- Welcome to NeXTcommunity.
News:
The NeXT Computer is now 37 years old!
Recent posts
#61
Software / Browsing the modern web on ret...
Last post by Rhetorica - Jan 10, 2026, 10:48 PMThe TLS Apocalypse is the (never truly over) pattern whereby old HTTPS implementations become unusable with the modern web because of changing standards. NeXT machines are highly affected by this, but other victims include vintage Macs, Amigas, and basically every other machine from the 1990s or 2000s with a web browser.
Most annoyingly, the majority of sites no longer non-encrypted HTTP because of a perception (probably unfounded) that anything with a password field is automatically going to be the target of a MitM attack that can and will expose the bank account of millions of users. Admittedly, there was a brief period around 15 years ago when certain major ISPs in the US were injecting ad banners into non-encrypted HTTP traffic, but any actor worth their salt these days would be able to eavesdrop on HTTPS. (Personally, the only time I've ever been victimized in a data breach was because of a keylogger on a public computer that saw my Gmail password.) But, whatever, this is the world we live in now.
To fix this, we have to intercede with a functioning TLS implementation at some level. The ideal scenario is Crypto Ancienne, which we have a NeXT package for. Since it has a PA-RISC port I'm guessing it runs on NS3.3, though it was previously marked as only being for OPENSTEP. (If it does function on NS3.3, let me know.) The PDF included with the package describes set-up instructions for OmniWeb.
Note that this will not fix WorldWideWeb.app, as that uses the incompatible "HTTP/0.9" standard to fetch pages (it basically just sends "GET <URL>" with no headers.) At present floodgap.com is the only server I know of that honors WWW.app queries.
Unfortunately, CryptoAncienne is not a super-fast implementation, and on black hardware (real or simulated) the slowness is downright unbearable. A better solution is to run or use a proxy from an external source. Here's a guide for doing this on NetBSD via inetd, using CryptoAncienne's standalone carl utility, which is basically just a very primitive C99 curl with TLS built in. The same can be done on systemd systems by using xinetd. More conveniently, @jeffburg is working on a node.js solution that miiiiight possibly be easier to deploy on modern systems and should be less vulnerable to the Cameron Kaiser bus factor; I'm hopeful we can convince him to set up a registration service for a semi-open proxy that we could host here, so people can sign up to use it instead of having to run a service locally. (This is not easy for Windows plebes.)
Alternatively, and developed more or less as the same time as CryptoAncienne, there's a much less setup-intensive route where all the proxy functionality is wrapped by a web server; the browser never 'leaves' the server's site. These used to be fairly popular, though they have obvious privacy issues and are subject to the whims and censorship of the server owner. As a plus, though, the quality of TLS implementation is entirely a function of the software on the (presumably modern) host machine, and these can vary widely in ease of maintenance.
Currently, the FrogFind! service by Sean of ActionRetro is a very popular and well-publicized proxy meeting these requirements. It uses DuckDuckGo as its search provider and strips out most tags, making it easy to browse the web on machines with very limited HTML support. (Personally I think it strips out too much—even some basic HTML tags are missing!) Tragically, FrogFind! spends more time down than up, so many people have taken the FrogFind! source code and spun up independent instances:
Most annoyingly, the majority of sites no longer non-encrypted HTTP because of a perception (probably unfounded) that anything with a password field is automatically going to be the target of a MitM attack that can and will expose the bank account of millions of users. Admittedly, there was a brief period around 15 years ago when certain major ISPs in the US were injecting ad banners into non-encrypted HTTP traffic, but any actor worth their salt these days would be able to eavesdrop on HTTPS. (Personally, the only time I've ever been victimized in a data breach was because of a keylogger on a public computer that saw my Gmail password.) But, whatever, this is the world we live in now.
To fix this, we have to intercede with a functioning TLS implementation at some level. The ideal scenario is Crypto Ancienne, which we have a NeXT package for. Since it has a PA-RISC port I'm guessing it runs on NS3.3, though it was previously marked as only being for OPENSTEP. (If it does function on NS3.3, let me know.) The PDF included with the package describes set-up instructions for OmniWeb.
Note that this will not fix WorldWideWeb.app, as that uses the incompatible "HTTP/0.9" standard to fetch pages (it basically just sends "GET <URL>" with no headers.) At present floodgap.com is the only server I know of that honors WWW.app queries.
