Hsiao & Hunter, Inc.’s GIF News

While trolling through the internet archive I stumbled onto this ‘zine from back in the day, ‘gif news’.  I think it’s kind of interesting in a way, back from the time of dialup BBSes, although later in 1991 it did become available over the internet, but It’s original issue as below was availbale over dialup.  The early collection is here.

Domo Arigato! Thank-You! Gracias! Merci! Sheh-Sheh!

For taking the time to download the first 1990 issue of GIF News. I’d like to wish everyone a happy new year/decade! May the 90’s bring good fortune to everyone who reads GIF News. This issue has articles on: The Eighties, The Colonel’s Bequest, VGA Games, sound cards, and more!

And behold.

 

Of course it is reminiscent of web pages.  Back in the day, various online services wanted this kind of look and feel for news, and in some ways this news paper folio design carries on today.  Although this kind of thing may not have caught on, much like offline readers, everyone wants a live feed.  And we are so lucky living in the iPhone world, when we went from shitty annotated, and cut down websites, to having hand held computers that rival some desktops, but also a significantly fast enough internet connection.

I don’t think I would have bothered trying to setup something like this back in the day, but the barrier for random posts, much like this thanks to things like wordpress sure lowers that barrier, and a random thought can become a post, as easy as 1-2-3!

Setting up an SRX branch office

SRX 210

This is more of a placeholder for now.  Basically I needed a real gateway, with updates new code etc etc.

So as reference a few links

So using that as a starting point let’s cook up a config:

