Need Windows XP with IE 6?

Of course you do!

For a while Microsoft was offering VM’s configured for various platforms for download, but they have cut out both XP and IE7.  However the links have been collected, and can be downloaded here:

The VMWare VM’s run fine on Windows even though they are named for OSX, although I did have to add in a NIC to the VMX.  It’s a great way to use a quick & disposable Windows XP/Vista/7/8/8.1/10 machines.  Although there isn’t a IE 7 for Windows XP, it’s trivial to upgrade XP / IE 6 to IE 7.


Nested VMWare ESXi

Virtual datacenter

My physical ESXi box, a lowly AMD FX 8320

One of the more cooler features of VMWare 5 is that it is capable of running itself.  While it

may seem silly at first, this is a great way to build a virtual environment where you can test scripts for provisioning (and destroying) stuff, along with testing API level calls without having to worry about screwing up production, begging for a ‘lab’ environment, or even better snapshotting the whole thing so you can revert whatever it is you are doing at a block level.  In short virtual datacenters really rock, especially for people like me who like to play in a really destructive manner.

So the first thing is that for this test I’m going to use a ‘freebie’ ESXi that I’ve been using for quite some time.  Naturally this should work for version 6, but since the stuff that I’m testing is all in 5.0 and 5.5 (the majority being 5.5) I wan to build a 5.5 environment.  In my insane scenario I have deployment access to a 2003 R2 x64 server with .net 2.0, and the majority of the environment I care about is VMWare ESX 5.5 along with vCenter. 5.5 on Windows 2008 servers.  So trying to mirror this a bit, that means that I’m going to skip the new fangled appliance, I don’t know if it really matters for what I want, but for the sake of trying to keep things the same I’m going to match what I can.

Creating the VMWare ESXi VM

I setup a generic ‘Other 2.6.x Linux (64-bit)’ VM, with a single socket, dual core processor, 4GB of RAM, a LSI SAS controller, with a 32GB disk, and 3 NIC’s with the VMXNET3 driver.  For some reason I had to change the CPU to explicitly allow for hardware MMU emulation.

Hardware MMU emulation

It’s also worth mentioning that when you are going to run ESXi on ESXi that any physical adapters that you want your virtual ESXi host to be able to lauch VMs and have them communicate onto you will need to enable the ‘Forged Transmits’ setting in the vSwitch properties.

vSwitch properties

With that in place, I was able to use my ESXi 5.5 ISO, and install into the VM.  There isn’t much to really say the installer will install ESXi, and reboot and you get the console.

ESXi running on ESXi

I went ahead and gave this ESXi server a static address, and that was pretty much it for the server.

Installing vCenter

I went ahead and used an eval copy of 2008 R2 that is available at Microsoft here.  The installation is really simple, not much to say but for my needs I gave the VM a static address, HOWEVER I did NOT install Active Directory as you cannot install vCenter onto a DC, and I really was not in the mood to have a DC along with a vCenter 2008 VMs as I’m only interested in doing API testing I don’t care about authentication plugins I’m only concerned with other aspects.  Obviously if you do care, then you’ll want to install 2 2008 servers.  I gave my 2008 server a static address of so that I could easily find it on the network post-install.

Since I have no imagination, I renamed the server “vcenter” which of course will factor into the login credentials later on.

My ‘client’ gave me the ISO for vCenter “VMware-VIMSetup-all-5.5.0-3254792-20151201-update03.iso” which of course needs to be installed onto the 2008 server.

install vSphere vCenter

I did the easy install, as again I’m not building a real enterprise.  However I should point out that the easy install has a habit of popping alerts and prompts UNDER the current window so you could be waiting for quite a long long time for this to install when it really shouldn’t take all that long.  I also kept the option for the 2008 Express edition as I’m not going to try to stress the count of VMs 50 is far more than I require as again I’m only interested in limited stuff at this point.

vCenter ‘simple install’ ports

Again I just selected the defaults for the install as I’m not all that worried.  Phew with all of that done, it’s now ready to use!

Logging in

Now I went ahead and hit the following site:

I went ahead and installed the pluggin for a more ‘full’ experience with the web client.  The link is on the bottom of the page.

download this!

With all of that in place, I finally could use the web/flash site to login, using the local administrator account.  However upon logging in the domain was barren, no vcenters no data centers, nothing.

