Search This Blog

Friday, November 17, 2017

Hello Again, Neko the Desktop Mouse-Chasing Cat!

Supratim Sanyal's Blog: Neko Desktop Mouse-Chasing Cat
I too first met Neko as a young teenager playing with Windows 3.1. Neko would always come running to the mouse pointer and park himself above it. He would scratch and clean himself a little bit, and then, if the mouse pointer was not moving, yawn and take a nap.

Over the next few years, I kept bumping into Neko across subsequent Windows flavors - Windows 95, Windows 98, Windows ME and Windows XP, and IBM OS/2 Warp. We had eventually parted ways somewhere around the tail-end of the last millennium. Neko had remained with me as a sweet memory.

That is, until I discovered this awesome post by neozeed. The author of the post has done all the hard work in finding Neko, including making Neko source-code available to the public and bringing him back on 64-bit Windows 10.

I downloaded the zip archive containing the source code and compiled it using Visual C++ 6.0 on a Windows XP 32-bit appliance. There were no compilation errors for the Neko executable and just two ignorable compilation warnings for the Neko configuration utility "NekoCFG".

Say hello again Neko! I missed you.

Here is my Neko build directory download.

Monday, November 13, 2017

beef dead beef dead beef dead beef dead (Cookies/index.dat)

So I installed busybox on a legacy Windows XP Pro system, and while playing around with it, took a hexdump of Cookies/index.dat, and got the following line at the end of the hex dump.

beef dead beef dead beef dead beef dead

I do not know why or what it means.

~ $ uname -a

Windows_NT wexpee 5.1 2600 i686 MS/Windows
~ $ hexdump Cookies/index.dat
0000000 6c43 6569 746e 5520 6c72 6143 6863 2065
0000010 4d4d 2046 6556 2072 2e35 0032 8000 0000
0000020 4000 0000 0080 0000 0020 0000 0000 0000
0000030 0000 0080 0000 0000 0000 0000 0000 0000
0000040 0000 0000 0000 0000 0000 0000 0000 0000
0000250 ffff ffff 0000 0000 0000 0000 0000 0000
0000260 0000 0000 0000 0000 0000 0000 0000 0000
0004000 4148 4853 0020 0000 0000 0000 0000 0000
0004010 0003 0000 0003 0000 0003 0000 0003 0000
0004240 0001 0000 5100 0000 0003 0000 0003 0000
0004250 0003 0000 0003 0000 0003 0000 0003 0000
0004390 0001 0000 5200 0000 0003 0000 0003 0000
00043a0 0003 0000 0003 0000 0003 0000 0003 0000
0004630 0001 0000 5000 0000 0003 0000 0003 0000
0004640 0003 0000 0003 0000 0003 0000 0003 0000
0004660 0003 0000 0003 0000 0001 0000 5000 0000
0004670 0003 0000 0003 0000 0003 0000 0003 0000
0004ac0 0003 0000 0003 0000 0001 0000 5000 0000
0004ad0 0003 0000 0003 0000 0003 0000 0003 0000
0004c80 0003 0000 0003 0000 0001 0000 5100 0000
0004c90 0003 0000 0003 0000 0003 0000 0003 0000
0004d30 0001 0000 5000 0000 0003 0000 0003 0000
0004d40 0003 0000 0003 0000 0003 0000 0003 0000
0004dd0 0003 0000 0003 0000 0001 0000 5000 0000
0004de0 0003 0000 0003 0000 0003 0000 0003 0000
0004e10 beef dead beef dead beef dead beef dead
0005000 0000 0000 0000 0000 0000 0000 0000 0000

Saturday, October 28, 2017

The Best Windows NTFS File System Defragmentation Tool for Platter Drives

Supratim Sanyal's Blog - Power Defrag - Top Windows Defragment Tool
I have reached the end of the internet and found the ultimate defragmenter for NTFS file systems on Windows.

Well - sort of. I still use platter drives while I still watch SSD with keen interest, I do not have full faith on SSD drives yet. In the last couple of months, I have seen SSD drives swapped out for good old high-speed platter disk drives (specifically, the fabulous 15K / 15000 RPM 6 GBPS Hard Drives) since the SSDs wouldn't last for more than a couple of weeks on systems needing humongous numbers of read-write cycles. However, for the general user, I do think SSD has come along and we are at a stage where their "functional life outlasts their useful life".

One of the joys of MS-DOS and Windows computer hard disk drives has always been to run defragment tools and watch the little boxes line up, imagining super-fast DISK I/O as soon as the hours-long processes complete. All of us have spent significant portions of our lives defragmenting hard disks - Norton Utilities Speed Disk, PC Tools, the defragmenters included with DOS and Windows from Microsoft, the continuing search for the best ... we have fond memories.

I believe that search has ended now, a quarter century from running a defragmenter the first time.

Curiously, it is not yet another defragmentation tool by itself; it just provides a nice GUI to run two Microsoft tools back to back - the venerable Windows Sysinternals Contig that used to be my #1 defragmenter, followed by the ubiquitous defragmenter included with Windows. The tool actually does not claim to be a defragmentation utility by itself. The name "Power Defragmenter GUI" is very clear in conveying this is a GUI front-end to powerful underlying tools.

