gopher #minus #minus-protocol

This adds a note about error messages suggested by @prplcdclnw@diasp.eu , and a note about / in specifiers.

Third Release Version

Minus Protocol Specification

The Name of the Minus Protocol

The name Minus was inspired by Gopher Plus. Gopher Plus added features to Gopher; Minus subtracts features from Gopher.

Minus Transactions

Server: listens for TCP connections on port 1990
Client: opens a TCP connection to the server on port 1990
Server: accepts the TCP connection
Client: sends a file specifier that specifies the file to be downloaded
Server: sends the requested file or a UTF-8 text message explaining why the specified file was not sent
Server: closes the TCP connection

The specifier is one line of text which can contain only the characters inside the following quotation marks.

"ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789-_/."

The specifier may be just /, but, otherwise, it should not end with /. The specifier should also not contain //.

If the specifier is / or zero-length, the specifier will default to index.minus. This is similar to index.html in HTTP.

The error message mentioned above should be UTF-8 text with \n at the end of lines, and not \r\n.

There must be no other communication between the server and client. Notice that no information about the client is sent to the server.

Avoiding Information Exfiltration

Exfiltration of information from the client is prevented by only allowing the transaction above, but indirectly exfiltrating information from the server is still possible.

This could happen if all the files served are kept in one directory, and the specifier is combined with the path name of this one directory to form the path name of the file served. This is obviously insecure, yet many file servers are designed this way. Such servers have to use various strategies to mitigate the insecurity created by this design.

A better design uses an index that contains entries for each file that can be served. Each entry relates a specifier to the path name of the file it specifies. With this design, only files listed in the index can be served, and the specifier need not contain any part of the path name of the file.

Transport Security

Minus is insecure unless TLS is used or the server is run as a Tor Onion Service. Running as a Tor Onion Service is preferred because it makes everything easier. No registration of a domain name is necessary, no TLS certificate is required, and both server and client are easier to implement without TLS.

If TLS is used, the scheme in the URL should be minuss:// instead of minus://.

Minus URL Format

Here is an example of a Minus URL.

minus://vdvfh9y003nvebcctyc67mnpl1fuvfayoh2qzyo9ksyj3m1so5idkyef.onion/index.minus

(There is not a server at this domain. This is just an example.)

This has three parts: the protocol (or scheme) minus://, the host (an FQDN or an IP address) vdvfh9y003nvebcctyc67mnpl1fuvfayoh2qzyo9ksyj3m1so5idkyef.onion, and /index.minus (the specifier sent by the client to the server). See the section above for the complete list of characters allowed in a specifier.

Minus URLs must be the only thing on the line they appear in.

Minus URLs in .minus documents should be selectable links that open the specified document. In a GUI client, these should be clickable.

If TLS is used, the scheme in the URL should be minuss:// instead of minus://.

The .minus File Type

Files with the .minus filename extension should be UTF-8 text files. The server should not limit the line length of lines in these files (as in Gopher). However, the client should.

Lines in .minus files should end with \n and not \r\n.

Minus URLs must be the only thing on the line they appear in.

The client should recognize Minus URLs in the text of .minus files and make them easily selectable. Selecting them should download the specified file. If the file downloaded is a .minus file, it should be displayed. If it is a .txt, .text, or .asc file, it should also be displayed, but without necessarily making URLs in the text selectable. All other files should be downloaded and saved to mass storage. The file names of files saved to mass storage will be the part of the specifier after the last /. Clients should check that the downloaded file is not actually an error message sent by the server instead of the specified file.

Minus does not allow for embedding other files in a .minus file such that they are displayed in the same window as the text. No URLs in the text should ever be automatically downloaded.

Display of Text in .minus Files

How the text of .minus files is displayed should be controlled by the client and its user. However, the text of the .minus file may indicate, with markings, what functions parts of the text play in the document.

For example, the text could indicate what lines of the document are headings and subheadings. This could be done by beginning the line with a # or more than one #, followed by a space. The client and its user could decide how headings should be displayed. Similarly, the ` could indicate the beginning and end of a code snippet, and the client could display these snippets differently from the rest of the text.

It is also acceptable for the client not to display marked text or markings differently from the rest of the text.

Minus Compared to Gopher, Gemini, and HTTP

Gemini is meant to be less complex and easier to implement than HTTP, but more complex than Gopher. Minus, on the other hand, is meant to be less complex and easier to implement than all of these others, including Gopher.

This simplicity is essential if the Internet is to, once again, become human-friendly.

HTTPS 1.1 and HTML5 are so complex that no single person can implement a server or a client that supports the entire HTTPS 1.1 and HTML5 standards. In fact it requires a large team of people to do so. It is, therefore, not surprising that there are very few clients or servers not based on some other client or server.

Because complexity is the enemy of security, this software is also insecure.

Perhaps the worst problem with HTTP 1.1 and HTML5 is the way, by design, that they spy on users of HTTPS 1.1 clients. In Minus, the only information communicated by the client to the server is the specifier that specifies the file to be downloaded. This is very different from HTTPS 1.1. Even worse, HTTPS 1.1 allows the server to download and store information on the client machine that is not explicitly requested by the user.

When I implemented my own Gopher server, I found that even Gopher has complexity I do not need or want. This is why I am doing this.

This document is 1157 words long. The official Gopher specification is 5395 words long. The official HTTP 1.1 specification is 61904 words long.

