The Prgmr.com Blog

If you are running Ubuntu Trusty 14.04 and both of the following commands return output:

mount | grep ext3
sudo tune2fs -l /dev/xvda1 | grep RAID

Then if your systems boots using linux-image-3.13.0-157-generic, the file system will almost immediately remount read-only. To prevent this, manually select an older kernel or run the following:

sudo apt-get install linux-image-virtual-lts-xenial

To install a kernel series without this bug. We filed a bug upstream.

We upgraded the software on billing.prgmr.com tonight, starting at approximately 02:50 UTC. The service was down for a few minutes, and it is once again operational.

For many people, the world wide web is synonymous with the Internet. While the HTTP protocol dominates the modern internet, many protocols obsolete, obscure and well known make up the Internet.

One of the more stubborn protocols is Gopher. Introduced in 1991 (the same year as HTTP), Gopher, like the web, is document-centric.

By about 1990, information on the internet was expanding rapidly enough that it needed more organization and a better search capability. In 1991 researchers at the University of Minnesota developed the Gopher protocol in an attempt to provide some of that organization. Gopher provides a hierarchical text-based menu system to organize the contents of a data repository (which eventually came to be called “gopherholes”).

Soon after, the search capability came in the form of a new search engine called Veronica. It was a whimsical time on the net, and geeks still ruled most of it, so not only was the name taken from Archie comics, it was soon turned into a backronym as “Very Easy Rodent-Oriented Net-wide Index to Computer Archives”. Veronica was something of a brute-force approach. It used a dynamically updated database of every file and every hierarchy on every Gopher server on the internet.

Veronica was eventually joined by an alternative search tool named Jughead. (Whimsical, remember?) Jughead differed from Veronica in that it did not use a large and expanding database, but on the other hand you had to specify which Gopher server you wanted to search.

Clearly there was a problem with scaling here, and that is part of what led to Gopher’s eventual decline as the internet kept expanding. Other threats came from the sheer versatility of HTML and HTTP, the rise of universal text-based searching, and the eventual decision by the University of Minnesota to charge licensing fees for the use of their software. Gopher was wildly popular for a few years, but by about 1996 it had fallen far behind the new browser-based web.

Why Use It?

If Gopher was supplanted by HTTP, why use it? As with many things, the answer depends partly on your application. One of the selling points for Gopher back in the day was that it was very light on resources — no media, just simple text menus. This makes it attractive today for document-centric applications that don’t want to deal with breadth and complexity of the modern web.

Try Gopher if you like the feeling of tech nostalgia. Gopher is part of a bygone age on the net. The simple fact that Veronica used a database of every Gopher archive to search points to a time when the Internet was small and personal, and it can bring that feeling back in a small, carefully curated and distributed Gopher network. Retro can be fun.

If you prize security, Gopher can be handy. It’s purely text-based. No JavaScript. None of the tools and add-ons that make the modern net such a minefield.

Ultimately though, use Gopher because you can. It’s fun to set up and entertaining to use. It’s a conversation piece. And it links you to the period that shaped the Internet into what it is today. Gopher is the path not taken.

Gopher Clients

There are lots of old Gopher clients available for download online, but most are no longer supported. The best choice for current development and support is a set of Firefox extensions produced by The Overbite Project. For Firefox 57 and higher choose OverbiteWX. Older versions of Firefox need OverbiteFF. OverbiteWX works through Floodgap Systems, which hosts a lot of Gopher resources and is worth checking out in its own right.

Another good option for using Gopher is Lynx, an old-school text-based browser that was superseded by Netscape, but which is still supported. The completely text-based interface has its own sort of elegance, and I like it when I don’t want to be distracted by all the stuff that yells for your attention on the modern net.

To reach the veronica-2 search engine using lynx, install lynx and run:

lynx gopher://gopher.floodgap.com/1/v2

There is a more general page on gopher at gopher://gopher.floodgap.com/ .

However you Gopher, have fun with it! Watch this space for more information on setting up your own Gopher service.

Six Xen Security Advisories were announced today, including at least one potential privilege escalation. We already patched five of them, though we were not vulnerable to all of them.

The sixth, XSA-273 L1 Terminal Fault speculative side channel, was published without an embargo period. While we’ve already implemented some of the requirements for mitigation, the actual software updates were not available until today and we don’t have them in place yet.

This vulnerability is an information disclosure and not a direct privilege escalation. There is no known public exploit yet. We expect to complete the mitigation within the next few weeks. You will receive a notice of when this is scheduled for your VPS and if any downtime or reboot is expected.

Prgmr.com was impacted by two distributed denial of service (DDOS) attacks starting at approximately 13:40 UTC 17:30 UTC on August 12th. Service has been completely restored. The attack employed NTP reflection, and is related to the Thursday DDOS attack with the same signature. The target IP has been blackholed. We’ll update this blog and our twitter page if the situation changes.