I have tested it on two Windows XP Pro systems called WEXPEE and WXPEE2 that speak DECnet and are part of the global HECnet hobbyist DECnet network.

As a preparatory step, I highly recommend cleaning out junk from your disk drive before defragmenting it. Useless accumulated files on your drive should be removed and will also make for quicker defragmentation. I use three tools to clean junk from my drives:

  1. The Windows "Disk Cleanup" tool (part of Windows)
  2. System Ninja
  3. CCleaner

To install Power Defragmenter GUI,

Supratim Sanyal's Blog: Power Defragmenter GUI - .exe Executable
Power Defragmenter GUI - .exe Executable

  • Download Power Defragmenter GUI
  • The download is a zip file called that contains just one executable PowerDefragmenter.exe; extract the zip file into a new dedicated folder containing the executable PowerDefragmenter.exe. For example, extract the zip file into the folder c:\temp\power-defrag\ so that you extract the 481 KB executable into c:\temp\power-defrag\PowerDefragmenter.exe.

Supratim Sanyal's Blog: Microsoft Sysinternals Contig - exe Executable
Microsoft Sysinternals Contig - exe Executable
  • Download Widnows Sysinternals Contig
  • Again, the Contig download is a zip file called that contains 32 and 64-bit versions of contig.exe and a EULA. The 32-bit contig.exe executable is just 248 KB! Extract into another new dedicated folder. For example, extract into c:\temp\contig\

Supratim Sanyal's Blog: Copy files in Contig folder to Power Defragmenter GUI folder
Copy files in Contig folder to Power Defragmenter GUI folder

  • Now copy over the Contig files from the directory you unzipped Contig into to the directory you unzipped Power Defragmenter GUI into. In the examples above, this means copy the files from c:\temp\contig\ to c:\temp\power-defrag\.
Supratim Sanyal's Blog: Run PowerDefragmenter.exe Executable to launch Power Defragmenter GUI
Run PowerDefragmenter.exe

That is it as far installation of Power Defragmenter GUI  is concerned. You can now launch PowerDefragmenter.exe by double-clicking it from the folder you extracted Power Defragmenter GUI into that now also has the Contig.exe executable.

Power Defragmenter GUI will start up showing a progress-bar indicating it is launching Power Defragmenter GUI installer and then present the main screen. I guess the "installer" notice is shown because Power Defragmenter declares itself as an installer to grab administrative rights; it does not really "install" anything and runs totally from the folder.

Supratim Sanyal's Blog: Power Defragmenter GUI initial screen
Power Defragmenter GUI initial screen

If you see carefully, you will notice the little note at the bottom above the buttons saying that Power Defragmenter GUI has located the version of Contig.Exe you copied over to it's folder.

Clicking "Next" will bring you to the following screen:

Supratim Sanyal's Blog: Power Defragmenter GUI - Defragmentation Options
Power Defragmenter GUI - Defragmentation Options

I always choose the last option, "TriplePass(TM) Disk Defragmentation" to defragment the heck out of my drives. This is also where the true power of the tool comes through. So, go ahead, choose "TriplePass(TM) Disk Defragmentation" and click Next.

Supratim Sanyal's Blog: Power Defragmenter GUI: Choose Drive to Defragment
Power Defragmenter GUI: Choose Drive to Defragment

Choose the drive to defragment (the system drive should already be selected; you can use the drop-down list to defragment other drives if you have them) and click on Defragment to start the defragmentation process.

Power Defragmenter GUI will first launch Contig for deep-defragmentation of files. Contig may present a EULA to accepts the first time it is launched, simply accept the EULA once and your computer remembers it. You can use Ctrl-S and Ctrl-Q to pause and resule the fast-scrolling output if you want to look at what is going on.

Supratim Sanyal's Blog: Power Defragmenter GUI invokes Windows Sysinternals Contig for three passes
Power Defragmenter GUI invokes Windows Sysinternals Contig for three passes
Update: In prior versions, Power Defragmenter GUI then invoked the Windows Defragmenter tool included with Windows to wrap of the ferocious attack on file system fragmentation. This no longer seems to be the case, apparently from the time Power Defragmenter GUI was updated to support Windows Vista and later. Here is a screenshot from the older versions showing Power Defragmenter GUI invoking Windows Defragmenter in command mode; once again, this will probably not happen any more.

Supratim Sanyal's Blog: Power Defragmenter GUI invokes Windows Defragment Tool
Power Defragmenter GUI invokes Windows Defragment Tool

You will be informed when Power Defragmenter GUI is done:

Supratim Sanyal's Blog: Power Defragmenter GUI - TriplePass(TM) completed
Power Defragmenter GUI - TriplePass(TM) completed

If you are running Windows in a virtual machine, now is a good time to zero out the free space on the virtual drive using sysinternals sdelete, shut down the Windows VM, compact the virtual disk using the hypervisor-provided tool and take a backup of the VM. This results in the smallest backup archive size for the VM.

Sunday, September 24, 2017

The DECnet-Linux Experience: It Works!