set version 12.1X46-D66.1
set system host-name srx210be
set system time-zone UTC+8
set system root-authentication encrypted-password 50m3th1nG
set system name-server PUBLIC_DNS1
set system name-server PUBLIC_DNS2
set system services ssh
set system services dhcp-local-server group g1 interface ge-0/0/1.0
set system syslog archive size 100k
set system syslog archive files 5
set system syslog user * any emergency
set system syslog file messages any critical
set system syslog file messages authorization info
set system syslog file interactive-commands interactive-commands error
set system ntp server 17.253.84.253
set interfaces ge-0/0/0 unit 0 family inet address PUBLIC_IP/30
set interfaces ge-0/0/1 unit 0 family inet address 192.168.1.1/24
set routing-options static route 0.0.0.0/0 next-hop PUBLIC_GW
set protocols lldp interface ge-0/0/1.0
set security alarms audible
set security alarms potential-violation policy destination-ip
set security alarms potential-violation replay-attacks
set security screen ids-option untrust-screen icmp ping-death
set security screen ids-option untrust-screen ip source-route-option
set security screen ids-option untrust-screen ip tear-drop
set security screen ids-option untrust-screen tcp syn-flood alarm-threshold 1024
set security screen ids-option untrust-screen tcp syn-flood attack-threshold 200
set security screen ids-option untrust-screen tcp syn-flood source-threshold 1024
set security screen ids-option untrust-screen tcp syn-flood destination-threshold 2048
set security screen ids-option untrust-screen tcp syn-flood timeout 20
set security screen ids-option untrust-screen tcp land
set security nat source rule-set trust-to-untrust from zone trust
set security nat source rule-set trust-to-untrust to zone untrust
set security nat source rule-set trust-to-untrust rule source-nat-rule match source-address 0.0.0.0/0
set security nat source rule-set trust-to-untrust rule source-nat-rule then source-nat interface
set security nat static rule-set rs1 from zone untrust
set security nat static rule-set rs1 rule SSH match destination-address PUBLIC_IP/32
set security nat static rule-set rs1 rule SSH match destination-port 2022
set security nat static rule-set rs1 rule SSH then static-nat prefix 192.168.1.5/32
set security nat static rule-set rs1 rule SSH then static-nat prefix mapped-port 22
set security nat static rule-set rs1 rule QuakeWorld match destination-address PUBLIC_IP/32
set security nat static rule-set rs1 rule QuakeWorld match destination-port 27500
set security nat static rule-set rs1 rule QuakeWorld then static-nat prefix 192.168.1.7/32
set security nat static rule-set rs1 rule QuakeWorld then static-nat prefix mapped-port 27500
set security nat static rule-set rs1 rule WEB match destination-address PUBLIC_IP/32
set security nat static rule-set rs1 rule WEB match destination-port 8080
set security nat static rule-set rs1 rule WEB then static-nat prefix 192.168.1.6/32
set security nat static rule-set rs1 rule WEB then static-nat prefix mapped-port 443
set security nat static rule-set rs1 rule HECNet match destination-address PUBLIC_IP/32
set security nat static rule-set rs1 rule HECNet match destination-port 5500
set security nat static rule-set rs1 rule HECNet then static-nat prefix 192.168.1.5/32
set security nat static rule-set rs1 rule HECNet then static-nat prefix mapped-port 5500
set security policies from-zone trust to-zone untrust policy trust-to-untrust match source-address any
set security policies from-zone trust to-zone untrust policy trust-to-untrust match destination-address any
set security policies from-zone trust to-zone untrust policy trust-to-untrust match application any
set security policies from-zone trust to-zone untrust policy trust-to-untrust then permit
set security policies from-zone trust to-zone trust policy trust-to-trust match source-address any
set security policies from-zone trust to-zone trust policy trust-to-trust match destination-address any
set security policies from-zone trust to-zone trust policy trust-to-trust match application any
set security policies from-zone trust to-zone trust policy trust-to-trust then permit
set security policies from-zone untrust to-zone trust policy SSH_Server match source-address any
set security policies from-zone untrust to-zone trust policy SSH_Server match destination-address 192.168.1.5/32
set security policies from-zone untrust to-zone trust policy SSH_Server match application tcp_2022
set security policies from-zone untrust to-zone trust policy SSH_Server match application tcp_22
set security policies from-zone untrust to-zone trust policy SSH_Server then permit
set security policies from-zone untrust to-zone trust policy QuakeWorld match source-address any
set security policies from-zone untrust to-zone trust policy QuakeWorld match destination-address 192.168.1.7/32
set security policies from-zone untrust to-zone trust policy QuakeWorld match application udp_27500
set security policies from-zone untrust to-zone trust policy QuakeWorld then permit
set security policies from-zone untrust to-zone trust policy WebServer match source-address any
set security policies from-zone untrust to-zone trust policy WebServer match destination-address 192.168.1.6/32
set security policies from-zone untrust to-zone trust policy WebServer match application tcp_8080
set security policies from-zone untrust to-zone trust policy WebServer match application tcp_443
set security policies from-zone untrust to-zone trust policy WebServer then permit
set security policies from-zone untrust to-zone trust policy HECNet match source-address any
set security policies from-zone untrust to-zone trust policy HECNet match destination-address 192.168.1.5/32
set security policies from-zone untrust to-zone trust policy HECNet match application udp_5500
set security policies from-zone untrust to-zone trust policy HECNet then permit
set security zones security-zone trust address-book address 192.168.1.7/32 192.168.1.7/32
set security zones security-zone trust address-book address 192.168.1.6/32 192.168.1.6/32
set security zones security-zone trust address-book address 192.168.1.5/32 192.168.1.5/32
set security zones security-zone trust host-inbound-traffic system-services all
set security zones security-zone trust host-inbound-traffic protocols all
set security zones security-zone trust interfaces ge-0/0/1.0
set security zones security-zone untrust interfaces ge-0/0/0.0
set access address-assignment pool dhcp-pool family inet network 192.168.1.0/24
set access address-assignment pool dhcp-pool family inet range range1 low 192.168.1.130
set access address-assignment pool dhcp-pool family inet range range1 high 192.168.1.190
set access address-assignment pool dhcp-pool family inet dhcp-attributes maximum-lease-time 86400
set access address-assignment pool dhcp-pool family inet dhcp-attributes name-server PUBLIC_DNS1
set access address-assignment pool dhcp-pool family inet dhcp-attributes name-server PUBLIC_DNS2
set access address-assignment pool dhcp-pool family inet dhcp-attributes name-server 8.8.8.8
set access address-assignment pool dhcp-pool family inet dhcp-attributes router 192.168.1.1
set applications application tcp_8080 protocol tcp
set applications application tcp_8080 destination-port 8080
set applications application tcp_2022 protocol tcp
set applications application tcp_2022 destination-port 2022
set applications application tcp_22 protocol tcp
set applications application tcp_22 destination-port 22
set applications application udp_27500 protocol udp
set applications application udp_27500 destination-port 27500
set applications application tcp_443 protocol tcp
set applications application tcp_443 destination-port 443
set applications application udp_5500 protocol udp
set applications application udp_5500 destination-port 5500

So let’s go through the mess.

