Google Groups no longer supports new Usenet posts or subscriptions. Historical content remains viewable.
Dismiss

Re: Didn't news.mozilla.org used to have a secured port?

0 views
Skip to first unread message

»Q«

unread,
Nov 28, 2009, 9:03:53 PM11/28/09
to
In <news:Pb6dnU6wyYwy9Y3W...@mozilla.org>,
Phillip Jones <pjo...@kimbanet.com> wrote:

> One advantage is using a Secure Server is No Spam! in the entire 3-4
> ran there were maybe two pieces a spam. Where periodically here we my
> see batches of spam. All news servers should be either Secure or
> Authenticated.

There's no evidence that SSL was a factor in the lack of spam at
secnews. The major factor here at n.m.o. is that spammers can use
Google Groups to post.

Followup set to mozilla.general

--
»Q« /"\
ASCII Ribbon Campaign \ /
against html e-mail X
<http://asciiribbon.org/> / \

Phillip Jones

unread,
Nov 28, 2009, 9:43:56 PM11/28/09
to
»Q« wrote:
> In<news:Pb6dnU6wyYwy9Y3W...@mozilla.org>,
> Phillip Jones<pjo...@kimbanet.com> wrote:
>
>> One advantage is using a Secure Server is No Spam! in the entire 3-4
>> ran there were maybe two pieces a spam. Where periodically here we my
>> see batches of spam. All news servers should be either Secure or
>> Authenticated.
>
> There's no evidence that SSL was a factor in the lack of spam at
> secnews. The major factor here at n.m.o. is that spammers can use
> Google Groups to post.
>
> Followup set to mozilla.general
>
The secnews.netscape.com server started well before AOL bought it. and
was back in day when there really wasn't any controls amount to any to
control spam. Back before Spamcop and spam assassin and the like. as
I've said before we may have had 2 - 3 pieces of spam for an entire
year. and at the time it was quite active server. I believe the secure
server was a deterrent. and even better deterrent would use an
authenticated server as in annexcafe. You have to go through a sign up
procedure and be assigned a username and password that once its typed in
and saved allow you to subscribe to the groups on the server. There have
been no spam incidents period on that server since I've signed up.

--
Phillip M. Jones, C.E.T. "If it's Fixed, Don't Break it"
http://www.phillipmjones.net http://www.vpea.org
mailto:pjo...@kimbanet.com

»Q«

unread,
Nov 28, 2009, 9:58:02 PM11/28/09
to
In <news:hJadndNrFIBwQozW...@mozilla.org>,
Phillip Jones <pjo...@kimbanet.com> wrote:

> »Q« wrote:
> > In<news:Pb6dnU6wyYwy9Y3W...@mozilla.org>,
> > Phillip Jones<pjo...@kimbanet.com> wrote:
> >
> >> One advantage is using a Secure Server is No Spam! in the entire
> >> 3-4 ran there were maybe two pieces a spam. Where periodically
> >> here we my see batches of spam. All news servers should be either
> >> Secure or Authenticated.
> >
> > There's no evidence that SSL was a factor in the lack of spam at
> > secnews. The major factor here at n.m.o. is that spammers can use
> > Google Groups to post.
> >
> > Followup set to mozilla.general
> >
> The secnews.netscape.com server started well before AOL bought it.
> and was back in day when there really wasn't any controls amount to
> any to control spam. Back before Spamcop and spam assassin and the
> like. as I've said before we may have had 2 - 3 pieces of spam for an
> entire year. and at the time it was quite active server. I believe
> the secure server was a deterrent.

I know you believe that (since you said so already) -- I was just
pointing out that there's no evidence to support that idea. FWIW,
non-SSL servers enjoyed the same lack of spam and still do.

The main impact of using SSL on the Netscape server was to place an
annoying hurdle in the way of users trying to get support.

Jay Garcia

unread,
Nov 29, 2009, 1:11:23 AM11/29/09
to
On 28.11.2009 20:03, »Q« wrote:

--- Original Message ---

> In <news:Pb6dnU6wyYwy9Y3W...@mozilla.org>,
> Phillip Jones <pjo...@kimbanet.com> wrote:
>
>> One advantage is using a Secure Server is No Spam! in the entire 3-4
>> ran there were maybe two pieces a spam. Where periodically here we my
>> see batches of spam. All news servers should be either Secure or
>> Authenticated.
>
> There's no evidence that SSL was a factor in the lack of spam at
> secnews. The major factor here at n.m.o. is that spammers can use
> Google Groups to post.
>
> Followup set to mozilla.general
>

Back in the "days" of secnews on port 563 there were not harvester
applications capable of using that port to gather addresses. And it was
not feasible to grab one-at-a-time. Still is a waste of time today for
that matter.

