On Wed 13-May-2020 21:37 , Nightfox@1:275/201.0 wrote:

https://bit.ly/2LqN7gD

Full URL:

https://www.bleepingcomputer.com/news/microsoft/rip-microsoft-to-drop-sup port-f or-windows-10-on-32-bit-systems/

For BBS sysops running (or wanting to run) on a 32-bit Windows 10 for DOS door support, it sounds like we might have to stick with an older build of Windows 10 for the 32-bit support.

Nightfox

Thanks for posting that information.
--- CNet/5
* Origin: 1:275/201.0 (1:275/201.30)
■ Synchronet ■ sbbs.dynu.net 2025

Re: Re: Microsoft ending 32-bit support in Windo
By: Terminator to Nightfox on Sat Mar 13 2021 12:17 am

On Wed 13-May-2020 21:37 , Nightfox@1:275/201.0 wrote:

^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^

phil, you're replying to stuff from may 2020
---
■ Synchronet ■ ::: BBSES.info - free BBS services :::

phil, you're replying to stuff from may 2020

it's all good i wouldn't have seen it otherwise :) end of an era..

i think Microsoft's next step is removing Win32 support in favor of their API that goes along with the app store.. with support added back later as an emulation layer a bit like how the DOS support was before.

not sure i'm fond of that really. but there's a whole generation of kids who don't know how to use windows and get assigned a chromebook.. maybe they
think they can be bolder than in the past regarding backwarde compatibility.

--- Mystic BBS v1.12 A46 2020/08/26 (Windows/32)
* Origin: cold fusion - cfbbs.net - grand rapids, mi

it's all good i wouldn't have seen it otherwise :) end of an era..

has to end at some point.. unfortunately.

i think Microsoft's next step is removing Win32 support in favor of their API that goes along with the app store.. with support added back later as an emulation layer a bit like how the DOS support was before.

I don't see value in having a current version of windows even support 32 bit software let alone release an entirely 32bit version. I understand the use in this case with dos door games and such. But why run a current OS when you don't need to. In most cases running an older OS and only exposing what is required for your BBS to the internet. Anyone that takes any windows box and doesn't put it behind a decent firewall is asking for trouble.. new windows or old.

Re: Re: Microsoft ending 32-bit support in Windo
By: Deepend to fusion on Sat Mar 13 2021 11:46 pm

I don't see value in having a current version of windows even support 32 bit software let alone release an entirely 32bit version. I understand the use in this case with dos door games and such. But why run a current OS when you don't need to. In most cases running an older OS and only exposing what is required for your BBS to the internet. Anyone that takes any windows box and doesn't put it behind a decent firewall is asking for trouble.. new windows or old.

I've read somewhere that 32-bit software tends to use less memory because data structures it uses (such as memory addresses, for instance) are 32 bits rather than 64 bits - so right there it's using half the memory space for things like memory addresses. And I suppose there's the potential for 32-bit software to run faster because it's dealing with only half the number of bits for things like that.

It seems there's still a lot of 32-bit software out there. Developers also might not want to build & test separate 32-bit and 64-bit versions of their software for now.

I do like backwards compatibility. And I'd think Windows would support 32-bit software as long as the hardware (Intel-compatible processors) support 32-bit software. With the hardware support, I don't think there's any loss in performance.

Nightfox

---
■ Synchronet ■ Digital Distortion: digitaldistortionbbs.com

Re: Re: Microsoft ending 32-bit support in Windo
By: Deepend to fusion on Sat Mar 13 2021 11:46 pm

I don't see value in having a current version of windows even support 32 bit software let alone release an entirely 32bit version. I understand the use in this case with dos door games and such. But why run a current OS when you don't need to. In most cases running an older OS and only exposing what is required for your BBS to the internet. Anyone that takes any windows box and doesn't put it behind a decent firewall is asking for trouble.. new windows or old.

they might need 32bit windows for a specific requirement. maybe businesses.
i worked at many companies that had old hardware that they could not replace.

they had custom interfaces for programming devices and interacting with machinery. cant just drop a new computer in there and have it take over.
---
■ Synchronet ■ ::: BBSES.info - free BBS services :::

I don't see value in having a current version of windows even support 32 bit software let alone release an entirely 32bit version. I understand

sorry, Win32 is one of the generic names for the Windows API.. what I was meaning to imply there is Microsoft's intent to remove support for Windows software as you and I know it entirely.. to add back some limited
support later. it's a concept they tried with Windows 10 S and it sounds like they might double down on it for their consumer OSes in the future.

imagine paying a premium for a next generation Win 11 Pro version just for
the right to use the software you have now. i doubt you consider what you use right now "legacy."

