On Tue, Aug 02, 2022 at 10:28:28PM -0400, Telecom Digest Moderator wrote:

Thanks for reading this, and thanks for your patience while I try various solutions to the problem.

For the moment, I have found a way around the port blocking. One of
the readers, who prefers to remain anonymous, told me that Panix has a
"Shell In A Box" feature which allows for access to a Unix shell
through Panix's web server. For the moment, that will have to do, and
although it causes some confusion when I enter cntl commands to
emacs, I'll learn to adapt. My thanks to the person who helped, and
I've already told him that I owe him a beverage of his choice the next
time he's in Burnsville, NC. THANKS DUDE!

I'm still looking for a longer-term solution, so this part is still important:

If you are, or know someone who is, an expert on Protonvpn setups, please send
me a reply off-line, to malassimilation at gmail. I'm trying to get prontonvpn to carry port 22 traffic around the blockage, but so far without success.

BIll Horne
Phone 536-0264 in the west North Carolina area code.

--
Bill Horne
(Please remove QRM from my email address to write to me directly)

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

On Wed, Aug 03, 2022 at 05:55:59PM -0400, Bill Horne wrote:

On Tue, Aug 02, 2022 at 10:28:28PM -0400, Telecom Digest Moderator wrote:

Thanks for reading this, and thanks for your patience while I try various
solutions to the problem.

For the moment, I have found a way around the port blocking. One of
the readers, who prefers to remain anonymous, told me that Panix has a
"Shell In A Box" feature which allows for access to a Unix shell
through Panix's web server. [Snip] Again, my thanks to him.

Status report:

1. The new owners of the ISP I use are still blocking ssh. They claim
that they are not, and that I have to talk to a different department,
and then they hang up on me. This has happened three times.

2. I've started a Panix shell account, which includes shell access
through Panix's web site. It costs $10 per month. Although it gets
the job done, and will work from any browser, the connection
doesn't allow me to send certain control characters to the TD
server in its default configuration, so I'll be working to see if
that can be changed.

3. I upgraded my ProtonVPN service to the "Full" service, which also
coss $10 per month. The new paid service handles ssh without
trouble, and I'm using the Protonvpn connection to write this.

4. One of the readers recommended ExpressVPN. I looked at the web page
for ExpressVPN, and it doesn't show a "Free" or "Trial" option, so
I didn't try it: I'd already gone throgh the work of installing
ProtonVPN, so I figured that since I'd have to pay either way, I'd
just go with the one I already have installed.

5. Bottom line: I'll wait for a few months and see if the Protonvpn
works reliably, while I try out Panix's "Shell In A Box" and see if
it offers features I want to keep. I'll also start screeming to
whatever agency (if any) regulates ISPs in North Carolina, and ask
them to convince the new owners to change their policy.

FWIW.

Bill

--
Bill Horne
(Please remove QRM from my email address to write to me directly)

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

For the most part, I'm back in business, or at least able to start
getting back.

Recap: Last Monday, the Cable TV company here in Burnsville, North
Carolina was taken over by new owners, and I found out that I couldn't
use ssh to log in to the Telecom Digest's home machine, which is
in Cambridge, Massachusetts.

The new CableCo turned out to have very bad customer service, and even
worse salesmen: I got hung (hanged?) up on four or five times, even
while asking them to quote a price to remove the block.

I tried the free version of ProtonVPN, without success, and I'll get
back to that.

A long-time reader told me that I could get an "Shell In A Box"
account from Panix in New York, and I was able to log in to the
Telecom Digest server by using one of Panix's web-based shell
interfaces. There were some glitches, but nothing serious: the web
browser wouldn't pass through the Cntl-N and Cntl-W commands I'm used
to using for the-one-true-editor, but I got a digest out and started
planning how I would avoid the situation I was in, going forward.

I got a call from Alexis Rosen, the owner of Panix, who told me that
they verify every new account, since they'd had some users who signed
up with stolen credit cards and sent spam until they were found out
and kicked out.

It turns out that Panix will allow ssh on port 443, which is usually
used for https traffic, and so Alexis said I could tunnel port 22 over
to the TD server, using port 443 to get past the port blocking at the
new Cableco.

So, with my Panix options available, I decided to back up the back up:
along about Thursday, I paid ProtonVPN the $10 to get their "plus"
service, which will allow port forwarding, and found that I could then
log into TD central without needing to use a browser, which simplified operation a lot.