Empty data-center!

Obviously I must have screwed something up!  Even worse using the ‘fat’ C#/J# client (that I still love…) I would simply get this fun error:

You do not have permission to login to the server!

What? I don’t have permission?

A little digging around, and I found out of course, that it is because I don’t have an Active Directory, and that for ‘workgroup’ installs like this, you need to simply login as administrator@machine.local or ‘administrator@vsphere.local’ in my case, using the password that had to be set during the SSO installation.


And now I was prompted to create my data-center, and add in the ESXi server into the virtual data-center.

vCenter is now operational

So now I have a virtual vCenter, along with an ESXi host to deploy stuff onto, and destroy all I want.  Even better VMWare Player & VMWare Fusion can also run ESXi nested, so you can take your virtual data-center with you on a laptop!  You can boot 2008 with vCenter in 2GB of RAM, although it really should have 4GB if not more, and with 4GB for an ESXi server that would be 8GB+ on any laptop or desktop.  However I’m lucky my ESXi server has 32GB of RAM, and my laptop has 16.  So it’s also a great excuse to upgrade!

Shout out to Json.NET

Nothing to do with virtual or legacy, well maybe it is.  I’m targeting .net 2.0 with the new and exciting world of JSON objects.

So this library makes it super easy to pass it a long JSON string, and return a .net DataSet.

At the least it makes it easy to dump data out from one of those ‘hip new trendy’ web services, and stuff it into SQL so us old people can look at it.

GCC for Windows NT / Dec Alpha?

Somehow I never noticed this until making what seemed like a pointless GCC config.

You can apparently build a GCC like this:

sh configure –host=i386-winnt35 –target=alpha-winnt35

And you can get a cross compiler.

The real question is, does it work?  I don’t know I don’t have a cross assembler, linker or a target machine.


D:\proj\gcc-3.0.4\gcc>xgcc -v
Using builtin specs.
Configured with: : (reconfigured) : (reconfigured) : (reconfigured)
Thread model: single
gcc version 3.0.4

D:\proj\gcc-3.0.4\gcc>xgcc -v -S hi.c
Using builtin specs.
Configured with: : (reconfigured) : (reconfigured) : (reconfigured)
Thread model: single
gcc version 3.0.4
cc1 -lang-c -v -iprefix ../lib/gcc-lib/alpha-winnt35/3.0.4/ -D__GNUC__=3 -D__GNUC_MINOR__=0 -D__GNUC_PATCHLEVEL__=4 -DWIN32 -D_WIN32 -DWINNT -D__STDC__=0 -DALMOST_STDC -D_M_ALPHA -D_ALPHA_ -D_LONGLONG -D__unaligned= -D__stdcall= -D__WIN32__ -D_WIN32 -D__WINNT__ -D__STDC__=0 -D__ALMOST_STDC__ -D_M_ALPHA -D_ALPHA_ -D_LONGLONG -D__unaligned= -D__stdcall= -D__WIN32 -D__WINNT -D__ALMOST_STDC -Asystem=winnt -D__NO_INLINE__ -D__STDC_HOSTED__=1 -D__LANGUAGE_C__ -D__LANGUAGE_C -DLANGUAGE_C -Acpu=alpha -Amachine=alpha -D__alpha -D__alpha__ -D__alpha_ev4__ -Acpu=ev4 hi.c -quiet -dumpbase hi.c -version -o hi.s
GNU CPP version 3.0.4 (cpplib)
GNU C version 3.0.4 (alpha-winnt35)
compiled by GNU C version 5.1.0.
ignoring nonexistent directory “../lib/gcc-lib/alpha-winnt35/3.0.4/include”
ignoring nonexistent directory “../lib/gcc-lib/alpha-winnt35/3.0.4/../../../../alpha-winnt35/sys-include”
ignoring nonexistent directory “../lib/gcc-lib/alpha-winnt35/3.0.4/../../../../alpha-winnt35/include”
ignoring nonexistent directory “NONE/include”
ignoring nonexistent directory “D:/pcem/building/MinGW/msys/1.0/local/lib/gcc-lib/alpha-winnt35/3.0.4/include”
ignoring nonexistent directory “D:/pcem/building/MinGW/msys/1.0/local/lib/gcc-lib/alpha-winnt35/3.0.4/../../../../alpha-winnt35/sys-include”
ignoring nonexistent directory “D:/pcem/building/MinGW/msys/1.0/local/lib/gcc-lib/alpha-winnt35/3.0.4/../../../../alpha-winnt35/include”
#include “…” search starts here:
End of search list.
: warning: “__STDC__” redefined
: warning: this is the location of the previous definition
: warning: “__STDC__” redefined
: warning: this is the location of the previous definition
hi.c: In function `main’:
hi.c:3: warning: return type of `main’ is not `int’

This is what the output looks like, which looks nothing like targeting the i386 so I guess so?

