tomperrine

This user hasn't shared any biographical information

Homepage: https://thuktun.wordpress.com

Working in Tokyo this week…

I’m in Tokyo this week working on some global projects. Here’s a panorama night time view of Shinagawa from the hotel’s 16th floor.

Tokyo skyline from Shinagawa
A panorama of Tokyo from Shinagawa

Advertisements

2 Comments

Scripting a fast Ubuntu install in Google Cloud Platform (GCP)

In this post I’ll show how to script GCP instance creation, Ubuntu installation and patching in order to support the customized SIMH installs that we’ll do later.

All of my GCP/SIMH installs are based on Ubuntu Linux, running on tiny or small GCP instances. Since one of my goals is quick iteration and making it fast and easy for other people to install the SIMH emulator and the guest OSes, I’ve scripted everything. I’ve been a fan of infrastructure-as-code for two decades, so how could I not apply that to my GCP estate?

For this we need four scripts:

  • create-instance – create an instance, install and patch Ubuntu
  • stop-instance – stop (pause) the instance, preserving the instance state (boot volume)
  • start-instance – (re)start the instance from the saved state
  • destroy-instance – destroy the instance (which deletes the associated boot volume)

All of the examples start with a common Linux base in GCP, so it made sense to script a fast Ubuntu install and update.  While I could use a common SIMH install for almost all the guest operating systems, it makes sense to keep them separate so that people can install just the single OS that they want to play with, instead of them all.

These examples all assume that you have created a Google Cloud account, created at least one project, and enabled billing for that project. You may want to start with these tutorials.

You also need to set a few environment variables as described in this earlier post.

Everything below should be self-explanatory. Essentially, the main steps are to create the instance, then wait for the instance to be up and running. After that, another loop waits until the SSH daemon is running, so that some commands (apt-get update and apt-get upgrade) can be run.

#!/bin/bash

# given a GCP, etc account and the SDK on the install-from host, build and install a new server

. ./set-cloud-configuration.sh

# If you don't use ssh-add to add your key to your active ssh-agent
# you're going to be typing your passphrase an awful lot

#
# create the instance
#
gcloud compute instances create ${INSTANCENAME} --machine-type=${MACHINETYPE} --image-family=${IMAGEFAMILY} --image-project=${IMAGEPROJECT}
gcloud compute instances get-serial-port-output ${INSTANCENAME}

# add the oslogin option so I don't need to manage SSH keys
gcloud compute instances add-metadata ${INSTANCENAME} --metadata enable-oslogin=TRUE

#
# it can take some time, and sometimes(?) the create returns much faster than expected, or the system
# takes a long time to boot and get to the SSH server, so wait for it to be READY
SSHRETURN="dummy"
while [[ "RUNNING" != ${SSHRETURN} ]]; do
    SSHRETURN=`gcloud compute instances describe ${INSTANCENAME} | grep status: | awk -F\  ' {print $2}' `
    sleep 5
done
echo "instance running..."

#
# now wait until the SSH server is running (we get a response without a timeout)
SSHRETURN=255
while [[ ${SSHRETURN} -ne 0 ]]; do
    gcloud compute ssh ${CLOUD_USERNAME}@${INSTANCENAME} --project ${PROJ} --zone ${CLOUDSDK_COMPUTE_ZONE} -- hostname
    SSHRETURN=$?
    sleep 3
done
echo "SSH up and listening..."

# All we have is a "naked" Ubuntu OK, its always a good idea to update+upgrade immediately after installation
 gcloud compute ssh ${CLOUD_USERNAME}@${INSTANCENAME} --project ${PROJ} --zone ${CLOUDSDK_COMPUTE_ZONE} -- sudo apt-get --yes update
 gcloud compute ssh ${CLOUD_USERNAME}@${INSTANCENAME} --project ${PROJ} --zone ${CLOUDSDK_COMPUTE_ZONE} -- sudo apt-get --yes upgrade

exit

The start, stop and destroy shell scripts are much simpler.

