The chip is a Fairchild SL56660, a 5/4 NAND gate. The original design only employed four ICs but in huge quantities: this one, an alternative but slower NAND gate, 1Kx1 bipolar SRAMs (usually the Fairchild 10415FC, about 70,000 of them in the 1976 Los Alamos National Laboratory unit), and the specialized Fairchild SL82747. This chip bears a date code of 14th week 1981 and is based on emitter-coupled logic (ECL), making it very fast for the time but also very power-hungry; CMOS made ECL and MECL obsolete. The later date code can be attributed to the fact this was probably from a board installed for repair purposes.
Saturday, December 25, 2021
Sunday, December 19, 2021
Part of the task of any home server room, vintage or otherwise, is monitoring. After all, you're now your own L1, L2 and L3 support. A camera passively observes the room that can be remotely viewed. The main server can generate alerts if it fails over to a UPS (power outage, blown supply, etc.). If the WAN connection goes down, an SMS gateway can communicate with me by text message and I can query it about the state of the internal network. I use an SMSEagle for that, basically a Raspberry Pi in a cool case with an LTE modem running modified Raspbian (which I naturally have modified further). All of the systems can send it alerts for broadcast via its internal APIs.
That leaves environmental controls. Here in Southern California, winters aren't that cold, so the major need is cooling during summer and fall. The room is cooled by a 12,000 BTU portable air conditioner that vents to an outflow portal on the roof and whose power is controlled by a programmable power strip. The A/C turns itself off and on based on its thermostat but the A/C isn't network enabled, so I need to know what temperature it actually is in the room, and whether the air conditioner is in fact running — ideally something that would assess if there's airflow.
The temperature sensor is a THUM.
Snooping on a mysterious USB device is most easily done with the USB monitoring tools in Wireshark. I installed it on my MacBook Air and, with Wireshark running, would run the closed-source THUM Mac tool, note the temperature and relative humidity the official client reported, and then save the trace. Here's an example.
Humidity was a little harder, as relative humidity depends on temperature to determine how much water vapour the surrounding air can actually carry, and I wasn't able to get a good regression fit. After messing around with the numbers some, it dawned on me I could just go pull the datasheet for the sensor to see if the manufacturer had any coefficients I could plug in. Not only did the datasheet have a nice graph, it actually had formulae for computing a linear relative humidity value from the sensor value, and then to adjust it for the observed temperature. The formula matched the official THUM client's computation perfectly.
Now we have all the steps needed to actually write our own client, so I did, which I'll link to at the end (the same C source file compiles on Mac OS X and Linux). The only other glitch I ran into was that you must fetch the humidity after you fetch the temperature, and you must read both; you can't just fetch one or the other. If you try to do that, the PIC may flip out and even stop responding to you until the box is reset.
As a post-script, the datasheet also contained a formula for the temperature (as well as the valid ranges), but the coefficients didn't quite match my linear regression values. Later on someone at Practical Design Group responded to my E-mail and put up source code and pre-built binaries for the Raspberry Pi. This client seemed slower than my own client on my Raptor Talos II (and there wasn't Mac source code), so I'm sticking with my homebrew version, which is what runs on the G4 server now (which runs OS X Tiger). Interestingly Practical uses the Sensirion formulae for relative humidity, but their coefficients matched mine for computing temperature, so I kept those also.
Now, airflow. I decided an easy approach would be to monitor sound levels, since any audio pickup with its wind screen off will detect air passing by as noise. As an added bonus, if any alarms were going off, dying cooling fans, dying other things (always a possibility with old hardware), etc., the resulting audio disturbance would also be detectable.
The most inexpensive and easy way to get "live" USB-based decibel meters are versions of the GM1356, shown here in operation "monitoring" the air conditioning unit.BAFX 3608) with logging software for Microsoft Windows. Fortunately some enterprising soul had already written a Ruby-based monitor for this device, so I figured it would be a simple matter to convert it to C and have it run on the G4 server too. I patterned off the same code I used to query the HID for the THUM, plugged it into the G5, and ... nothing but errors trying to talk to it. On the possibility this device was uncovering an irregularity with HID support in OS X Tiger, I plugged it into my NetBSD G4 Mac mini. It said there was a problem with the device and disabled the port.
Now wondering if I had a defective unit, I then plugged it into my Linux Raptor Talos II, determined its vendor and ID with lsusb and tried to pull a device report with lsusb -v -d 64bd:74e3. Besides showing an impossible HID polling interval of zero (!), lsusb did faithfully display the USB configuration report but then hung up and timed out with cannot read device status, Resource temporarily unavailable (11). At this point, since they were cheap, I bought a second one. It did the exact same thing.
It turns out this unit is obnoxiously non-compliant with the USB HID standard, just enough to work with Windows, which is its only supported platform. You can't use normal HID queries with it on apparently any operating system (for that matter, Linux libhid doesn't like it either), but if you send raw queries with usb_interrupt_write and usb_interrupt_read you can get something out of it in Linux, at least. I gave up trying to get OS X IOKit to play nice, so after porting the Ruby client to C on the Talos II, I put it on the only Linux system I have running in the vintage server room — the Raspbian SMSEagle. And that's what you see connected to it.
