CCL News

Services are now being presented over IPv6 in addition to our existing IPv4 connectivity. See the new Your IP Address section in the sidebar for an indication of the address from which we see your browser connecting.

The k4d4th.org and srmud.net domains have not had their registration renewed as of October. If anyone is interested in taking them over, I can renew and transfer them to you until Discount Domain Registry/OpenSRS/Tucows Inc. decides to return them to the available pool.

The new E-mail server, dagon.yuggoth.org, is a User-Mode Linux guest virtual server. Note that the SMTP/TLS, IMAPS and POP3S certificates are now signed by CA Cert (cacert.org), so you may see errors or warnings from your E-mail client upon connecting for the first time. You may also have to clear old cached ceritficates if your client does not handle this change gracefully. The new dagon mounts its /home via NFS from azathoth, and will will additionally be made available as symlinks from homedirs on cthulhu.

The new shell server, cthulhu.yuggoth.org, is a User-Mode Linux guest virtual server. The old shell server has been replaced with considerably more stable/redundant hardware to act as a shared host for multiple UML guests. Home directories are served from the host server via NFS and have been copied intact from the old shell server. When you connect, you will notice the server has a new RSA key fingerprint (48:c8:11:c2:96:31:57:5e:2a:9f:31:1b:fc:20:4b:f7). Delete the old key from your client's ~/.ssh/known_hosts first, if necessary.

Just a note that we're cleaning and reorganizing the lab. The build farm is going to be offline all weekend and there will be intermittent outages as equipment is relocated between racks. We'll also be replacing our NAT, which will definitely result in an IPA change making everything unavailable for a while. I'll upload a snapshot of the rig once maintenance concludes.

We finally caved. For now, any E-mail outbound to aol.com or netscape.com users is being routed through our ISP's MTA. Still suggest to your AOL/Netscape friends that they consider switching to a less fascist ISP or at least start using a free Webmail account somewhere.

A fun joke about Ashcroft and the USA Patriot Act has been added to the Geek Humor repository (patriot.txt).

We now have Debian/sid buildservers with woody chroots for the following ports/architectures: i386, m68k, sparc and mipsel. We also have hardware lined up for alpha, mips, hppa, hurd-i386, netbsd-i386, netbsd-alpha, and freebsd-i386. If anyone needs a development account one one or more of these or has a source package that needs to be built/tested, please let us know.

America On-Line, in an effort to curb SPAM, has ceased accepting SMTP connections from residential IP addresses. If you need to E-mail an AOL subscriber, suggest to them that they switch ISPs or get a free Webmail account from a less fascist company. You will likely see bounces like this:

SMTP error from remote mailer after initial connection: host mailin-01.mx.aol.com [152.163.224.26]: 550-The IP address you are using to connect to AOL is... a dynamic (residential) IP address. AOL cannot accept further e-mail transactions from your server until... your ISP removes your IP address from their list of dynamic IP addresses.

Hopefully enough AOL subscribers will complain about missed E-mail messages that this policy will be relaxed in the near future.

It's been over a year, but I finally got around to setting up a new Webmail system with SquirrelMail. Members, use your normal E-mail username and password to log in and give it a whirl. Let me know if you find any problems.

After roughly a week of random crashes, it looks like azathoth's problem was most likely overheating SDRAM. Even though it was registered ECC and showed no signs of trouble during POST, replacement seems to have eliminated the segfaults and kernel panics. Tonight I will be taking dagon down from 0100-0600 GMT both to upgrade it onto faster hardware and migrate data off a failing IDE drive (replacing it with Ultra-2 SCSI). Expect periodic disconnects and timeouts from mail-related services as the maintenance proceeds.

Due to an unforseen hardware failure, azathoth crashed around 1600 GMT. We are recovering now but do not expect to have the server back on line until 0000 GMT or later. No user data was lost but some operating system config files have to be restored from tape. In the meantime, ssh has been redirected to dagon, the mailserver, to give users a way to check their mail and get to the webserver.