.set noreorder
.set volatile
.set noat
.globl __fltused
.file 1 "hi.c"
.quad 0
.ascii "Hello from GCC %s\12\0"
.ascii "3.0.4\0"
.align 2
.globl main
.ent main
.frame $15,0,$26,0
.mask 0x4008000,0
lda $30,-16($30)
stq $26,0($30)
stq $15,8($30)
mov $30,$15
.prologue 0
jsr $26,__main
lda $1,$LC0
addl $1,$31,$2
lda $1,$LC1
addl $1,$31,$1
mov $2,$16
mov $1,$17
jsr $26,printf
mov $15,$30
ldq $26,0($30)
ldq $15,8($30)
lda $30,16($30)
ret $31,($26),1
.end main

Just for you, lucky Spanish user, GCC 3.0.4 for Windows NT (MinGW)

From Spain!

I cannot understand why you want this, or why I’m even going to do it.  At this point in GCC history the winnt-3.5 target had been dumped in favour of going all in with Cygwin.  So yeah, this does not either clearly configure, or compile.  But a little bit of mashing files, and I have it at least compiling some assembly that can be translated into an object file that a later version of MinGW can actually compile.

All I’ve built is the gcc driver, the cpp pre-processor, and the cc1 aka C backend.

D:\proj\gcc-3.0.4\gcc>xgcc -c -v hi.c
Using builtin specs.
Configured with:
Thread model: single
gcc version 3.0.4
 cc1 -lang-c -v -iprefix ../lib/gcc-lib/i386-winnt35/3.0.4/ -D__GNUC__=3 -D__GNUC_MINOR__=0 -D__GNUC_PATCHLEVEL__=4 -Dunix -DWIN32 -D_WIN32 -DWINNT -D_M_IX86=300 -D_X86_=1 -D__STDC__=0 -DALMOST_STDC -D_MSC_VER=800 -D__stdcall=__attribute__((__stdcall__)) -D__cdecl=__attribute__((__cdecl__)) -D_cdecl=__attribute__((__cdecl__)) -D__unix__ -D__WIN32__ -D_WIN32 -D__WINNT__ -D_M_IX86=300 -D_X86_=1 -D__STDC__=0 -D__ALMOST_STDC__ -D_MSC_VER=800 -D__stdcall=__attribute__((__stdcall__)) -D__cdecl=__attribute__((__cdecl__)) -D__cdecl__=__attribute__((__cdecl__)) -D__unix -D__WIN32 -D__WINNT -D__ALMOST_STDC -D__cdecl=__attribute__((__cdecl__)) -Asystem=unix -Asystem=winnt -D__NO_INLINE__ -D__STDC_HOSTED__=1 -Acpu=i386 -Amachine=i386 -Di386 -D__i386 -D__i386__ -D__tune_i386__ hi.c -quiet -dumpbase hi.c -version -o C:\Users\jason\AppData\Local\Temp\ccpflisr.s
GNU CPP version 3.0.4 (cpplib) (80386, BSD syntax)
GNU C version 3.0.4 (i386-winnt35)
        compiled by GNU C version 5.1.0.
ignoring nonexistent directory "../lib/gcc-lib/i386-winnt35/3.0.4/include"
ignoring nonexistent directory "../lib/gcc-lib/i386-winnt35/3.0.4/../../../../i386-winnt35/include"
ignoring nonexistent directory "D:/pcem/building/MinGW/msys/1.0/local/include"
ignoring nonexistent directory "NONE/include"
ignoring nonexistent directory "D:/pcem/building/MinGW/msys/1.0/local/lib/gcc-lib/i386-winnt35/3.0.4/include"
ignoring nonexistent directory "D:/pcem/building/MinGW/msys/1.0/local/lib/gcc-lib/i386-winnt35/3.0.4/../../../../i386-winnt35/include"
ignoring nonexistent directory "/usr/include"
#include "..." search starts here:
End of search list.
<command line>: warning: "__STDC__" redefined
<builtin>: warning: this is the location of the previous definition
<command line>: warning: "__STDC__" redefined
<command line>: warning: this is the location of the previous definition
hi.c: In function `main':
hi.c:3: warning: return type of `main' is not `int'
 as --traditional-format -o hi.o C:\Users\jason\AppData\Local\Temp\ccpflisr.s

D:\proj\gcc-3.0.4\gcc>gcc hi.o -o hi

Hello from GCC 3.0.4

So there you go, mysterious internet user!  Download my source dump with binaries in the tree because I’m lazy.


IPIP tunnel to SLiRP

I know this is what 99.99% of people hope I never do, but let’s make an incredibly insecure VPN! yay!


So the thing is that I have a cisco router and I’d love for it to connect to some Windows machine over an existing OpenVPN, and NAT out the Windows side.  Except for getting the VPN installed, they won’t give me anything else.  And they SURE as heck won’t let me connect a cisco router up…..

So first things first, I need to configure my cisco router for an IPIP tunnel, to my test Windows machine, and use the SLiRP default addresses:

interface Tunnel0
description “SLiRP tunnel”
ip address
ip mtu 1452
tunnel source GigabitEthernet0/1
tunnel destination
tunnel mode ipip

Now to start programming.

Well then I went looking and found this fun filled page, about calling winioctl’s myself, and getting winsock to do all kinds of fun things.  Namely how IPIP actually works, as it’s is it’s own protocol (none of that pesky TCP/UDP it’s IPIP!) and more importantly I can receive the traffic.

So looking at a quick UDP client/server I figured out that I can modify that so instead of listening with UDP like this:

if((s = socket(AF_INET , SOCK_DGRAM , 0 )) == INVALID_SOCKET)

I can instead call for a RAW socket, and listen on protocol #4 aka IPIP.

if((s = socket(AF_INET , SOCK_RAW , 4 )) == INVALID_SOCKET)

One caveat I had on this, is that you need to run as Administrator on the Windows machine to create raw sockets.  If you don’t have administrator privleges you’ll get this error:

Could not create socket : 10013socket() failed with error code : 10013

Now add in some nonblocking, and feed the data into SLiRP, and I got invalid data!  Using wireshark I can see that I only receive the IP portion of the data, so no hardware frame, but what is more interesting is that I receive ALL of the IP information so I get the IP+IP+DATA.  So I have to forge a L2 header, and cut out the first IP header.  I did this by cheating, using the following for a L2 header:


I then just memcpy that to the start of my buffer, then copy in the rest of the received data like this:


And now I can forge data going to SLiRP to make it happy!

And sending replies didn’t make wireshark happy at all, as there is an L2 header in there, that just doesn’t make sense in L3 space, so I trimmed that with the following:


Putting it all together

And now much to my amazement I can ping SLiRP from my 7206!

IPIP Ping!

Ok, I know what you are thinking. ICMP is great, but how about TCP?  Can I actually use this thing?

I add a route to my BBS over the SLiRP tunnel, with a simple route statement:

ip route

and then telnet…

Telnet to my BBS over IPIP to SLiRP

So yes, it does actually work!\

I don’t think anyone will ever want to use this, but for me it’s 100% novelty in that I could.

Executable & source code is here, ipip.7z.

I suppose later I could look at ipdecap, to work out how to work with GRE.

Adding some of the GNU 1989 source ‘tapes’ into sourceforge

After scrounging around from an earlier post, on a DECUS mirror that goes back to 1989 I’ve put together the following source tapes:

Quite a list!

I haven’t tried to build any of it, but I figured for the time being, it may be easier to make some tap files for SIMH, and maybe someone else will do the hard work for me.  Or it’ll be a lazy day type thing.

Holy crap did I get the most annoying trojan attempt ever!

Sit down kids, it’s time for an old man rant.

So yeah, I have one of those clients who wants to use ‘one of those’ file sharing sites. UGH.  I swear I’m to the point of just paying for an Office 365 subscription for them so I don’t have to deal with this kind of shit.  So I hit the site on my phone, then it jumps to this site.  Fantastic.