Does this work for monitoring? After all that, yes. I took some measurements and the baseline noise in the server room ranges from 54 to 56dB depending on how warm it is (on warmer days the cooling fans are louder). When the A/C comes on, it runs at full blast and the device picks up the airflow at 60dB+. This is a significant and easily noticed jump, so this benighted piece-of-crap still ends up being more than enough to know if the A/C's actually hauling A.
The next thing I'll add, probably in whatever crumbling shack we're able to afford in this hideous housing market, is power monitoring. While I can control outlets, I can't really determine short of manually grabbing a Kill-O-Watt how much draw is occurring on any given circuit or power strip. It would be nice to know who's sucking the amps other than, of course, the beasts themselves. They get a pass because they're still doing useful work, even if they aren't as sexy or efficient anymore.
Friday, November 26, 2021
Sunday, October 3, 2021
The ANS, however, was a real honest to goodness server with hotswappable drive bays and fans, and (its most notable feature) an award-winning lockable translucent door so you could keep the unwashed masses out of your drives but still watch the blinkenlights. If you bought the bigger model, you even got dual power supplies and additional rear bays.
Also notable about the ANS was that they weren't supposed to run Mac OS, and were never sold with it, not least of which because the classic Mac OS wasn't really up to the task of being a server. Unfortunately, while A/UX supported larger needs on the 68K-based Workgroup Servers that could run it, A/UX 3 couldn't run on Power Macs even under emulation. The plan with A/UX 4 was to use a new PowerPC-native OSF/1-based kernel and possibly to also integrate portions of IBM's AIX operating system, but this plan (along with Taligent and other doomed projects) stalled out with everything else in Apple around that period. For a time Apple even considered using Novell NetWare on PowerPC; the port actually existed, codenamed Wormhole, but its tepid reception eventually led to the release of the weird Workgroup Server 9150 which just ran Mac OS. Eventually, to get to market Apple reached for what was then the only professional-level Un*x running on the new PowerPC architecture, which was AIX itself. Three Apple Network Server models were developed but only two (the "Low End" 500 and "High End" 700) were released; the 3U rack 300 "Deep Dish" remained solely a prototype, which I'd still love to acquire if its current owner ever gets tired of it. Oddly, even though they were only ever sold as AIX machines, they were initially demonstrated running a custom version of MacOS which was never released with them (I'd love to see this release myself), further confusing potential customers who already didn't want to buy Workgroup Servers. Introduced in 1996 at a retail cost starting north of US$10,000, which didn't even include the AIX license, they were very poor sellers and the line was canned by Gil Amelio around a year later.
I got my ANS 500 barely used for the cost of some consulting work after Apple stopped supporting it; you can see some scanned Polaroids of when it was in production way back in 1998. Later, I acquired an ANS 700 which I use as a spare and was briefly in service while I diagnosed a hardware issue with the 500. More recently, however, I managed to land a Shiner HE prototype dated 1995 from a scrapper in San Rafael, California. That is the unit depicted in these pictures.
The codename "Shiner" is a brand of beer named for its town of manufacture in Texas, and was reportedly the favourite adult beverage of the 1990s Server Group Division based out of Apple's Austin offices, thus lending its name to the product. Although all of the boards within this machine are marked as EVT (engineering validation test) prototypes, they are very similar to production hardware save the labelling, and the machine itself is labelled with the
unknown acronym "ESB." [drudru on lobste.rs suggests, keeping with the beer theme, that this might mean Extra Special Bitter. That makes sense!]
Appropriately, Apple Network Servers remained a significant portion of apple.com even after their commercial exit; reportedly some units were still in operation as late as 2005, well into the Xserve era and almost up to the Intel transition. However, this machine — unimaginatively named shiner — had a different path, where at its place of residence it seemed to function as a test server. The disk it came with was partially recoverable and we'll look at some goodies in a moment. Unfortunately, at some point after decommissioning it was improperly stored in a high moisture environment with the lithium PRAM battery still installed. Never do this with old Macs: the battery exploded and leaked all over the board, and when I acquired the unit it was no longer working. The door keys were also missing which required me to force the lock to get into the front bays. Despite the damage and the rough handling it's endured, the board markings and residual history nevertheless make it an interesting show-and-tell piece, so I present it here.
After the pictures we'll talk about what was on the hard disk ...
There are two missing trays in the front. One was the hard disk it came with that I removed for safe storage, but the other came to me empty, and was probably part of the rootvg which we'll talk about later.
So, the hard disk.
The bad news is that this disk seems to be only part of a larger JFS rootvg (in AIX parlance, this refers to the collection of logical hard disks that compose the default volume group), and attempting to bring it up as a standalone volume just caused a lot of errors. I suspect the missing tray contained the other disk (and, irritatingly, /). However, although Apple sold a RAID option for the ANS, this remaining disk didn't appear to be a member of an RAID array and I was able to get a sensible image of it with dd. Its hostname? shiner.mcom.com.