The new drive array has finally been installed. The last vestiges of RedHat are finally off the network, replaced by Debian. I've imported everyone's homedirs and passwords, so the change should be transparent to most aside from the new host key. When SSHing in for the first time, you'll need to remove the old key from where ever your client stores it and verify the new key's fingerprint matches 2a:7d:3c:e5:8c:5c:38:98:3e:b1:cd:91:2b:00:e1:4e. As this is a fresh installation, it is likely there are some tools, docs, games, et cetera you are used to running that no longer exist. I've tried to get the major ones already, but if you're missing anything just E-mail root and I'll take care of it as quickly as possible.

We have a slew of pending hardware upgrades coming this weekend, which will result in sporadic service outages for the next few days. I was going to publish a detailed outage plan, but hey, this is my hobby after all. Shouldn't I be able to enjoy playing things by ear? It's more fun. I have to follow plans at work, so instead I'm going on pure intuition, kung-foo and cheap beer. I will post here again when the updates are completed.

A bitchx-ssl package finally made it into the official Debian repositories, so I have removed mine. The official packages default to unencrypted connections to the OPN servers, so to connect back here with them you'll need to bitchx -s irc.yuggoth.org 994 from now on.

And with the passing of one project another springs forth to take its place. A Debian package set for CircleMUD has been added to the CCL unofficial Debian repository. Have fun, expect frequent package updates, report bugs, not responsible if it corrupts your immortal soul, et cetera.

The Debian Sid packages for bitchx-dev-ssl, bitchx-gtk-ssl, bitchx-ssl and ircii-pana-ssl have been re-vamped and moved into an unofficial repository. You can either add the following lines to your /etc/apt/sources.list:

• deb http://www.yuggoth.org/debian-CCL unstable unofficial
• deb-src http://www.yuggoth.org/debian-CCL unstable unofficial

...or download them (binary-i386: HTTPS|HTTP|FTP, source: HTTPS|HTTP|FTP). If you're paranoid enough to be using these for IRCS then you should be paranoid enough to grab my source package and diff it against the official one. I can't promise it's bug-free, but it works flawlessly for me and my friends and it's rarely more than a couple days behind whatever's in Sid. The only modification I've made to the original source is to enable specifying SSL as a 6th field in the server string: bitchx server:port::::ssl

That hack only touches a handful of lines in server.c and one in server.h, but again I suggest you examine it yourself if you want to use it. Should allow mixing of IRC and IRCS servers in a single list. If you have any comments, questions or suggestions you can find fungi in #ccl on irc.yuggoth.org:994::::ssl or irc.yuggoth.org:6667 most of the time.

On a related note, thanks to B¦Z¤ñZ for a well-written mIRC SSL for Windows Tutorial.

Over the past week we've been working the kinks out of our new IRC server running the Open Projects Network ircd variant. Additions we've made are an SSL tunnel on the ircs port (994/tcp) thanks to stunnel and some hostname spoofing configs to effectively anonymize the client IPA/hostname from other users.

One problem that results from anonymization is an obvious inability to ensure someone is who they claim to be. To help with this, regular users are encouraged to register with our nickserv (/msg nickserv register PASSWORD) and set it to kick (/msg nickserv set kill on) anyone who uses that nick without authorization (/msg nickserv identify PASSWORD).

Note that the password for your nick will travel unencrypted over the Internet if you don't connect with an SSL-enabled IRC client. For UNIX users we recommend BitchX 1.0c18 configured --with-ssl (requires OpenSSL libraries). Since this can be hard to accomplish on older distributions like RedHat 6.2, a generous user has provided us with custom-compiled binary RPMs (available in /pub/irc/).

For Windows users many have had luck using the client mIRC with our modified version of the suidnet stunnel wrapper module (also available with instructions in /pub/irc/). Of course, an SSL wrapper will work just fine on either Windows or UNIX as well. For example, stunnel -c -d 6667 -r irc.yuggoth.org:994 will establish an encrypted tunnel with stunnel to which you can connect your IRC client by specifying a server address of 127.0.0.1 or localhost.