--
Jay Garcia - Netscape/Flock Champion
www.ufaq.org
Netscape - Flock - Firefox - Thunderbird - Seamonkey Support

Jay Garcia

unread,
Nov 29, 2009, 1:33:21 AM11/29/09
to
On 28.11.2009 20:58, »Q« wrote:

--- Original Message ---

> The main impact of using SSL on the Netscape server was to place an
> annoying hurdle in the way of users trying to get support.

Secnews port 563 was not there for the weekend user's access but rather
for two (only) purposes:

1. A test base for the Corporate Enterprise clients of Netscape
2. Netscape Gold and DevEdge members most of which were
programmers/developers on the Netscape payroll and non-employee devs who
paid an annual subscription for access which was user/pass protected.

The original intent to form the NS Champions was to participate in the
dev threads so that we could test the alpha and beta private releases
along with the Enterprise clients prior to public release of the 90-day
Navigator releases. Does anyone remember that after 90 days, Navigator
was rendered useless unless you had a paid $49 annual subscription?

Somewhere along the line Netscape made the decision to isolate public
user support to port 563 so that there was no public feed to usenet like
there was for the port 119 groups. We had quite a few NS Devs posting in
the 563 groups, another reason for isolation.

FYI, there were actually three servers inovolved - Secnews, Secnews II
and Secnews III (used only as an archiving server).

When JWZ (Jamie Zawinski) formed Mozilla.org he wanted his own news
server, hence the formation of news.mozilla.org which was hosted on the
same physical server as secnews and originally was developers-only. The
server admin was Markus Bauer at the time as well as myself (secnews
only) but since I was outside the firewall I didn't have direct access,
so I either emailed or IM'd Markus to make the needed changes,
configurations,etc. Markus unfortunately was layed off in the first
round after AOL purchased Netscape.

A lot has changed since those good old days!!

Leonidas Jones

unread,
Nov 29, 2009, 2:16:32 AM11/29/09
to

Great post Jay, I archived it for future reference.

Lee

Terry R.

unread,
Nov 29, 2009, 4:07:53 AM11/29/09
to
On 11/28/2009 10:11 PM On a whim, Jay Garcia pounded out on the keyboard

> On 28.11.2009 20:03, »Q« wrote:
>
> --- Original Message ---
>
>> In<news:Pb6dnU6wyYwy9Y3W...@mozilla.org>,
>> Phillip Jones<pjo...@kimbanet.com> wrote:
>>
>>> One advantage is using a Secure Server is No Spam! in the entire 3-4
>>> ran there were maybe two pieces a spam. Where periodically here we my
>>> see batches of spam. All news servers should be either Secure or
>>> Authenticated.
>> There's no evidence that SSL was a factor in the lack of spam at
>> secnews. The major factor here at n.m.o. is that spammers can use
>> Google Groups to post.
>>
>> Followup set to mozilla.general
>>
>
> Back in the "days" of secnews on port 563 there were not harvester
> applications capable of using that port to gather addresses. And it was
> not feasible to grab one-at-a-time. Still is a waste of time today for
> that matter.
>

Hence the explanation that most of us never received any spam from
posting there, regardless of whatever that other one stated.


Terry R.
--
Anti-spam measures are included in my email address.
Delete NOSPAM from the email address after clicking Reply.

Phillip Jones

unread,
Nov 29, 2009, 9:30:57 AM11/29/09
to
Jay Garcia wrote:
> On 28.11.2009 20:58, »Q« wrote:
>
> --- Original Message ---
>
>> The main impact of using SSL on the Netscape server was to place an
>> annoying hurdle in the way of users trying to get support.
>
> Secnews port 563 was not there for the weekend user's access but rather
> for two (only) purposes:
>
> 1. A test base for the Corporate Enterprise clients of Netscape
> 2. Netscape Gold and DevEdge members most of which were
> programmers/developers on the Netscape payroll and non-employee devs who
> paid an annual subscription for access which was user/pass protected.
>
> The original intent to form the NS Champions was to participate in the
> dev threads so that we could test the alpha and beta private releases
> along with the Enterprise clients prior to public release of the 90-day
> Navigator releases. Does anyone remember that after 90 days, Navigator
> was rendered useless unless you had a paid $49 annual subscription?

I don't remember that but I remember having to pay $35.00 a pop for each
new version of netscape up to 3.0.1a Gold. If I dig hard enough I might
still have the CD and even the paperback manual that came with it. Its
only after the Communicator series that we didn't have to pay. (Quite a
Big sum of money back in that day.