Yup. This ANS was at Mosaic Communications Corporation, though by this time it would have been fully converted to Netscape Communications Corporation.
strings, grep and less will get you a long way with digital archaeology on unencrypted drives. I found lots of old and new files, but overall after piecing them together the machine's primary task was running Netscape Collabra Server v3.01 21301. This was one of the all-singing-all-dancing enterprise server solutions then in vogue and was roughly contemporary with Netscape Navigator 3.0. These screenshots were extracted from its installation instruction document.to take over Netscape instead of the other way around. LDAP, NNTP and HTTP strings are present along with symbols that anyone familiar with Mozilla source code will recognize as old-school NSPR and NSS. I found part of what appears to be its configuration file:
drd970801 sounds like a developer release path. This header appears on most of the control panel files:
* PROPRIETARY SOURCE CODE OF NETSCAPE COMMUNICATIONS CORPORATION
* Copyright (c) 1997 Netscape Communications Corporation. All Rights Reserved.
* Use of this Source Code is subject to the terms of the applicable license
* agreement from Netscape Communications Corporation
* author: firstname.lastname@example.org
This guy wrote a lot of stuff, too.
The presence of LDAP and HTTP support notwithstanding, the scattered log fragments present on the machine suggest it was mostly doing NNTP (newsgroup) duty. For example, here's the administrator logging in via the web interface:
genesis.mcom.com - - [01/Aug/1997:14:29:12 -0500] "GET / HTTP/1.0" 401 223
genesis.mcom.com - nsadmin [01/Aug/1997:14:30:48 -0500] "GET /news-shiner-119/bin/pcontrol HTTP/1.0" 200 1341
genesis.mcom.com - nsadmin [01/Aug/1997:16:07:23 -0500] "GET /news-shiner-119/bin/index HTTP/1.0" 200 343
genesis.mcom.com, by the way, turns up in this Oracle discussion (allowed is not! is planet forbidden!).
And here's somebody from loaner.mcom.com posting and reading:
4 [97/08/01 16:07.20] nnrpd(0.13570):loaner.mcom.com post ok <email@example.com>
4 [97/08/01 16:07.20] nnrpd(0.13570):loaner.mcom.com post ok <firstname.lastname@example.org>
4 [97/08/01 16:07.20] nnrpd(0.13570):loaner.mcom.com exit articles 0 groups 0
4 [97/08/01 16:07.20] nnrpd(0.13570):loaner.mcom.com posts received 55 rejected 0
4 [97/08/01 16:07.20] nnrpd(0.13570):loaner.mcom.com posts received 55 rups 0
4 [97/08/01 16:07.20] nnrpd(0.13570):loaner.mcom.com times user 569.800 system 302.310 elapsed 4535.986
In fact, a generated report of the Top 10 Hosts by Number of Articles Posted only shows loaner.mcom.com. There's a reason for this we'll discuss in a moment.
As you would expect for a machine generally occupied as a news spool, various copies at various stages of the newsgroup active file are present. They include the default (example?) groups, like acl, control, junk, test and virtual (shown here in the administration interface),
mcom.url 0000000000 0000000001 y
mcom.url.bad 0000000000 0000000001 y
mcom.url.bad.bad 0000000000 0000000001 y
mcom.url.bad.bad.bad 0000000000 0000000001 y
mcom.users 0000000000 0000000001 y
mcom.users.clue-impaired 0000000000 0000000001 y
mcom.white-trash 0000000000 0000000001 y
mcom.wreck 0000000000 0000000001 y
mcom.wreck.motorcycles 0000000000 0000000001 y
and most famously
mcom.bad-attitude 0000000000 0000000001 y
as subpoenaed by Microsoft in 1998, though sadly, as the numbers imply, no articles from any of these groups are actually present on the drive. Instead, what is present is a lot of test material. Rich Salz's 1991 post "Seeking beta-testers for a new NNTP transfer system" <email@example.com> exists as a test file for INN; the real on-spool posts on the disk have headers like this:
Subject: AutoPost: shiner:119 18491-2-5
Date: 1 Aug 1997 19:54:26 GMT
Organization: Another Netscape Collabra Server User
Content-Type: multipart/mixed; boundary="------------36A62DDA30E4"
X-Mailer: Mozilla 2.01 (X11; I; IRIX 5.3 IP22)
Xref: shiner.mcom.com kstress:34 pstress:34
This is a multi-part message in MIME format.
Content-Disposition: inline; filename="UsenetPast.jpg"
The posting agent is actually Netscape 2, which is interesting, from an IP22 Silicon Graphics machine (probably an SGI Indy: I was using an Indy myself in 1996 when I did an independent study block at the Salk Institute). Parenthetically, a fun hostname dredd.netscape.com turned up in a few places looking through the news spool, which seems to be the same system as dredd.mcom.com.
These newsgroups (kstress and pstress) appear to be strictly local. In fact, their very name alone indicates they were solely there for testing purposes. All the other articles on the machine are just big binary base64 blob posts, made by an mewing. There is an LDAP entry for this person (here represented in LDIF).
uniquemember: cn=Mike Ewing
uniquemember: cn=splat poster
(They don't appear to be the system administrator, though. Here's that person's LDAP entry; no other users were obvious.)
creatorsname: cn=Directory Manager
uniquemember: cn=splat poster
uniquemember: cn=Gena Cunnanan
mewing also appears in logs,
4 [97/08/09 04:01.02] news.daily:sending a copy of the daily report by email to firstname.lastname@example.org
and the Collabra junk group on this machine is actually called Mike's Junk. Assuming this isn't an oblique anatomical reference (there are a lot of binaries, after all), this person appears to have been the machine's primary user, and I thus conclude the machine's primary purpose — at least at that time — was as a test spool for the news server functionality of Collabra that this person was working on.