To start, the SRX has a static internet connection, which we are going to NAT our internet traffic out of.  Our home LAN is a simple 192.168.1.0/24 network, and I decided to use both of the gigabit Ethernet ports on the SRX to connect to the WAN and LAN.  If it matters, on the LAN side, I have a gigabit Ethernet switch with all my servers being on a VMWare server which is in turn using LACP.  But that’s neither here nor there, we want to configure the WAN.

I’ll need to walk backwards, but basically you want to configure the physical ports first, although if you have modern enough kit, auto detection will basically ‘work out of the box’.  I don’t need any VLANs for this as I’m not giving anyone external interactive access to anything so I don’t need or care for a traditional DMZ.  I’m trying to keep this one simple.

You will have to initially set a password for the root user, and it is done clear text.  Naturally this isn’t my password, and I hope it isn’t yours either. Also we can go ahead and put in the IP addresses.

set system root-authentication encrypted-password 50m3th1nG
set interfaces ge-0/0/0 unit 0 family inet address PUBLIC_IP/30
set interfaces ge-0/0/1 unit 0 family inet address 192.168.1.1/24
set routing-options static route 0.0.0.0/0 next-hop PUBLIC_GW
set protocols lldp interface ge-0/0/1.0

With this fragment configured, and if your WAN is all working you can now ping out over the internet.  Very simple, right?
root@srx210be> ping 4.2.2.4 count 3
PING 4.2.2.4 (4.2.2.4): 56 data bytes
64 bytes from 4.2.2.4: icmp_seq=0 ttl=57 time=39.556 ms
64 bytes from 4.2.2.4: icmp_seq=1 ttl=57 time=39.501 ms
64 bytes from 4.2.2.4: icmp_seq=2 ttl=57 time=39.314 ms

With basic internet connectivity established it’s time to create some basic rules, and NAT.  The first thing to do is establish some security zones.  As I have imagination they are simply called trust and untrust.
set security zones security-zone trust interfaces ge-0/0/1.0
set security zones security-zone untrust interfaces ge-0/0/0.0

Next I allow all the inbound system services on the trust interface (internal).  In more sophisticated setups you would have a management network that this would sit on that was access restricted, but I’m still trying for that old branch office restricted feel.
set security zones security-zone trust host-inbound-traffic system-services all
set security zones security-zone trust host-inbound-traffic protocols all

Now for the nat statements.  Simple stuff the magic is in the direction
set security nat source rule-set trust-to-untrust from zone trust
set security nat source rule-set trust-to-untrust to zone untrust
set security nat source rule-set trust-to-untrust rule source-nat-rule match source-address 0.0.0.0/0
set security nat source rule-set trust-to-untrust rule source-nat-rule then source-nat interface

And our security policies.  This simply lets anything on the trust network flow between them, say if I add static routes on the SRX to bounce somewhere else it will be needed.  And I’m allowing trust to talk to anything on the untrust network.  Of course you can actually put in a policy that ONLY allows for registered IP space.  Probably the reasonable thing to do later.
set security policies from-zone trust to-zone untrust policy trust-to-untrust match source-address any
set security policies from-zone trust to-zone untrust policy trust-to-untrust match destination-address any
set security policies from-zone trust to-zone untrust policy trust-to-untrust match application any
set security policies from-zone trust to-zone untrust policy trust-to-untrust then permit
set security policies from-zone trust to-zone trust policy trust-to-trust match source-address any
set security policies from-zone trust to-zone trust policy trust-to-trust match destination-address any
set security policies from-zone trust to-zone trust policy trust-to-trust match application any
set security policies from-zone trust to-zone trust policy trust-to-trust then permit

And now you should be able to access the internet from the inside.

Now this is good fun, but what about hosting applications? So say I have this QuakeWorld server, how do I NAT it?