All the code is available in my github repo: https://github.com/tomperrine/create-simple-google-instance

, ,

Leave a comment

Setting configuration variables for the SIMH instance in Google Compute

In this short installment, we’ll create a BASH script that will be re-used as we script the creation of the Linux instance, SIMH installation and guest OS installation.

This assumes that you’ve followed the prior posts in the series, and have a functioning Google Cloud account, with a project created, and billing enabled. You need billing enabled even if you’re using the “free tier” or your initial account credit.

There are (for now) three things we need to have set up: account information for logging in, a project name, and a description of the instance we want to run. The description includes the physical location (region/zone) and the operating system we want.

This simple script will set the variables that we will want and can be included into all the other scripts we’ll write later.

Save this as set-cloud-configuration.sh

#!/bin/bash
#
# set user-specific configuration info
# we're going to use "oslogin" so set a username
# THIS MUST MATCH your GCP account configuration
# see https://cloud.google.com/compute/docs/instances/managing-instance-access for details
export CLOUD_USERNAME=YOU_NEED_TO_SET_THIS_FOR_YOUR ACCOUNT!!!!!!!

# Set project information - this project MUST already exist in GCP
# This project MUST have billing enabled, even if you plan to use the "free" tier
export PROJ=retro-simh
gcloud config set project ${PROJ}

# set configuration info for this instance
# pick a region
export CLOUDSDK_COMPUTE_ZONE="us-central1-f"
# set information for the instance we will create
export INSTANCENAME="simh-ubuntu-instance"
export MACHINETYPE="f1-micro"
export IMAGEFAMILY="ubuntu-1804-lts"
export IMAGEPROJECT="ubuntu-os-cloud"

In order to continue with the series, you’ll need to make sure you have enabled billing AND configured “oslogin”.

You should also make sure you have ssh-agent running, unless you want to type your password, a lot.

In the next installment, we’ll create, stop, start and destroy GCP instances in order to prepare for compiling and running SIMH.

, ,

1 Comment

Retrocomputing – Multics

250px-Multics_logo

For the past few months, I’ve been using the dps8m fork of  SIMH to create and run Multics, one of the first operating systems I ever used, and one of my favorites. I’ve also built a completely automated process to install Multics in “the cloud”, so that others can play with this piece of Internet history. I’ll show how that works in some future posts.

Around 1973 I encountered my first computer,  GCOS (AKA GECOS), thanks to Honeywell and Explorer Post 414 in Phoenix. After “we” “discovered” some quite a few security problems with GCOS Timesharing, Honeywell management and our Boy Scout leaders decided to move us all to Multics, as it was a much more secure platform.

Multics has an interesting place in computer science history. It wasn’t the first timesharing (interactive) system, it wasn’t the first to have virtual memory, it wasn’t the first to be primarily written in a higher level language, and it wasn’t the first to be designed and developed with security as a primary goal. It wasn’t open source, although every system did ship with complete source code, something that was not true of any other operating systems of the era.

But it was the first operating system where all these things (and many more) came together.

It is a proven fact that without Multics, there would have been no UNIX, and therefore no MINIX and no Linux.

A lot has been written about Multics, by the people that created and ran it. For background about Multics see:

Leave a comment

Using SIMH in Google Compute to retrace my (UNIX) OS journey

After being introduced to SIMH and getting Multics running, I thought about using SIMH to retrace the steps (and operating systems) that I’ve used in my career. For now, I’ll focus on the UNIX and UNIX-derived systems.

Before coming to UNIX, I had already used Honeywell GECOS, Multics, CP-V and CP-6, and well as DEC’s VMS and TOPS-10. My first UNIX experience was Programmer’s Workbench (PWB) UNIX, which was an interim version between versions 6 and 7.

But after that I used 4BSD, SunOS, UNICOS, HPUX, DomainOS, SGI IRIX, and a host of other UNIX-flavored systems until finally coming to Linux. Along the way I help to extend or create two security kernels – KSOS-11 and KSOS-32.

So my plan is to bring up as many of these operating systems up as possible using SIMH, and focusing on the UNIX family.