We can't vouch for the effectiveness of any of these programs and are not responsible if they do nasty things to your computer. Buyer beware, you get what you pay for, and all that jazz. If you need help or have other questions E-mail us or jump on #ccl and ask!

Well, libc6-2.2.4-2 brought us a lot of headache when it caused ithaqua to hang a little after 1100GMT Thursday. Then after a reboot, apache-ssl kept segfaulting on startup. A couple of Debian reinstalls, a hard drive replacement and a full tape restore later, nothing had improved. Close inspection of the Debian buglist revealed a libc6 update from early last week as the culprit and now Web services have been restored. Our apologies to anyone this may have inconvenienced. Mirrors should be re-synced by sometime tomorrow. If you notice anything out of the ordinary please let us know!

Mirrors of the Cypherpunks FTP archive, Jon Johansen's DeCSS, Tim May's Cyphernomicon, Cartome and Cryptome have been added under pub/crypto for those interested. If anyone has other resources they think should be mirrored, let us know. These are, as always, available via FTP, HTTP and HTTPS.

In light of last week's events we are battening down the hatches and preparing for the coming storm. Now more than ever, inevitable anti-anonymity, anti-crypto, anti-stego regulations are being discussed by our "elected" officials under the guise of homefront defense. You can already view most of our Web site content SSL-encrypted and we'll soon be setting up a renegade certificate authority to vouch for our own certs and those of anyone else who wants one signed. We'll offer SSL/TLS versions of most of our current services (Telnet, SMTP, DNS, HTTP, POP3, NNTP, IMAP, IRC) as well as general IPSec ESP and AH. Plans are also underway for an anonymizing HTTPS proxy and an anonymous remailer. Strong cryptography, steganography, anonymity and security auditing tools are not a threat to the people of the USA. They are merely a threat to those who would try to control our words and actions for their own personal gain. Technological tyranny is still tyranny and no revolution was ever won without a fight.

A few remaining bugs were rooted out and squished... A conflict between mod_layout and mod_ssl encouraged us to just go with straight PHP for layout. A new semi-virtual domain txt.yuggoth.org gets rendered without the fancy formatting and, with a splash of browser detection, we're now highly Lynx friendly as well! If anyone has any suggestions, send them our way.

Just a quick note... Over the past week our main site has been rewritten, replacing the SSI calls and BASH CGI scripts with PHP. Additionally, the sidebars have been redone to be modular and utilize mod_layout. Many bugs were fixed (the Java SSH client works again) and a lot of other cleanup work was done behind the scenes.

After several brief outages in www service and 14 hours of recompiling over the past week, httpd on shub-niggurath has been enhanced (Apache 1.3.19) with many useful modules. A few highlights...

mod_ssl: Now any URLs in the form https://www.yuggoth.org/* will be served up via SSL/TLS. Both DSA and RSA keys have been enabled for added flexibility and security. This doesn't work for virtual domains (https://something-else.yuggoth.org/*) but will still work for userdir URLs (https://www.yuggoth.org/~username/*). This was implemented in preparation for IMP and CyberCalendar, since I wanted members to be able to pass their authentication in an encrypted session. The certificates are "Snake Oil" signed right now and will be for a few weeks while I get a CA going here. Until then, you can ignore any warnings your browser might throw up--the session is still encrypted, you just can't be sure the server is who it claims to be.

mod_layout: A great tool for enforcing a consistent look and feel throughout your site, this module 'wraps' each affected page with any HTML of your choosing. The way it's configured, your easiest route to implemenation will be via .ht files. An example resides in shub-niggurath:~apache/html/.htaccess telling the server to insert header.php after the <body *> tag in each file within that folder and footer.php before each </body>. The CCL site will soon be redesigned to use mod_layout throughout, so you'll have a good example from which to start.

mod_php4: A very robust and industry standard server-side scripting language, its capabilities are far too numerous to mention here. MySQL has been added to enable PHP integration with a stable database backend. This is a popular and exceptionally powerful combination, and was also a prerequisite for IMP (part of the GNU Horde and our future replacement for Webmail).