First we have to build a NAT rule. This would also let us put it on a different port, if we needed to, however 27500 is available on both the outside and inside, so the values just match.

set security nat static rule-set rs1 rule QuakeWorld match destination-address PUBLIC_IP/32
set security nat static rule-set rs1 rule QuakeWorld match destination-port 27500
set security nat static rule-set rs1 rule QuakeWorld then static-nat prefix 192.168.1.7/32
set security nat static rule-set rs1 rule QuakeWorld then static-nat prefix mapped-port 27500

Now we need to build a firewall rule. Notice that the destination is the internal private address. If the port were different you need to list BOTH ports in the rule.

set security policies from-zone untrust to-zone trust policy QuakeWorld match source-address any
set security policies from-zone untrust to-zone trust policy QuakeWorld match destination-address 192.168.1.7/32
set security policies from-zone untrust to-zone trust policy QuakeWorld match application udp_27500
set security policies from-zone untrust to-zone trust policy QuakeWorld then permit

We need to build the address book.

set security zones security-zone trust address-book address 192.168.1.7/32 192.168.1.7/32

And finally define the application

set applications application udp_27500 protocol udp
set applications application udp_27500 destination-port 27500

And now we are hosting an application on the internet!

From there I added fun things like DHCP, some basic security features of the SRX. It’s not a great config, but It’ll get you going.

Summer Steam Sales…..

I almost wish I could get this into games…

If you’ve never played Fallout, I’d highly recommend it.  No not that fallout, the old one. The original one.  Although not currently on sale, it is on GOG as well.  As the video mentions though, Fallout 3 was ‘ok’ but kind of un-remarkable.  New Vegas was head and shoulders above, and 4.. well.. it’s best to pretend it never happened.

I guess whatever drama was behind selling the original version has been finally cleared up and it’s everywhere now.

I also thought it was somewhat worth mentioning that You can browse Moby games by system requirements, so you can easily find all the ‘Direct X 3‘, and ‘Direct X 5‘ games.  There never was a Direct X 4.  I did kind of enjoy ‘The Hive‘, although I never had enough time to finish it.  I guess in that sense though it is significant as it is one of the handful of early first Direct X games.

Fallout MS-DOS over Windows 95

There was an MS-DOS version, along with MacOS 7 version, albeit for the PowerPC.  The MacOS version doesn’t run under emulation.  It was later carbonized for early OS X, which again is PowerPC only.  I haven’t tried it on OS X 10.6, the last version of OS X that included Rosetta.

You can find the MS-DOS exe / patches on kaneoheboy.com The GOG version for Mac OS X used to the MS-DOS version in DOSBox, however it’s been updated to the Windows version to use WINE.  On my machine the default launcher for STEAM and GOG don’t work, however the ‘classic’ launcher works fine.  If you get the black screen, then you too have to run the low resolution version.

For whatever reason, my Windows 95 + Direct X 7.0a won’t run Fallout.  Very strange, but the helpful message:

Oh well.

Using Voodoo 2 emulation with PCem / 86Box

I’ve never had a Voodoo card before, I had was the Sierra Screamin’3D Rendition Verite 1000, which came with it’s own drivers that set the whole thing up. As always work got in the way of fun, and I missed out on the whole Direct X thing on Windows 95, as I was busy working on MS SQL on Windows NT, where hardware OpenGL cards were the way to go.

But thanks to emulation we can re-live the pain!

I setup emulation for an Intel Advanced/EV board, with an Intel Pentium Overdrive CPU at 166Mhz (my machine can handle that easily with the new builds!), 32MB of RAM, and a Phoenix S3 Trio32 video card set as Fast VLB/PCI.  After that toogle Voodoo Graphics, set the card model to the Voodoo2 , and bump up the RAM to 4MB, because we live in the future!

Also I should mention, that much like real hardware, it is best to go into the BIOS (F1 to enter BIOS setup) and make some changes, disable the built in audio card, serial and parallel ports.

And make sure the board is set to use the ICU with Windows 95 Plug & Play support.

To go from old, I installed Windows 95 from virtual floppies.  Its the oldest/smallest retail version of Windows 95, so I know if it’ll work here, it’ll work on much newer versions.