Then I’m alerted that my phone is 28.1% DAMAGED, and somehow my phone’s SIM card will be damaged!  Yes, it’s one of these scam sites!


Oh no, my phone apparently may be already physically damaged?  I guess this is once someone is tricked by this official Google looking image you’ll want to throw your phone against the wall.  As any user of Android will tell you updates from Google are non existent, and anything that could infect your phone, well is pretty much your problem.  You can beg the vendor, but lol, good luck.

I like to live dangerously, so yeah let’s look at the app.

Ace, alright, more like acehole!

So with this scary and official looking thing it’s trying to railroad you into “Ace Cleaner”  I don’t know how on earth they haven’t either been reported, or knocked out of the app store.  I guess Google is busy teaming up with Facebook trying to figure out how to censor the new appropriately instead of trying to squash actual scam artists.

I honestly haven’t tracked any of these ‘reviews’ to see how many are just idiots, or how many are just ballot stuffers.

Yeah, it’s a scam.


No backing away!

And of course you can’t just back away from the page, you get this nice thing along with something in java script that gets your phone to buzz and light up.  Thanks Google!  That’ll never get abused like the blink tag!

You have to be kidding me

Oh no, I’ve been threatened to be blocked.

How bad can this crapware be?

Oh dear.  From the application page, let’s take a look:

Version 1.1.9 can access:
Device & app history
  • retrieve running apps
  • read your Web bookmarks and history

So they know what you are running, and what bookmark’d sites you like.

  • find accounts on the device

They know WHO you are.

  • find accounts on the device

They know WHO you KNOW.

  • read phone status and identity
  • access USB storage filesystem
  • read the contents of your USB storage
  • modify or delete the contents of your USB storage


  • read the contents of your USB storage
  • modify or delete the contents of your USB storage

If you have any USB attached device, (flash drive, hard disk…) they can not only READ, but can MODIFY and DELETE the contents.  NICE!

  • take pictures and videos

I suppose an album of bewildered users would be amusing from time to time.  Also having the phone send videos of them doing various things.

Wi-Fi connection information
  • view Wi-Fi connections

Naturally they want to know about the Wi-Fi AP’s you use.

Device ID & call information
  • read phone status and identity

I guess knowing your phone charge status, and IEME #’s are good to know too.  But wow check out the next laundry list!

  • bind to an accessibility service
  • update component usage statistics
  • read Home settings and shortcuts
  • write Home settings and shortcuts
  • read Home settings and shortcuts
  • write Home settings and shortcuts
  • view network connections
  • read battery statistics
  • send sticky broadcast
  • change network connectivity
  • connect and disconnect from Wi-Fi
  • delete all app cache data
  • expand/collapse status bar
  • control flashlight
  • measure app storage space
  • full network access
  • close other apps
  • run at startup
  • draw over other apps
  • control vibration
  • prevent device from sleeping
  • modify system settings
  • write web bookmarks and history
  • install shortcuts
  • uninstall shortcuts

Read / Write the home page, guess who you’ll be visiting quite often?  Checking out your network, and say if you are somewhere where they want to upload a video, if they KNOW a WiFi network in the area they can have your phone join it, record you, upload it, and drop.  Yeah great!  I also like the drawing over other apps, that way you may THINK you are running another app, but they are just watching what you are doing.  And maybe they’ll pass control down, maybe not.

I suppose it may be fun too if they have a subscription service, to buzz and turn on the camera flash to warn you that you got infected once your subscription lapsed, so you better pay up!

Absolutely deplorable!

Where to go from here?

Seriously how do companies like this survive?  I guess quite well.  I guess I’m just more amazed by Google’s complacency in all of this.  But at the same time they are an ADVERTISING COMPANY, and I’m the product, Android is just the TV programme to get me to watch their annoying ads.  And considering their track record with illegal pharmacies, I guess it really is no surprise.

The truth is that no doubt that this kind of thing is just too profitable.  And people will just fall time and time again for this trap.

Found some more ancient GNU software

I found a bunch of them here:

CVS brows of the following:

I didn’t know that GNUmake 2.9 and prior was actually part of binutils.  I guess at some point I’ll build the older ones on 4.2 BSD to round out the experience.

And I don’t know where to find Emacs 18.41 and going further back.  Although I did find emacs1855.taz a DECUS (Digital Equipment Computer Users’ Society) image from late 1989.