Anyone that takes any windows box and doesn't put it behind a decent firewall is asking for trouble.. new windows or old.

this is only useful if your firewall sufficiently blocks OUTGOING connections. any modern router acts sufficiently as an incoming connection "firewall"
simply by not NAT-ing connections to any of the machines past it..

as an example:
do you have firewall rules in place to limit outgoing connections to perhaps only: 80, 443, 22, 23 (or perhaps others for imap, etc)? if not the firewall
is ineffective at preventing your machine from joining a bot net.

--- Mystic BBS v1.12 A46 2020/08/26 (Windows/32)
* Origin: cold fusion - cfbbs.net - grand rapids, mi

Re: Re: Microsoft ending 32-bit support in Windo
By: fusion to Deepend on Sun Mar 14 2021 06:16 pm

Anyone that takes any windows box and doesn't put it behind a decent firewall is asking for trouble.. new windows or old.

this is only useful if your firewall sufficiently blocks OUTGOING connection any modern router acts sufficiently as an incoming connection "firewall" simply by not NAT-ing connections to any of the machines past it..

as an example:
do you have firewall rules in place to limit outgoing connections to perhaps only: 80, 443, 22, 23 (or perhaps others for imap, etc)? if not the firewall is ineffective at preventing your machine from joining a bot net.

Consumer-grade firewalls usually have some sort of automated port forwarding setup (unpn, for example). This matters less nowadays with CG-NAT being deployed in so many places, but a rogue computer in a home LAN can actually open ports for incomming connections. This is serious crazy shit in my book.

Also, limiting outgoing traffic to standard ports does not really work because there are all sorts of tunneling and badstuff you can do with just a single outgoing port allowed . I can host a command server for a botnet on port 80 or 443 and none would be the wiser. If you are serious about filtering outgoing connections you need to force them through proxies, application level firewalls , deep package inspectors or whatever have you.

The proof is in the pudding. Limiting p2p traffic in a LAN network sucks big time because your little brother's torrent client is going to fall back to encrypted streams delivered over port 80 or 443 and there is no way to filter those connections down without some heavy filters. Now imagine if we were talking about a sophisticate botnet.

That said, I used to filter Microsoft machines which were trying to call home and it was great fun when my father's Skype would fail to load advertisements.


--
gopher://gopher.richardfalken.com/1/richardfalken

---
■ Synchronet ■ Palantir BBS * palantirbbs.ddns.net * Pensacola, FL

Deepend wrote to fusion <=-

32 bit software let alone release an entirely 32bit version. I
understand the use in this case with dos door games and such. But why
run a current OS when you don't need to. In most cases running an
older OS and only exposing what is required for your BBS to the
internet.

Tiny XP/Tiny 7 work well, they're gutted versions of Windows OSes. Some question the legality of them, but I figure as long as you apply a proper Windows serial no one's going to complain.

TinyXP can be installed without any internet apps, not even IE. I'd install the BBS on it and only the BBS. As a side benefit, it'd idle in 200K of RAM.

Anyone that takes any windows box and doesn't put it behind
a decent firewall is asking for trouble.. new windows or old.

Agreed. While I was setting up the office network I connected to one of the external IPs with my corporate Windows laptop (with all of the security
bells and whistles) and somehow got infected to the point that Carbon Black, our security management platform, quarantined my system when I got the
network up. I had to re-image it.


... Change ambiguities to specifics
--- MultiMail/DOS v0.52
■ Synchronet ■ realitycheckBBS -- http://realitycheckBBS.org

Nightfox wrote to Deepend <=-

It seems there's still a lot of 32-bit software out there. Developers also might not want to build & test separate 32-bit and 64-bit versions
of their software for now.

It used to be that my c:\program files\ directory had roughly 2/3s the
number of folders compared to c:\program files(x86)\.

Now, that ratio is reversed.


... Change ambiguities to specifics
--- MultiMail/DOS v0.52
■ Synchronet ■ realitycheckBBS -- http://realitycheckBBS.org

fusion wrote to Deepend <=-

do you have firewall rules in place to limit outgoing connections to perhaps only: 80, 443, 22, 23 (or perhaps others for imap, etc)? if not the firewall is ineffective at preventing your machine from joining a
bot net.

Which reminds me - I've had a little system sitting around doing nothing
that I've been looking to find a use for - it's an Intel Atom (only 32-bit),
2 NICs, 2 GB of RAM.

It might make a nice pfSense box. We just took our pfSense firewall out of service at work, replaced it with a Fortinet firewall, and I'm missing
playing with pfSense.


... Change ambiguities to specifics
--- MultiMail/DOS v0.52
■ Synchronet ■ realitycheckBBS -- http://realitycheckBBS.org

Arelor wrote to fusion <=-

Consumer-grade firewalls usually have some sort of automated port forwarding setup (unpn, for example). This matters less nowadays with CG-NAT being deployed in so many places, but a rogue computer in a home LAN can actually open ports for incomming connections. This is serious crazy shit in my book.

Agreed, UPnP should be turned off by default, and left off.

Also, limiting outgoing traffic to standard ports does not really work because there are all sorts of tunneling and badstuff you can do with
just a single outgoing port allowed . I can host a command server for a botnet on port 80 or 443 and none would be the wiser. If you are
serious about filtering outgoing connections you need to force them through proxies, application level firewalls , deep package inspectors
or whatever have you.

I need to look into DD-WRT's Stateful Packet filter and find out exactly
what it's doing.

For home, another option might be to run one of the DNSaaS providers like OpenDNS/Cisco Umbrella, I think they might do some malicious DNS blocking as well as parental controls, file sharing, social network and so on.

That said, I used to filter Microsoft machines which were trying to
call home and it was great fun when my father's Skype would fail to
load advertisements.

Yeah, my cell phone provider's voicemail app started playing blinky ads. I fixed that by using adguard's DNS servers.


... Change ambiguities to specifics
--- MultiMail/DOS v0.52
■ Synchronet ■ realitycheckBBS -- http://realitycheckBBS.org

On 3/15/2021 6:41 AM, poindexter FORTRAN wrote:

Agreed. While I was setting up the office network I connected to one
of the external IPs with my corporate Windows laptop (with all of the security bells and whistles) and somehow got infected to the point that Carbon Black, our security management platform, quarantined my system
when I got the network up. I had to re-image it.

In fairness, Carbon Black sucks in so many ways. But agreed, wouldn't
do windows without the firewall setup properly.

ufw is the first thing I do to an online linux system even, right after
moving SSH to a non-standard port.
--
Michael J. Ryan - tracker1@roughneckbbs.com
---
þ Synchronet þ Roughneck BBS - roughneckbbs.com

On 3/15/2021 7:04 AM, poindexter FORTRAN wrote:

For home, another option might be to run one of the DNSaaS providers like OpenDNS/Cisco Umbrella, I think they might do some malicious DNS blocking as well as parental controls, file sharing, social network and so on.

PiHole on a Raspberry Pi is yet another option... Plan is to configure
my router to reroute outbound port 53 (from anything but the pihole) to
the pihole box... this way even apps/services that try to circumvent the
device will still go through it for dns resolution.

Partly because fuck smart TVs, partly because I'd prefer my mobile
devices more ad-free... Also going to setup wireguard on there.
--
Michael J. Ryan - tracker1@roughneckbbs.com
---
þ Synchronet þ Roughneck BBS - roughneckbbs.com

Re: Re: Microsoft ending 32-bit support in Windo
By: poindexter FORTRAN to Arelor on Mon Mar 15 2021 07:04 am

For home, another option might be to run one of the DNSaaS providers like OpenDNS/Cisco Umbrella, I think they might do som
malicious DNS blocking as well as parental controls, file sharing, social network and so on.

I have an article about setting such service yourself:

http://www.operationalsecurity.es/categoty/computer_magazines.html

Hit on "Rub‚n's Articles at Linux Magazine" and look for "Local DNS with Unbound"

Beware that the really hardcore evil traffic does not use DNS at all. They use fixed IP addresses.

--
gopher://gopher.richardfalken.com/1/richardfalken

---
þ Synchronet þ Palantir BBS * palantirbbs.ddns.net * Pensacola, FL

Re: Re: Microsoft ending 32-bit support in Windo
By: Arelor to poindexter FORTRAN on Tue Mar 16 2021 03:42 am

http://www.operationalsecurity.es/categoty/computer_magazines.html

Link is wrong

http://www.operationalsecurity.es/category/computer_magazines.html

--
gopher://gopher.richardfalken.com/1/richardfalken

---
■ Synchronet ■ Palantir BBS * palantirbbs.ddns.net * Pensacola, FL

It might make a nice pfSense box. We just took our pfSense firewall out
of service at work, replaced it with a Fortinet firewall, and I'm
missing playing with pfSense.

yeah, my old work had a Firebox setup.. worked well enough.. but not really "cool".. not that that matters. just not as enjoyable ;)

--- Mystic BBS v1.12 A46 2020/08/26 (Windows/32)
* Origin: cold fusion - cfbbs.net - grand rapids, mi

Tracker1 wrote to poindexter FORTRAN <=-

ufw is the first thing I do to an online linux system even, right after moving SSH to a non-standard port.

We have all of our ssh ports at work behind VPNs; I'm assuming
responsibility for a recent acquisitions assets. Had to debug an SSH issue recently and when I tailed /var/log/secure, it had failed root access
attempts every couple of seconds.


... If it isn't broken, I can fix it.
--- MultiMail/DOS v0.52
■ Synchronet ■ realitycheckBBS -- http://realitycheckBBS.org

Tracker1 wrote to poindexter FORTRAN <=-

PiHole on a Raspberry Pi is yet another option... Plan is to configure
my router to reroute outbound port 53 (from anything but the pihole) to the pihole box... this way even apps/services that try to circumvent
the device will still go through it for dns resolution.

I have pihole running on a VM at home, and that combined with OpenDNS and
DNS redirection happening on my DD-WRT router, makes for a pretty nice home network setup.


... If it isn't broken, I can fix it.
--- MultiMail/DOS v0.52
■ Synchronet ■ realitycheckBBS -- http://realitycheckBBS.org

On 3/17/2021 5:59 AM, poindexter FORTRAN wrote:

ufw is the first thing I do to an online linux system even, right after
moving SSH to a non-standard port.

We have all of our ssh ports at work behind VPNs; I'm assuming
responsibility for a recent acquisitions assets. Had to debug an SSH issue recently and when I tailed /var/log/secure, it had failed root access attempts every couple of seconds.

I only have 4 personal VPSes operational right now. Yeah, it could be
an issue. I do backups to my local network/nas and that's enough for
me, for the most part, as well as the backups digital ocean does daily.
I'm setup for public/private key auth only, no password auth.

I could setup WireGuard on my reverse-proxy server for SSH/System access though. May well do that before long. It would make my backup system a
bit more of a pain. I'm a strong believer in backup systems pulling
backups from remote, instead of pushing out backups from inside.
--
Michael J. Ryan - tracker1@roughneckbbs.com
---
þ Synchronet þ Roughneck BBS - roughneckbbs.com

On 3/17/2021 6:01 AM, poindexter FORTRAN wrote:

PiHole on a Raspberry Pi is yet another option... Plan is to configure
my router to reroute outbound port 53 (from anything but the pihole) to
the pihole box... this way even apps/services that try to circumvent
the device will still go through it for dns resolution.

I have pihole running on a VM at home, and that combined with OpenDNS and
DNS redirection happening on my DD-WRT router, makes for a pretty nice home network setup.

Running a Ubiquiti router and ap. Have another ap in the box when I can afford to get the house wired with cat6e. Also plan to get WireGuard
setup as well.
--
Michael J. Ryan - tracker1@roughneckbbs.com
---
þ Synchronet þ Roughneck BBS - roughneckbbs.com