And that brings me to the most important question I wanted to answer: how long was this machine actually in service? The timestamps from the LDAP-LDIF entries are the earliest unambiguous dates I can find on the machine (April 4, 1997), and the most recent log entry I can find in the image is this one from September 4, 1997:
4 [97/09/04 12:46.32] indexsend: stop Thu Sep 4 12:46:32 1997
A solitary 1998 timestamp 29/Mar/1998:4:36:53 -0800 appears as an example in a help document, but that document has a 1997 copyright date, so it could just be illustrative.
That said, it's entirely possible and even probable that still more recent log entries were present on the other, missing drive. The machine had to be at Netscape through at least 1999 in order to pick up an America Online asset tag; AOL hadn't even announced it was acquiring Netscape until November 24, 1998, and the deal wasn't complete until March 17 the following year (for US$10 billion — in 2021 dollars, US$16.42b). Likewise, it wouldn't make sense for Netscape to pick up the machine as a beta test and then not do anything with it for nearly a year, unless it was a later used purchase (but that doesn't make sense either because in 1997 they would probably have just bought a production machine). It thus may have been paved over at some point, or alternatively it wasn't initially running Collabra.
After all that, and with the incomplete information at hand, best guess says this machine was at Netscape/Mosaic from 1995 or so to about 1999 where it performed at least a solidly documented several months of test work. That's not a bad run for an old beast that by then was no longer being supported by Apple at all.
Are you Mike Ewing or Gena Cunnanan, formerly of Netscape? Did I miss anything? Please post in the comments if you have any light to shed. Meanwhile, you can see some more pictures of the prototype, or just read more about the ANS, the best server Apple ever disowned.
Tuesday, September 21, 2021
Well, I'm pleased to announce that Marcio himself did get in touch (he's got a lot of fun Palm and retro projects still underway, incidentally) and graciously consented to relicense Plua2c, the "cross-compiler" portion, under the same MIT license as Lua itself. You can now download the source code from Github, which I'll keep maintained.
As for Plua-the-Palm-app and its various components, I will still be hosting the .prcs on Plua Revisited indefinitely, and Marcio and I have been discussing how we can add some improvements such as expanded screen size support and the like. This means Plua has a future again, and I couldn't be happier. Thanks, Marcio!
Thursday, September 16, 2021
Thursday, September 9, 2021
No, that's not a joke. The KIMplement runs real KIM-1 code using a software 6502 core I've christened "6o6" (6502-on-6502). 6o6 implements protected memory, exception handling and all legal NMOS instructions. In addition, the KIMplement not only emulates those famous six seven-segment LEDs and the hex keypad, but also is one of the few KIM-1 emulators that emulates a TTY connection (an old-school ASR-33) and a KIM-4 expander with 16K of RAM, allowing you to run "big programs" too.
MOS expected this would be a low-volume item mostly of interest to circuit designers. Instead, hobbyists bought them in large numbers because it was easily the least expensive microcomputer you could purchase at the time. With a KIM-1 at its center, you could have a full system with teletype, power supply and cassette storage for around $500. No other system came close to competing on cost. When Commodore Business Machines bought the ailing MOS in 1977, they wisely kept producing the KIM-1 until 1979 even after the introduction of the PET. Several clone systems exist, most notably including the Synertek VIM-1/SYM-1, as well as one unusual clone I'll talk about in a moment. I am the proud owner of four KIMs (including an original pre-Commodore KIM-1) and they all work.
I don't know if KIMplement's CPU core could be truly considered "virtualizing" the 6502, but it's more than just a naïve emulation. Rather than manually setting results and flags, the core looks at the guest instruction and runs the same instruction (or a safe variant) in the core context so that all the side effects, in particular changes to the status register, occur "for free." There is no way that a Commodore 64 at 1.0225MHz (or, worse, 0.978MHz for PAL) can do full-speed emulation of a KIM-1 running at 1MHz, but because there is much less code running per instruction, I think this scheme is probably near the fastest way a 6502 can run "untrusted" 6502 code. In practice it is about 35-50 times slower than native code, and this upsets programs that use tight timing or cycle counts, but it's still absolutely enough to actually "do things."
What sorts of things? Besides a couple LED-based games (originally Jim Butterfield's version of Lunar Lander, and I also added the misère game variant Black Match) and toy applications, you can run Tom Pittman's Tiny BASIC in the TTY, and with the bug fixes in 0.2b now you can successfully run FOCAL-65:
For this version of the emulator (0.2b), I finally finished some performance improvements to the CPU core that had been gestating in my mind for literally years -- the last version of the KIMplement was released in 2006! -- and also fixed a problem with the TTY emulation where typing characters could get out of sync under CPU load. It can still drop keystrokes if you overflow the Kernal keyboard buffer, but it's a lot smoother generally. I also worked around a bug in VICE where, if you try to load files from a directory on the host machine, the RENAME-the-file-to-itself test used to check for the file's presence doesn't work (a real 1541 would respond with error 63 FILE EXISTS but VICE says 0 OK).
The other bug I fixed was caused by the CPU core, but can't be fixed in it. The 6502 has a decimal flag which can be set in the status register and causes add and subtract instructions to operate in binary coded decimal (e.g., $90 - $01 normally is $8F, but in BCD mode it's $89). Famously, or perhaps infamously, the Commodore 64 Kernal IRQ doesn't turn off the decimal flag, and there is at least one SBC in the normal execution path. Because 6o6 executes instructions for their side effects, if a program had previously set the decimal flag (and this is not at all uncommon in KIM-1 code) it needs to be on for those math operations. The usual solution is to turn on the interrupt flag first with SEI to suppress IRQs while decimal mode is on, but the normal state of guest code is to have the interrupt flag clear because the KIM-1 doesn't have this problem. If an IRQ hits right that moment, the IRQ will be executed with the decimal flag on, and possible unexpected behaviour could result.
This is an extremely infrequent occurrence, but in a long-running system "infrequent" is a synonym for "inevitable." This can't be efficiently solved in the core because there is no atomic method for controlling two flags at once. A better solution is very simple: we just make a patched IRQ that clears the decimal flag explicitly, and calls the normal Kernal IRQ. I did the same for NMIs as a belt-and-suspenders approach.
The eventual goal is to open-source the KIMplement, and in particular 6o6, but I want to have another demonstration application for 6o6 as well before I do. A small multitasking general-purpose kernel sounds like an ideal way to show off how it works.
In the future, and hopefully that future isn't in another 15 years, I want to add actual cassette support (right now you just dump memory to and from disk) and maybe support for one of the hi-res video boards like the Visable. It may also be worth trying to port the KIMplement to a faster 6502-based system like the Commodore Plus/4 or the Commodore 128 in 80-column mode, or maybe even the Apple IIgs, though all of these would need a solution for the sprites I currently use for the LEDs. (Okay, you Atari freaks, I know, I know.) The KIM-1 is a great little machine and surprisingly capable. The fact all of mine have survived over four decades proves they don't make them like they used to.
Monday, August 30, 2021
Monday, August 23, 2021
Another aspect of the +4 that was mercilessly derided was the 3-Plus-1 pack-in software. Based on an integrated suite called Trilogy by Pacific Tri-Micro, it included a word processor, database and spreadsheet; the fact they were intended to be basic applications did not prevent critical displeasure. Popular Computing Weekly pointed out how small the working space was and their limited features, and InfoWorld complained that "[t]he word processor is the worst I've ever seen," but The Transactor's editor Richard Evers was particularly barbed, famously observing that "[t]he word processor is barely that, the data base [sic] defiles the name and the spreadsheet has little spread." But while this quote got wide currency, the rest of the article is actually far more complimentary, adding, "Each package is well written, taking into consideration the limitation of trying to make them all work within the confines of each other. Running two packages in tandem is possible with this system ... think of the software as an almost free bonus, and accept its limitations."
Something else that worked was this Plus/4 that I dredged out of storage to test. While checking the contents, I found it had this letter in the box which I don't even remember noticing before:
There is no mention of any peripherals being included, and no Commodore could directly connect to a standard cassette deck for storage. Furthermore, it is likely the Plus/4 was selected solely because they got donated stock that didn't sell. Still, here was a computer that was cheap enough to just give somebody and connect up to their television. You pressed a key and almost instantaneously you got a word processor, a spreadsheet and a database that came built-in. You could type letters, do a household budget and maintain an address book. If you picked up a 1541 disk drive, which by then was selling for under $200, you could save files. If you picked up any of the cheap Commodore 1525-compatible printers on the market, you could print letters. If you cared to crack out the manual, you could learn to write your own programs.
For this person in western Oregon, this Plus/4, as idiosyncratic and artificially limited as it was, may have been their gateway to computer literacy — and at that time it very likely was all the computer they actually needed.
Thursday, August 19, 2021
The classic Palm OS (also known as Garnet in its final revisions), not to be confused with Palm's later and technologically unrelated webOS, actually feels a lot like classic MacOS. (The "Classic" mode in webOS 1.x for running Garnet apps doesn't seem like a coincidence to me, either.) Besides the common original architecture (68K), the heavy reliance on structured resources for both applications and data storage is very reminiscent of the Mac. When ARM-based Palm OS 5 devices emerged, not only was there a 68K emulator like the Power Mac's for running older software (called PACE, the Palm Application Compatibility Environment), but the normal state of the system was to be running 68K code.
I got a lot of wear out of pre-programmed Palm apps but I'm a nerd at heart, and I like to program things. The PC-4 was easy: it was BASIC, and it had 10 segmented program spaces, so I wrote simple games and tools for school classes. The 95LX ran DOS programs, and would happily run anything I wrote in Turbo Pascal 5.5 (though optimally if formatted for the smaller screen first). However, Palm development was primarily proprietary at the time, officially requiring CodeWarrior with specific Palm support and the appropriate hardware. I used Macs (at the time, a hand-me-down Power Mac 7300), so the hardware was no problem, but I was a starving student back then and CodeWarrior wasn't cheap.
So late in 2001 it was a real boon to discover a beta Palm OS 3.1 port of the Lua programming language to Palm OS, written by Marcio Migueletto de Andrade. The part I liked best (well, other than the fact it was free!) was it was fully self-hosted, with what today we would recognize as a simple IDE, such that you could develop right on the device. In those days Plua was based on Lua 4 and offered easy graphics, serial and UI support, so I used it for writing my own internal calculation apps which (thanks to an external separate runtime, the Palm's ubiquitous IR beaming, and everyone having a Palm device) everyone on the clinical team ended up using. Eventually Plua evolved into a full-fledged 1.0 release in 2003 instead of a time-limited beta.
Plua also included a small "cross-compiler" (really, a bytecode dumper) based on luac, though with additional code to link resources as well as emit a stub PRC header to call the runtime. This allowed you to develop on a desktop PC and build the PRC there, and then HotSync it over. More about that in a moment.
Plua was already pretty great by then, but what really moved it forward was support for TCP networking in Plua 1.1. Unfortunately, networking in Plua 1.1 had several significant bugs and Marcio was already working on Plua 2.0, which was based on Lua 5, so these weren't fixed. (One of my early apps that got bitten by this was Port-A-Goph, a gopher client for Palm OS. I got a mention in Wired and the code really did exist, but the socket bugs were difficult to work around. I probably have the source code around here somewhere.) Plua 2.0 also required Palm OS 3.5 and wasn't source compatible with Plua 1.1; the functions were similar, and many function calls could be rectified with text search-and-replace, but it still had some important differences plus the jump in the core language as well. For me personally it took awhile to convert over, but Plua 2.0 was a definite improvement and the bugfixes made it a very solid package.
At the time I was an active participant in the Yahoo! Group for Plua (now gone, along with the rest of Yahoo! Groups), which was the only official place to get Plua 2. Marcio issued an analogous "cross-compiler" for Plua 2 called, analogously, plua2c, using 5.0.3's luac as the base. However, Plua was freeware but (Lua 5 is MIT-licensed) not open source, and the plua2c binaries — which, unlike Plua 1.0 and 1.1, were distributed separately — were only available for Windows and x86 Linux.
During the Plua 2.0 betas in 2006, I privately asked Marcio if I could build a PowerPC Mac OS X-compatible version of plua2c. He agreed to this with the condition that the source be kept private (I suspect, but do not know, that he had some interest in making it a commercial product or having a commercial support option). I agreed and over the next couple years ended up issuing four binary-only releases of the Mac OS X plua2c which I hosted on Floodgap. However, after Plua 2.0 left beta around 2008, although Marcio indicated he had interest in starting on a 2.1 based on Lua 5.1, I don't know if he ever actually did; the introduction of webOS in 2009 and the lack of interest in Palm OS Cobalt or further Garnet devices essentially ended classic Palm OS's market relevance in any case. I lost contact with Marcio and never received further replies from him regarding Plua or plua2c.
Still, I kept using it for various minor projects even if I didn't regularly keep a Palm in my pocket anymore. I eventually gave up on Port-A-Goph and started on a Plua 2 rewrite (the screenshot above), and turned my Zire 72 into a Plua-powered Hue light controller:
When I recently decided to continue work using my Raptor Talos II, which is a 64-bit POWER9, I decided I would dust off the source code of plua2c still sitting in my G5 and develop on the new machine. plua2c compiled and appeared to function but ended up generating defective executables that weren't compatible with the Plua runtime (Plua2RT). They were dramatically bloated in size and caused the runtime to emit a low-level VM error.
Recall that plua2c is descended from luac, which more or less just dumps the Lua data structures in place. Lua's documentation says that "[t]he binary files created by luac are portable to all architectures with the same word size." To this end, luac 5.0.3 actually emits sizeof(int), sizeof(size_t) and sizeof(Instruction) (i.e., the typedef quantity for the size of individual bytecode instructions) into the bytecode header which should make an amphibious loader capable of selecting different bit widths, but Plua2RT doesn't swing both ways, at least not in that respect. To make the Plua VM happy, I had to force all of these to be 32 bits in size and change the emitter to only emit 4-byte int and size_t quantities.
This partially fixed the size, but it was still abnormally enlarged, suggesting 8-byte quantities were still being injected into the file somewhere else. After some detective work I found it was actually coming from plua2c's PDB header struct, so I hardcoded the correctly sized types in its typedefs, and the length matched up and the Plua VM could now execute the generated PRC. plua2c was now ported to 64-bit OpenPOWER.
You'll notice I said the length matched what my Power Macs emitted, but not the file itself. Besides a timestamp, the Lua bytecode is emitted using the native system's endianness, and the dump also has an endianness flag to indicate what that was. Interestingly, this is one situation in which the Plua VM does swing both ways: although the native endianness of the 68K Palm OS is big, and Plua was never ARM-native (which for Palm OS 5 is little, and PACE handles the endianness switch as part of thunking), it transparently converts the values just fine, just like Lua would. The docs even say, "binary files created on a 32-bit platform (such as Intel) can be read without change in another 32-bit platform (such as Sparc [sic]), even if the byte order ('endianness') is different." In fact, it has to, because Marcio's builds of plua2c were for little-endian 32-bit x86. Only my PowerPC Mac OS X builds actually emitted big-endian data, since that was the native endianness there. My POWER9 system runs Fedora in little-endian, so the endianness didn't match the Power Macs, but that was no problem for Plua.