Unfortunately, CryptoAncienne is not a super-fast implementation, and on black hardware (real or simulated) the slowness is downright unbearable. A better solution is to run or use a proxy from an external source. Here's a guide for doing this on NetBSD via inetd, using CryptoAncienne's standalone carl utility, which is basically just a very primitive C99 curl with TLS built in. The same can be done on systemd systems by using xinetd. More conveniently, @jeffburg is working on a node.js solution that miiiiight possibly be easier to deploy on modern systems and should be less vulnerable to the Cameron Kaiser bus factor; I'm hopeful we can convince him to set up a registration service for a semi-open proxy that we could host here, so people can sign up to use it instead of having to run a service locally. (This is not easy for Windows plebes.)
Alternatively, and developed more or less as the same time as CryptoAncienne, there's a much less setup-intensive route where all the proxy functionality is wrapped by a web server; the browser never 'leaves' the server's site. These used to be fairly popular, though they have obvious privacy issues and are subject to the whims and censorship of the server owner. As a plus, though, the quality of TLS implementation is entirely a function of the software on the (presumably modern) host machine, and these can vary widely in ease of maintenance.
Currently, the FrogFind! service by Sean of ActionRetro is a very popular and well-publicized proxy meeting these requirements. It uses DuckDuckGo as its search provider and strips out most tags, making it easy to browse the web on machines with very limited HTML support. (Personally I think it strips out too much—even some basic HTML tags are missing!) Tragically, FrogFind! spends more time down than up, so many people have taken the FrogFind! source code and spun up independent instances:
- BoingSearch! is an Amiga-oriented clone, not a fork. Like the original it strips away nearly everything, leaving just informational content.
- RetroGateway is a standard FrogFind! instance with all the features working as intended, but it uses Google as the search provider. Paradoxically it also redirects you to HTTPS if possible.
- SlugSearch! is our in-house hacked-up version of FrogFind! optimized for OmniWeb. It strips out fewer tags, still uses DuckDuckGo, and removes dependencies where possible. Javascript is still removed. More likely than not you'll end up having to scroll past a bunch of garbage from the web layout before you get to the actual content, but I believe it's better to be inclusive, to avoid accidentally stripping out vital functionality. (Of course, if that's not your thing, the other services are also still around.)
#62
Software / Re: Insecure XML Proxy
Last post by Rhetorica - Jan 10, 2026, 10:19 PMAh, this reminds me that we used to have a thread about proxies and the woes of the TLSpocalypse...
Using Crypto Ancienne's carl proxy, this guide covers setting up inetd on NetBSD to run a service for any machine on a LAN. Of course, running an open proxy is a bit risky, so it's genuinely novel and useful if you can figure out how to set up a sign-up for obtaining keys that could be revoked in case of abuse. (Sadly some devices with no proxy capacity at all, like my semi-antique Kindle 3G, are stuck using the often-down FrogFind! or a fork thereof, but I guess it's better than nothing.)
Using Crypto Ancienne's carl proxy, this guide covers setting up inetd on NetBSD to run a service for any machine on a LAN. Of course, running an open proxy is a bit risky, so it's genuinely novel and useful if you can figure out how to set up a sign-up for obtaining keys that could be revoked in case of abuse. (Sadly some devices with no proxy capacity at all, like my semi-antique Kindle 3G, are stuck using the often-down FrogFind! or a fork thereof, but I guess it's better than nothing.)
#63
Software / Re: Insecure XML Proxy
Last post by jeffburg - Jan 10, 2026, 03:14 PMAnd here is the obligatory screenshots of the proxy working in openstep
#64
Software / Re: Insecure XML Proxy
Last post by jeffburg - Jan 09, 2026, 01:32 AMAnd here are screenshots of NetNewsWire subscribing to RSS on 10.5 Leopard. You can see in the Proxy4.png that NetNewsWire cannot successfully subscribe to the verge rss feed. But then in Proxy5 and 6.png, it subscribes via the proxy.
#65
Software / Insecure XML Proxy
Last post by jeffburg - Jan 09, 2026, 12:57 AMHey folks, this is not directly related to NeXT, but I am currently working on making legacy iOS 6 and Mac OS X Leopard devices usable in the real world. As part of this process, I realized that RSS/Atom is a huge "escape hatch" for me. In that, if a website has an RSS feed, then any RSS reader can read it. Also, it will enable iTunes to fetch podcasts which also use RSS. I don't think there was ever an RSS reader for OpenStep, but if there were, it would work.