Here’s the dependency graph of what I have in mind to begin, and it’s a roadmap for the rest of this series. I have no idea how long it will take, or how far I’ll get.

To date, I’ve got Multics and V6 UNIX, so I’ll show the tooling for those first. Using this information, you should eventually be able to run any OS for which a SIMH emulator exists for the CPU, and for which you can find a bootable or installable image.

, , , ,

Leave a comment

Preparing for SIMH – Setting up the Google Cloud account and installing the Google Cloud SDK

This installment shows how to set up a Google Cloud account in order to run the SIMH emulator in a GCP instance. This is NOT a complete training or tutorial on Google Cloud, but does explain the settings needed for this project.

In this prior post, I’ve shown how the guest OS will be running on the emulator, in a virtual instance in Google Cloud. This post talks about getting a Google Cloud set up to make all this possible.

Google has written a huge amount of documentation. There are tutorials, quickstarts, API docs, and examples and labs. If you have trouble, Google Cloud Help has everything you need to get unstuck.

In order to prepare for the rest of this series and running SIMH in GCP, start with the Google Cloud console and go through this example. It uses the Google Cloud console to do a part of what we’ll do later with scripts.

Those examples show how to set up a project and enable billing. After that, a VM (instance) is created and Linux is installed. Once you have logged into the instance, and logged out, you can then delete the instance to clean up.

Follow the example, and your Google Cloud account will be ready for the rest of this series.

You’ll also want to set up SSH keys for use with “oslogin” – see the documentation here.

Keep the project open, as you’ll need it later to run the emulator instance.

Finally, we’re going to be using BASH scripts and the Google Cloud SDK (AKA gcloud) for all the future example.

You’ll need to install the SDK, using these instructions for your particular operating system.

Next time we’ll begin the first bash script, to use gcloud to set some configuration variables we need to create and run the SIMH instance.

, ,

Leave a comment

An overview of installing and using SIMH in the Google Cloud (GCP)

As I mentioned in this prior post, I’m running some legacy operating systems (Multics, UNIX v7) using SIMH in Google Cloud. In this post I’ll give an overview of the installation process, and how the legacy OS stacks on the emulated hardware SPU, etc.

The process of using Google Cloud to run SIMH for hosting a legacy operating system has these major steps, no matter which CPU you’ll be emulating, or which operating system you’ll be hosting.

  1. Configure your Google Cloud account. Since we’ll want to script all of this later, we’ll save some key values in a script that can be included in later steps.
  2. Configure the GCP instance. This involves selecting the zone, CPU (instance type), operating system, etc. Again, this all gets saved in a script for future (re)use.
  3. Create the GCP instance. This creates the instance (virtual host) of the proper instance (CPU) type, in the correct location, and does the initial operating system install. When this is done, you have a virtual instance running Linux (typically) in the cloud, albeit with an un-patched operating system.
  4. Patch the base operating system.
  5. Install the development tools that are needed to compile SIMH.
  6. Load the SIMH source code, configure and compile it. At this point you have an SIMH binary that will emulate the desired CPU(s) all running in GCP.
  7. Copy (and then customize) the files needed run the desired guest OS on the emulated CPU to the running instance. This will include SIMH configuration files, disk image files, and other SIMH resources. This may vary considerably depending on the version of SIMH and the guest OS.
  8. Start SIMH, which will bootload the guest OS. If this is the first time the OS has been booted, you may need to then log into SIMH to issue commands, or even directly into the running guest OS for final configuration.
  9. After this, you can halt the guest OS and save the disk image. This saved state lets you reboot the system again (and again) with emulated persistent disk storage.

At this point, you’ve got a guest operating system, running on an emulated CPU, on top of a Linux system, running on a hypervisor, in the cloud.

It looks something like this:

For simplicity’s sake, we can combine some of the steps above into fewer steps, each of which can be a separate script.

  1. Capture configuration information – a single script to set environment variables for the Google Compute Account and the instance configuration.
  2. Create the GCP instance, install the operating system, patch it,
  3. Install the development tools needed to build SIMH, load the SIMH source code, configure and compile it. Copy the needed SIMH configuration files at the same time.
  4. Copy (and then customize) the files needed run the desired guest OS on the emulated CPU to the running instance. This will be different for each operating system.
  5. Start SIMH, which will bootload the guest OS.