I intend to honour my gentleman's agreement with Marcio about not disclosing the source code. Even if he's unable or unwilling to discuss changing the arrangement, a deal is a deal and I would want this to be a sign to anyone else who would share code with me for porting purposes that I keep my promises even a decade and a half after the fact. Still, I think Plua is a great way for retrocomputing enthusiasts to get back into Palm development. Yes, there are tools like OnboardC which compile on the Palm as well, and some but not all of the C cross-compiler infrastructure works on modern 64-bit systems, but Plua is a lot more straightforward for beginners and has tons of built-in functionality that would require external libraries or a lot of additional code with other development systems. The use of a separate runtime is a little obnoxious but hardly a dealbreaker for me personally.
So, in the spirit of our original arrangement to issue PowerPC Mac OS X binaries, I have compiled plua2c for modern 64-bit platforms, at least the ones I have a compiler or cross-compiler for. Besides the 32-bit PowerPC OS X version, which I still offer, and the 64-bit OpenPOWER ppc64le Linux binary I personally use, I also compiled it for Intel macOS 10.14+ with clang and 64-bit Intel Windows with a cross-compiling MinGW gcc. I'm willing to consider other platforms if I can easily set up compilation without a lot of additional work or disk space.
But these aren't much good without Plua itself, so I've additionally started hosting the Palm OS package on Floodgap with the runtime, onboard IDE and online help, along with Marcio's documentation and license terms. I also had a complete copy of the Plua 2 examples, so I've provided those, like the animated fishtank you saw on the introductory image. And, because building them from scratch needs the PILot Resource Compiler, I also made a minor 64-bit fix to its bitmap handling for modern systems too (it's GPL, so for that you get the full source code). Fortunately, pilot-link is still readily available for most modern platforms to sync your binaries over to the device.
It is my hope that one of two things will happen: Marcio will get in touch and bless an open-source release, or, with this tool, someone(tm) can work on a clean-room implementation of the runtime and maybe fix a few of the issues like memory usage and custom screen sizes. Sadly, that someone(tm) can't be me, because I've obviously seen the source code and know at least some of how it's implemented and that makes me a tainted implementor. But combined with the source for Lua 5.0.3 — and none of what I've divulged here can't be inferred from it — folks should be able to tease apart how the VM is constructed and how calls get to the OS, because except for the Palm-specific bits the VM core is still regular old Lua. Which is why, by the way, Plua was so great and is worth resurrecting. Maybe we could even get later releases of Lua 5 working. Who knows?
Even if we don't get either of those outcomes, at least now folks interested in Palm OS have another solid homebrew development option available once again. I got a lot of wear out of Plua and Marcio's hard work is why. I don't think he ever made a cent off it, but even with its minor warts it's still my favourite way to program the classic Palm OS. Now you can enjoy it too.
The binaries, documentation and examples are at Floodgap. As for the gopher client you saw? Well, that's a future post. But when I push that out, you can compile it yourself.
Tuesday, August 17, 2021
Monday, August 2, 2021
But for however original their early designs were, in 2005 General Dynamics bought them out, merged them with their other acquisition Itronix and triggered the end of the RISCy business. General Dynamics wasn't in the retail market; they sold to the military and other large institutional customers, and those folks wanted thin clients. All the rage then was Sun Ray, launched by Sun in 1997 and killed, like many things, by Larry "The Terrible" Ellison's Snoracle in 2014.
Sun Ray clients are simply networked display devices that connect to a server using ALP, or Appliance Link Protocol. Properly configured, a user could go from terminal to terminal and have their session follow them from client to client with no interruption (with a smart card, they wouldn't even need to type their login and password). The user has no local storage access; everything is centrally administered, including their desktop and the apps they run. Naturally Sun Ray Servers were originally Solaris-based, but there was a later binary available for Linux, and the Java open-source kOpenRay (which yours truly maintains) implements portions of the protocol. Using the Sun Ray Server as a gateway, connection to "conventional" Windows Terminal Server sessions via RDP was also possible.
The clients themselves came in several distinct generations. The first generation ("Sun Ray 1") were based on the MicroSPARC IIep, first discretely, and then as a custom SoC; the second generation were MIPS, more specifically the orphaned Alchemy microarchitecture which we'll talk about in a future post, and the third generation at least initially continued with the same. However, since the firmware was CPU-agnostic (in fact, later there was even a software client you could run as a Windows application), there was nothing particular about the protocol or the implementation that irreversibly tied Sun Ray to any one specific architecture.
That brings us back to the zombified Tadpole under General Dynamics (I'll call it "GD-Tadpole"). The MIPS Sun Rays were very power-efficient (again, a topic for a future post when we look at the Accutech Gobi systems) and performed well in laptops and even several Sun Ray tablets, but the chips weren't available in volume and didn't have the economies of scale of low-end PC laptops. So GD-Tadpole chose ... a low-end PC laptop, specifically the Taiwanese Compal FT01, fitted it with Sun Ray software and a custom BIOS, and released that as the Tadpole M1400 in 2008. And here are two, one so new the sticky protective plastic cover picked up hairs:can boot a conventional operating system. Not so the laptops: Sun Ray or bust.
The FT01 wasn't a terribly flash laptop even for the time, but it didn't have to be. The M1400 variant has 512MB of RAM (one SO-DIMM with two sockets) and a Socket P receptacle with a 1.86GHz Intel Celeron 540. We can confirm that by carefully cutting the warranty stickers on the "new" 1400:
Also notice that there is no obvious main storage; the SATA hard drive bay is empty. That's because it's actually in the optical drive slot where the smart card reader is, using a carrier tray that is the system's only custom GD-Tadpole component. It is an otherwise off-the-shelf 256MB Transcend 40-pin IDE flash module which connects to the optical drive's PATA and power port using a bespoke passive interposer board. The smart card reader connects internally with its own data cable and draws power from the drive connection using the flash module's interposer. Like all such optical drive trays of the era it is easily extracted once the data cable is disconnected by removing the retaining screw and gently pulling it out. We will take advantage of this later.
The earliest version I have came with the "unbadged" laptop. This version of the firmware flashes a plain cyan screen if the discovered boot device and operating system pass muster and then starts the client. If installed in the "badged" laptop it will flash the same cyan "happy" screen, but then the screen blacks out and it doesn't get any further. As the hardware is the same I can only conclude there is a difference in the BIOS between these two units.
Once loaded it starts up directly in the typical Sun Ray On-Screen Display "OSD" client window of the time, with its MAC address as its ID and various icons and progress codes as it obtains a DHCP address and then tries to connect to its configured server.Links!
This is actually the only mass-produced device I've seen that comes with Links from the manufacturer as the browser of choice. It's certainly very quick and small and I delight in its quirkiness, but there were more mainstream choices available in 2008 — including one we'll examine in a moment — so I'm not sure what went into the decision.
The third version of the firmware I've encountered was courtesy David Parkinson, who was one of the early explorers of this system and discovered it could be booted over SATA if the IDE flash module tray was ejected. He sent this firmware image to me and I flashed it to a CF card of the same size, booting it from an off-the-shelf CF-to-SATA adapter.
The 256MB image David sent me mounts as two VFAT volumes called CONFIG and CARD. Here they are in Midnight Commander.
Like the license file, the hex data is 384 characters encoding 192 bytes. Best guess is some sort of checksum hash which is checked on startup. The 4.6.2 matches the version number of the firmware, but I don't know what the H or S indicate, or the 3.0.0. BOM therefore probably stands for Bill Of Materials.
The CONFIG side is mysterious in different ways. Notice that the 0* files have a different modification date than the 1* files, and they are not identical copies (their CRC32 checksums differ). The significance of this was not known to me at the time, but we'll come back to why they differ presently. These files, however, are not encrypted. In fact, 0certs.img is another mountable FAT image that despite its filename calls itself METEOR:
Were the other firmware versions the same? Time to dump them and see! Attempting to extract the IDE module started to perilously bend the pins on the interposer because of its tight fit, so I pulled a beat-up Dell Vostro 1400 out of the closet with a PATA optical drive slot to plug the whole tray in as a unit. The retaining screw didn't quite align between its drive and the GD-Tadpole tray; since I have two trays I decided it was Dremel cutting tool time for one of them:Clonezilla on the Dell Vostro, having it mount a second USB drive and dd the entire IDE module with both partitions over to it. To dump both modules I just switched the entire interposer board with the module attached.
The second version firmware allows you to configure the default address for Meteorbrowser. I figured this was a useful test, so I made a single character change from "i" to "j" to see how this altered the dump and compared both images in VBinDiff. The result was unexpected:
With this new information I returned to his image and mounted CONFIG/0meteor.cfg. After grepping around a little, in profiles.conf appeared this string:
A theory came to mind: if I munge it to a key it doesn't recognise, then it hopefully will think it doesn't have a password at all. I directly loaded the image into a hex editor and changed every occurrence of Password_Enc to Aassword_Enc (gotta make sure the length matches). This string appeared in four places. I then flashed this to the CF card and rebooted, and pressed Menu-M.Mini Bowser. David will try. It did not prompt for a filename and I did not click Confirm.
Things to do:
- Try to bust into the OS by exploiting the version of WebKit in Meteorbrowser. Hopefully it isn't similarly chrooted.
- Figure out what those hashes are and what algorithm it uses. It may have something to do with license, which could be an encryption key. However, the 192 byte length is a little unusual.
- Unmunge at least one of the files. The obvious target is ?bootarg.ime, which is small enough where brute forcing may actually be possible especially since I strongly suspect it should yield ASCII text, and at that size it probably isn't compressed.
- Links can do "more" and is more "fun," so see if I can make a hybrid firmware using the improved General Dynamics launcher but replacing ?browser.tle with the ones from the original firmware. Assuming the hashes match between releases, I should be able to just copy the needed lines from ?meteor.bom.