> Somewhere along the line Netscape made the decision to isolate public
> user support to port 563 so that there was no public feed to usenet like
> there was for the port 119 groups. We had quite a few NS Devs posting in
> the 563 groups, another reason for isolation.
>
> FYI, there were actually three servers inovolved - Secnews, Secnews II
> and Secnews III (used only as an archiving server).
>
> When JWZ (Jamie Zawinski) formed Mozilla.org he wanted his own news
> server, hence the formation of news.mozilla.org which was hosted on the
> same physical server as secnews and originally was developers-only. The
> server admin was Markus Bauer at the time as well as myself (secnews
> only) but since I was outside the firewall I didn't have direct access,
> so I either emailed or IM'd Markus to make the needed changes,
> configurations,etc. Markus unfortunately was layed off in the first
> round after AOL purchased Netscape.
>
> A lot has changed since those good old days!!
>

I never was a developer bug I did post about bugs I found. Or RFE's I
would like.

Phillip Jones

unread,
Nov 29, 2009, 9:37:51 AM11/29/09
to
One these servers, on periodic occasions we have up to 30-40 pieces of
spam and the often span the General, SeaMonkey, FireFox, and Thunderbird
groups. Sometimes they last days. Sometimes a full week.

Not recent months though. Its a wonder though it not more since Google
groups and yahoo groups are plagued constantly with spam.

Jay Garcia

unread,
Nov 29, 2009, 11:05:41 AM11/29/09
to
On 29.11.2009 03:07, Terry R. wrote:

--- Original Message ---

> On 11/28/2009 10:11 PM On a whim, Jay Garcia pounded out on the keyboard
>
>> On 28.11.2009 20:03, »Q« wrote:
>>
>> --- Original Message ---
>>
>>> In<news:Pb6dnU6wyYwy9Y3W...@mozilla.org>,
>>> Phillip Jones<pjo...@kimbanet.com> wrote:
>>>
>>>> One advantage is using a Secure Server is No Spam! in the entire 3-4
>>>> ran there were maybe two pieces a spam. Where periodically here we my
>>>> see batches of spam. All news servers should be either Secure or
>>>> Authenticated.
>>> There's no evidence that SSL was a factor in the lack of spam at
>>> secnews. The major factor here at n.m.o. is that spammers can use
>>> Google Groups to post.
>>>
>>> Followup set to mozilla.general
>>>
>>
>> Back in the "days" of secnews on port 563 there were not harvester
>> applications capable of using that port to gather addresses. And it was
>> not feasible to grab one-at-a-time. Still is a waste of time today for
>> that matter.
>>
>
> Hence the explanation that most of us never received any spam from
> posting there, regardless of whatever that other one stated.
>
>
> Terry R.

Correct to some degree. We ALL posted with our correct addresses and
didn't receive any spam that I remember. Every now and then a spammer
manually posted something in the 563 groups but very very rarely. But
since the 563 groups didn't propagate to usenet, posting spam was useless.

There was a time when Google fed "from" port 563 with permission but
that didn't last very long.

»Q«

unread,
Nov 29, 2009, 10:43:55 PM11/29/09
to
In <news:ltmdnWVGGql3pI_W...@mozilla.org>,
"Terry R." <Terry...@NOSPAMgmail.com> wrote:

> On 11/28/2009 10:11 PM On a whim, Jay Garcia pounded out on the
> keyboard
>

> > Back in the "days" of secnews on port 563 there were not harvester
> > applications capable of using that port to gather addresses. And it
> > was not feasible to grab one-at-a-time. Still is a waste of time
> > today for that matter.
>
> Hence the explanation that most of us never received any spam from
> posting there, regardless of whatever that other one stated.

Neither did people posting to non-SSL servers. The SSL explanation
just doesn't hold water.

The part about it not being worth the time makes sense, though either
way they'd be gotten with XOVER, not one at a time. There were so many
addresses available on Usenet, and so many open servers, so that was a
much more effective way for harvesters to go.

»Q«

unread,
Nov 29, 2009, 10:45:47 PM11/29/09
to
In <news:58idnRGRCvjcGo_W...@mozilla.org>,
Phillip Jones <pjo...@kimbanet.com> wrote:

That's true, and again, nothing to do with SSL or lack of it.

Jay Garcia

unread,
Nov 30, 2009, 8:34:22 AM11/30/09
to
On 29.11.2009 21:43, »Q« wrote:

--- Original Message ---

Bottom line is that the Netscape server wasn't a very good target no
matter the port.

Jay Garcia

unread,
Nov 30, 2009, 8:38:11 AM11/30/09
to
On 29.11.2009 21:45, »Q« wrote:

--- Original Message ---

Again .. the primary factor is the amount of traffic on the server which
makes it a non-prime harvest medium. SSL is a minor factor but is a
consideration insofar as there wasn't, at the time, any auto-bot
software capable of harvesting an SSL empowered server.