I got a call back from the office of the Governor or North Carolina,
which is the place I had called on Monday to ask if the state
regulates Internet Service Providers. I had left the message with the
"Press" office, which I'm still amazed I'm entitled to use, but it
took a while to get a call back. I was talking to a state employee
about the problem with ssh blocking, and I realized, during the call,
while I was trying to duplicate the original failure messages, that
port 22 wasn't blocked anymore.

It's amazing how things just sort of happen during an election year,
you know? I don't know if, or who made the call, or anything, but I
left a message and ssh started working again.

Now, here's the backstory you haven't heard before:

The Telecom Digest was using a version of Ubuntu Linux which is no
longer supported, so our benefactors at CSAIL, which is the Computer
Science and Artificial Intelligence Laboratory at M.I.T., had created
a new virtual machine for us, with Ubuntu 22.04 loaded on it, and had
just told me that machine was ready to use when CableCo cut my cord.

I had hoped that being able to log in to the new machine would allow
for a smooth transition from the old server to the new one, but I
fat-fingered something and put the old machine off-line. Sigh.

CSAIL is a busy place, and we're guests there, so I try to not bother
them with small stuff. This, however, was flat-on serious: I had
broken the old machine, and the solution that was decided on was to
move the data over to the new server, and shut the old one down. Ergo,
there I was, trying to remember how to install Apache2 and PHP and
maybe even MySQL: in other words, I wanted a LAMP server, so that I
could install WordPress and (hopefully) use it as a Content Management
System and streamline some of the Digest's processes and backups and
other stuff.

Well, the new server turned out to be really good at delivering error
messages: I had found a LAMP HOWTO and was on the first step -
updating the existing software - when the machine kicked out several
pages of warning about things being defined in more than one place and
lots of other stuff I had never - or at least, never remembered -
seeing before.

I bit the bullet and put on the sackcloth and the ashes and the Dunce
cap, and asked CSAIL to provide help. It's the weekend, of course, and
I really do try to be a good guest, so there might be something in a
day or two, but I can't push them.

So, we've moved, temporarily, to a virtual host in the server I rent
from prgmr.com, and use for testing TD updates and ideas, for my blog,
for a WordPress instance, and various other projects and volunteer
activities: telecomdigest.net. I'm doing things manually that I had semi-automated on the "old" machine, and that's just the way it is for
now, so I'll ask your help and your patience while I navigate my way
back to being comfortable between my current rock and my
waiting-for-Godot hard place.

My profound thanks to my long-time reader who recommended Panix and
helped me to set it up, but who asked to remain anonymous, to Garrett
Wollman of CSAIL, and to John Levine, who handles our email spam
detection and other essential things at Taughannock Networks, and to
Alexis Rosen at Panix: they all put up with a newly minted
septuagenarian who knows too much about Mother Bell and too little
about getting along with others.

Bill Horne


--
Russion proverb: "Instead of a thousand Rubles, have a thousand friends!"

(Please remove QRM from my email address to write to me directly)

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

On 8/3/2022 5:15 PM, Bill Horne wrote:

On Wed, Aug 03, 2022 at 03:58:01PM -0400, jr9@sympatico.ca wrote:

Just use a VPN. They can block port 22 outgoing (not sure why...) but a VPN >> will overcome that. ExpressVPN is what I use.

[snip]
Please give more details about ExpressVPN: how much it costs, the
quality of their technical help, whether their customer service staff
is on the ball, and what kind of memory and disk space it uses. TIA.

I'd expect most of the consumer VPNs to use similar memory and disk
space. I use PIA, which costs $3.33/mo (1 yr) to 2.03/mo (3 yr) prepay.
They do monthly at $11.95 but you wouldn't want to do that for long!.
About 120M memory at the moment (Win10, several programs using it),
about 100M of disk space. Look for one that has WireGuard (it's the
most efficient protocol) and incoming port forwarding (if you need
that). The ability to specify apps that go "normal" rather than VPN is
nice (some sites block known VPN IP numbers). PIA is pretty reliable
though maybe once a month it'll go off (I've got 2 computers using it
24/7) and I'll need to change the server in use. Can't beat Proton for Snowdon-level security, though PIA has had a couple of court cases
where they said "sorry, we don't keep records".

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

Am Montag, 08. August 2022, um 05:34:52 Uhr schrieb Bill Horne:

Recap: Last Monday, the Cable TV company here in Burnsville, North
Carolina was taken over by new owners, and I found out that I couldn't
use ssh to log in to the Telecom Digest's home machine, which is
in Cambridge, Massachusetts.