For me the S3 card is picked up by Windows on it’s own.  Now for the fun with better graphics.  As a test I’m using Wipeout 2097 / XL for the PC.  Although the game comes with Direct X version 3, I have found that the video emulation has major issues with the updated Direct X v3 drivers.  I did find that the Direct X 7a drivers work fine, along with the last reference  driver for Windows 9x.  Now I know you’ll want to know where to find ancient software like this, and it’s all on this great site falconfly.de

In my case, I found it easier to install Direct X 7, then expand the Voodoo driver, and in the hardware manager, find the ‘unknown’ device, and point it to the voodoo driver, reboot and you should be now set!

You can verify the installation by running dxdiag

3dfxV2.drv

One thing of note, is that all 3D accelerated options are “full screen”.  Which I don’t think really matters as by default PCem runs in a window.  If you are multitasking odds are you aren’t trying to multitask with Windows 95….

Wipeout XL

And I have to say, it looks GREAT!

SEGA Mega Drive and Genesis Classics Summer STEAM sale

So, speaking of the SEGA Forever, the SEGA Mega Drive and Genesis Classics are part of the summer STEAM sale!

$161.37 HKD!

So I am assuming it’s $20 USD or 18 Euro/16 GBP for this insane collection:

Alex Kidd in the Enchanted Castle, Alien Soldier, Alien Storm, Altered Beast, Beyond Oasis, Bio-Hazard Battle, Bonanza Bros., Columns, Columns III, Comix Zone, Crack Down, Decap Attack, Dr. Robotnik’s Mean Bean Machine, Dynamite Headdy, Ecco the Dolphin, Ecco Jr., Ecco: The Tides of Time, ESWAT: City Under Siege, Eternal Champions, Fatal Labyrinth, Flicky, Gain Ground, Galaxy Force II, Golden Axe III, Golden Axe, Golden Axe II, Gunstar Heroes, Kid Chameleon, Landstalker: The Treasures of King Nole, Light Crusader, Phantasy Star II, Phantasy Star III: Generations of Doom, Phantasy Star IV: The End of the Millennium, Ristar, Shadow Dancer, Shining Force, Shining Force II, Shining in the Darkness, Shinobi III: Return of the Ninja Master, Sonic 3 & Knuckles, Sonic 3D Blast, Sonic CD, Sonic Spinball, Sonic The Hedgehog, Sonic The Hedgehog 2, Space Harrier II, Streets of Rage, Streets of Rage 2, Streets of Rage 3, Super Thunder Blade, Sword of Vermilion, The Revenge of Shinobi, ToeJam & Earl, ToeJam & Earl in Panic on Funkotron, VectorMan 2, VectorMan, Virtua Fighter 2, Wonder Boy III: Monster Lair, Wonder Boy in Monster World

So if you haven’t already got this great collection, now is the time to do so!

And for those who like other emulators, yes the ROMs are available uncompressed!

\Program Files (x86)\Steam\SteamApps\common\Sega Classics\uncompressed ROMs

Just dig around and you’ll find them.

SEGA to lauch SEGA Forever tomorrow!

It looks suspicioutsly like the old iOS versions of SEGA games I used to have back when I used an iPhone (2010-2012)

So yeah, leaderboards, and other stuff, and freeumium on mobile only.  Although I guess that means anything Android will do, including PC’s and Mac’s running Android under emulation.. Or ‘big’ Android systems like kiosks, and ‘computing sticks’ that’ll plug into any nice big TV set.

Add in some bluetooth controlers, and I try to pretend it’s 1988.

Since I live in the future, let me get you a list of what is available for you ‘tomorrow’

SEGA Forever purchase options

At least there is a play version with cloud saves too.  I guess $1.99 USD is OK in the scheme of things.  I don’t want to think how many times I’ve bought this game though lol

Store blurb for Phantasy Star II

And here is the long scroll…

phew!

10+ downloads.  So it just launched!

New ‘redir’ / ‘hostfwd’ syntax for Qemu

it’s mandatory now in 2.9 so where we go.

Instead of:

-redir tcp::42323:23

which listens on all ip’s and redirects host port 42323 to port 23 on the default guest IP address of 10.0.2.15 we now have to use

-net user,hostfwd=tcp::42323-:23

as you could tell from this ‘easy’ syntax.

-netdev user,id=mynet0,hostfwd=hostip:hostport-guestip:guestport

Right?