Supratim Sanyal's Blog: DECnet Linux Communication Between two Linux nodes
Ubuntu 14.04 Linux Twins FEDACH (1.553) and FOMFOR (1.554) Talk over DECnet
I was aware of an implementation of the DECnet Phase IV network protocol on the Linux kernel for quite a while now, and recently decided to take the plunge and give it a shot, with additional motivation from this inspiring Retrocomp post.

It was not going well initially because of a bad call I made to try to install ancient releases of Linux distributions from Debian and Fedora from around the time DECnet-Linux was first announced. As a result, I spent many sleepless nights trying to find the packages and dependencies for Linux distros featuring DECnet from the first few years of the new millennium.

Eventually I did what I should have started off with: check if modern Linux distributions still include DECnet-Linux. A search of the kernel of the bleeding-edge Ubuntu 17 "Zesty Zapus" looked promising; DECnet-Linux was indeed compiled right into Ubuntu 17's mainline 4.10 kernel build and the required libdnet, dnet-common and dnprogs packages were available for Ubuntu 17.

Unfortunately, Ubuntu 17's support for DECnet-Linux turned out to be dysfunctional. I created two virtual machines with Ubuntu 17 and installed the DECnet tools, but could not get any farther than the dneigh command showing the other node. FAL, Phone, sethost, etc. would simply not work and would sometimes lock up the virtual machines.

Frustrated, I posted the question to the fabulous folks at the comp.os.vms newgroup. Within a day, I had a path forward; it was clear from John E. Malmberg and "hb" that I needed to try Ubuntu 14.04 or earlier; DECnet-Linux was definitely broken after Ubuntu 14.04.

Re-energized, I proceeded to install the 32-bit release of Ubuntu 14.04.5 LTS (Trusty Tahr) on two virtual machines using the lightweight lubuntu flavor from the Desktop ISO CD image. Then apt-get install dnprogs brought in everything I needed to get DECnet-linux mostly up (the official Ubuntu 14 repositories still work at the time of writing, no need to look for mysterious archives of no-longer supported releases yet.)

However, I still had to make a couple of little tweaks to have DECnet-Linux work all the way. Here are the things I did over and after the default install of DECnet-Linux from Ubuntu 14.04 repositories.

1. The official dnprogs and family of packages from Ubuntu 14.04 repos installed versions of /usr/sbin/dnetnml and /usr/sbin/ctermd that did not work well. The dnetnml program was not responding correctly by showing executor, line, or circuit etc. characteristics when requested by other nodes. Also, attempts to SET HOST from other nodes resulted in the official ctermd program to look for a non-existent local "pty" device and fail.

To get around these problems, I downloaded the source code tarball dnprogs_2.62.tar.gz which is available in practically all Ubuntu 14 mirrors including here. I then built the entire DECnet program suite locally, and then replaced the /usr/sbin/dnetnml and /usr/sbin/ctermd binaries with the ones built locally from source.

2. The official dnprogs installation was not filling in the correct DECnet address in the file /proc/sys/net/decnet/node_address; this file always had 0.0 despite the correct DECnet executor address being defined in the /etc/decnet.conf configuration file. This was resulting in some strange behavior indicatng Linux-DECnet was not using the adjacent router node to reach nodes outside the local network, but trying to access them directly and failing. I added a simple command in the /etc/rc.local file (and made it executable and exit with 0) to force the correct DECnet address:
# -- rc.local DECnet kludge - /proc/sys/net/decnet/node_address has 0.0; force it
echo 1.554 > /proc/sys/net/decnet/node_address
# --

My two Ubuntu 14.04 virtual machines are named FEDACH and FOMFOR after the twin sons of Macha, daughter of Aodh Ruad. FEDACH has a DECnet address of 1.553 and FOMFOR has 1.554. They are now both connected to HECnet - the global hobbyist DECnet. They are configured to use DECnet on the eth1 network adapter (eth0 is dedicated to IP); the eth1 adapter has the correct MAC address corresponding to the DECnet address as required by DECnet:

1.553 => aa:00:04:00:29:06
1.554 => aa:00:04:00:2a:06

Also, as DECnet uses all available NICs by default, I modified /etc/default/decnet to have DECnet on eth1 only, and increase verbosity of logging by the dnetd daemon. In addition, I modified the /etc/decnet.conf and /etc/decnet.proxy files as recommended by DECnet-linux documentation and man pages. Here is the output of "ip address show" for eth1 on the two nodes:


3: eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP group default qlen 1000
    link/ether aa:00:04:00:29:06 brd ff:ff:ff:ff:ff:ff
    dnet 1.553 peer 1.553/16 scope global eth1


3: eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP group default qlen 1000
    link/ether aa:00:04:00:2a:06 brd ff:ff:ff:ff:ff:ff
    dnet 1.554 peer 1.554/16 scope global eth1

I created a "decnet" user account for FAL etc. to use by default as configured in /etc/decnet.proxy and the DECnet objects in /etc/dnetd.conf; interactive logins are disabled for this "decnet" account.

Lastly, I wanted the mail system to use the "decnet" account as well instead of the default (and non-existent) "vmsmail" account and created the file /etc/vmsmail.conf with a single line:


Usual DECnet network access commands all work from an external OpenVMS VAX 7.3 Node:


Node Volatile Characteristics as of 25-SEP-2017 00:32:23

Executor node = 1.553 (FEDACH)

Circuit                  = eth1
State                    = on
Identification           = DECnet for Linux V3.13.0-129-generic on i686




Total of 3 files.
CTERM Version 1.0.6
DECnet for Linux

fedach login:

Mail also works from VMS to Linux over DECnet.


Produces these syslog entries on FEDACH showing mail delivery success:

Sep 29 10:20:46 fedach dnetd[1211]: Connection from: qcocal::sanyal
Sep 29 10:20:46 fedach dnetd[1211]: using user decnet from dnetd.conf
Sep 29 10:20:46 fedach dnetd[2108]: Starting daemon 'vmsmaild'
Sep 29 10:20:46 fedach vmsmaild[2108]: got local user: ROOT
Sep 29 10:20:46 fedach vmsmaild[2108]: Forwarding mail from qcocal::SANYAL       to root
Sep 29 10:20:46 fedach dnetd[1211]: Reaped child process 2108
Sep 29 10:20:46 fedach postfix/pickup[1351]: 8927E6CAB7: uid=1001 from=<decnet>
Sep 29 10:20:46 fedach postfix/cleanup[2112]: 8927E6CAB7: message-id=<20170929142046.8927E6CAB7@fedach.sanyalnet.lan>
Sep 29 10:20:46 fedach postfix/qmgr[1352]: 8927E6CAB7: from=<decnet@fedach.sanyalnet.lan>, size=1029, nrcpt=1 (queue active)
Sep 29 10:20:46 fedach postfix/local[2114]: 8927E6CAB7: to=<root@fedach.sanyalnet.lan>, orig_to=<root>, relay=local, delay=0.16, delays=0.06/0.1/0/0, dsn=2.0.0, status=sent (delivered to mailbox)
Sep 29 10:20:46 fedach postfix/qmgr[1352]: 8927E6CAB7: removed


The DECnet-Linux configuration files for my two nodes along with the Ubuntu 14 CD ISO and dnprogs_2.62.tar.gz source files and binaries built on my nodes are available from my google drive here.


/etc/dnetd.conf (Identical for FEDACH and FOMFOR)

/etc/decnet.proxy (Identical for FEDACH and FOMFOR)

/etc/default/decnet (Identical for FEDACH and FOMFOR)

/etc/decnet.conf (FEDACH)

/etc/decnet.conf (FOMFOR)


Tuesday, September 12, 2017

DECnet Phase IV: copy node database from remote host and share it with other nodes over network with Digital DEC servers

Figure: Phase IV Consists of Eight Layers That Map to the OSI Layers
Source - Cisco Wiki | Figure: Phase IV Consists of Eight Layers That Map to the OSI Layers

DECnet Phase IV on OpenVMS VAX 7.3

To copy the nodes database from a remote host and make it available to other nodes to copy from my node, I use the command file at the bottom. Here <REMOTE-NODE> is the DECnet node name / address of the host I copy my node database from.

After copying over the remote node database from another server (a PDP-11/24 running RSX-11M Plus that serves HECnet the world-wide hobbyist DECnet in this case), I basically copy SYS$SYSTEM:NETNODE_LOCAL.DAT and SYS$SYSTEM:NETNODE_REMOTE.DAT to SYS$COMMON:[SYSEXE] and grant them world-read permission.

Before doing this, other nodes that tried to copy the node database from my node (1.559) used to get this error, which does not happen any more:
Known Node Permanent Summary as of 12-SEP-2017 18:29:00
%NCP-W-FILOPE, File open error , Permanent database
-RMS-E-FNF, file not found

I also played around with enabling the NML proxy before running the commands in the DCL command file at bottom. I am not sure if I had enabled the NML proxy during installation of DECnet Phase IV and if these were required, but just doing these did not solve the problem. They may be required part of the solution, though.


Here is the DCL script:

$ MC NCP copy known nodes from <REMOTE-NODE> using volatile to BOTH

Windows NT 4.0 - DEC Pathworks 32 7.4

Supratim Sanyal's Blog: Copy DECnet Phase IV Node Databse from OpenVMS VAX server to Windows NT 4.0 running DEC Pathworks 32 7.4 over DECnet using NCP copy command

After configuring DEC Pathworks 32 on Windows NT 4.0 and establishing DECnet Phase IV communication with my DECnet nodes, I copied over the DECnet node database from IMPVAX OpenVMS VAX 7.3 (1.559) to Windows NT 4.0 Pathworks-32 using the simple NCP command:


A subsequent NCP LIST KNOWN NODES command produced a full list of DECnet nodes copied over from IMPVAX.

Saturday, September 9, 2017

From Supernova to Intel Xeon L2 CPU Cache: My Own Machine Check Event (MCE) Glitch!

Supratim Sanyal's Blog: A Supernova Causes a MCE Machine Check Event on Intel Processor
Less than thirteen and a three-quarters of a billion years ago, a star the size of about fifteen times our own sun ran out of hydrogen fuel in its core to burn into helium.