Terry R.

unread,
Nov 30, 2009, 2:04:52 PM11/30/09
to
On 11/30/2009 5:38 AM On a whim, Jay Garcia pounded out on the keyboard

This server could be considered dead compared to many others, yet the
spam received here would have to be considered high. But it appears
there are two different observations going on here. One for email
addresses being harvested, and the other for spam being posted to the
groups.

I never received any spam on secnews, and for years I used my real
address. Only moving to this server did I make it bot proof. But I
never saw any spam posted there either, except for those who cannot be
named. ;-)

propman

unread,
Nov 30, 2009, 2:44:09 PM11/30/09
to
Terry R. wrote:

> This server could be considered dead compared to many others, yet the
> spam received here would have to be considered high. But it appears
> there are two different observations going on here. One for email
> addresses being harvested, and the other for spam being posted to the
> groups.

Hmmmm.....are you talking about lots of spam being present on
news.mozilla.org? If you are, then I ain't seeing any of it in the 5
newsgroups I've subscribed too.....even with no spam filters set. :-)

Terry R.

unread,
Nov 30, 2009, 4:33:26 PM11/30/09
to
On 11/30/2009 11:44 AM On a whim, propman pounded out on the keyboard

There hasn't been an onslaught for a while. Which is a good thing.

Ron Hunter

unread,
Nov 30, 2009, 5:44:50 PM11/30/09
to
You haven't seen the ads for purses and watches, and shoes that
sometimes make there way into THIS group?
Lucky you!

»Q«

unread,
Nov 30, 2009, 8:53:17 PM11/30/09
to
In <news:7_CdnbyDIpdBVI7W...@mozilla.org>,
Jay Garcia <J...@JayNOSPAMGarcia.com> wrote:

No private server on any port is a good target. The spammers don't
connect to n.m.o any more than they did to secnews. This one's hooked
up to Google, though, so the Google spammers hit it the same way they
hit Usenet.

»Q«

unread,
Nov 30, 2009, 8:48:14 PM11/30/09
to
In <news:lOSdnRp6auhdV47W...@mozilla.org>,
Jay Garcia <J...@JayNOSPAMGarcia.com> wrote:

Phillip and I were talking about the posting of spam to the groups, not
harvesting from them.

> SSL is a minor factor but is a consideration insofar as there wasn't,
> at the time, any auto-bot software capable of harvesting an SSL
> empowered server.

I never evaluated all the harvesting tools available, so I don't know
if any had SSL built-in. It's very doubtful that any did, but that's
irrelevant because it's so trivial to connect any network app via SSL,
whether there's native SSL support or not.

Jay Garcia

unread,
Nov 30, 2009, 9:20:54 PM11/30/09
to
On 30.11.2009 19:48, »Q« wrote:

--- Original Message ---

Part of the same subject, anything goes once f'uped. :-)

>> SSL is a minor factor but is a consideration insofar as there wasn't,
>> at the time, any auto-bot software capable of harvesting an SSL
>> empowered server.
>
> I never evaluated all the harvesting tools available, so I don't know
> if any had SSL built-in. It's very doubtful that any did, but that's
> irrelevant because it's so trivial to connect any network app via SSL,
> whether there's native SSL support or not.
>

Netscape devs at the time made that observation along with Markus Bauer,
the server(s) admin.

Jay Garcia

unread,
Nov 30, 2009, 9:21:49 PM11/30/09
to
On 30.11.2009 19:53, »Q« wrote:

--- Original Message ---

Netscape.general on port 119 was fed to/from usenet, 'nuff said. ;-)

»Q«

unread,
Nov 30, 2009, 9:59:44 PM11/30/09
to
In <news:j72dnR6imaMe4InW...@mozilla.org>,
Jay Garcia <J...@JayNOSPAMGarcia.com> wrote:

And Netscape at the time would like very much to sell shiny new
SSL-capable servers.

Jay Garcia

unread,
Nov 30, 2009, 10:56:50 PM11/30/09
to
On 30.11.2009 20:59, »Q« wrote:

--- Original Message ---

> In <news:j72dnR6imaMe4InW...@mozilla.org>,
> Jay Garcia <J...@JayNOSPAMGarcia.com> wrote:
>
>> On 30.11.2009 19:48, »Q« wrote:
>>
>> > I never evaluated all the harvesting tools available, so I don't
>> > know if any had SSL built-in. It's very doubtful that any did, but
>> > that's irrelevant because it's so trivial to connect any network
>> > app via SSL, whether there's native SSL support or not.
>>
>> Netscape devs at the time made that observation along with Markus
>> Bauer, the server(s) admin.
>
> And Netscape at the time would like very much to sell shiny new
> SSL-capable servers.
>

And they did .. many of 'em. I still have the package of 6 Enterprise
Server software bundle that sold retail for $4500. NS sold many.

0 new messages