The above are just a subset of the new features that have been added. For a full list, on shub-niggurath run '/usr/local/apache/bin/httpd -l' and consult each module's home page for usage instructions. If you're interested in how the server is configured, 'less /etc/httpd/conf/httpd.conf' for more detail.

Web and FTP services have been migrated to shub-niggurath for increased efficiency and security. Members with web pages will note that from azathoth 'ssh shub-niggurath' will log you in (your www root is in ~/public_html just as before) and 'scp filenames shub-niggurath:' will copy files to the new server. If you still need to ftp to azathoth from outside, 'ftp yuggoth.org 2021' should work, but only in active mode. Note that scp/ssh from outside still goes to azathoth by default.

And for added convenience, 'ssh -pPORT USERNAME@yuggoth.org' from outside will log you onto various hosts where USERNAME is your username and PORT corresponds to the server to which you wish to connect: azathoth=2022, shub-niggurath=2122 (more as they move into production in coming weeks). Please let me know if you have questions or you notice anything wrong!

I've decided to put a random password generator script I wrote onto ftp.yuggoth.org for any who care to play with it: http://ftp.yuggoth.org/pub/linux/applications/pwgen It's also installed as /usr/bin/pwgen on azathoth, dagon, hastur and shub-niggurath for quick access when changing passwords. It can generate seven types of passwords (including dictionary-based) with any length desired. For instructions, 'head -n20 /usr/bin/pwgen' and hopefully you can follow my notes. It's not the most efficient password generator out there nor the most robust, but it's written entirely in bash2 and is under 2.4KB, half of which is commentary and indentation.

Some have questioned the strength of the RAND function I use in pwgen, so I ran some quick stats. Over 94000 character picks (of 94 printable characters so the target would be precisely 1000 picks per character), the maximum variance was 9.2% and the average variance was 2.4%. This means there was a character with slightly less than a 0.1% chance of being picked less often than the others. I consider this to be suitable for random password generation, even if it's not perfect.

If anyone wants to see some other password types added or finds a bug (including obvious inefficiency in the algorithm) please let me know!

We've updated http://www.yuggoth.org/ccl.html adding, among other things, a weblog for our news updates. If you want to continue getting these updates by E-mail, respond to this message (we'll get around to setting up an ezmlm discussion group for it eventually). For the rest, the newest message will always show on http://www.yuggoth.org/ccl.html and all previous entries will be housed in http://www.yuggoth.org/news.html for historical purposes. If you notice any errors or want to suggest additions, let us know.

On Saturday (20010310) I replaced named on azathoth with two instances, one on shub-niggurath and another on dagon. I used 9.1.1rc3 and configured them for split zones so the proper IPAs are served to internal hosts and external hosts alike. In doing so, I set up shub-niggurath as a silent master to ns[12].granitecanyon.com and ns[15].zoneedit.com so that I can make updates locally for external zones. All this was driven by centralinfo.com's decision to stop supporting free DNS services, requiring me to change provider. I decided using two different free services would increase our reliability but would be unwieldy if not centrally managed, thus the current solution. If anyone notices any problems, please report them immediately.

Last Sunday (20010304) I configured xntpd on azathoth to synchronize with clock1.unc.edu and set the rest of yuggoth.org to sync to azathoth. I have forwarded 123/tcp and 123/udp inward from the NAT to allow anyone who wants to sync with us via NTP to do so. And if you just want to check the time, 'telnet ntp.yuggoth.org daytime' to get a human-readable string in EST/EDT.

According to the USNO's convenient Web site (http://www.usno.navy.mil/cgi-bin/millennium/TimeCheck.pl), hastur (my workstation syncing to azathoth) claims to be less than a second off from the atomic clocks (you have to reload a few times to get an accurate result).