Undeterred and left with prodigious amounts of helium, it non-nonchalantly started on the helium to burn to carbon for a few billion years. Then it lit up the carbon, and spent billions of years to continue up the periodic table - aluminum, silicon, nickel, copper, lead ... all the while pushing the lighter stuff outwards in layers and getting heavier in the middle where gravity kept getting happier. In another few billion years, gravity betrayed a little smile when the star crossed over the Chandrasekhar Limit. For gravity had won again, as it always does; all the energy of the burning core could no longer hold the star up. The collapse started.

The unrelenting crush of gravity then continued to make that star's core so dense and so hot that, more importantly than human equations trying to compute it starting to fail, something had to give.

After billions of years of cooking the elements, it took barely one and a half minutes for the core to explode, lighting up the universe with such brightness that it would be clearly visible to naked human eyes in daytime when that light would reach planet Earth.

The supernova explosion scattered the periodic table into space. Some of that ejected matter coagulated into a scary collection of mostly hydrogen and carbon-based molecules which would be labeled together as "Supratim Sanyal". 

The explosion also fired off, at light speed in all directions, billions of little monsters - atomic nuclei with no electrons, alpha particles, electrons and friends. One of these - a hydrogen nucleus, which is just a proton, traveled unchallenged a few billion light years only to finally get arrested by the L2 cache of the 8th Xeon CPU in my Dell PowerEdge 2950 in the basement.

Supratim Sanyal's Blog: Machine Check Event (MCE) Error - Intel Xeon L2 Cache Error
Machine Check Event (MCE)
I have never faced a Machine Check Event before.

I logged into my old faithful and rock-solid Dell PowerEdge 2950 blade server just now, and was informed:

ABRT has detected 1 problem(s). For more info run: abrt-cli list --since 1504666020

Okay, so I ran the recommended command, and got:

# abrt-cli list --since 1504666020
id ea6720f12a431197ca717b7bcd90f43f7a92d366
reason:         mce: [Hardware Error]: Machine check events logged
time:           Thu 07 Sep 2017 07:28:16 PM UTC
cmdline:        BOOT_IMAGE=/vmlinuz-3.10.0-514.26.2.el7.x86_64 root=/dev/mapper/centos_dellpoweredge2950-root ro rhgb quiet LANG=en_US.UTF-8
package:        kernel
uid:            0 (root)
count:          1
Directory:      /var/spool/abrt/oops-2017-09-07-19:28:16-12996-0
Reported:       cannot be reported

The Autoreporting feature is disabled. Please consider enabling it by issuing
'abrt-auto-reporting enabled' as a user with root privileges

At this point, I googled "Machine Check Event" and learned that one of the reasons a MCE could happen is cosmic rays! Unless, of course, the processor or hardware or bus or some such thing is really going bad; the PowerEdge 2950 is a decade old anyway.

The forums also recommended running "mcelog", which I did not have, but was readily available in the repos.

# yum install mcelog

Now I could run mcelog.

# mcelog
Hardware event. This is not a software error.
ADDR 43f883580
TIME 1504812495 Thu Sep  7 19:28:15 2017
MCG status:
MCi status:
Corrected error
Error enabled
MCi_ADDR register valid
Threshold based error status: green
MCA: Generic CACHE Level-2 Generic Error
STATUS 942000570001010a MCGSTATUS 0
CPUID Vendor Intel Family 6 Model 23

OK, so it clearly says this MCE is not software-related, and whatever it was, it was corrected. It is also probably trying to say the L2 cache on the 8th CPU misfired that time.

A few quick checks with htop, top, iotop, etc. do not indicate any issues. Therefore, I will blame it on cosmic rays this time and let it go. If hardware is indeed failing, I will know soon enough.

It may be worth keeping an eye on eBay for a replacement blade server.

Thursday, September 7, 2017

OpenVMS-Linux-Windows File-Sharing over DECnet using FAL on DEC Pathworks for Windows NT 4.0

Supratim Sanyal's Blog: DEC Pathworks DECnet on Windows NT 4.0 Hobbyist System at SANYALnet Labs
DEC Pathworks: Windows NT as a DECnet node

Thanks to DECnet-Linux on my Ubuntu 14 boxes, DECnet on OpenVMS on a couple of SIMH VAX servers and DECnet on RSX-11M PLUS on a SIMH PDP-11/24 server, it is eminently possible to kick the Internet Protocol (IP) completely off a local LAN and use DECnet for logging in and sharing files across these machines. Windows was the missing piece, and I decided to throw an Windows NT 4.0 server into the mix. I could have chosen Windows 2000, XP, or later - but there is a certain charm in NT4 service-pack 6a + post 6a security rollup - a charm only felt by folks dated to the 8-bit era like me.

The saga of sharing files over DECnet from Windows NT 4.0 starts after I had DEC Pathworks 32 v7.4 up and running on my NT 4.0 workstation. At this point, ENTEE4 (DECnet address 1.557) is happily talking DECnet with two other nodes around my lab, as validated using tshark sniffing on the DECnet-dedicated network from Ubuntu 14 boxes equipped with DECnet-Linux (DECnet addresses 1.553 and 1.554). Everybody is saying hello to everyone else and it is a happy little island world.