Of course, what is the problem? TLS... Whether its expired or Certificate Authorities or old TLS versions, many websites have just opted to only support new standards and not fall back to HTTP when it all falls down (which makes no sense in my mind because TheVerge is not a fucking banking website, but I digress). So I wanted to make a super simple RSS proxy that I can run as a Cloudflare worker for free to rewrite all the URLs in an RSS feed to use the proxy... and I have an alpha available now. It works for RSS and Atom and actually also has a basic HTML proxy.
I don't have much documentation yet, and I don't want to post the endpoint for the proxy online for fear of being DDoS'ed by AI shit. But I will post the GitHub repo in case you want to fork it and get it running in your own cloudflare account (no domain needed, cloud flare will give you a URL you can access for your worker). Also, if you DM me here, I will send you the endpoint and an API key to use it. I have also attached some screenshots.
https://github.com/jeffreybergier/insecure-xml-proxy/blob/main/src/proxy.js
Also, I am not a javascript or node developer so please do not judge my code too harshly. But I am open to constructive criticism. So if you know I made a major mistake, please let me know and I will try to improve.
In the screenshots, These are all in Safari in 10.2 Jaguar. You can see in Proxy1.png that normally when you load daringfireball.net, you get the TLS failure error. Then Proxy2.png shows the small UI I have for my proxy to generate a URL to proxy Daring Fireball. Then Proxy3.png shows Daring Fireball loading in Safari via the proxy. Note that, loading heavy websites like MacRumors and TheVerge through the proxy works on my modern device but in this old version of Safari, they loaded after like 60 seconds of beachball and almost none of the CSS is understood... so your mileage will vary (a lot
)
Of course, what is the problem? TLS... Whether its expired or Certificate Authorities or old TLS versions, many websites have just opted to only support new standards and not fall back to HTTP when it all falls down (which makes no sense in my mind because TheVerge is not a fucking banking website, but I digress). So I wanted to make a super simple RSS proxy that I can run as a Cloudflare worker for free to rewrite all the URLs in an RSS feed to use the proxy... and I have an alpha available now. It works for RSS and Atom and actually also has a basic HTML proxy.
I don't have much documentation yet, and I don't want to post the endpoint for the proxy online for fear of being DDoS'ed by AI shit. But I will post the GitHub repo in case you want to fork it and get it running in your own cloudflare account (no domain needed, cloud flare will give you a URL you can access for your worker). Also, if you DM me here, I will send you the endpoint and an API key to use it. I have also attached some screenshots.
https://github.com/jeffreybergier/insecure-xml-proxy/blob/main/src/proxy.js
Also, I am not a javascript or node developer so please do not judge my code too harshly. But I am open to constructive criticism. So if you know I made a major mistake, please let me know and I will try to improve.
In the screenshots, These are all in Safari in 10.2 Jaguar. You can see in Proxy1.png that normally when you load daringfireball.net, you get the TLS failure error. Then Proxy2.png shows the small UI I have for my proxy to generate a URL to proxy Daring Fireball. Then Proxy3.png shows Daring Fireball loading in Safari via the proxy. Note that, loading heavy websites like MacRumors and TheVerge through the proxy works on my modern device but in this old version of Safari, they loaded after like 60 seconds of beachball and almost none of the CSS is understood... so your mileage will vary (a lot
) #66
Virtualization / Re: Starter Kit for OPENSTEP 4...
Last post by Rhetorica - Jan 09, 2026, 12:52 AMQuote from: ptek on Jan 08, 2026, 11:33 PMRhetorica, Did you compile your version of mkisofs on NS or OS?I just used existing binaries; there are copies here: http://index.nextcommunity.net/archive/peak/apps/utils/cdrom/
They are NS3.3 friendly. (Still working on unbreaking my OS4.2 dev setup after the "Let's install WebObjects 3.5!" debacle...)
#67
Virtualization / Re: Starter Kit for OPENSTEP 4...
Last post by ptek - Jan 08, 2026, 11:33 PMQuote from: Rhetorica on Jan 02, 2026, 02:12 PMAttached below is the tutorial, and linked above is the actual CD image. It's in Rock Ridge format, built with a NeXT version of mkisofs, and hence has all the niceties that you wouldn't expect from a modern ISO, like a directory icon.The tutorial is written to be accessible for NeXT newbies but contains useful information that even veterans will appreciate, and may be of some use when setting up any NeXT machine, even real hardware, as it includes steps like updating the timezone info and configuring networking.