This weekend I've replaced my custom-hacked tar script with afbackup (http://www.muc.de/~af/software.html), a robust and efficient open-source client/server backup system. The benefits over our old system are as follows:

• slightly more reliable
• completes full cycle far more quickly
• spans entire network (not just azathoth anymore)
• users can restore their own files (man /usr/local/afbackup/client/man/man8/afrestore.8)

Instead of daily full backups, we're generating weekly fulls (0400EST Sunday) and daily incrementals (0400EST Monday-Saturday). As soon as I'm satisfied with performance, I'm probably going to switch that to monthly fulls, daily differentials and hourly incrementals instead.

This change was necessary to acommodate migrating essential services (www, ftp, mail) from azathoth to dagon and shub-niggurath. I needed a reliable backup of all hosts on our network and this package was the best fit. Once I'm happy with stability and have finished load testing, I will transfer all pertinent user files (~/public_html) and officially point www and ftp at shub-niggurath (hopefully some time later this week).

Let me know if you have any problems...

The first reboot of cyaegha resulted in one very dead HDD. Three hours later and I've rebuilt it on a slightly smaller (425MB instead of 512MB) drive. On the up side, careful fsck'ing, substitution of alternate superblocks and a little disk tipping means that I was able to copy over my old apps and configs with minimal hassle. And thanks to Dante and Jon, physical RAM has doubled from 16MB to 32MB in the past two weeks.

All this was precipitated by my interest in adding Snort, an open-source intrusion detection system (http://www.snort.org), which I have been testing for the past week and will post progress notes on soon.

Tonight I will be testing replacement RAM for cyaegha, whose reboots will result in several brief connectivity outages between now (2130EST) and midnight EST. The chance of a new IPA being issued is slim, but present. If you get disconnected simply retry in a few minutes. I will send an update once the testing has completed.

Time Warner was dinking with our cable service starting at midnight last night. Cable was basically unwatchable, but I didn't think to check the network connection until I awoke this morning. Because the DHCP server changed before time for lease renewal (we were moved to a different IP block entirely), dhclient on cyaegha started getting confused: dhclient: DHCPREQUEST on fxp0 to 24.93.67.64 port 67
dhclient: send_request/send_packet: No route to host I'm unsure as to why it never reattempted a DHCP broadcast request. A manual restart of the outside interface would likely have fixed the problem, however, I took advantage of the situation to add a much needed 8MB of RAM to cyaegha, bringing it up to a total of 24MB (it was dipping about 5-6MB into swap before, so more would be welcome if anyone has another two 8MB or larger FP or EDO 72-pin SIMMs collecting dust somewhere so I could get it up to a cool 32MB or more).

As mentioned before, our externally resolvable IPA was moved from the 24.0.0.0/8 Class A block (24.162.224.133) to the 66.0.0.0/8 block (66.26.48.151). DNS records for yuggoth.org and k4d4th.org were updated immediately and should be resolving correctly most places by now (I keep short timeouts for instances such as this). I also updated azathoth:/etc/ftpaccess to use cyaegha's new external IPA for passive FTP negotiation. I can't think of anything else I haven't automated that still has to change, but if something's not working I likely overlooked a config file somewhere. Please let me know immediately if anything isn't functioning the way it used to.

For the moment everything has been tested and appears to be working. Any mail deliveries attempted in the past 12 hours could possibly be delayed for as much as another 12-24 hours, but current mail is arriving again. On a related note, if anyone with a static IPA wants to offer secondary MX for our domains, let me know. As soon as I can add DSL here, I'll be doing redundant MX (and NS again finally) myself.

And as always, if there's any service not offered here that you're interested in, let me know. I have quite a few additions planned (IRC, NNTP, better webmail interface, et cetera), but I'm waiting until I can migrate SMTP/IMAP/POP to dagon and HTTP/HTTPS/FTP/webmail to shub-niggurath so that I can overhaul azathoth completely. I've already built the machines and installed their OSes, and I'm likely to be getting around to moving services while I'm on vacation this week.

One service that has been added, however, is SSH2 protocol support with DSA key auth for anyone who's interested. Just ssh-keygen -d on each end and use the -v option with ssh to at least be sure you can see it using DSA instead of RSA, just as a confirmation. Requires OpenSSH 2.3 or any other client that supports SSH2/DSA.

The installation went fairly well. Since cyaegha normally has no floppy drive, it took me a while of playing in the BIOS config to figure out what all I had turned off to get the thing to boot properly, turn it all back on and get a loose floppy drive working. Then, it turns out 2.8 had a bit of trouble with my SIS brand 1MB PCI VGA, quickly remedied by the section in INSTALL.i386 entitled "SPECIAL CARE FOR PCI BIOS."

A default installation ensued. I selected "y" when asked if I wanted to use the entire drive for OpenBSD (it's only a 512MB IDE model, so there's no room for anything else anyway). I kept the following partition table: wd0a 64MB / wd0b 64MB swap wd0d 256MB /usr wd0e 64MB /var wd0f 32MB /tmp wd0g 32MB /home I did an FTP install from azathoth, choosing no X support and adding the comp28.tgz component. The entire installation took roughly 20 minutes on a slow P100/16MB machine. Quick config to turn on IPF and NAT, addition of a normal user account, installation of bash2 and portsentry, a reboot and all was completed within 30 minutes. Of course, only time will tell if the increased stability claims are warranted...

Let me know immediately if any of you experience any problems!

A complete service outage will occur tomorrow, Saturday, 20001202 from 1200-1400GMT (0800-1000EST) to facilitate an upgrade. Since I will be reinstalling hastur with OpenBSD 2.8 from a local FTP mirror and the current configuration files will be copied back on with no appreciable changes, I expect the outage to actually be far shorter than 2 hours. There is a chance that hastur's IPA will change from 24.162.224.133 to something else in 24.162.224.0/23 (though I am doing everything in my power to reduce this chance as much as possible). In this event, I will change the appropriate DNS records at centralinfo.net to reflect the correct address immediately. Should this happen, remember to allow for your DNS cache timeout which could linger slightly beyond the scheduled outage window.

Just in case anyone wants it, I have made available an i386 install mirror of OpenBSD 2.8 (thanks to the magic of rsync) on ftp in /pub/OpenBSD/2.8

Many of you may have noticed a service outage statring sometime before midnight and stretching until 1530EST on Tuesday. This was due to a system crash on cyaegha (our network gateway)... the third crash since it was installed a couple of months ago. As far as I can tell this is a known issue with OpenBSD 2.7 and a patch to fix it does exist, but since it's fixed in 2.8 I'm going to see if we can weather it for another week. I'm planning a scheduled outage in the morning a week from this Saturday, 200012021300-200012021500 or so [GMT], to upgrade cyaegha to OpenBSD 2.8 final. Also note that OpenBSD 2.8 will be mirrored on ftp.yuggoth.org starting sometime on 12/01 at which point the 2.7 mirror will be dismantled to conserve space. Of course, all this is dependent on the OpenBSD Dev Team holding fast to their release schedule. More to come.

Some of you may have noticed several brief outages this morning between 9am and noon EST. We've added a new domain, yuggoth.org, which is synonymous and interchangeable with k4d4th.org in every way. Default outbound E-mail addresses for most console-based mail clients will show as username@yuggoth.org unless otherwise configured by you. Anyone who needs help with this, just let me know. All the old E-mail addresses and URLs will still work fine, so you're welcome to use whichever you prefer.

I have the i386 glibc Linux installation files for OpenOffice (formerly Sun StarOffice) 6.0 and Mozilla (Netscape Development) Milestone 18 mirrored at ftp in /pub/linux/applications for those of you who may be having trouble getting to the official sites.

I've added an intrusion detection system to c143g4 (the new firewall) which has, as it's primary purpose, the ability to block all network access from outside hosts suspected of performing vulnerability scans. The upshot of this is that if you attempt to connect to one of the trigger ports, all subsequent connections from your machine will be blocked. I'll get an E-mail and investigate pretty quickly, so if one of you accidentally sets it off I can fix things easily. The trigger ports to avoid are as follows: TCP: 1, 7, 9, 11, 15, 70, 111, 138, 139, 512, 513, 514, 515, 540, 635, 1080, 1524, 2000, 2001, 4000, 4001, 5742, 6000, 6001, 30303, 32771, 32772, 32773, 32774, 31337, 40421, 40425, 49724, 54320 ...and: UDP: 1, 7, 9, 66, 67, 68, 69, 111, 137, 138, 161, 162, 474, 513, 517, 518, 635, 640, 641, 666, 700, 2049, 32770, 32771, 32772, 32773, 32774, 31337, 54321 If you think you may accidentally have blocked yourself from access for any reason, you can E-mail me at work since attempting to send mail to my address here will inevitably time out.

I set wuFTPd to use passive ports 15000-15099 and redirected these from the firewall. I've tested it from my office and everything is working fine, but this will limit ftp.k4d4th.org to 100 concurrent passive transfers (though the number of actives is still unbound).

As a side note, the online connectivity logs have been taken down for now. Since 4z4th0th is no longer plugged directly into the internet these logs would not be accurate. And once we have separate www and mail servers, these logs would also be nearly useless. I'll probably be putting up a NetSaint monitoring page shortly (looks a lot like What's Up Gold for those of you who are familiar with it) which is much better in the eyecandy department and also much more flexible for connectivity/host monitoring anyway...

Let me know if anything else looks broken!

Due to a clerical oversight on our part, our electricity lapsed for a 24-hour period between roughly noon on Thursday (200010051200EDT) and noon on Friday. We took advantage of this outage to install an OpenBSD-based NAT and firewall. This step was necessary as we plan to soon spin www and mail off onto their own servers. Everything appears to be working now, except for inbound passive mode FTP. (For those of you who understand the difference between passive and active FTP, no explanation is necessary; for the rest, none is possible.) The upshot of this is that FTP from most web browsers to our servers will no longer work correctly. Most robust FTP clients should have no problem with this however (particularly since they all tend to default to active anyway). If anyone notices anything that used to function but no longer does, please let me know. Additionally, any requests/suggestions will be more than welcome.

I may move Webmail services below port 6000, since the borderguard at Foveon allows inbound from ports up to 5999 but not from 6000 and over (fairly typical from what I understand). The link on /ccl.shtml will be updated accordingly when that happens... Soon, however, I'm going to install Imp from the GNU Horde, which looks more functional than Webmail anyway. Then users will have a choice, at least until I decide to stop supporting Webmail and make all the stragglers move to Imp. Heh.

For those interested in what has for years been called the most addictive waste of time ever, NetHack 3.3 has been installed and tested recently on 4z4th0th. There is a sample configuration file in /usr/games/lib/nethackdir/dot.nethackrc and the heavily modified one I use is copied there as /usr/games/lib/nethackdir/.nethackrc which has things set up the way I usually like them (for example, using the number pad 12346789 rather than bjnhlyku for movement, though on my laptop I have to switch back--no number pad with my keyboard). Just copy it into your $HOME, pico .nethackrc until you have the settings you think you want, and then just run /usr/games/nethack and follow the prompts. ? will pull up the help and / will help you identify what's on the screen. There is a brief manpage-style doc /usr/games/lib/nethackdir/nethack.txt which has brief syntax listings for the command-line options (which are really not particularly necessary unless you hate editing .nethackrc) and the Guidebook is available as /usr/games/lib/nethackdir/Guidebook.txt though it is also available within the game from the ? screen. Have fun.