$ tshark -i eth1
Capturing on 'eth1'
1930  39.386556        1.554 -> 1.553        DEC DNA 59 msg nr. 2 single segment, bytes this segment: 10, total so far:10
1931  39.386874        1.553 -> 1.554        DEC DNA 60 NSP data ACK message(2)
1932  39.386937        1.554 -> 1.553        DEC DNA 62 msg nr. 3 single segment, bytes this segment: 13, total so far:13
1934  39.388100        1.554 -> 1.553        DEC DNA 160 msg nr. 4 single segment, bytes this segment: 111, total so far:111
1937  39.388667        1.554 -> 1.553        DEC DNA 45 NSP disconnect initiate/confirm message
1939  39.403927        1.553 -> 1.557        DEC DNA 85 NSP connect confirm/initiate message
1946  39.461562        1.553 -> 1.557        DEC DNA 66 msg nr. 1 single segment, bytes this segment: 17, total so far:17
1948  39.462705        1.557 -> 1.553        DEC DNA 64 msg nr. 1 single segment, bytes this segment: 20, total so far:20
1952  39.492906        1.557 -> 1.553        DEC DNA 1494 msg nr. 2: start of segment, bytes this segment: 1450, total so far:1450
1953  39.492919        1.557 -> 1.553        DEC DNA 1494 msg nr. 3: continuation segment , bytes this segment: 1450, total so far:2900
1954  39.492922        1.557 -> 1.553        DEC DNA 1494 msg nr. 4: continuation segment , bytes this segment: 1450, total so far:4350
1960  39.493251        1.557 -> 1.553        DEC DNA 933 msg nr. 7: end of segment, bytes this segment: 889, total so far:8139
1966  39.999976        1.554 -> DECNET-Phase-IV-end-node-Hello-packets DEC DNA 50 Routing control, Endnode Hello message

Before starting FAL configuration, the two sources of information that I found extremely useful, and where all the information in this post is gleaned from, are

  • Pathworks Installation Guide (still available from Compaq here)
  • Pathworks Information Shelf installed along with Pathworks application files

Now, to get Pathworks FAL operational. First, using the Windows NT User Rights Policy manager, I added the "Log on as a batch job" right to the "Users" group. This is fairly well documented in the Pathworks installation guide. The steps are:

Supratim Sanyal's Blog: DEC Pathworks DECnet FAL configuration - Add "Log on as a batch job" right to "Users" group on Microsoft Windows NT 4.0
Add "Log on as a batch job" right to "Users" group on Microsoft Windows NT 4.0

  • Start -> Programs -> Administrative Tools -> User Manager
  • From the menu bar at top of User Manager, choose Policies -> User Rights. This will pop up a "User Rights Policy" window.
  • Click on the little checkbox at the bottom saying "Show Advanced User Rights"
  • From the "Right" drop-down list in the upper area, choose "Log on as a batch job"
  • Click "Add..." in the bottom right area. This will pop up another window titled "Add users and groups".
  • Choose "Users" in the "Names" area at the top (scroll down to see "Users").
  • Click on "Add" button in the middle. This will add "<computer-name>\Users" in the white text area in the bottom half.
  • Click "OK" at the bottom.
  • You will back at the "User rights policy" window. Click OK.
  • You will be back at the "User Manager" window. From the top menu, click User -> Exit to exit out.

Second step - I created a user called DECNET with home directory C:\DECNET and added this user to the "Users" group that we manipulated previously. The DECNET user thus has the all-important "Log on as a batch job" right.

Supratim Sanyal's Blog: DECnet Windows NT 4.0 Pathworks Setup - Add a DECNET user for Windows NT 4.0 for testing with DEC Pathworks DECnet services
Add a DECNET user for Windows NT 4.0 for testing with DEC Pathworks DECnet services

  • Start -> Programs -> Administrative Tools -> User Manager
  • From the menu bar at top of User Manager, choose "New User...". This will pop up a "New User" window. Fill in the username (DECNET), provide a password that you can remember, and clear all four check-boxes.
  • Click on "Groups" at the bottom. In the "Group Memberships" window that pops up, the user should already be a member of the "Users" group; therefore no more action here. Click on OK to return to the "New User" window.
  • Click on "Profile" at the bottom to open up the "User Environment Profile" pop-up. In the "Home Directory" section in the lower panel, change "Local Path" to "C:\DECNET". Click on OK to return to the "New User" window, and OK again.
  • You will be back at the "User Manager" window. From the top menu, click User -> Exit to exit out.
Third step - grant Administrator access to the user directory. In the prior step, the User Manager created the home directory with access permissions only for the specific user. However, for the FAL object to access the contents of the directory, we need the directory permissions set to allow full Administrator access. This is performed from an Administrator account as follows:

Supratim Sanyal's Blog: DEC Pathworks Windows NT 4.0 FAL server configuration - Give Administrators Full Control on the new home directory for the DECNET user account
Give Administrators Full Control on the new home directory for the DECNET user account

  • From Start -> Windows NT Explorer, Right-Click on the DECNET folder under C: drive.
  • Choose Properties
  • Click on the Security tab
  • Click on Permissions
  • Click on "Add" at the bottom
  • In the "Add Users and Groups" window,  choose "Administrators" in the "Names" area at the top half, and click "Add" in the middle. This will add "<computer name>\Administrators" to the "Add Names" area in the bottom half.
  • In the "Type of Access" drop-down list at the bottom, choose "Full Control"
  • Click on OK, OK and OK to exit out of the three open screens.
  • That's it; now the C:\DECNET folder has full access permissions for both the owner DECNET as well as Administrator group accounts.

Fourth step - configure FAL and NML services on Windows NT 4.0 Pathworks using Network Control Program (NCP). To do this, open a MS-DOS command prompt and issue the command "NCP" to enter the NCP prompt. Then issue NCP commands to define the File Access Listener (FAL) and the Network Management Listener (NML) objects. Keep in mind the object numbers 17 and 19 cannot be changed; they are specifically allocated to FAL and NML objects.

Supratim Sanyal's Blog: DEC Pathworks Windows NT - Configure FAL and NML server objects from NCP - DECnet
DEC Pathworks Windows NT - Configure FAL and NML server objects from NCP


Network Control Program (NCP)   V7.2.019
Copyright 1985, 2000 by Compaq Computer Corporation

 Network Objects  Thu Sep 07 15:52:48 2017

Taskname          #    File               "Arguments"

FAL               17   C:\PW32\FAL32.EXE
NML               19   C:\PW32\NML32.EXE

Log out of the Windows Administrator account, and log in as DECNET. Create a file called INFO.TXT in C:\DECNET to play (i.e. test) with.

All done, now we can talk to Windows NT 4.0 running Pathworks from other DECnet hosts. It all works from DECnet on OpenVMS and PDP-11/24 hosts in my hobbyist lab, and also playing around with my Ubuntu boxes running DECnet-Linux, I can use DECnet-Linux commands to access Windows NT files:

$ dndir 'entee4"DECNET password"::'

Directory of C:[DECNET]


$ dntype -mblock 'entee4"decnet password"::info.txt'
 _______   ________   _________  _______   _______   ___   ___
|\  ___ \ |\   ___  \|\___   ___\\  ___ \ |\  ___ \ |\  \ |\  \
\ \   __/|\ \  \\ \  \|___ \  \_\ \   __/|\ \   __/|\ \  \\_\  \
 \ \  \_|/_\ \  \\ \  \   \ \  \ \ \  \_|/_\ \  \_|/_\ \______  \
  \ \  \_|\ \ \  \\ \  \   \ \  \ \ \  \_|\ \ \  \_|\ \|_____|\  \
   \ \_______\ \__\\ \__\   \ \__\ \ \_______\ \_______\     \ \__\
    \|_______|\|__| \|__|    \|__|  \|_______|\|_______|      \|__|

                   A SANYALnet LABS HOBBYIST SERVER

| Welcome to entee4.sanyalnet.lan.
| This is a Microsoft Windows NT 4.0 Workstation with
| Digital DEC (Compaq) Pathworks. It speaks IP and DECnet.

That concludes my experiment with a DECNET account shared using FAL server object over DECnet on a Windows NT 4.0 server running DEC Pathworks 32. Please share your experiments and results in the comments below!

Tuesday, August 15, 2017

iptables adventures

Supratim Sanyal's Blog: Linux iptables security reference example

I use iptables to secure my Linux-based internet-facing hobbyist servers. The current iptables, residing at one of these servers ( at /etc/sysconfig/iptables, is as below.

This particular server runs on CentOS 7. The iptables rules provide basic network exploit protection from syn flood, nul, christmas and fragmented packets and adds rate-limited DDOS flood protection for ssh, telnet, smtp, dns, http, pop3, ntp, IMAP, https, smtps, starttls, imap-ssl/tls, pop-ssl/tls, dovecot, sieve, managesieve, DECnet bridge (HECnet), stunnel, syslog etc. ports that are usual for any internet-facing server providing public services. It has the following open ports for the services it provides:
  • ssh
  • telnet, forwarded to CLOUDY VAX - the hosted DECVAX-11/780 SIMH simulated Digital VAX server running OpenVMS 7.3
  • SMTP (authenticated, not public)
  • DNS - this DNS server blocks advertising and tracking websites as well as malware
  • http - a basic static web-site is hosted on this server; also reachable over the TOR network at fz2koi5kviaph4bl.onion)
  • POP (authenticated, not public)
  • NTP - this server is an official stratum-2 public NTP server listed and is a member of the NTP Pool Project
  • IMAP (authenticated, not public)
  • https (currently unused)
  • STARTTLS / SMTPS (authenticated, not public)
  • IMAP SSL/TLS (authenticated, not public)
  • POP SSL/TLS (authenticated, not public)
  • Dovecot Sieve / ManageSieve
  • DECnet bridge connecting QCOCAL (SIMH MicroVAX 3900/OpenVMS 7.3 at home), JUICHI (SIMH DEC PDP-11/24 RSX-11M PLUS at home) and CLOUDY VAX (SIMH VAX-11/780 OpenVMS 7.3) to HECnet the global hobbyist DECnet network
  • TOR Proxy service (authenticated, not public)
  • stunnel (secure tunnel) service to syslog daemon for encrypted remote logging
  • syslog
  • TOR relay node (this server is a TOR relay-only node, not a TOR exit node; no TOR traffic is logged at all on this server)

Sunday, August 13, 2017

How to find Solaris device name of NTFS partition on external USB hard drive HDD storage

Instead of running GParted as described in my post on Oracle Solaris 11.3 64-bit installation steps, here is a quicker command-line way to identify the device name corresponding to a NTFS partition on an external USB hard drive connected to a Oracle Solaris 11.3 system.

Unlike my previous post that applies to OpenIndiana, this post applies to true Oracle Solaris 11.3 64 bit.

STEP 1 - Use rmformat and fdisk to identify the device name for the NTFS partition

$ rmformat -l
Looking for devices...
     1. Logical Node: /dev/rdsk/c1t1d0p0
        Physical Node: /pci@0,0/pci-ide@1,1/ide@0/sd@1,0
        Connected Device: VBOX     CD-ROM           1.0
        Device Type: <Unknown>
        Bus: IDE
        Size: <Unknown>
        Label: <Unknown>
        Access permissions: <Unknown>
     2. Logical Node: /dev/rdsk/c2t0d0p0
        Physical Node: /pci@0,0/pci106b,3f@6/storage@1/disk@0,0
        Connected Device: WD       My Book 1110     1030
        Device Type: Removable
        Bus: USB
        Size: 1430.1 GB
        Label: <Unknown>
        Access permissions: <Unknown>
     3. Logical Node: /dev/rdsk/c2t0d1p0
        Physical Node: /pci@0,0/pci106b,3f@6/storage@1/disk@0,1
        Connected Device: WD       Virtual CD 1110  1030
        Device Type: CD Reader
        Bus: USB
        Size: 668.0 MB
        Label: <None>
        Access permissions: <Unknown>
$ sudo fdisk /dev/rdsk/c2t0d0p0
             Total disk size is 60771 cylinders
             Cylinder size is 48195 (512 byte) blocks

      Partition   Status    Type          Start   End   Length    %
      =========   ======    ============  =====   ===   ======   ===
          1                 IFS: NTFS         0  60771    60772    100

   1. Create a partition
   2. Specify the active partition
   3. Delete a partition
   4. Change between Solaris and Solaris2 Partition IDs
   5. Edit/View extended partitions
   6. Exit (update disk configuration and exit)
   7. Cancel (exit without updating disk configuration)
Enter Selection: 7

This tells us the NTFS partition is the first partition on raw device /dev/rdsk/c2t0d0p0. Therefore, the device name for our NTFS partition will be disk partition /dev/dsk/c2t0d0p1 (without the "r" for raw device under /dev).

STEP 2 - Mount it!

$ mkdir /media/USB-Storage
$ sudo /usr/bin/lowntfs-3g -o uid=21,gid=21 /dev/dsk/c2t0d0p1 /media/USB-Storage/

And presto, we can now see the NTFS partition files at /media/USB-Storage.

Installing ntfs-3g on Solaris without introducing instability and kernel panics is tricky. I ended up building ntfs-3g from sources to get a rock-solid stable Oracle Solaris 11.3 server with NTFS-3g; I have documented my approach in a separate post in the section Install the Tools to Mount NTFS Volume: FUSE and NTFS-3G for Solaris 11.

Thursday, August 10, 2017

My tshark cheat-sheet

Supratim Sanyal's Blog: Wireshark

Ever-evolving list of tshark command lines I use for various purposes, with a goal of avoiding trolling through wireshark and tcpdump man pages every time to find the filters. Generally adding a -V, -VV or -VVV switch increases verbosity levels. I also usually prepend the tshark command with nice -n 19 ionice -c3 to try to minimize processor (CPU) and disk I/O usage when running tshark.

  • Monitor DECnet-UDP bridged traffic to HECnet. The following is for the VPS hosting CLOUDY:: and JUICHI:: which bridges DECnet over UDP to HECnet update host and QCOCAL:: hosted on (described in my post here):
    # tshark -i ens33 -f "host" -f "host" -f "udp port 4711" -f "udp port 4712"
  • Capture all NTP traffic:
    # tshark -i ens33 -f "udp port 123"
  • Capture all NTP server traffic. This mostly logs NTP time served by this server to other hosts.
    # tshark -i ens33 -f "udp port 123" | grep "server"
  • To capture all NTP traffic for this host serving time to other hosts, grep like follows:
    # tshark -i ens33 -f "udp port 123" | egrep " ->" | grep server
  • Capture all NTP client traffic. This mostly logs NTP traffic that synchronizes this host from remote clock source hosts.
    # tshark -i ens33 -f "udp port 123" | grep "client"
  • Capture all traffic to SanyalCraft Minecraft server (on port 25565) and our experimental Minecraft server on port 25566:
    # tshark -i ens33 -f "tcp port 25565" -f "tcp port 25566" 

Recommended Products from Amazon