[TESTING] TinkerDifferent.com Retro Proxy

eric

eric

Administrator
Staff member
Sep 2, 2021
1,160
1,957
113
MN
bluescsi.com
Three retro protocols:

Web: http://tinkerdifferent-test.scsi.blue/ (just temp on my domain for testing)
Gopher: gopher://tinkerdifferent-test.scsi.blue:70/
BBS: telnet tinkerdifferent-test.scsi.blue 6502

Well I was nerd sniped so I decided to pick this back up today and finish it. I want to note this all works so well because we don't put images, files, etc behind a login so this has access to everything.

What I need from you:

Test it on actual old browsers, what works! what doesn't! What features would you want added?

What works:
  • Fetches directly from tinkerdifferent.com
  • Converts to HTML 3.2 table based for vintage browsers
  • Text only mode for lynx
  • Pictures
    • Off by default, B&W Dithered for classic macs, 640x480 for color computers.
    • Inline or click to view settings
  • Attachments proxied
  • 90's Themes
    • HotWired, phpBB, Geocities, Slashdot, Windows 3.1, hotdog stand, Mac
  • Content that works
    • Forum/thread browsing with pagination
    • Search
    • Profiles with avatars
    • Post reactions
    • Polls and results
    • Bookmark Threads
  • Unicode to ascii
  • emoji to text description
  • External links are proxied via FrogFind
  • Native HTTP friendly domains bypass http proxy (eg macintoshgarden.org)
  • Visit counter
  • Rate limits per IP
  • Settings stored in cookies.
  • Browsers Working/Tested
    • Netscape 3
    • Netscape 2.02
    • Internet Explorer 3.0
    • IE 6
    • Courier
    • Newt’s Cape
    • MacWeb (black bar on initial load till resize, slow)
    • Wii U Web Browser
    • You tell me!
So what does it look like? Here's a few screen shots from my Quadra 700 - it feels very fast even with images
 

Attachments

  • IMG_7741.jpeg
    IMG_7741.jpeg
    2.1 MB · Views: 47
  • IMG_7742.jpeg
    IMG_7742.jpeg
    1.8 MB · Views: 52
  • IMG_7743.jpeg
    IMG_7743.jpeg
    1.9 MB · Views: 40
  • IMG_7744.jpeg
    IMG_7744.jpeg
    2.3 MB · Views: 40
  • IMG_7745.jpeg
    IMG_7745.jpeg
    1.8 MB · Views: 39
  • IMG_7746.jpeg
    IMG_7746.jpeg
    2.1 MB · Views: 35
  • IMG_7747.jpeg
    IMG_7747.jpeg
    2 MB · Views: 33
  • IMG_7748.jpeg
    IMG_7748.jpeg
    2.1 MB · Views: 29
  • IMG_7749.jpeg
    IMG_7749.jpeg
    2.1 MB · Views: 29
  • IMG_7750.jpeg
    IMG_7750.jpeg
    2.7 MB · Views: 43
Last edited:
  • Like
  • Love
  • Wow
Reactions: David Cook, mac27, Byte Knight and 9 others
eric

eric

Administrator
Staff member
Sep 2, 2021
1,160
1,957
113
MN
bluescsi.com
splorp said:
It conks out with a “headSpec” error … maybe something to do with a malformed HTTP header?
Click to expand...
I pushed a change to remove/modify three headers: charset=utf-8 from Content-Type, remove Server header, and remove Via header. Please try again, there's not much left in the headers now.
 
  • Like
Reactions: JDW
eric

eric

Administrator
Staff member
Sep 2, 2021
1,160
1,957
113
MN
bluescsi.com
My plan for the actual "retro" version of this site is to host it on "retro.tinkerdifferent.com" - this will mean it will _not_ be accessible via modern browsers. Modern browsers use HSTS to protect you from accidentally being tricked into going to an http site for a domain that only serves over https.

Of course retro browsers have no idea what this is and ignore it. But I see no reason to have someone use TinkerDifferent at a coffee shop and get MITM'd.