#internet #protocol #tcp #file-server #hypertext #http #gemini #gopher #minus #minus-protocol

How to run your Minus server as a Tor Onion Service

1. Create a new, empty folder called onion-service.
2. Find your Tor Browser folder. If you have no Tor Browser folder, download https://www.torproject.org/dist/torbrowser/11.0.14/tor-browser-linux64-11.0.14_en-US.tar.xz and then unpack it. Locate the folder you just created.
3. Inside the Tor Browser folder is a folder called Browser. Inside the Browser folder is a folder called TorBrowser. Inside the TorBrowser folder is a folder called Tor. Copy (do not move, but copy) the Tor folder to your new onion-service folder.
4. Save the two scripts below to the onion-service folder, and mark them executable with chmod or your graphical file manager.
5. Run start-service.sh. New folders and files will be created in your onion-service folder. The new file called hostname contains the name of your new Tor Onion Service. This will be a domain name that ends with .onion. My domain name is 7hinc6ucgvwbcjjoe44lhzzxyjptb3da6tzl33oe7ezl2qgwlrkfe6yd.onion so the URL of my Minus server is minus://7hinc6ucgvwbcjjoe44lhzzxyjptb3da6tzl33oe7ezl2qgwlrkfe6yd.onion/. Apart from reading the hostname file, you should leave these newly-created files and folders alone.

Here are the two scripts mentioned in number 4 above.

start-service.sh
````
#!/bin/sh

thisfile=readlink -e "${0}"
thisdir=dirname "${thisfile}"

chmod 700 "${thisdir}" # If this is not the permission, Tor will not run.

"${thisdir}/stop-service.sh"

printf "%s\n%s\n%s\n%s\n%s\n%s\n%s\n" "SocksPort 0" "RunAsDaemon 1" "AvoidDiskWrites 1" "DataDirectory ${thisdir}" "HiddenServiceDir ${thisdir}" "PidFile ${thisdir}/tor.pid" "HiddenServicePort 1990 127.0.0.1:1990" > "${thisdir}/torrc"
chmod 600 "${thisdir}/torrc"

env LD_LIBRARY_PATH="${thisdir}/Tor" "${thisdir}/Tor/tor" -f "${thisdir}/torrc" # start Tor

exit 0
````

stop-service.sh
````
#!/bin/sh

thisfile=readlink -e "${0}"
thisdir=dirname "${thisfile}"

if test -f "${thisdir}/tor.pid"
then
theID=cat "${thisdir}/tor.pid"
if ps ${theID} | grep "${thisdir}/Tor/tor" > /dev/null
then
kill ${theID}
fi
rm -f "${thisdir}/tor.pid"
fi

exit 0
````

Please tell me about your new Minus servers. I want to keep and publish a list of all known public Minus servers and publish it on my Minus server.

#internet #protocol #tcp #file-server #hypertext #minus #minus-protocol #tor #onion-service #minus-server

Small but complete Minus server

implemented as a BASH script

This fully complies with the Minus Protocol Specification.

Save this as mserver and mark it executable with chmod or your GUI file manager. This requires mini-inetd, which you will probably find in a package called Tcputils. This package also includes tcpconnect which is mentioned below.

Start mserver with mserver start and stop it with mserver stop.

You are encouraged to edit the values of indexfile and requestlog. If you do not, a new directory will be created in ${HOME} called minus-contents. You can edit your index file and your pages with an ordinary text editor.

To experiment with your new server (before you start serving it as a Tor Onion Service) you can use tcpconnect. printf "" | tcpconnect -r -v 127.0.0.1 1990 will get your index.minus page. This is like the index.html page in HTTP. It should contain the URLs of your other pages and files.

The printf command sends the specifier to the server. In the example above, a zero-length specifier is sent, so, in accordance with the Minus specification, the specifier defaults to index.minus.

Please read the comments in mserver. Comments to this post are welcome.

#!/bin/bash

# mserver 1.0
# Copyright (C) 2022 the author indicated below
# The author of mserver made an OpenPGP,
# RSA key pair. The fingerprint of this key pair is
# BA34F30AC917CB0714884A3DA6BDBF5757B731E9
# mserver is distributed under the terms of the GNU General
# Public License, version 3 (https://www.gnu.org/licenses/gpl.html).
# mserver is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY--without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
# GNU General Public License for more details.

# Only the path name in indexfile determines the file served. No part of user input is used as
# part of the path name of the file. This is much more secure than determining the path name directly from
# user input. A file can not be served simply because it is in a certain directory. Only listing the file in
# indexfile makes it available. Specifiers need not contain any part of the path names of the files they
# specify.

# Each line of indexfile is

# <specifier>|<path name of file>

# specifier may not contain any characters except "0123456789abcdefghijklmonpqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ.-/_"
# because all other characters are removed from theinput.

# Path names that do not begin with / are relative to the directory of indexfile.

thisfile="$(readlink -e "${0}")"

if test "${1}" = "start"
then
  if test -z "$(ps -o args -C mini-inetd | grep -F "${thisfile}")"
  then
    mini-inetd 127.0.0.1:1990 "${thisfile}" & # start serving
  fi
  exit 0
elif test "${1}" = "stop"
then
  theID="$(ps -o pid,args -C mini-inetd | grep -F "${thisfile}" | sed "s/^[ \t]*//" | grep -o "^[0-9]*")"
  if test -n "${theID}"
  then
    kill ${theID} # stop serving
  fi
  exit 0
fi

# mini-inetd listens for tcp connections on port 1990.
# For each connection, this file is started with standard input and standard output connected to the socket.
# When this file exits, the tcp connection is closed.

if test "$(ps -o args -C "$(basename "${thisfile}")" | grep -cF "${thisfile}")" -gt 12 # mitigate DoS attacks
then
  exit 0
fi

read -t 30 -n 255 theinput # Read 1 line, but no more than 255 bytes. Timeout after 30 seconds to mitigate DoS attacks.
theinput="$(printf "%s" "${theinput}" | tr -dc "0-9A-Za-z\.\-/_" | sed "s/^\///")" # remove anything not allowed and initial /