So your computer is in your home network that is provided by the cable
company? You can't connect to a different machine in the internet on
port 22?

This is a big fault, please tell that your ISP. If they refuse to fix
it (I assume they block it), switch your ISP.

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

On Mon, Aug 08, 2022 at 01:43:47PM +0200, Marco Moock wrote:

Am Montag, 08. August 2022, um 05:34:52 Uhr schrieb Bill Horne:

Recap: Last Monday, the Cable TV company here in Burnsville, North
Carolina was taken over by new owners, and I found out that I couldn't
use ssh to log in to the Telecom Digest's home machine, which is
in Cambridge, Massachusetts.

So your computer is in your home network that is provided by the cable company? You can't connect to a different machine in the internet on
port 22?

This is a big fault, please tell that [to] your ISP. If they refuse to fix
it (I assume they block it), switch your ISP.

Sir, your comment makes it clear that the government departments
responsible for regulating the Internet in the place where you live
are much more expert than those we have in the United States. In the
U.S., the Internet is largely unregulated, and Internet Service
Providers can do almost anything they want: some of them justify "port blocking" as a "safety" feature, claiming that things like ssh are
used to "carry viruses," or for "software piracy," or for "pirate
music downloads."

IMNSHO, what American ISPs are trying to do is reform the Internet
into a one-way-only content distribution system, which their users pay
for and they get to profit from. Things like "ssh" or other methods of
using computers to work from home are, in their view, done at their
sufferance, and they obviously think that home users should pay a
tithe to their ISP for the privilege of not having to pay for gasoline
or gasoline taxes or mechanic's bills.

I envy you.

Bill Horne

--
(Please remove QRM from my email address to write to me directly)

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

I got an email from Garrett WOllman at csail: he did me a big favor,
and installed the Apache2 web server and PHP software needed for our day-to-day operations on the new "telecom digest" server.

Thanks you, sir: you're a professional, and I'm not, so kudos to you
and your team.

I've been using our "backup" server for the last few days, and in the
process, I've realized that the Telecom Digest's internal work-flow
and software are in need of a major overhaul: I've been doing things
by hand that were automated on the old server, but thinking about the
scripts and lisp that I've put together - and am now doing without -
has made it obvious that I need to go back to the drawing board and
redesign a process which grew willy-nilly over decades.

So, I'm going to stay on the backup machine for another few days,
while I make notes and plans.

I've just turned 70, and although I still feel my mind is sharp, I
must be realistic: the system has to be simplified and must have much
better documentation if it's going to work when I'm much further along
the road. I welcome help and suggestions, especially with the tasks
shown in the following list:

1. I have to take the daily "Digest" email (the one most subscribers
get) and turn it into a web page so that those with only web-based
access can read the digest on the web. Currently, that is a semi-automated
process, but I'm going to try to automate it completely: the rules and
procedure steps can be defined, and the scripts written, by anyone
experienced in awk or sed or (insert your favorite tool here).

2. The old server has procmail rules which detected posts that didn't
have complete headers, and put them in separate mailboxes where I
would work on them by hand. There needs to be an automatic process
for those changes, too.

3. I'd like to learn how to either

a. Adapt the regular web page for better visibility on mobile
devices with small screens, or ...

b. Learn how to detect a browser's screen resolution and/or size,
and deliver the content specific to that device.

4. Construct, code, test, and implement a moderation process which
doesn't require specialized knowlege, so that "Guest" moderators
aren't left flailing around in Linux-land just to do me a favor. It
would have to include:

a. Methods to modify posts before publication if needed.

b. Provision for moderation via email, without need for modifying
the headers of a post that requires repair. That will mean an
automated pre-moderation process which will benefit me as well
as those whom help if I'm sick or on vacation.

5. Other improvements that I don't yet know I need. Suggestions
welcome.

Bill Horne

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

Bill Horne <malQRMassimilation@gmail.com> wrote:

For the moment, I have found a way around the port blocking. One of
the readers, who prefers to remain anonymous, told me that Panix has a
"Shell In A Box" feature which allows for access to a Unix shell
through Panix's web server. For the moment, that will have to do, and although it causes some confusion when I enter cntl commands to
emacs, I'll learn to adapt. My thanks to the person who helped, and
I've already told him that I owe him a beverage of his choice the next
time he's in Burnsville, NC. THANKS DUDE!

If you are using panix, panix also allows incoming ssh on port 80 and
port 443 specifically to get around services that block well-known ports.

--scott

--
"C'est un Nagra. C'est suisse, et tres, tres precis."

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)