But... of course it's fun to browse this site on modern machines too - we could do one of two things:

I can run it on a random domain i have like I am now with no HSTS setup.
or
Buy another TD top level domain and host it there with no HSTS.

With all that said, do we allow logins and posting? Technically it's trivial, but very unsafe. Could maybe find a way to have a token in xen that you could set to be logged in but that would be a lot more work. I know I just said all that above about security, but that is the entire user base security. If you want to proxy your username/password then that different.

I donno, all just some thoughts before I head to bed.
 
JDW

JDW

Administrator
Staff member
Founder
Sep 2, 2021
2,539
1,986
113
54
Japan
youtube.com
Short video showing my first test of the Retro Proxy on my 16MHz 68000 processor Macintosh Portable running System 7.5.5 and MacTCP, 5MB RAM, with MacWeb 2.0. (I later tested in S7.1, and while the load time was the same, version 2.0c fixes the black problem mentioned in my video below.) First load into browser took 3 minutes 45 seconds.

 
S

Slimes

Tinkerer
Jul 26, 2023
45
32
18
I will happily take the security risk. Just put up a warning or something. If you are using the old password input style the msg-box can be labelled with a warning.

Not to mention re-using passwords is a really bad idea anyway, so worst case scenario seems to me to be snagging an email address, getting a user banned, faking a trading post sale, or something similar. This is highly unlikely if used from home. Given that endpoint security is a huge risk anyhow, I don't see any reason to be too be overly concerned.

Hopefully everyone here uses reasonable security practices anyhow...
 
  • Like
Reactions: eric
eric

eric

Administrator
Staff member
Sep 2, 2021
1,160
1,957
113
MN
bluescsi.com
It's a bit odd it takes so long to re-draw, I donno if mac web is so old that even tables are hard for it to render? I could add in a "flat" version with no tables to see if that's faster. Also I've made a gopher site, which is probably more suited for that vintage of computer browsing.

I added a telnet bbs style site almost working which would be the minimum (just the raw text) which should be pretty fast, and it pages so you only get 24x80 max bytes at a time. telnet tinkerdifferent-test.scsi.blue 6502

@XodiumLabs tested on IE6:
1767545162099.png
 
  • Like
Reactions: JDW
eric

eric

Administrator
Staff member
Sep 2, 2021
1,160
1,957
113
MN
bluescsi.com
Slimes said:
I will happily take the security risk. Just put up a warning or something. If you are using the old password input style the msg-box can be labelled with a warning.

Not to mention re-using passwords is a really bad idea anyway, so worst case scenario seems to me to be snagging an email address, getting a user banned, faking a trading post sale, or something similar. This is highly unlikely if used from home. Given that endpoint security is a huge risk anyhow, I don't see any reason to be too be overly concerned.

Hopefully everyone here uses reasonable security practices anyhow...
Click to expand...
I agree - have a big warning saying "ya you're gonna expose yourself" and heck maybe even make a call to "have i been pwned" to check if your re-using your banks password and reject it. I'll come up with something as reading is neat, but posting is neater. Also probably reject any Admin or mod accounts outright. And no DM support.
 
  • Like
Reactions: JDW
eric

eric

Administrator
Staff member
Sep 2, 2021
1,160
1,957
113
MN
bluescsi.com
eric said:
Login works, posting works, reply works, liking works.
Admin/mod can not login via this.
Passwords are checked (securely via hash) on haveibeenpwned before login and reject if reused (sorry stop using the same passwords everywhere)
Click to expand...
Quote from retro proxy works now, and I added some marquee's around. ~~they wont work on a modern browser sadly!~~ actually they do work in modern browsers, mine just had "reduce motion" set, not sure why!
 
Last edited:
ScutBoy

ScutBoy

Administrator
Staff member
Founder
Sep 2, 2021
357
343
63
Northfield, MN USA
I just tried the telnet connection and it seems to work OK. I'm assuming no login is on purpose or not implemented yet, but it brings me back to my old Zmodem days!
 
  • Like
Reactions: eric
You must log in or register to reply here.
Top Bottom