# set indexfile and requestlog to desired values
indexfile="${HOME}/minus-contents/minus.index"
requestlog="/dev/null" # this can be /dev/null to prevent logging

indexdir="$(dirname "${indexfile}")"

if ! test -f "${indexfile}" # no index file
then
  mkdir -p "${indexdir}"
  printf "%s\n%s" "index.minus|index.minus" "other.minus|other.minus" > "${indexfile}"
  printf "%s\n" "This is the home or index page." > "${indexdir}/index.minus"
  printf "%s\n" "This is the other page." > "${indexdir}/other.minus"
fi

cd "${indexdir}"

if test -z "${theinput}" # if no input, default to index.minus
then
  theinput="index.minus" # This is the home or index page. It should have links to the other pages.
fi

if test -n "$(grep -m 1 -o "^${theinput}|" "${indexfile}" | grep -F "${theinput}|")" # necessary because theinput may contain .
then
  thefile="$(grep -m 1 "^${theinput}|" "${indexfile}" | sed "s/^[^|]*|//")" # use indexfile to find path name of the file
else
  thefile=""
fi

if test -n "${thefile}"
then
  cat "${thefile}" # return the file
  printf "%s sent %s\n" "$(date "+%Y-%m-%d %I:%M:%S %p")" "${theinput}" >> "${requestlog}"
else
  printf "\"%s\" does not specify a file that this server will serve.\nTry \"index.minus\".\n" "${theinput}" # return an error
  printf "%s miss %s\n" "$(date "+%Y-%m-%d %I:%M:%S %p")" "${theinput}" >> "${requestlog}"
fi

exit 0

#internet #protocol #tcp #file-server #hypertext #minus #minus-protocol

Second Release Version (See the first comment below.)

Minus Protocol Specification

The Name of the Minus Protocol

The name Minus was inspired by Gopher Plus. Gopher Plus added features to Gopher; Minus subtracts features from Gopher.

Minus Transactions

Server: listens for TCP connections on port 1990
Client: opens a TCP connection to the server on port 1990
Server: accepts the TCP connection
Client: sends a file specifier that specifies the file to be downloaded
Server: sends the requested file or a UTF-8 text message explaining why the specified file was not sent
Server: closes the TCP connection

The specifier is one line of text which can contain only the characters inside the following quotation marks.

"ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789-_/."

If the specifier is / or zero-length, the specifier will default to index.minus. This is similar to index.html in HTTP.

The error message mentioned above should be UTF-8 text with \n at the end of lines, and not \r\n.

There must be no other communication between the server and client. Notice that no information about the client is sent to the server.

Avoiding Information Exfiltration

Exfiltration of information from the client is prevented by only allowing the transaction above, but indirectly exfiltrating information from the server is still possible.

This could happen if all the files served are kept in one directory, and the specifier is combined with the path name of this one directory to form the path name of the file served. This is obviously insecure, yet many file servers are designed this way. Such servers have to use various strategies to mitigate the insecurity created by this design.

A better design uses an index that contains entries for each file that can be served. Each entry relates a specifier to the path name of the file it specifies. With this design, only files listed in the index can be served, and the specifier need not contain any part of the path name of the file.

Transport Security

Minus is insecure unless TLS is used or the server is run as a Tor Onion Service. Running as a Tor Onion Service is preferred because it makes everything easier. No registration of a domain name is necessary, no TLS certificate is required, and both server and client are easier to implement without TLS.

If TLS is used, the scheme in the URL should be minuss:// instead of minus://.

Minus URL Format

Here is an example of a Minus URL.

minus://vdvfh9y003nvebcctyc67mnpl1fuvfayoh2qzyo9ksyj3m1so5idkyef.onion/index.minus

(There is not a server at this domain. This is just an example.)

This has three parts: the protocol (or scheme) minus://, the host (an FQDN or an IP address) vdvfh9y003nvebcctyc67mnpl1fuvfayoh2qzyo9ksyj3m1so5idkyef.onion, and /index.minus (the specifier sent by the client to the server). See the section above for the complete list of characters allowed in a specifier.

Minus URLs must be the only thing on the line they appear in.

Minus URLs in .minus documents should be selectable links that open the specified document. In a GUI client, these should be clickable.

If TLS is used, the scheme in the URL should be minuss:// instead of minus://.

The .minus File Type

Files with the .minus filename extension should be UTF-8 text files. The server should not limit the line length of lines in these files (as in Gopher). However, the client should.

Lines in .minus files should end with \n and not \r\n.

Minus URLs must be the only thing on the line they appear in.

The client should recognize Minus URLs in the text of .minus files and make them easily selectable. Selecting them should download the specified file. If the file downloaded is a .minus file, it should be displayed. If it is a .txt, .text, or .asc file, it should also be displayed, but without necessarily making URLs in the text selectable. All other files should be downloaded and saved to mass storage. The file names of files saved to mass storage will be the part of the specifier after the last /.

Minus does not allow for embedding other files in a .minus file such that they are displayed in the same window as the text. No URLs in the text should ever be automatically downloaded.

Display of Text in .minus Files

How the text of .minus files is displayed should be controlled by the client and its user. However, the text of the .minus file may indicate, with markings, what functions parts of the text play in the document.

For example, the text could indicate what lines of the document are headings and subheadings. This could be done by beginning the line with a # or more than one #, followed by a space. The client and its user could decide how headings should be displayed. Similarly, the ` could indicate the beginning and end of a code snippet, and the client could display these snippets differently from the rest of the text.