The tutorial is written to be accessible for NeXT newbies but contains useful information that even veterans will appreciate, and may be of some use when setting up any NeXT machine, even real hardware, as it includes steps like updating the timezone info and configuring networking.Rhetorica, Did you compile your version of mkisofs on NS or OS?
#68
Software / Re: Poll: Class on Getting Sta...
Last post by jeffburg - Jan 08, 2026, 05:50 AM@SachaTholl that would be a really cool project! The thing with that, is all the complexity is the core of the app. So if you know how to do those calculations in any other language such as python or whatever, then we could do it. But actually doing calculations like that would be beyond the scope of anything I can help with.
And depending on how precise the Math needs to be we may run into issues with the C Standard library that comes with OpenStep as its pretty basic.
But once you do have the calculations working in C, it would be super easy to build a UI on top of it that moves little pictures of satellites or whatever around on a map.
And depending on how precise the Math needs to be we may run into issues with the C Standard library that comes with OpenStep as its pretty basic.
But once you do have the calculations working in C, it would be super easy to build a UI on top of it that moves little pictures of satellites or whatever around on a map.
#69
Software / Re: Poll: Class on Getting Sta...
Last post by SachaTholl - Jan 07, 2026, 11:38 PMHi, I am too, very interrested in making apps on OpenStep. I considered myself doing a very simple satellite pass propagator, that calculates when the ISS (or any amateur radio satellite would fly over your location), something like "predict" for OpenStep
Greetings from Luxembourg, Eu,
Sacha
Greetings from Luxembourg, Eu,
Sacha
#70
Virtualization / Re: Starter Kit for OPENSTEP 4...
Last post by jeffburg - Jan 07, 2026, 04:42 AM@Rhetorica thanks for posting this. I will cross-post my 1 year old post from the forum that shall not be mentioned
QuoteHey, for anyone using VirtualBox to run their OpenStep/NextStep/Rhapsody VM, I updated the VBoxVideo driver to support widescreen resolutions. So if you are running it a modern monitor or laptop, these new resolutions should make it a closer fit for the screen.
I tested all the resolutions in the list (bold are widescreen):
"Height:1080 Width:1920 Refresh: 60Hz ColorSpace: RGB:888/32";
"Height:1050 Width:1680 Refresh: 60Hz ColorSpace: RGB:888/32";
"Height: 900 Width:1440 Refresh: 60Hz ColorSpace: RGB:888/32";
"Height: 800 Width:1280 Refresh: 60Hz ColorSpace: RGB:888/32";
"Height: 768 Width:1366 Refresh: 60Hz ColorSpace: RGB:888/32";
"Height:1200 Width:1600 Refresh: 60Hz ColorSpace: RGB:888/32";
"Height:1024 Width:1280 Refresh: 60Hz ColorSpace: RGB:888/32";
"Height: 864 Width:1152 Refresh: 60Hz ColorSpace: RGB:888/32";
"Height: 768 Width:1024 Refresh: 60Hz ColorSpace: RGB:888/32";
"Height: 600 Width: 800 Refresh: 60Hz ColorSpace: RGB:888/32";
"Height: 480 Width: 640 Refresh: 60Hz ColorSpace: RGB:888/32";
"Height: 768 Width:1024 Refresh: 60Hz ColorSpace: RGB:555/16";
"Height: 600 Width: 800 Refresh: 60Hz ColorSpace: RGB:555/16";
"Height: 480 Width: 640 Refresh: 60Hz ColorSpace: RGB:555/16";
I tried to make it run at 1920x1200 but it booted a blue screen. Same with 2560x1440. So I think 1920x1080 is the highest we will get out of the VirtualBox VGA emulation. If you want to try it yourself (and let me know if something goes terribly wrong) then you can find the compiled version here: https://github.com/jeffreybergier/VBoxVideo/blob/mac-resolutions/build/VBoxVideo-1.1.config.tar
I am not sure if the owner of this repo is open to pull requests or even still around for these things, but if they are, I created a PR at this URL: https://github.com/vcarosadev/VBoxVideo/pull/1
-Jeff,
Also, Happy New Year!
) then you can find the compiled version here: