Differences between revisions 8 and 10 (spanning 2 versions)
Revision 8 as of 2018-12-23 15:22:16
Size: 5123
Editor: Morticon
Comment:
Revision 10 as of 2018-12-24 06:28:57
Size: 5627
Editor: Claude
Comment: Detailed Linux setup steps.
Deletions are marked like this. Additions are marked like this.
Line 30: Line 30:
  * When installing nmap, you should tell it not to install npcap, a packet sniffer. It's unnecessary and in theory could be a security risk. Stunnel does not have this issue.
Line 42: Line 43:
  * [[https://sourceforge.net/projects/trebuchet/|Trebuchet Tk]] also supports SSL if you install the tcltls package.   * [[https://sourceforge.net/projects/trebuchet/|Trebuchet Tk]] also supports SSL if you install the tcltls package. It should be available through your package manager, just like Tcl and Tk, which you need to run Trebuchet in the first place. On Mageia, the three packages are called `tcl`, `tk` and `tcltls`; in Debian, it's `tcl-tls` instead. So if you have Ubuntu or Mint, try `sudo apt-get install tcl tk tcl-tls` from the command line.

The encrypted port is at muck.spindizzy.org, port 7073.

The web based client (always encrypted) is available, as is an advanced variant.

Introduction

SpinDizzy will be moving to 100% SSL connections sometime in 2019. This means clients which do not support SSL will either need to be upgraded or a new client used. The web client always uses SSL.

The upgrade is being done because using unencrypted connections means anyone - telecom companies, coffee shops, airports, school, your neighbor, etc - can eavesdrop on what you do or say on SpinDizzy. Essentially, when you are not using an unencrypted connection, everything you type could in theory be seen by anyone. While some people claim not to be bothered by this, most would rather communications remain private. As SpinDizzy has always been on the forefront of privacy and security, this is the next logical step. We've had an SSL port long before most MUCKs supported it.

A lot of thought went into making this decision. It was not going to move forward unless viable workarounds were provided for essentially everyone on the MUCK. With that said, the sections below detail workarounds for your specific platform(s), if your current clients do not support encryption.

Windows

For Windows, the best option is BeipMU. This client is updated very frequently and the developers are extremely responsive. If you have windows 10, it is also available in the Windows Store for free. Just connect to port 7073 and indicate it is encrypted, and you're set.

Trebuchet Tk also supports SSL if you install the tcltls package.

If you feel you are unable to switch to BeipMU or turn on Trebuchet encryption, you can use the Websocket gateway program Morticon wrote. Information is available in +read 8. It basically works like this:

  • Download the ZIP file and extract in C:\spindizzy or similar. URL is not provided here to prevent non-SD downloads.
  • Run spindizzy.bat. The command window must remain up the whole time you are on SpinDizzy. It is safe to minimize the window.

  • Connect your existing muck client to 127.0.0.1 port 7072.
  • Done!

Even if you switch to BeipMU, you may still find the gateway program useful because it can handle bad/flaky connections.

If you really don't want to use the gateway program, you can try https://www.stunnel.org/ or https://nmap.org/ (for the ncat tool which comes with nmap). With either, the configuration works like this:

  • When installing nmap, you should tell it not to install npcap, a packet sniffer. It's unnecessary and in theory could be a security risk. Stunnel does not have this issue.
  • The remote host to connect to is muck.spindizzy.org, port 7073 SSL.
  • The local port should be 7072.
  • Your MUCK client should connect to 127.0.0.1 port 7072.

For ncat in particular, this command should work:

  • ncat -l localhost 7072 --sh-exec "ncat --ssl muck.spindizzy.org 7073"

Linux

Linux has multiple good options:

  • Run BeipMU in WINE
  • Download and manually compile the latest TinyFugue. It may also exist in package format for your distribution. Connect to port 7073 with -x to indicate encryption.

  • Trebuchet Tk also supports SSL if you install the tcltls package. It should be available through your package manager, just like Tcl and Tk, which you need to run Trebuchet in the first place. On Mageia, the three packages are called tcl, tk and tcltls; in Debian, it's tcl-tls instead. So if you have Ubuntu or Mint, try sudo apt-get install tcl tk tcl-tls from the command line.

  • You can also use ncat or stunnel, as detailed in the Windows section. Use your package manager to download it.

MacOS

MacOS users can try Atlantis, though it does not appear to be updated or officially supported any longer.

MacOS users may be able to use Homebrew to install nmap (for ncat) or stunnel and then follow the Windows directions for those tools above.

Android

Android users currently have no known clients in the Play store which directly support SSL. Users are HIGHLY ENCOURAGED to email program authors to add the support. In the meantime, users can either use the web client or a proxy/tunneling program that will tunnel the connection from the existing client.

Android users can also try installing TinTin++ under Termux. (Use the #ssl command instead of #session.)

Some proxy/tunneling apps to allow using your existing client include (use at your own risk):

  • SSLDroid

  • TLS/SSL Tunnel

  • You can install nmap in Termux and use the ncat directions under the Windows section.

  • These will work similar to the Windows stunnel/ncat setup.

If none of these options appeal and you are comfortable installing apps outside of the play store, an older MUCK client that supports encryption can be found at http://downloadapk.net/down_MuClient.html . Please note this app is essentially unsupported and may stop working at any time.

iPhone

More information is needed on this platform.

SSL_Help (last edited 2021-06-25 19:25:30 by Jaxen)