It is also acceptable for the client not to display marked text or markings differently from the rest of the text.

Minus Compared to Gopher, Gemini, and HTTP

Gemini is meant to be less complex and easier to implement than HTTP, but more complex than Gopher. Minus, on the other hand, is meant to be less complex and easier to implement than all of these others, including Gopher.

This simplicity is essential if the Internet is to, once again, become human-friendly.

HTTPS 1.1 and HTML5 are so complex that no single person can implement a server or a client that supports the entire HTTPS 1.1 and HTML5 standards. In fact it requires a large team of people to do so. It is, therefore, not surprising that there are very few clients or servers not based on some other client or server.

Because complexity is the enemy of security, this software is also insecure.

Perhaps the worst problem with HTTP 1.1 and HTML5 is the way, by design, that they spy on users of HTTPS 1.1 clients. In Minus, the only information communicated by the client to the server is the specifier that specifies the file to be downloaded. This is very different from HTTPS 1.1. Even worse, HTTPS 1.1 allows the server to download and store information on the client machine that is not explicitly requested by the user.

When I implemented my own Gopher server, I found that even Gopher has complexity I do not need or want. This is why I am doing this.

This document is 1117 words long. The official Gopher specification is 5395 words long. The official HTTP 1.1 specification is 61904 words long.

#internet #protocol #tcp #file-server #hypertext #http #gemini #gopher #minus #minus-protocol

Minus Protocol and EasyGPG 4.55

Work on adding Minus support to EasyGPG is finished. I will wait 24 to 48 hours before I publish EasyGPG 4.55 to be certain that it is ready.

EasyGPG's Read text from the Internet will be the only way to read the EasyGPG Minus server until I (and possibly others) can produce some Minus clients.

Minus is based on Gopher. It is Gopher without the odd type codes and Gopher menus. Gopher menus are not human-readable. A Gopher client is necessary to present these menus in a human-friendly way.

Because Minus is based on Gopher, it is possible to translate Minus URLs into Gopher URLs. While you are waiting on EasyGPG 4.55, you can use EasyGPG 4.54.7 to browse the EasyGPG Minus server.

gopher://7hinc6ucgvwbcjjoe44lhzzxyjptb3da6tzl33oe7ezl2qgwlrkfe6yd.onion:1990/9/

This just replaces minus:// with gopher:// and adds :1990/9 after the TLD of the domain. This is actually the simple way that EasyGPG 4.55 supports Minus.

Of course, you must have Tor to use .onion domains. However, using EasyGPG, it is only necessary to have the Tor Browser running, and curl installed.

In the next few days I want to start development of a very simple Minus client and server that others can use. These will be implemented as BASH scripts. The CLI client will probably not make Minus URLs links, as required by the specification, so it will not yet be a complete client implementation. It will, however, handle Tor in the same user-friendly way that EasyGPG does.

I hope to make the server and client so easy to read and understand that others will produce their own better alternatives. This applies especially to Minus clients.

#internet #protocol #tcp #file-server #hypertext #http #gemini #gopher #minus #minus-protocol #easygpg #gpg #encryption #privacy #surveillance #security #cryptography

First Release Version

Minus Protocol Specification

The Name of the Minus Protocol

The name Minus was inspired by Gopher Plus. Gopher Plus added features to Gopher; Minus subtracts features from Gopher.

Minus Transactions

Server: listens for TCP connections on port 1990
Client: opens a TCP connection to the server on port 1990
Server: accepts the TCP connection
Client: sends a file specifier that specifies the file to be downloaded
Server: sends the requested file or a UTF-8 text message explaining why the specified file was not sent
Server: closes the TCP connection

The specifier is one line of text which can contain only the characters inside the following quotation marks.

"ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789-_/."

If the specifier is / or zero-length, the specifier will default to index.minus. This is similar to index.html in HTTP.

The error message mentioned above should be UTF-8 text with \n at the end of lines, and not \r\n.

There must be no other communication between the server and client. Notice that no information about the client is sent to the server.

Avoiding Information Exfiltration

Exfiltration of information from the client is prevented by only allowing the transaction above, but indirectly exfiltrating information from the server is still possible.

This could happen if all the files served are kept in one directory, and the selector is combined with the path name of this one directory to form the path name of the file served. This is obviously insecure, yet many file servers are designed this way. Such servers have to use various strategies to mitigate the insecurity created by this design.

A better design uses an index that contains entries for each file that can be served. Each entry relates a specifier to the path name of the file it specifies. With this design, only files listed in the index can be served, and the specifier need not contain any part of the path name of the file.

Transport Security

Minus is insecure unless TLS is used or the server is run as a Tor Onion Service. Running as a Tor Onion Service is preferred because it makes everything easier. No registration of a domain name is necessary, no TLS certificate is required, and both server and client are easier to implement without TLS.

If TLS is used, the scheme in the URL should be minuss:// instead of minus://.

Minus URL Format

Here is an example of a Minus URL.

minus://vdvfh9y003nvebcctyc67mnpl1fuvfayoh2qzyo9ksyj3m1so5idkyef.onion/index.minus

(There is not a server at this domain. This is just an example.)

This has three parts: the protocol (or scheme) minus://, the host (an FQDN or an IP address) vdvfh9y003nvebcctyc67mnpl1fuvfayoh2qzyo9ksyj3m1so5idkyef.onion, and /index.minus (the specifier sent by the client to the server). See the section above for the complete list of characters allowed in a specifier.

Minus URLs must be the only thing on the line they appear in.

Minus URLs in .minus documents should be selectable links that open the specified document. In a GUI client, these should be clickable.

If TLS is used, the scheme in the URL should be minuss:// instead of minus://.

The .minus File Type

Files with the .minus filename extension should be UTF-8 text files. The server should not limit the line length of lines in these files (as in Gopher). However, the client should.

Lines in .minus files should end with \n and not \r\n.

Minus URLs must be the only thing on the line they appear in.

The client should recognize Minus URLs in the text of .minus files and make them easily selectable. Selecting them should download the specified file. If the file downloaded is a .minus file, it should be displayed. If it is a .txt, .text, or .asc file, it should also be displayed, but without necessarily making URLs in the text selectable. All other files should be downloaded and saved to mass storage. The file names of files saved to mass storage will be the part of the specifier after the last /.

Minus does not allow for embedding other files in a .minus file such that they are displayed in the same window as the text. No URLs in the text should ever be automatically downloaded.

Display of Text in .minus Files

How the text of .minus files is displayed should be controlled by the client and its user. However, the text of the .minus file may indicate, with markings, what functions parts of the text play in the document.

For example, the text could indicate what lines of the document are headings and subheadings. This could be done by beginning the line with a # or more than one #, followed by a space. The client and its user could decide how headings should be displayed. Similarly, the ` could indicate the beginning and end of a code snippet, and the client could display these snippets differently from the rest of the text.

It is also acceptable for the client not to display marked text or markings differently from the rest of the text.

Minus Compared to Gopher, Gemini, and HTTP

Gemini is meant to be less complex and easier to implement than HTTP, but more complex than Gopher. Minus, on the other hand, is meant to be less complex and easier to implement than all of these others, including Gopher.

This simplicity is essential if the Internet is to, once again, become human-friendly.

HTTPS 1.1 and HTML5 are so complex that no single person can implement a server or a client that supports the entire HTTPS 1.1 and HTML5 standards. In fact it requires a large team of people to do so. It is, therefore, not surprising that there are very few clients or servers not based on some other client or server.

Because complexity is the enemy of security, this software is also insecure.

Perhaps the worst problem with HTTP 1.1 and HTML5 is the way, by design, that they spy on users of HTTPS 1.1 clients. In Minus, the only information communicated by the client to the server is the specifier that specifies the file to be downloaded. This is very different from HTTPS 1.1. Even worse, HTTPS 1.1 allows the server to download and store information on the client machine that is not explicitly requested by the user.

When I implemented my own Gopher server, I found that even Gopher has complexity I do not need or want. This is why I am doing this.

This document is 1117 words long. The official Gopher specification is 5395 words long. The official HTTP 1.1 specification is 61904 words long.

#internet #protocol #tcp #file-server #hypertext #http #gemini #gopher #minus #minus-protocol

Fifth preliminary draft

Minus Protocol Specification

The Name of the Minus Protocol

The name Minus was inspired by Gopher Plus. Gopher Plus added features to Gopher; Minus subtracts features from Gopher.

Minus Transactions

Server: listens for TCP connections on port 1990
Client: opens a TCP connection to the server on port 1990
Server: accepts the TCP connection
Client: sends a file specifier that specifies the file to be downloaded
Server: sends the requested file or a UTF-8 text message explaining why the specified file was not sent
Server: closes the TCP connection

The specifier is one line of text which can contain only the characters inside the following quotation marks.

"ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789-_/."

If the specifier is / or zero-length, the specifier will default to index.minus. This is similar to index.html in HTTP.

The error message mentioned above should be UTF-8 text with \n at the end of lines, and not \r\n.

There must be no other communication between the server and client. Notice that no information about the client is sent to the server.

Avoiding Information Exfiltration

Exfiltration of information from the client is prevented by only allowing the transaction above, but indirectly exfiltrating information from the server is still possible.

This could happen if all the files served are kept in one directory, and the selector is combined with the path name of this one directory to form the path name of the file served. This is obviously insecure, yet many file servers are designed this way. Such servers have to use various strategies to mitigate the insecurity created by this design.

A better design uses an index that contains entries for each file that can be served. Each entry relates a specifier to the path name of the file it specifies. With this design, only files listed in the index can be served, and the specifier need not contain any part of the path name of the file.

Transport Security

Minus is insecure unless TLS is used or the server is run as a Tor Onion Service. Running as a Tor Onion Service is preferred because it makes everything easier. No registration of a domain name is necessary, no TLS certificate is required, and both server and client are easier to implement without TLS.

If TLS is used, the scheme in the URL should be minuss:// instead of minus://.

Minus URL Format

Here is an example of a Minus URL.

minus://vdvfh9y003nvebcctyc67mnpl1fuvfayoh2qzyo9ksyj3m1so5idkyef.onion/index.minus

(There is not a server at this domain. This is just an example.)

This has three parts: the protocol (or scheme) minus://, the host (an FQDN or an IP address) vdvfh9y003nvebcctyc67mnpl1fuvfayoh2qzyo9ksyj3m1so5idkyef.onion, and /index.minus (the specifier sent by the client to the server). See the section above for the complete list of characters allowed in a specifier.

Minus URLs must be the only thing on the line they appear in.

Minus URLs in .minus documents should be selectable links that open the specified document. In a GUI client, these should be clickable.

If TLS is used, the scheme in the URL should be minuss:// instead of minus://.

The .minus File Type

Files with the .minus filename extension should be UTF-8 text files. The server should not limit the line length of lines in these files (as in Gopher). However, the client should.

Lines in .minus files should end with \n and not \r\n.

Minus URLs must be the only thing on the line they appear in.

The client should recognize URLs in the text of .minus files and make them easily selectable. Selecting them should download the specified file. If the file downloaded is a .minus file, it should be displayed. If it is a .txt, .text, or .asc file, it should also be displayed, but without necessarily making URLs in the text selectable. All other files should be downloaded and saved to mass storage. The file names of files saved to mass storage will be the part of the specifier after the last /.

Minus does not allow for embedding other files in a .minus file such that they are displayed in the same window as the text. No URLs in the text should ever be automatically downloaded.

Display of Text in .minus Files

How the text of .minus files is displayed should be controlled by the client and its user. However, the text of the .minus file may indicate, with markings, what functions parts of the text play in the document.

For example, the text could indicate what lines of the document are headings and subheadings. This could be done by beginning the line with a # or more than one #, followed by a space. The client and its user could decide how headings should be displayed. Similarly, the ` could indicate the beginning and end of a code snippet, and the client could display these snippets differently from the rest of the text.

It is also acceptable for the client not to display marked text or markings differently from the rest of the text.

Minus Compared to Gopher, Gemini, and HTTP

Gemini is meant to be less complex and easier to implement than HTTP, but more complex than Gopher. Minus, on the other hand, is meant to be less complex and easier to implement than all of these others, including Gopher.

This simplicity is essential if the Internet is to, once again, become human-friendly.

HTTPS 1.1 and HTML5 are so complex that no single person can implement a server or a client that supports the entire HTTPS 1.1 and HTML5 standards. In fact it requires a large team of people to do so. It is, therefore, not surprising that there are very few clients or servers not based on some other client or server.

Because complexity is the enemy of security, this software is also insecure.

Perhaps the worst problem with HTTP 1.1 and HTML5 is the way, by design, that they spy on users of HTTPS 1.1 clients. In Minus, the only information communicated by the client to the server is the specifier that specifies the file to be downloaded. This is very different from HTTPS 1.1. Even worse, HTTPS 1.1 allows the server to download and store information on the client machine that is not explicitly requested by the user.

When I implemented my own Gopher server, I found that even Gopher has complexity I do not need or want. This is why I am doing this.

This document is 1116 words long. The official Gopher specification is 5395 words long. The official HTTP 1.1 specification is 61904 words long.

#internet #protocol #tcp #file-server #hypertext #http #gemini #gopher #minus #minus-protocol

Third preliminary draft

Minus Protocol Specification

The Name of the Minus Protocol

The name Minus was inspired by Gopher Plus. Gopher Plus added features to Gopher; Minus subtracts features from Gopher.

Minus Transactions

Server: listens for TCP connections on port 1990
Client: opens a TCP connection to the server on port 1990
Server: accepts the TCP connection
Client: sends a file specifier that specifies the file to be downloaded
Server: sends the requested file or a UTF-8 text message explaining why the specified file was not sent
Server: closes the TCP connection

The specifier is one line of text which can contain only the characters inside the following quotation marks.

"ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz 0123456789-_/."

If the specifier is / or zero-length, the specifier will default to index.minus. This is similar to index.html in HTTP.

The error message mentioned above should be UTF-8 text with \n at the end of lines, and not \r\n.

There must be no other communication between the server and client. Notice that no information about the client is sent to the server.

Security

Minus is insecure unless TLS is used or the server is run as a Tor Onion Service. Running as a Tor Onion Service is preferred because it makes everything easier. No registration of a domain name is necessary, no TLS certificate is required, and both server and client are easier to implement without TLS.

If TLS is used, the scheme in the URL should be minuss:// instead of minus://.

Minus URL Format

Here is an example of a Minus URL.

minus://vdvfh9y003nvebcctyc67mnpl1fuvfayoh2qzyo9ksyj3m1so5idkyef.onion/index.minus

(There is not a server at this domain. This is just an example.)

This has three parts: the protocol (or scheme) minus://, the host (an FQDN or an IP address) vdvfh9y003nvebcctyc67mnpl1fuvfayoh2qzyo9ksyj3m1so5idkyef.onion, and /index.minus (the specifier sent by the client to the server). See the section above for the complete list of characters allowed in a specifier.

Minus URLs in .minus documents should be selectable links that open the specified document. In a GUI client, these should be clickable.

If TLS is used, the scheme in the URL should be minuss:// instead of minus://.

Names of Files

The client must use the specifier that specified the file as its name, even though the file may be saved on the server with a different name. The client will not know what directories and files are on the server, nor how directories there are structured.

The .minus File Type

Files with the .minus filename extension should be UTF-8 text files. The server should not limit the line length of lines in these files (as in Gopher). However, the client should.

Lines in .minus files should end with \n and not \r\n.

The client should recognize URLs in the text of .minus files and make them easily selectable. Selecting them should download the specified file. If the file downloaded is a .minus file, it should be displayed. If it is a .txt, .text, or .asc file, it should also be displayed, but without necessarily making URLs in the text selectable. All other files should be downloaded and saved to mass storage, unless the client is also a browser for other file types (for example, .html).

Minus does not allow for embedding other files in a .minus file such that they are displayed in the same window as the text. No URLs in the text should ever be automatically downloaded.

Display of Text in .minus Files

How the text of .minus files is displayed should be controlled by the client and its user. However, the text of the .minus file may indicate, with markings, what functions parts of the text play in the document.

For example, the text could indicate what lines of the document are headings and subheadings. This could be done by beginning the line with a # or more than one #, followed by a space. The client and its user could decide how headings should be displayed. Similarly, the ` could indicate the beginning and end of a code snippet, and the client could display these snippets differently from the rest of the text.

It is also acceptable for the client not to display marked text or markings differently from the rest of the text.

Minus Compared to Gopher, Gemini, and HTTP

Gemini is meant to be less complex and easier to implement than HTTP, but more complex than Gopher. Minus, on the other hand, is meant to be less complex and easier to implement than all of these others, including Gopher.

This simplicity is essential if the Internet is to, once again, become human-friendly.

HTTPS 1.1 and HTML5 are so complex that no single person can implement a server or a client that supports the entire HTTPS 1.1 and HTML5 standards. In fact it requires a large team of people to do so. It is, therefore, not surprising that there very few clients or servers not based on some other client or server.

Because complexity is the enemy of security, this software is also insecure.

Perhaps the worst problem with HTTP 1.1 and HTML5 is the way, by design, that they spy on users of HTTPS 1.1 clients. In Minus, the only information communicated by the client to the server is the specifier that specifies the file to be downloaded. This is very different from HTTPS 1.1. Even worse, HTTPS 1.1 allows the server to download and store information on the client machine that is not explicitly requested by the user.

When I implemented my own Gopher server, I found that even Gopher has complexity I do not need or want. This is why I am doing this.

This document is 988 words long. The official Gopher specification is 5395 words long. The official HTTP 1.1 specification is 61904 words long.

#internet #protocol #tcp #file-server #hypertext #http #gemini #gopher #minus #minus-protocol

Internet robuster als gedacht

Vorteile eines paketvermittelnden Netzes

Viele hatten gedacht, dass ein Krieg mit der Ausschaltung der Kommunikationsinfrastruktur des Gegeners beginnt und umso erstaunter sieht man nach einem Monat noch immer ein funktionierendes Internet in der Ukraine, sowohl über Kabel als auch mobil.

Von dem Hackerangriff auf den KA-Sat Satelliten der US-amerikanischen Firma Viasat am 24.2. hatten wir berichtet. Auch sind verschiedene Antennenanlagen zerstört worden und mehrfach auch Gebäude in denen Router verschiedene Stränge des Internets verbinden.

Zum einen sind weiterhin Techniker der verschiedenen ukrainischen Internet Anbieter unterwegs und reparieren Ausfälle notdürftig. Viel entscheidender ist jedoch die vor etwa 50 Jahren vom US Militär, zuerst ab 1968 unter dem Namen ARPA-Net, entwickelte Struktur des Internets. Das zugrundeliegende Netzwerk-Protokoll TCP/IP (Transport Control Protocol) baut auf ein vermaschtes Netz, in dem es im Netz viele Wege zu einem Knoten gibt und die Datenpakete nur ihren Weg dorthin finden müssen.

Sascha Lobo kennzeichnet in seiner Kolumne im Spiegel das Netz so: Die TCP-Entwickler gehen davon aus, dass das Netzwerk selbst dabei eher »dumm« sein sollte und dafür die Endgeräte intelligent. Das verschiebt die Kontrolle über das Netzgeschehen drastisch in Richtung der Endanwender und erlaubt sogar, vergleichsweise einfach ganz unterschiedliche Teilnetze miteinander zu verbinden.

Im Gegensatz zu einem solchen Netzaufbau stand in den 80-iger Jahren die Ansicht der in der ITU (International Telecommunication Union) verbundenen Telekomunikationsunternehmen fast aller Staaten, dass

• das Netz diesen Unternehmen gehört,
• sie jeweils ein Leitung zwischen zwei Kunden schalten und diese darüber verbinden und abrechnen.

Das von der ITU favorisierte Protokoll hieß X.25 und kann im Gegensatz zum TCP/IP als hochkomplex - aber trotzdem nicht intelligent - bezeichnet werden. Der Autor dieses Artikel erinnert sich noch gut an die Anschaffung eines X.25 Vorrechners für einen IBM Computer (3,5m*1,5m*0,75m) Mitte der 80-iger Jahre zum Preis von über 100.000DM - nur um diesen ins "Netz" zu bekommen. Nur 10 Jahre später reichte eine TCP/IP-LAN Steckkarte für ungefähr 100DM - Preis inzwischen um 10€.

Das Internetprotokoll TCP/P hat sich gegen den erbitterten Widerstand der Telekomunikationsunternehmen durchgesetzt und ihrer Macht ein Ende gesetzt. Sie bestimmten vorher, welche Geräte überhaupt mit dem Netz verbunden werden durften und waren die alleinigen Anbieter von Telekomunikationsdienstleistungen. Damit war es dann Mitte der 90-iger Jahre zu Ende. Auf die scheinbare "Demokratisierung" des Netzes folgte dann der Aufstieg und die Konzentration der Inhalts-Anbieter in den Händen von US Konzernen.

Zurück in die Ukraine: Das vielseitig vermaschte Netz diverser (privater) Internetanbieter ist bis auf wenige Stunden nach der Zerstörung einzelner Knoten weiter nutzbar. Die Datenpakete finden weiterhin irgendeinen Weg zu ihrem jeweiligen Ziel - der Vorteil von Paketvermittlung gegenüber Leitungsvermittlung ist offensichtlich - auch warum die Entwicklung für das US Militär so wichtig war.

Der Nachteil für die Nutzer eines paketvermittelnden Netzes soll natürlich nicht verschwiegen werden: In der Leitungsvermittlung muss der Lauscher die Leitung anzapfen, um eine Kommunikation zu belauschen - bei der Paketvermittlung sind die Datenpakete in den beteiligten Subnetzen und an allen Knotenpunkten, die sie passieren mitzulesen.

Diesen Nachteil für die Nutzer kann jetzt der ukrainischen Geheimdienst zu seinem Vorteil nutzen, der immer wieder militärische Kommunikation der russischen Streitkräfte abfangen kann, weil diese offenbar über ukrainische Infrastrukturen abgewickelt wird.

Mehr dazu bei https://www.spiegel.de/netzwelt/netzpolitik/ukraine-krieg-warum-das-ukrainische-internet-noch-immer-laeuft-kolumne-a-de27cbdd-8431-4471-8d98-720d38190263
Link zu dieser Seite: https://www.aktion-freiheitstattangst.org/de/articles/7977-20220405-internet-robuster-als-gedacht.htm
Link im Tor-Netzwerk: http://a6pdp5vmmw4zm5tifrc3qo2pyz7mvnk4zzimpesnckvzinubzmioddad.onion/de/articles/7977-20220405-internet-robuster-als-gedacht.htm
Tags: #Internet #TCP #X.25 #Geheimdienste #Hacking #Cyberwar #Rusland #Ukraine #Ausfallsicherheit #Leitungsvermittlung #Paketvermittlung #USA #Militär #Aufrüstung #Frieden #Krieg

#Linux #TCP

DDoSers are using a potent new method to deliver attacks of unthinkable size

Basically, "middleboxes" used for censorship are being used for DDoSing.

https://arstechnica.com/information-technology/2022/03/unending-data-floods-and-complete-resource-exhaustion-ddoses-get-meaner/

These servers—known as middleboxes—are deployed by nation-states such as China to censor restricted content and by large organizations to block sites pushing porn, gambling, and pirated downloads. The servers fail to follow transmission control protocol specifications that require a three-way handshake—comprising an SYN packet sent by the client, an SYN+ACK response from the server, followed by a confirmation ACK packet from the client—before a connection is established.

#internet #ddos #middlebox #censorship #site-blocking #tcp #networks #sites #websites

Des chercheurs en sécurité ont découvert CronRAT, un nouveau cheval de Troie d'accès à distance (RAT) furtif conçu pour attaquer les systèmes Linux
Se cachant sous la forme d'une tâche planifiée

Des chercheurs en sécurité ont découvert un nouveau #chevaldeTroie d'accès à distance (RAT) furtif, conçu pour attaquer les systèmes Linux. Baptisé CronRAT, ce malware cible actuellement les boutiques en ligne et permet aux attaquants de voler des données de cartes de crédit en déployant des #skimmers de paiement en ligne sur les serveurs Linux.

Les chercheurs de Sansec avertissent que CronRAT "permet le vol de données Magecart côté serveur en contournant les solutions de sécurité basées sur le navigateur". C'est un phénomène particulièrement préoccupant.

CronRAT est décrit comme "une menace sophistiquée, dotée de techniques furtives inédites", et Sansec affirme que son mode de fonctionnement signifie qu'elle ne sera pas reconnue par les autres sociétés de sécurité avant un certain temps.

L'entreprise explique : "Sansec a découvert que CronRAT était présent sur plusieurs magasins en ligne, dont le plus grand magasin du pays. En raison de son exécution inédite, nous avons dû réécrire une partie de notre algorithme eComscan afin de le détecter. CronRAT n'est actuellement pas détecté par les autres fournisseurs de sécurité".

La société de #sécurité poursuit :

"La principale prouesse de CronRAT est de se cacher dans le sous-système calendrier des serveurs Linux ("cron") un jour inexistant. De cette façon, il n'attire pas l'attention des administrateurs de #serveurs. Et de nombreux produits de sécurité n'analysent pas le système cron de Linux.
CronRAT facilite le contrôle persistant d'un serveur de #commerceélectronique. Sansec a étudié plusieurs cas où la présence de CronRAT a conduit à l'injection de skimmers de paiement (alias Magecart) dans le code côté serveur."

Le CronRAT ajoute un certain nombre de tâches à la crontab avec une curieuse spécification de date : 52 23 31 2 3. Ces lignes sont syntaxiquement valides, mais génèrent une erreur d'exécution lorsqu'elles sont exécutées. Cependant, cela ne se produira jamais car elles sont programmées pour être exécutées le 31 février. Au lieu de cela, le véritable code du malware est caché dans les noms des tâches et est construit en utilisant plusieurs couches de compression et de décodage base64.

La véritable charge utile de CronRAT est un "programme #Bash sophistiqué qui se caractérise par l'autodestruction, la modulation du temps et un protocole binaire personnalisé pour communiquer avec un serveur de contrôle étranger".

De plus, la connexion se fait sur #TCP via le port 443 en utilisant une fausse bannière pour le service SSH #Dropbear, ce qui permet également au malware de rester sous le radar.

Après avoir contacté le #serveur C2, le déguisement tombe, envoie et reçoit plusieurs commandes, et obtient une bibliothèque dynamique malveillante. À la fin de ces échanges, les attaquants derrière CronRAT peuvent exécuter n'importe quelle #commande sur le #système compromis.

#CronRAT a été trouvé sur plusieurs magasins à travers le monde, où il a été utilisé pour injecter sur le serveur des scripts qui volent les données des #cartesdePaiement - les attaques dites #Magecart.

#Sansec décrit le nouveau #malware comme "une menace sérieuse pour les serveurs de commerce électronique #Linux", en raison de ses capacités :

• Exécution sans fichier
• Modulation du temps
• Sommes de contrôle anti-tampering
• Contrôle via un protocole binaire et obscurci
• Lancement d'un #RAT en tandem dans un sous-système Linux distinct.
• Serveur de contrôle déguisé en service "Dropbear #SSH". -Charge utile cachée dans les noms de tâches programmées #CRON légitimes.

Toutes ces caractéristiques rendent CronRAT pratiquement indétectable. Sur le service d'analyse #VirusTotal, 12 moteurs #antivirus ont été incapables de traiter le fichier malveillant et 58 d'entre eux ne l'ont pas détecté comme une menace.

Source : Sansec

#virus #troyen #cybersécurité #piratage #hacking