TCP/IP bounty beta release

How many of those pre-3.5 versions had a working TCP/IP implementation as part of the OS?

There was “Universal Boot” for RISC OS 3.1x, which included the Internet module version 5, so pretty much up to date. As well as e.g. PPP, URL/HTTP fetcher module and AcornSSL, because of course !Browse needed it and Acorn seemed to be keen to provide “modern Internet access” to RISC OS 3.1 machines – after all, Toolbox and nested WIMP and even Java all ran on 3.1.

About the only thing I could imagine where a HTTPS fetcher would be useful would be for a 3.1 port of PackMan to provide an easy way for 3.1 machines (inlcuding potentially emulators) to fetch software. Well, someone would need to build a RISC OS 3.1 software distribution then, the only thing currently available is probably ADFFS along with its Game JFDs.

There was “Universal Boot” for RISC OS 3.1x, which included the Internet module version 5, so pretty much up to date.

I interpreted “part of the OS” to mean actually built in. A lot of stuff can be loaded afterwards (as the nested Wimp) but everything like that takes precious memory…

Acorn seemed to be keen to provide “modern Internet access” to RISC OS 3.1 machines

Of course, in 1997/1998 there would be rather more RISC OS 3.10 machines in use than there would be twenty years down the line.

and even Java all ran on 3.1.

Are you sure about that? I seem to recall Java wanting an 8MB WimpSlot before it would even start up.

after all, Toolbox and nested WIMP

There was also a lot of controversy over the Toolbox, again due to perceived bloat and memory restrictions. It was becoming quite clear that the 4MB which was mind-blowing in 1987 was titchy in 1997… and think about the sorts of sites that existed back then versus those which exist today.

Google’s main page – a 238K HTML document (that Firefox’s Page Info incorrectly reports as 67.75K), supported by four script files with gibberish names totalling 792K, a 4K Privacy Shield icon that’s as laughably small as the shield itself is useless. Oh, and a nice Christmas animation adding up to 169K.
So that’s ~1204K just to load the empty looking Google entry page. Or if we accept that JavaScript on older machines will be rubbish (even Fresco will be way out of date), that’s still 411K… On a machine where you might have something like 600K free after loading the stuff to get you online in the first place…maybe less. There’s a reason I wrote QuickVoy – internet on an A5000 was…cramped.

If someone was real keen to run it on ro3.11 – what about the module ‘DummyDynamicAreas’ by J. Fletcher v1.23 (23 Dec 1998).

Merry Xmas all – and a Healthy New Year.

If someone was real keen to run it on ro3.11 – what about the module ‘DummyDynamicAreas’ by J. Fletcher v1.23 (23 Dec 1998).

I’m not at all sure you can download Justins stuff from anywhere¹, plus as he says himself in his Rambles

“The error handling for the module was very poor – which was fine with me because this was intentionally hacky, just to make something that I could use with SpriteExtend.”
and in the JPEGSprite section.
“The downside to this was that you had to use DDA, which could be a little flakey when memory got low.”

Nice idea though.

¹ I think some moron was abusive enough to him² to cause him to obliterate as much of his online content as he could recall.
² When people speak of “the RISC OS wars” they, and we, probably don’t know the half of it. Some nasty stuff and casualties.

I’m not at all sure you can download Justins stuff from anywhere

Should have checked the Wayback machine before I posted because a good chunk is still in existence there for anyone with a nostalgic turn.

Given the origin of our nice, new shiny SSL provision and peoples comments about using the appropriate socket this release note is interesting reading don’t you think?

“Secure sockets
With secure sockets, your Mbed OS applications can securely connect and send data to any cloud or server through any TCP-based protocol. By introducing native secure sockets to Mbed OS we enable TLS functionality in the background, simplifying secure connections. For more information, please visit secure sockets.”

For more information

quote
// First talk with the server without encryption
connection.send(“STARTTLS\r\n”, 10);
unquote
I have seen this a few times now, what gets sent unencrypted when using STARTTLS?
It seems to vary from server to server but for smtp.mail.yahoo.com
port 465 works if I have (openssl) STARTTLS disabled otherwise port 587 can work.
I came across a Windows implementation via a search claiming that 587 was an insecure connection also which got me interested.

what gets sent unencrypted when using STARTTLS?

For POP3 and SMTP, the unencrypted bit is the server greeting and capacity listing (POP3 response to the CAPA command or the SMTP EHLO response). The client then knows the server can handle secure connections and the handshake is started after the client sends STLS (POP3) or STARTTLS (SMTP).
This is over port 110/587 (POP3/SMTP – sometimes SMTP port 25 as well). Ports 995/465 (POP3/SMTP) require secure connections straight away – no STLS/STARTTLS.

There was a time using port 587 for SMTP was considered the way to go and port 465 was ‘decommissioned’. However, ‘implicit TLS’ is now preferred again (see RFC 8314 – https://tools.ietf.org/html/rfc8314), so port 465 has been ‘reinstated’.

However, ‘implicit TLS’ is now preferred again

Been hunting and looking at the results, a wiki described port 25 and 587 as a normal port and 465 as an ssl port.
The result appears to be the same, apart from the extra lines

[<-] 250 STARTTLS
[->] STARTTLS
[<-] 220 2.0.0 Ready to start TLS

Edit: The ports I have been using select implicit TLS OK but the !SMTPS that Alexander has was STARTTLS only.
Almost as simple as adding

if (port!=465) { 
existing starttls section
}

Hoorah! Our final beta (release 6) is now available. Changes are as below and unless there’s anything shocking found, we’re going to mark this one as closed and roll it into our ROM builds…

• Updated to use the latest mbedTLS 2.14.1 from Arm, specifically to fix
  CVE-2018-19608
• Further update to use the latest mbedTLS 2.16.0 from Arm
• Now attempts to start the module task itself when RMLoad’ed, documentation updated to that effect too
• The Send and Recv SWIs now propagate MSG_WAITALL/MSG_DONTWAIT flags on a per call basis
• When a socket lacks buffer space or data, AcornSSL backs off rather than hammering the Internet module

Sounds like we’re on the home stretch! I’ll give this a go when I get home, although I’m not doing anything strenuous with it :)

Congratulations to everyone involved with getting this far.

Edit: Confirmed working with my app, and no Filer_Run hackery needed!