First off, thanks Paul for setting this up! ENiGMA 1/2 now has an official echo
on fsxNet!

I will be attempting to post more regular updates here as to the development & happenings with ENiGMA as well as discussions related to how people would like to see things implemented.

Currently, work is being done to add some new security features to the system that will also serve as the groundwork for the Waiting For Caller (WFC) feature. At a high level, this is:
- SSH Public Key Authentication
- Two-Factor Authentication (2FA) using TOTP or HOTP standard, or Google Auth
- New ACS and related work for the above.

Both of these are in functional states, but the surrounding work such as the registration process / UI needs put in.

Next will come the WFC with most of all the things you'd expect. The one thing that I do not intend to implement is a node spy. While it wouldn't be that hard
to do, I don't feel it is something that should be added to modern software.

Please post your thoughts!





--- ENiGMA 1/2 v0.0.10-alpha (linux; x64; 10.13.0)
* Origin: Xibalba -+- xibalba.l33t.codes:44510 (21:1/121)

I don't feel it is something that should be added to
modern software.

You've piqued my curiosity. Could you elaborate on this?

ÖÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄ· ÖÄÄÄÄÄÄÄ· ÖÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄ·
*HúUúMúOúNúGúOúUúS* BúBúS nathanael : jenandcal.familyds.org:2323
ÓÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄĽ ÓÄÄÄÄÄÄĽ ÓÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄĽ

--- Mystic BBS v1.12 A42 2018/12/27 (Raspberry Pi/32)
* Origin: *HUMONGOUS* BBS (21:4/123)

I don't feel it is something that should be added to

modern software.
You've piqued my curiosity. Could you elaborate on this?

While back in the day it seemed a little more acceptable to watch a user, it doesn't feel right anymore. As the SysOp (and any user, if you enable it on the
who's online et. al.) you can see what menu/activity a user is up to, but actively watching them is a bit much. I don't want to see your private mail for
example.



--- ENiGMA 1/2 v0.0.10-alpha (linux; x64; 10.13.0)
* Origin: Xibalba -+- xibalba.l33t.codes:44510 (21:1/121)

On 02 Mar 2019 at 10:03a, NuSkooler pondered and said...

2FA) using TOTP or HOTP standard, or Google Auth
- New ACS and related work for the above.

I'd suggest a different topic header and separate posts for each thought... just to make it easier to track threads etc..

Best, Paul

--- E:avon@bbs.nz ------ W:bbs.nz ---
--- K:keybase.io/avon --------------

--- Mystic BBS v1.12 A43 2019/02/28 (Windows/32)
* Origin: Agency BBS | Dunedin, New Zealand | agency.bbs.nz (21:1/101)

user is up to, but actively watching them is a bit much. I don't want to see your private mail for example.

Gotcha. However, at least with Mystic's nodespy, snooping is just one
feature. How about user chat and kicking? (And I don't even know what "Kill Ghost" does).

I actually used the chat function once to initiate a brief chat. I'd never
used the snoop feature, though, so I just tried it (snooping on myself). I guess I can understand why it might seem a bit creepy. But then back in the
day we did a lot of stuff that might seem on the intrusive side now -- like asking for real names, phone numbers, birthdates, etc.

ÖÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄ· ÖÄÄÄÄÄÄÄ· ÖÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄ·
*HúUúMúOúNúGúOúUúS* BúBúS nathanael : jenandcal.familyds.org:2323
ÓÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄĽ ÓÄÄÄÄÄÄĽ ÓÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄĽ

--- Mystic BBS v1.12 A42 2018/12/27 (Raspberry Pi/32)
* Origin: *HUMONGOUS* BBS (21:4/123)

On 03 Mar 2019, nathanael said the following...

Gotcha. However, at least with Mystic's nodespy, snooping is just one feature. How about user chat and kicking? (And I don't even know what "Kill Ghost" does).

If something goes wrong and the user loses connection unexpectedly or doesn't log off correctly a "ghost" will remain tying up that node. So you have to
kill the ghost to free the node back up.

--- Mystic BBS v1.12 A43 2019/02/23 (Raspberry Pi/32)
* Origin: Digital Wurmhole (21:4/113)

If something goes wrong and the user loses connection unexpectedly or

That would have been my first guess. But since no one ever calls my board,
I've never had occasion to try it :-)

ÖÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄ· ÖÄÄÄÄÄÄÄ· ÖÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄ·
*HúUúMúOúNúGúOúUúS* BúBúS nathanael : jenandcal.familyds.org:2323
ÓÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄĽ ÓÄÄÄÄÄÄĽ ÓÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄĽ

--- Mystic BBS v1.12 A42 2018/12/27 (Raspberry Pi/32)
* Origin: *HUMONGOUS* BBS (21:4/123)

Gotcha. However, at least with Mystic's nodespy, snooping is just one feature. How about user chat and kicking? (And I don't even know what "Kill Ghost" does).

Break into chat, kicking, and other "traditional" WFC features are are on the list. I'll create a new post in a moment to show what the current feature set is there. Ghost users (ie: stuck users) haven't been a real issue with ENiG so far (I consider any of that a bug and would set about fixing _that_ instead), but "kick" would take care of them as well.

Twas Saturday, March 2nd when nathanael said...

I actually used the chat function once to initiate a brief chat. I'd never used the snoop feature, though, so I just tried it (snooping on myself). I guess I can understand why it might seem a bit creepy. But then back in the day we did a lot of stuff that might seem on the intrusive side now -- like asking for real names, phone numbers, birthdates, etc.

Yup exactly. I think times have changed. Especially with some of the other security related work, it would seem odd to then turn around and let you look over the shoulder of a user.



--- ENiGMA 1/2 v0.0.10-alpha (linux; x64; 10.13.0)
* Origin: Xibalba -+- xibalba.l33t.codes:44510 (21:1/121)

On 03 Mar 2019, nathanael said the following...

If something goes wrong and the user loses connection unexpectedly or

That would have been my first guess. But since no one ever calls my
board, I've never had occasion to try it :-)

You definitely don't need other people to log in to try it. Happens to me all the time where my Pi loses connection. Still trying to figure out if it's a Wifi issue on my router or the Pi itself, but I've had to kill so many ghosts I'd make the ghostbusters proud. (I know bad joke)

--- Mystic BBS v1.12 A43 2019/02/23 (Raspberry Pi/32)
* Origin: Digital Wurmhole (21:4/113)

me all the time where my Pi loses connection. Still trying to figure out if it's a Wifi issue on my router or the Pi itself, but I've had to kill

Mine's on a Pi 2B, which lacks built-in wifi. Since I rarely need to
physically access the thing, there seems no point in wasting a wifi dongle
on it, so I've just stuck it next to the router with a wire.

I used to have a Pi 3, but danged if I can figure out where I put the thing
:*(

ÖÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄ· ÖÄÄÄÄÄÄÄ· ÖÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄ·
*HúUúMúOúNúGúOúUúS* BúBúS nathanael : jenandcal.familyds.org:2323
ÓÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄĽ ÓÄÄÄÄÄÄĽ ÓÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄĽ

--- Mystic BBS v1.12 A42 2018/12/27 (Raspberry Pi/32)
* Origin: *HUMONGOUS* BBS (21:4/123)

I used to have a Pi 3, but danged if I can figure out where I put the thing :*(

I can almost top you.... So the BBS I'm writing this from is a pi3. It
runs at a friends house since last year when I seperated from my wife...
We've since got back together but I can't get ahold of my friend... he
moved, but still plugged it in. LOL It's seriously over due for a new
SDCard so it's all a matter of time before I lose it. LOL

Shawn

--- MagickaBBS v0.12alpha (Linux/armv7l)
* Origin: A Tiny slice o pi (21:1/130.4)

I can almost top you....

Almost? Nah, I concede. Losing a Pi is easy. Losing an entire BBS takes real talent :-)

ÖÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄ· ÖÄÄÄÄÄÄÄ· ÖÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄ·
*HúUúMúOúNúGúOúUúS* BúBúS nathanael : jenandcal.familyds.org:2323
ÓÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄĽ ÓÄÄÄÄÄÄĽ ÓÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄĽ

--- Mystic BBS v1.12 A42 2018/12/27 (Raspberry Pi/32)
* Origin: *HUMONGOUS* BBS (21:4/123)

Almost? Nah, I concede. Losing a Pi is easy. Losing an entire BBS takes real talent :-)

Laugh, it's running (as I'm writing this on it) but still have no idea
what city it is in, or if he's going to leave it plugged in. LOL

Shawn

--- MagickaBBS v0.12alpha (Linux/armv7l)
* Origin: A Tiny slice o pi (21:1/130.4)

Tiny wrote to nathanael <=-

Laugh, it's running (as I'm writing this on it) but still have no
idea what city it is in, or if he's going to leave it plugged in. LOL

What if it is in <gasp> the US!?! :O

<GRIN>



... DalekDOS v(overflow): (I)Obey (V)ision impaired (E)xterminate
--- MultiMail
* Origin: Possum Lodge South * possumso.fsxnet.nz:7636/SSH:2122 (21:4/134)

09 Mar 19 14:09, you wrote to me:

What if it is in <gasp> the US!?! :O
<GRIN>

I don't think he would move there... He does go there for work a few
times a year... Shit it may be in the US. LOL

Shawn


... Hell hath no fury like a bureaucrat scorned.
--- GoldED+/W32-MINGW 1.1.5-b20160201
* Origin: Tiny's BBS - tinysbbs.com (21:1/130)