Next time, we’ll look a little bit more at the GCP account setup and capturing the account and instance configuration information.

, , ,

Leave a comment

Retrocomputing – using SIMH to run Multics on Google Cloud Platform (GCP)

Last Fall (Oct 2018) I started playing with SIMH, and using it to run some rather ancient operating systems in the Google Cloud (GCP). So far I’ve been able to run Multics, UNIX V6 (PDP-11), and 4.0BSD (VaX).

I started down this path by using the dps8m fork of SIMH to run Multics on a Raspberry Pi 3. This worked very well, and produced performance that for a single user, matched the original mainframe hardware. Not bad for a US$35 pocket sized computer emulating a US$10+ MILLION mainframe (of the 1980s). Of course, Multics supported 100s of simultaneous users using timesharing, but at its heart, Multics (up to 8) CPUs were about 1-2 MIPS each and the system supported up to 8M 36-bit words (32 Mbytes) per memory controller,  up to 4 controllers per system for a grand total of 128 Mbytes per system. Yes, that’s Mbytes, not Gbytes.

For comparison, The $35 Pi 3 B+ runs at about 1000 MIPS, and has 1Gbyte of RAM. The Google Compute f1-micro uses 0.2 of a ~1 Ghz CPU and has 0.60 Gbytes (600 Mbytes) of RAM, making it a reasonable fit.

I’ve been building tools to allow anyone to install SIMH and any of these operating systems in the cloud, so that they can be experienced, studied and understood, without having to use dedicated hardware, or understand the details of using GCP, or SIMH.

In this series of posts, I’ll introduce how I’m using GCP (with scripting), a little about SIMH, a little bit about the hardware being emulated, and the historical operating systems and how to run them all in the GCP cloud, pretty much for free.

You should start by looking into Google Cloud Platform (GCP) and using some of their tutorials.

All of the SIMH examples I will show are running Ubuntu Linux on tiny or small GCP instances.

You can get started by reading about SIMH on Wikipedia, at the main SIMH web site, or at the Github repository for the software.

, , ,

Leave a comment

A low tech way to get a mail server blacklisted using victim’s own forums

As they say in the military, “If it’s stupid and it works, it isn’t stupid”.

This is a low-tech, labor-intensive way to get a victim’s email server blacklisted at a major public email service, using the victim’s own public forums. The email provider was very helpful in getting this sorted out, and it’s not clear that this “attack” is specific to them.

(This situation can also happen “accidentally” if a number of users subscribe to your forums,  change their minds and then report the notices as SPAM instead of unsubscribing from the forums. That doesn’t seem to be the case in this instance.)

  1. Sign up for a few free email accounts with a public email provider. Get as many as you can, perhaps at least 20. Get some friends to help you. More is better.
  2. Go to the victim’s public forum servers and use each email account to sign up for one (or in some cases more than one) forum account per public email account. This gives you 20-100 forum accounts. Let’s use 20 as the lower bound and 100 as the practical upper limit.
  3. As an alternative, if the forum doesn’t use opt-in confirmation, just subscribe a few hundred random people to get the forum notifications. Let them do the work for you.
  4. Set each forum account to send an email notification for every forum update, or as many as possible. Some forum systems allow you to “watch” individual threads, some allow you to “watch” the entire forum system, getting one email for every other users’ post.
  5. In a moderately large-ish forum system, there could be perhaps 1 update per minute, so 60 per hour – that’s now 60*20 accounts (1200) or even worst case 60*100 accounts (6000) emails per hour going out from the forums system, perhaps through the victim’s outbound SMTP server. Either way, the target public email system is seeing a lot of email coming from one domain or IP range very quickly.
  6. If the rate alone isn’t enough to get the forum or SMTP server blacklisted, then go into each of the public email accounts and mark ALL the forum notifications as SPAM. Or if you subscribed a few hundred random people to the notifications, they’ll do the work for you!
  7. The combination of high email rate combined with the 1200-6000 SPAM use complaints should be enough to get either the forum server or the victim’s outbound SMTP server blacklisted.

Note that each and every part of this situation is working as intended. It’s only when they are combined that that you get problems. (Unless the forum doesn’t do email address opt-in verification, in which it’s all on you.)

This “attack” depends on these things:

  1. lots of manual labor, either by yourself or with some friends, or even some random victims
  2. a forum system that allows one user to cause the system to send lots of email based on the behavior of many people
  3. a moderately busy forum system
  4. a public email system that is biased more towards rate-based and user complaints than message content
  5. a public email system that the victim’s user base depends on, as in “must communicate with users in that public email system”

Fortunately, this is relatively labor-intensive, and not amenable to automation.

Countermeasures are left as an exercise for the reader 🙂

Leave a comment

fewer chat choices leads to stronger more collaborative global community

We reduced the number of choices for online chat and ended up with a more concentrated, focused and collaborative global community. This wasn’t planned, it happened organically, and it’s still in progress. But it shows the value of allowing and encouraging people to concentrate into common systems, even ignoring any financial considerations.

As recently as four years ago we had a multitude of separate group and direct chat applications. We had multiples of everything from private in-house Internet Relay Chat (IRC), Jabber and similar servers to several generations of Microsoft products. At one point I counted no fewer than 8 different chat servers that I needed to use myself, just to reach my customers and peers. For the record, that was two different Internet Relay Chat (IRC) servers, two different Jabber servers (the original open source XMPP server), two different Slack instances, Microsoft Lync, and Microsoft Office Communicator (which is now Skype for Business).

(This doesn’t even get into the multiple WebEx, Zoom, GoToMeeting and special conferencing systems.)

Completely ignoring the efforts and costs of running the in house IRC and Jabber servers, the major problem was people wasting time trying to remember (or figure out) which app or server they needed to use to reach a particular person or group. This led to lots of conversations like this…

“Does Susan use Slack?” “No, she’s on Microsoft.” “I don’t see her in Lync?” “She’s in Communicator”.

“Dear IT – I’m in Tokyo and I can’t reach UK R&D over Slack. Please fix.” “R&D is in the other Slack.” “What other Slack?”

This was bad enough for individuals, but finding out that perhaps 5 people who needed to collaborate were “homed” on three different platforms required getting them all accounts on a single platform just for that particular project or need. This led to an even worse explosion of per-user accounts, as now everyone had to have multiple accounts on multiple platforms.

This is similar to, but worse than the fracture in social media. While the “do I find you on Facebook or Google+ or Reddit or Twitter or Instagram or email or SMS?” question is annoying for individuals, having this in a global company is untenable in the long term.

Slack started as a grass roots effort among several of our internal communities. These groups “routed around” the IT-provided solutions and adopted Slack independently, and in most cases without knowing about each other. Obviously, this initially made the problem worse! But, as these groups found out about each others’ Slack instances, they began to talk about whether it would be good for them to merge their communities into fewer (or a single) Slack instance.

Importantly, all the IT organizations around the world realized what was happening and helped and encouraged the move. They made Slack a supported and preferred solution, instead of fighting it.

Over the past year some of our groups around the world have been organically moving their communities to Slack, retiring old services on their own. All the IRC servers and most of the Jabber servers have been decommissioned. Multiple Slack instances have been merged into a new “main Slack”, with more planned to move this year. More importantly several “new” chat systems have NOT been launched; those communities have agreed to adopt Slack instead.

This only worked because people wanted “one place” to gather and Slack offered a “good enough” experience. It’s not important that they selected Slack, it’s important that they all want to be in “one place”, and that “they” selected Slack, it wasn’t imposed. And frankly Slack was better than almost all of the legacy systems.

It’s not clear that we’ll stay on Slack forever, as some of the promised Microsoft solutions may offer better integration with Active Directory, desktop voice and video chat, etc. But until those come, all our users have the option of a single place to collaborate.

Leave a comment

%d bloggers like this: