Google Groups no longer supports new Usenet posts or subscriptions. Historical content remains viewable.
Dismiss

Ping Steve Crook & other free server admins: How/why are Avast headers & sig added to these messages?

50 views
Skip to first unread message

Blake Snyder

unread,
Sep 20, 2017, 2:37:00 PM9/20/17
to
Ping Steve Crook & other free server admins:
How/why are Avast headers & sig added to these messages?

On Linux or Windows or iOS or Android or any OS & news client...
1. I post a message using free VPN server #1 and there is no Avast crap.
2. I post a message using free VPN server #2 and there is Avast crap.

Luckily, out of the thousands of free VPN servers my scripts randomly put
me on during the day (thanks greatly to Marek and other linux coders for
invaluable tidbits over the decades), only 1 out of hundreds pulls this
Avast header crap.

But the server I'm using now adds headers and a triple-dash signature.
I hate it when I can't control every header and every signature.
Plus, people complain that my (Windows) Avast isn't configured right.

They don't know I don't normally use Windows and even when I do, I don't
have Avast on the system - they just complain because they guess that I
don't have Avast configured right (which is the wrong guess but I know
exactly where they are coming from because most people just guess at
everything).

All I want to know from this post is if anyone actually knows why and how
some VPN servers add both the headers and signature you see above and
below? Is there any way for me to turn it off?
Is there any way for Steve (or Ray/Wolfgang or Jesse or Paolo or the Webers
or Roman, etc.) to turn it off?

--
This is my manually added double-dash-space sig but Avast will be below.

---
This email has been checked for viruses by Avast antivirus software.
https://www.avast.com/antivirus

Blake Snyder

unread,
Sep 20, 2017, 2:40:10 PM9/20/17
to
On Wed, 20 Sep 2017 18:36:58 -0000 (UTC), in
<news:opucg9$fes$1...@news.mixmin.net>, Blake Snyder wrote:

> All I want to know from this post is if anyone actually knows why and how
> some VPN servers add both the headers and signature you see above and
> below? Is there any way for me to turn it off?
> Is there any way for Steve (or Ray/Wolfgang or Jesse or Paolo or the Webers
> or Roman, etc.) to turn it off?

The *only* thing I changed for this post was the free VPN server openvpn
config file (thanks to Marek and others for their VPN-related and
network-related scripting help years ago which I'm still using
successfully).

--
This is my manual sig where you won't see the Avast headers or Avast sig.

Blake Snyder

unread,
Sep 20, 2017, 2:48:35 PM9/20/17
to
On Wed, 20 Sep 2017 18:40:09 -0000 (UTC), in
<news:opucm8$fsn$1...@news.mixmin.net>, Blake Snyder wrote:

> The *only* thing I changed for this post was the free VPN server openvpn
> config file (thanks to Marek and others for their VPN-related and
> network-related scripting help years ago which I'm still using
> successfully).

If someone else is willing to test it out, I'll even post the two openvpn
VPN configuration file where *anyone* can test it out for themselves on
Linux, Windows, iOS, Android, or whatever.

--
I removed the user agent header because Linux guys are touchy about windows

Marek Novotny

unread,
Sep 20, 2017, 3:05:58 PM9/20/17
to
On 2017-09-20, Blake Snyder <blakebla...@outlook.com> wrote:
> On Wed, 20 Sep 2017 18:40:09 -0000 (UTC), in
><news:opucm8$fsn$1...@news.mixmin.net>, Blake Snyder wrote:
>
>> The *only* thing I changed for this post was the free VPN server openvpn
>> config file (thanks to Marek and others for their VPN-related and
>> network-related scripting help years ago which I'm still using
>> successfully).
>
> If someone else is willing to test it out, I'll even post the two openvpn
> VPN configuration file where *anyone* can test it out for themselves on
> Linux, Windows, iOS, Android, or whatever.

Just post one of the config files known to produce the added signature. I
want to read it.

--
Marek Novotny
https://github.com/marek-novotny

Frank Slootweg

unread,
Sep 20, 2017, 3:47:42 PM9/20/17
to
Blake Snyder <blakebla...@outlook.com> wrote:
> Ping Steve Crook & other free server admins:
> How/why are Avast headers & sig added to these messages?

Very likely, News servers have nothing to do with it!

These 'sigs' are/can_be added by avast! on the (Windows) system which
has a incoming or outgoing News (NNTP) connection (and similarly for an
e-mail (POP/IMAP/SMTP) connection).

> On Linux or Windows or iOS or Android or any OS & news client...
> 1. I post a message using free VPN server #1 and there is no Avast crap.
> 2. I post a message using free VPN server #2 and there is Avast crap.

Moral: Get a good/paid VPN service or suffer from 'mis'configured free
ones. Or better, don't give your unencrypted text to a free VPN, if you
- as you keep saying - value your privacy.

For more info, see my response "VPN servers adding (avast!) sigs."
(<news:opuloa...@ID-201911.user.individual.net>) to your same
question in comp.mobile.android.

> Luckily, out of the thousands of free VPN servers my scripts randomly put
> me on during the day (thanks greatly to Marek and other linux coders for
> invaluable tidbits over the decades), only 1 out of hundreds pulls this
> Avast header crap.
>
> But the server I'm using now adds headers and a triple-dash signature.
> I hate it when I can't control every header and every signature.
> Plus, people complain that my (Windows) Avast isn't configured right.
>
> They don't know I don't normally use Windows and even when I do, I don't
> have Avast on the system - they just complain because they guess that I
> don't have Avast configured right (which is the wrong guess but I know
> exactly where they are coming from because most people just guess at
> everything).
>
> All I want to know from this post is if anyone actually knows why and how
> some VPN servers add both the headers and signature you see above and
> below? Is there any way for me to turn it off?

Connect directly to the News servers.

> Is there any way for Steve (or Ray/Wolfgang or Jesse or Paolo or the Webers
> or Roman, etc.) to turn it off?

Nope. They should touch headers/body of articles.

Sam Hill

unread,
Sep 20, 2017, 3:55:07 PM9/20/17
to
On Wed, 20 Sep 2017 18:36:58 +0000, Blake Snyder wrote:

> Ping Steve Crook & other free server admins:
> How/why are Avast headers & sig added to these messages?

It is not your news servers. It is Avast!

From the avast UI > Settings > Active Protection > Mail Shield > Settings
(gear icon) > Behavior - General section > "Uncheck" Insert note into
clean message (outgoing). (It is simply just spam.)

You do not need to scan outgoing or incoming email or news posts.
<http://thundercloud.net/infoave/tutorials/email-scanning/index.htm>

(pulled from my archives)

Frank Slootweg

unread,
Sep 20, 2017, 3:59:06 PM9/20/17
to
Earlier, I blabbed:
> Blake Snyder <blakebla...@outlook.com> wrote:
[...]
> > Is there any way for Steve (or Ray/Wolfgang or Jesse or Paolo or the Webers
> > or Roman, etc.) to turn it off?
>
> Nope. They should touch headers/body of articles.

That should of course be: "They should not touch headers/body of
articles.".

Mike Easter

unread,
Sep 20, 2017, 5:27:33 PM9/20/17
to
Blake Snyder wrote:
> 1. I post a message using free VPN server #1 and there is no Avast crap.
> 2. I post a message using free VPN server #2 and there is Avast crap.

Many free VPN servers are not to be trusted with privacy responsibility.

I don't really know why you would use VPN for this type of news message.

Posted to the ng where I read this message; reckless unnecessary xposts
deleted.


--
Mike Easter

Blake Snyder

unread,
Sep 20, 2017, 9:18:44 PM9/20/17
to
On Wed, 20 Sep 2017 14:29:06 -0700, in
<news:f2g4q2...@mid.individual.net>, Mike Easter wrote:

> Many free VPN servers are not to be trusted with privacy responsibility.
>
> I don't really know why you would use VPN for this type of news message.

Marek and others kindly helped me with wget scripts to pull down all the
available openvpn config files on the http://vpngate.net server years ago.

I've been pulling those files daily for years.

Then Marek and others helped me with testing each of them automatically and
putting them in categories for which are working and which aren't.

I forget who helped but I also added an appreciable amount of work to
geolocate each file so that they were put in further categories.

And then Marek and others helped me with testing the network and
automatically switching the network to the VPN service taking into account
the critical test that Marek kindly devised which was how to know EXACTLY
when the VPN service dropped the connection (since these servers are
unreliable).

It's a mess of code since I'm a terrible coder but I scripted all that into
a use model that uses a certain seed to randomly select a known working vpn
server at a randomly selected time such that I am always on VPN but on a
random server at the time.

Another set of scripts which run during the time that the Usenet client is
running randomly selects an identity and news server for each subject line,
where that identity is locked forever to that subject line so that it
doesn't change identities in any one thread.

In addition, those random identities have random header lines, all of which
is meaningless except for the subject line and hard-locked associated
identity - which allows the integrity of the subject thread to remain as
one identity.

At any time I don't bother to even look at what the identity is, nor the
headers, because they're all meaningless. This is done to foil privacy
aggregate attacks. It is never done to troll although I'm sure a troll
would love to have done the appreciable amount of work it took to get it
all working together.

The one thing I do very differently in my use model from most people is
that I don't use the "coffee shop" model where almost nothing is said in
each post, and where 99 out of 100 posts are to other people's thread.

In my posts, 1 out of 100 are to other peoples threads where 99 out of 100
are to my threads where the whole point is to ask a question and get an
answer and then summarize the answer for the tribal knowledge to be
increased and then to leave.

In the coffee shop model that most people on Usenet use, since each post
has almost no value nor tribal knowledge improvement, who we are is very
important - but in what I call the "Q&A" model, all that matters is that
the thread contain enough detail to ask and answer the question sufficient
to increase the overall tribal knowledge appreciably.

For that, you'll see my summaries sprinkled all over Usenet, since I post
perhaps 50 threads a week asking and answering various topics to as many
newsgroups, each of which has perhaps 50 posts, which I have been doing
ever since I retired about two decades ago from the software industry (a
major company selling major software, so I know too much about the politics
of how extremely complex UNIX/VMS/Masscomp/SunOS/Solaris/AIX/Linux-based
software gets written).

I'll post the two affected VPN configuration files separately.
I think they will be rejected since they contain the binary keys.
So then I will have to look for a no-registration upload site for binaries
even though they are standard openvpn.conf text files.

Blake Snyder

unread,
Sep 20, 2017, 9:18:45 PM9/20/17
to
On Wed, 20 Sep 2017 19:55:05 -0000 (UTC), in
<news:opuh2p$p2c$1...@dont-email.me>, Sam Hill wrote:

> It is not your news servers. It is Avast!
>
> From the avast UI > Settings > Active Protection > Mail Shield > Settings
> (gear icon) > Behavior - General section > "Uncheck" Insert note into
> clean message (outgoing). (It is simply just spam.)
>
> You do not need to scan outgoing or incoming email or news posts.
> <http://thundercloud.net/infoave/tutorials/email-scanning/index.htm>
>
> (pulled from my archives)

I think the answer is what Frank Slootweg said, which is that the VPN
server itself is adding the header and signature lines since it's
impossible that my Linux box is adding those lines since Avast isn't on the
Linux box.

This is what Frank said:
These 'sigs' are/can_be added by avast! on the (Windows) system which
has a incoming or outgoing News (NNTP) connection (and similarly for an
e-mail (POP/IMAP/SMTP) connection).

I'll post the two actual openvpn config files separately but I think I may
need a binary upload web site because they contain encrypted keys.

Blake Snyder

unread,
Sep 20, 2017, 9:29:24 PM9/20/17
to
On Wed, 20 Sep 2017 14:05:51 -0500, in
<news:kPKdnekf5pWSIV_E...@giganews.com>, Marek Novotny wrote:

> Just post one of the config files known to produce the added signature. I
> want to read it.

Here is the complete unadulterated config file which was valid today which
produces not only the signature but also the header lines.

I'm actually *using* that same VPN configuration file so it is currently
working (but these things, as you know Marek, go stale).

For others on any platform including Android, iOS, Linux, or Windows, if
you just name it foo.ovpn and doubleclick on it, it will open up in your
favorite OpenVPN client and it will connect to a free VPN. Then you can
test that it both adds the Avast headers and an Avast sig.

I had to precede every line with an angle bracket to get Mixmin to not
think it was a binary file.

>###############################################################################
># OpenVPN 2.0 Sample Configuration File
># for PacketiX VPN / SoftEther VPN Server
>#
># !!! AUTO-GENERATED BY SOFTETHER VPN SERVER MANAGEMENT TOOL !!!
>#
># !!! YOU HAVE TO REVIEW IT BEFORE USE AND MODIFY IT AS NECESSARY !!!
>#
># This configuration file is auto-generated. You might use this config file
># in order to connect to the PacketiX VPN / SoftEther VPN Server.
># However, before you try it, you should review the descriptions of the file
># to determine the necessity to modify to suitable for your real environment.
># If necessary, you have to modify a little adequately on the file.
># For example, the IP address or the hostname as a destination VPN Server
># should be confirmed.
>#
># Note that to use OpenVPN 2.0, you have to put the certification file of
># the destination VPN Server on the OpenVPN Client computer when you use this
># config file. Please refer the below descriptions carefully.
>
>
>###############################################################################
># Specify the type of the layer of the VPN connection.
>#
># To connect to the VPN Server as a "Remote-Access VPN Client PC",
># specify 'dev tun'. (Layer-3 IP Routing Mode)
>#
># To connect to the VPN Server as a bridging equipment of "Site-to-Site VPN",
># specify 'dev tap'. (Layer-2 Ethernet Bridgine Mode)
>
>dev tun
>
>
>###############################################################################
># Specify the underlying protocol beyond the Internet.
># Note that this setting must be correspond with the listening setting on
># the VPN Server.
>#
># Specify either 'proto tcp' or 'proto udp'.
>
>proto tcp
>
>
>###############################################################################
># The destination hostname / IP address, and port number of
># the target VPN Server.
>#
># You have to specify as 'remote <HOSTNAME> <PORT>'. You can also
># specify the IP address instead of the hostname.
>#
># Note that the auto-generated below hostname are a "auto-detected
># IP address" of the VPN Server. You have to confirm the correctness
># beforehand.
>#
># When you want to connect to the VPN Server by using TCP protocol,
># the port number of the destination TCP port should be same as one of
># the available TCP listeners on the VPN Server.
>#
># When you use UDP protocol, the port number must same as the configuration
># setting of "OpenVPN Server Compatible Function" on the VPN Server.
>
>remote vpn812712198.opengw.net 1380
>
>
>###############################################################################
># The HTTP/HTTPS proxy setting.
>#
># Only if you have to use the Internet via a proxy, uncomment the below
># two lines and specify the proxy address and the port number.
># In the case of using proxy-authentication, refer the OpenVPN manual.
>
>;http-proxy-retry
>;http-proxy [proxy server] [proxy port]
>
>
>###############################################################################
># The encryption and authentication algorithm.
>#
># Default setting is good. Modify it as you prefer.
># When you specify an unsupported algorithm, the error will occur.
>#
># The supported algorithms are as follows:
># cipher: [NULL-CIPHER] NULL AES-128-CBC AES-192-CBC AES-256-CBC BF-CBC
># CAST-CBC CAST5-CBC DES-CBC DES-EDE-CBC DES-EDE3-CBC DESX-CBC
># RC2-40-CBC RC2-64-CBC RC2-CBC
># auth: SHA SHA1 MD5 MD4 RMD160
>
>cipher AES-128-CBC
>auth SHA1
>
>
>###############################################################################
># Other parameters necessary to connect to the VPN Server.
>#
># It is not recommended to modify it unless you have a particular need.
>
>resolv-retry infinite
>nobind
>persist-key
>persist-tun
>client
>verb 3
>#auth-user-pass
>
>
>###############################################################################
># The certificate file of the destination VPN Server.
>#
># The CA certificate file is embedded in the inline format.
># You can replace this CA contents if necessary.
># Please note that if the server certificate is not a self-signed, you have to
># specify the signer's root certificate (CA) here.
>
><ca>
>-----BEGIN CERTIFICATE-----
>MIIF2DCCA8CgAwIBAgIQTKr5yttjb+Af907YWwOGnTANBgkqhkiG9w0BAQwFADCB
>hTELMAkGA1UEBhMCR0IxGzAZBgNVBAgTEkdyZWF0ZXIgTWFuY2hlc3RlcjEQMA4G
>A1UEBxMHU2FsZm9yZDEaMBgGA1UEChMRQ09NT0RPIENBIExpbWl0ZWQxKzApBgNV
>BAMTIkNPTU9ETyBSU0EgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkwHhcNMTAwMTE5
>MDAwMDAwWhcNMzgwMTE4MjM1OTU5WjCBhTELMAkGA1UEBhMCR0IxGzAZBgNVBAgT
>EkdyZWF0ZXIgTWFuY2hlc3RlcjEQMA4GA1UEBxMHU2FsZm9yZDEaMBgGA1UEChMR
>Q09NT0RPIENBIExpbWl0ZWQxKzApBgNVBAMTIkNPTU9ETyBSU0EgQ2VydGlmaWNh
>dGlvbiBBdXRob3JpdHkwggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoICAQCR
>6FSS0gpWsawNJN3Fz0RndJkrN6N9I3AAcbxT38T6KhKPS38QVr2fcHK3YX/JSw8X
>pz3jsARh7v8Rl8f0hj4K+j5c+ZPmNHrZFGvnnLOFoIJ6dq9xkNfs/Q36nGz637CC
>9BR++b7Epi9Pf5l/tfxnQ3K9DADWietrLNPtj5gcFKt+5eNu/Nio5JIk2kNrYrhV
>/erBvGy2i/MOjZrkm2xpmfh4SDBF1a3hDTxFYPwyllEnvGfDyi62a+pGx8cgoLEf
>Zd5ICLqkTqnyg0Y3hOvozIFIQ2dOciqbXL1MGyiKXCJ7tKuY2e7gUYPDCUZObT6Z
>+pUX2nwzV0E8jVHtC7ZcryxjGt9XyD+86V3Em69FmeKjWiS0uqlWPc9vqv9JWL7w
>qP/0uK3pN/u6uPQLOvnoQ0IeidiEyxPx2bvhiWC4jChWrBQdnArncevPDt09qZah
>SL0896+1DSJMwBGB7FY79tOi4lu3sgQiUpWAk2nojkxl8ZEDLXB0AuqLZxUpaVIC
>u9ffUGpVRr+goyhhf3DQw6KqLCGqR84onAZFdr+CGCe01a60y1Dma/RMhnEw6abf
>Fobg2P9A3fvQQoh/ozM6LlweQRGBY84YcWsr7KaKtzFcOmpH4MN5WdYgGq/yapiq
>crxXStJLnbsQ/LBMQeXtHT1eKJ2czL+zUdqnR+WEUwIDAQABo0IwQDAdBgNVHQ4E
>FgQUu69+Aj36pvE8hI6t7jiY7NkyMtQwDgYDVR0PAQH/BAQDAgEGMA8GA1UdEwEB
>/wQFMAMBAf8wDQYJKoZIhvcNAQEMBQADggIBAArx1UaEt65Ru2yyTUEUAJNMnMvl
>wFTPoCWOAvn9sKIN9SCYPBMtrFaisNZ+EZLpLrqeLppysb0ZRGxhNaKatBYSaVqM
>4dc+pBroLwP0rmEdEBsqpIt6xf4FpuHA1sj+nq6PK7o9mfjYcwlYRm6mnPTXJ9OV
>2jeDchzTc+CiR5kDOF3VSXkAKRzH7JsgHAckaVd4sjn8OoSgtZx8jb8uk2Intzna
>FxiuvTwJaP+EmzzV1gsD41eeFPfR60/IvYcjt7ZJQ3mFXLrrkguhxuhoqEwWsRqZ
>CuhTLJK7oQkYdQxlqHvLI7cawiiFwxv/0Cti76R7CZGYZ4wUAc1oBmpjIXUDgIiK
>boHGhfKppC3n9KUkEEeDys30jXlYsQab5xoq2Z0B15R97QNKyvDb6KkBPvVWmcke
>jkk9u+UJueBPSZI9FoJAzMxZxuY67RIuaTxslbH9qh17f4a+Hg4yRvv7E491f0yL
>S0Zj/gA0QHDBw7mh3aZw4gSzQbzpgJHqZJx64SIDqZxubw5lT2yHh17zbqD5daWb
>QOhTsiedSrnAdyGN/4fy3ryM7xfft0kL0fJuMAsaDk527RH89elWsn2/x20Kk4yl
>0MC2Hb46TpSi125sC8KKfPog88Tk5c0NqMuRkrF8hey1FGlmDoLnzc7ILaZRfyHB
>NVOFBkpdn627G190
>-----END CERTIFICATE-----
>
></ca>
>
>
>###############################################################################
># The client certificate file (dummy).
>#
># In some implementations of OpenVPN Client software
># (for example: OpenVPN Client for iOS),
># a pair of client certificate and private key must be included on the
># configuration file due to the limitation of the client.
># So this sample configuration file has a dummy pair of client certificate
># and private key as follows.
>
><cert>
>-----BEGIN CERTIFICATE-----
>MIICxjCCAa4CAQAwDQYJKoZIhvcNAQEFBQAwKTEaMBgGA1UEAxMRVlBOR2F0ZUNs
>aWVudENlcnQxCzAJBgNVBAYTAkpQMB4XDTEzMDIxMTAzNDk0OVoXDTM3MDExOTAz
>MTQwN1owKTEaMBgGA1UEAxMRVlBOR2F0ZUNsaWVudENlcnQxCzAJBgNVBAYTAkpQ
>MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA5h2lgQQYUjwoKYJbzVZA
>5VcIGd5otPc/qZRMt0KItCFA0s9RwReNVa9fDRFLRBhcITOlv3FBcW3E8h1Us7RD
>4W8GmJe8zapJnLsD39OSMRCzZJnczW4OCH1PZRZWKqDtjlNca9AF8a65jTmlDxCQ
>CjntLIWk5OLLVkFt9/tScc1GDtci55ofhaNAYMPiH7V8+1g66pGHXAoWK6AQVH67
>XCKJnGB5nlQ+HsMYPV/O49Ld91ZN/2tHkcaLLyNtywxVPRSsRh480jju0fcCsv6h
>p/0yXnTB//mWutBGpdUlIbwiITbAmrsbYnjigRvnPqX1RNJUbi9Fp6C2c/HIFJGD
>ywIDAQABMA0GCSqGSIb3DQEBBQUAA4IBAQChO5hgcw/4oWfoEFLu9kBa1B//kxH8
>hQkChVNn8BRC7Y0URQitPl3DKEed9URBDdg2KOAz77bb6ENPiliD+a38UJHIRMqe
>UBHhllOHIzvDhHFbaovALBQceeBzdkQxsKQESKmQmR832950UCovoyRB61UyAV7h
>+mZhYPGRKXKSJI6s0Egg/Cri+Cwk4bjJfrb5hVse11yh4D9MHhwSfCOH+0z4hPUT
>Fku7dGavURO5SVxMn/sL6En5D+oSeXkadHpDs+Airym2YHh15h0+jPSOoR6yiVp/
>6zZeZkrN43kuS73KpKDFjfFPh8t4r1gOIjttkNcQqBccusnplQ7HJpsk
>-----END CERTIFICATE-----
>
></cert>
>
><key>
>-----BEGIN RSA PRIVATE KEY-----
>MIIEpAIBAAKCAQEA5h2lgQQYUjwoKYJbzVZA5VcIGd5otPc/qZRMt0KItCFA0s9R
>wReNVa9fDRFLRBhcITOlv3FBcW3E8h1Us7RD4W8GmJe8zapJnLsD39OSMRCzZJnc
>zW4OCH1PZRZWKqDtjlNca9AF8a65jTmlDxCQCjntLIWk5OLLVkFt9/tScc1GDtci
>55ofhaNAYMPiH7V8+1g66pGHXAoWK6AQVH67XCKJnGB5nlQ+HsMYPV/O49Ld91ZN
>/2tHkcaLLyNtywxVPRSsRh480jju0fcCsv6hp/0yXnTB//mWutBGpdUlIbwiITbA
>mrsbYnjigRvnPqX1RNJUbi9Fp6C2c/HIFJGDywIDAQABAoIBAERV7X5AvxA8uRiK
>k8SIpsD0dX1pJOMIwakUVyvc4EfN0DhKRNb4rYoSiEGTLyzLpyBc/A28Dlkm5eOY
>fjzXfYkGtYi/Ftxkg3O9vcrMQ4+6i+uGHaIL2rL+s4MrfO8v1xv6+Wky33EEGCou
>QiwVGRFQXnRoQ62NBCFbUNLhmXwdj1akZzLU4p5R4zA3QhdxwEIatVLt0+7owLQ3
>lP8sfXhppPOXjTqMD4QkYwzPAa8/zF7acn4kryrUP7Q6PAfd0zEVqNy9ZCZ9ffho
>zXedFj486IFoc5gnTp2N6jsnVj4LCGIhlVHlYGozKKFqJcQVGsHCqq1oz2zjW6LS
>oRYIHgECgYEA8zZrkCwNYSXJuODJ3m/hOLVxcxgJuwXoiErWd0E42vPanjjVMhnt
>KY5l8qGMJ6FhK9LYx2qCrf/E0XtUAZ2wVq3ORTyGnsMWre9tLYs55X+ZN10Tc75z
>4hacbU0hqKN1HiDmsMRY3/2NaZHoy7MKnwJJBaG48l9CCTlVwMHocIECgYEA8jby
>dGjxTH+6XHWNizb5SRbZxAnyEeJeRwTMh0gGzwGPpH/sZYGzyu0SySXWCnZh3Rgq
>5uLlNxtrXrljZlyi2nQdQgsq2YrWUs0+zgU+22uQsZpSAftmhVrtvet6MjVjbByY
>DADciEVUdJYIXk+qnFUJyeroLIkTj7WYKZ6RjksCgYBoCFIwRDeg42oK89RFmnOr
>LymNAq4+2oMhsWlVb4ejWIWeAk9nc+GXUfrXszRhS01mUnU5r5ygUvRcarV/T3U7
>TnMZ+I7Y4DgWRIDd51znhxIBtYV5j/C/t85HjqOkH+8b6RTkbchaX3mau7fpUfds
>Fq0nhIq42fhEO8srfYYwgQKBgQCyhi1N/8taRwpk+3/IDEzQwjbfdzUkWWSDk9Xs
>H/pkuRHWfTMP3flWqEYgW/LW40peW2HDq5imdV8+AgZxe/XMbaji9Lgwf1RY005n
>KxaZQz7yqHupWlLGF68DPHxkZVVSagDnV/sztWX6SFsCqFVnxIXifXGC4cW5Nm9g
>va8q4QKBgQCEhLVeUfdwKvkZ94g/GFz731Z2hrdVhgMZaU/u6t0V95+YezPNCQZB
>wmE9Mmlbq1emDeROivjCfoGhR3kZXW1pTKlLh6ZMUQUOpptdXva8XxfoqQwa3enA
>M7muBbF0XN7VO80iJPv+PmIZdEIAkpwKfi201YB+BafCIuGxIF50Vg==
>-----END RSA PRIVATE KEY-----
>
></key>

Blake Snyder

unread,
Sep 20, 2017, 9:35:08 PM9/20/17
to
On Thu, 21 Sep 2017 01:29:23 -0000 (UTC), in
<news:opv4li$25f$1...@news.mixmin.net>, Blake Snyder wrote:

> Here is the complete unadulterated config file which was valid today which
> produces not only the signature but also the header lines.

Here is a corresponding openvpn config file which I'm using at this exact
moment which does NOT produce the Avast header and signature in Usenet
posts.

Notice you can make two consequitive posts, where the first post uses one
VPN config file and the second post uses the second VPN config file with
nothing else changed - and guess what - one will have the Avast headers and
sig while the other won't.

One caveat, as Marek knows, these config files come and go so while they're
working at this very moment, they might not work ten minutes from now -
which is why Marek wrote all those scripts a few years ago for me and
others to benefit from where he tests them out and puts the good ones in a
bucket and the bad ones in a different bucket.

It's also why I have over six thousand of them by now, because the wget
scripts pull down a few hundred a day (but some are duplicates) so that's
why we use the geolocate scripts to ensure that they're the same even when
the name changes. It's all horribly simple and horribly complex at the same
time but it randomizes everything quite nicely and has been working for two
years now.

Anyway, remove the leading angle bracket which is the only change I had to
make to post this working file below that does NOT have the Avast
signatures and header lines.
>proto udp
>
>
>###############################################################################
># The destination hostname / IP address, and port number of
># the target VPN Server.
>#
># You have to specify as 'remote <HOSTNAME> <PORT>'. You can also
># specify the IP address instead of the hostname.
>#
># Note that the auto-generated below hostname are a "auto-detected
># IP address" of the VPN Server. You have to confirm the correctness
># beforehand.
>#
># When you want to connect to the VPN Server by using TCP protocol,
># the port number of the destination TCP port should be same as one of
># the available TCP listeners on the VPN Server.
>#
># When you use UDP protocol, the port number must same as the configuration
># setting of "OpenVPN Server Compatible Function" on the VPN Server.
>
>remote vpn100895633.opengw.net 1698

Mike Easter

unread,
Sep 20, 2017, 9:36:45 PM9/20/17
to
aol only

Blake Snyder wrote:
> Mike Easter wrote:
>
>> Many free VPN servers are not to be trusted with privacy responsibility.
>>
>> I don't really know why you would use VPN for this type of news message.
>
> Marek and others kindly helped me with wget scripts to pull down all the
> available openvpn config files on the http://vpngate.net server years ago.

Follows that a very lengthy answer from you which is not actually
responsive to the issue I raised, but it does give some modicum of
insight into your thinking.

My points:

First: just because there IS VPN doesn't mean that it should be used for
something.

Second: VPN is a valuable function; for some appropriate purposes, not all.

Third: Some VPN use is 'counter-productive' to privacy; I'm trying to
discuss that issue along with questioning what you are doing with it.

> I'll post the two affected VPN configuration files separately.

How about a link to the website with the files?


--
Mike Easter

Blake Snyder

unread,
Sep 20, 2017, 9:48:29 PM9/20/17
to
On Thu, 21 Sep 2017 01:29:23 -0000 (UTC), in
<news:opv4li$25f$1...@news.mixmin.net>, Blake Snyder wrote:

> Here is the complete unadulterated config file which was valid today which
> produces not only the signature but also the header lines.
>
> I'm actually *using* that same VPN configuration file so it is currently
> working (but these things, as you know Marek, go stale).

Now that is odd!

I definitely posted the correct openvpn config file because I renamed it
with the word "avast" in front, and I used it a few times today, where it
added the Avast header and signature each time I posted using it (but not
when I posted with another config file).

Yet, just now, it didn't add the Avast headers and signature. WTF?

I suspect they "rotate" servers or they fixed something.
I will look about for another config file that adds the headers...
OK. I found one I had named "avast" a while ago.
It still works! Woo hoo.

So here is another VPN server that added Avast headers in the past.
If you see this post, then the config file is working.

I can't tell you if this post will have Avast headers & sig until it gets
sent so we'll both find out at the same time if it does.
>proto udp
>
>
>###############################################################################
># The destination hostname / IP address, and port number of
># the target VPN Server.
>#
># You have to specify as 'remote <HOSTNAME> <PORT>'. You can also
># specify the IP address instead of the hostname.
>#
># Note that the auto-generated below hostname are a "auto-detected
># IP address" of the VPN Server. You have to confirm the correctness
># beforehand.
>#
># When you want to connect to the VPN Server by using TCP protocol,
># the port number of the destination TCP port should be same as one of
># the available TCP listeners on the VPN Server.
>#
># When you use UDP protocol, the port number must same as the configuration
># setting of "OpenVPN Server Compatible Function" on the VPN Server.
>
>remote vpn786386026.opengw.net 1233
---
このEメールはアバスト アンチウイルスによりウイルススキャンされています。
https://www.avast.com/antivirus

Marek Novotny

unread,
Sep 20, 2017, 9:49:58 PM9/20/17
to
On 2017-09-21, Blake Snyder <blakebla...@outlook.com> wrote:
> On Wed, 20 Sep 2017 14:05:51 -0500, in
><news:kPKdnekf5pWSIV_E...@giganews.com>, Marek Novotny wrote:
>
>> Just post one of the config files known to produce the added signature. I
>> want to read it.
>
> Here is the complete unadulterated config file which was valid today which
> produces not only the signature but also the header lines.
>
> I'm actually *using* that same VPN configuration file so it is currently
> working (but these things, as you know Marek, go stale).
>
> For others on any platform including Android, iOS, Linux, or Windows, if
> you just name it foo.ovpn and doubleclick on it, it will open up in your
> favorite OpenVPN client and it will connect to a free VPN. Then you can
> test that it both adds the Avast headers and an Avast sig.
>
> I had to precede every line with an angle bracket to get Mixmin to not
> think it was a binary file.

That config file is fine. I'd agree with previous assessment that they
are adding headers not through your own Linux machine. If you're using
their client software it would be easy.

Blake Snyder

unread,
Sep 20, 2017, 9:53:06 PM9/20/17
to
On Thu, 21 Sep 2017 01:48:28 -0000 (UTC), in
<news:opv5pa$4sc$1...@news.mixmin.net>, Blake Snyder wrote:

> I can't tell you if this post will have Avast headers & sig until it gets
> sent so we'll both find out at the same time if it does.

Marek,
That last post had Avast headers and a signature.
I'm making this post from that same file.
So *this* is the file anyone else can test.

If you have openvpn set up, here's all you have to do to test, but I
suggest you test fast as these things go stale quickly.

1. Save the previous message (the one I'm responding to).
2. Strip out the openvpn config file and name it "something.ovpn".
3. Remove the beginning angle bracket completely.

That gives you a perfectly good openvpn configuration file.
If you have openVPN already installed, then all you need to do is load that
openvpn config file the way you normally do.

All I do is doubleclick on it, and that puts me on VPN.
Then send a Usenet message.

Your message will have the Avast headers and signature, I'm sure.
Just like this message will (because I'm using *that* openVPN config file).

Blake Snyder

unread,
Sep 20, 2017, 10:11:33 PM9/20/17
to
On Thu, 21 Sep 2017 01:18:44 -0000 (UTC), in
<news:opv41j$lh$1...@news.mixmin.net>, Blake Snyder wrote:

> I'll post the two affected VPN configuration files separately.
> I think they will be rejected since they contain the binary keys.
> So then I will have to look for a no-registration upload site for binaries
> even though they are standard openvpn.conf text files.

I posted the two files, but they go stale fast so they may or may not work
by the time you run them and post to test them but if you do run them and
post, you'll get the same Avast header and signature lines.

Snit

unread,
Sep 20, 2017, 10:14:11 PM9/20/17
to
On 9/20/17, 6:38 PM, in article f2gjda...@mid.individual.net, "Mike
Easter" <Mi...@ster.invalid> wrote:

> aol only
>
> Blake Snyder wrote:
>> Mike Easter wrote:
>>
>>> Many free VPN servers are not to be trusted with privacy responsibility.
>>>
>>> I don't really know why you would use VPN for this type of news message.
>>
>> Marek and others kindly helped me with wget scripts to pull down all the
>> available openvpn config files on the http://vpngate.net server years ago.
>
> Follows that a very lengthy answer from you which is not actually
> responsive to the issue I raised, but it does give some modicum of
> insight into your thinking.
>
> My points:
>
> First: just because there IS VPN doesn't mean that it should be used for
> something.
>
> Second: VPN is a valuable function; for some appropriate purposes, not all.
>
> Third: Some VPN use is 'counter-productive' to privacy; I'm trying to
> discuss that issue along with questioning what you are doing with it.

A fourth issue: if he is using Marek's scripts, or ones based on them, or
even using them as a model he should be aware there may be a risk of SOME
packets going through NOT via the VPN connection. If it goes down then Marek
has the programs using it get killed... but there may be a slight delay
where a packet or more goes over the connection. The risk might be slight if
it takes a bit of time for the swap to happen, but it is a possible risk.
Also there are risks involved with killing programs (if they are saving data
or the like). As cool as Marek's solution is (and his scripting capabilities
are FAR beyond what mine are), it seems safer to use other methods to make
sure programs do not use the non-VPN connection.

For my part I do not really need this but I found a third party solution
that has a firewall built in... and since it is a reputable third party they
are less likely to be doing the nasty things the free services are at least
rumored to do.

>> I'll post the two affected VPN configuration files separately.
>
> How about a link to the website with the files?
>


--
Personal attacks from those who troll show their own insecurity. They cannot
use reason to show the message to be wrong so they try to feel somehow
superior by attacking the messenger.

They cling to their attacks and ignore the message time and time again.

<https://youtu.be/H4NW-Cqh308>

Blake Snyder

unread,
Sep 20, 2017, 10:15:28 PM9/20/17
to
On Thu, 21 Sep 2017 02:11:31 -0000 (UTC), in
<news:opv74j$7rv$1...@news.mixmin.net>, Blake Snyder wrote:

> This email has been checked for viruses by Avast antivirus software.
> https://www.avast.com/antivirus

Here is the config file (which I'm still using) which now adds the
signature again! (it hiccupped once and didn't add the signature).

This is the file I am using at this very moment.
Sorry for the plethora of posts - but this stuff is temporal.

I'll also manually switch to netfront because I think Steve Crook's servers
are seeing the posts are binaries again and blocking them.

Since this is netfront, you'll see the IP address of the VPN server too.
>proto tcp
>
>
>###############################################################################
># The destination hostname / IP address, and port number of
># the target VPN Server.
>#
># You have to specify as 'remote <HOSTNAME> <PORT>'. You can also
># specify the IP address instead of the hostname.
>#
># Note that the auto-generated below hostname are a "auto-detected
># IP address" of the VPN Server. You have to confirm the correctness
># beforehand.
>#
># When you want to connect to the VPN Server by using TCP protocol,
># the port number of the destination TCP port should be same as one of
># the available TCP listeners on the VPN Server.
>#
># When you use UDP protocol, the port number must same as the configuration
># setting of "OpenVPN Server Compatible Function" on the VPN Server.
>
>remote vpn812712198.opengw.net 1380

Snit

unread,
Sep 20, 2017, 10:16:04 PM9/20/17
to
On 9/20/17, 6:53 PM, in article opv620$5jg$1...@news.mixmin.net, "Blake Snyder"
<blakebla...@outlook.com> wrote:

> On Thu, 21 Sep 2017 01:48:28 -0000 (UTC), in
> <news:opv5pa$4sc$1...@news.mixmin.net>, Blake Snyder wrote:
>
>> I can't tell you if this post will have Avast headers & sig until it gets
>> sent so we'll both find out at the same time if it does.
>
> Marek,
> That last post had Avast headers and a signature.
> I'm making this post from that same file.
> So *this* is the file anyone else can test.
>
> If you have openvpn set up, here's all you have to do to test, but I
> suggest you test fast as these things go stale quickly.
>
> 1. Save the previous message (the one I'm responding to).
> 2. Strip out the openvpn config file and name it "something.ovpn".
> 3. Remove the beginning angle bracket completely.
>
> That gives you a perfectly good openvpn configuration file.
> If you have openVPN already installed, then all you need to do is load that
> openvpn config file the way you normally do.
>
> All I do is doubleclick on it, and that puts me on VPN.

That seems a slick and easy solution... makes it easy to switch VPNs as well
as allows you to organize them as you see fit.

> Then send a Usenet message.
>
> Your message will have the Avast headers and signature, I'm sure.
> Just like this message will (because I'm using *that* openVPN config file).
>
> ---
> このEメールはアバスト アンチウイルスによりウイルススキャンされています。
> https://www.avast.com/antivirus
>


Marek Novotny

unread,
Sep 20, 2017, 10:47:27 PM9/20/17
to
On 2017-09-21, Blake Snyder <blakebla...@outlook.com> wrote:
That conf file didn't work for me. Said the private key was bad. What
client are using?

Blake Snyder

unread,
Sep 20, 2017, 10:49:55 PM9/20/17
to
On Wed, 20 Sep 2017 18:38:04 -0700, in
<news:f2gjda...@mid.individual.net>, Mike Easter wrote:

> Follows that a very lengthy answer from you which is not actually
> responsive to the issue I raised, but it does give some modicum of
> insight into your thinking.

Hi Mike,

I try to always be very responsive so I apologize.

> My points:
>
> First: just because there IS VPN doesn't mean that it should be used for
> something.

OK. Fair enough.

Most people would say VPN is not for privacy but for data security.

I'm not using VPN for data security.
I'm using VPN for privacy.

IP address privacy.

To your point, mostly what I say on Usenet or on the web is sent in the
clear if I use news servers and web servers that aren't encrypted.

I randomly rotate among news servers (but they are locked to each identity)
where of all my servers available, Mixmin is one that doesn't allow plain
text so it's always encrypted).

So in the case of mixmin, I don't need VPN for data security but I still
need VPN for IP privacy because Steve Crook, at my request, obfuscated the
IP addresses but he found that he couldn't do that for every post because
spammers drove him nuts so he changes his obfuscation each month per IP
address.

But Ray's nntp server or Paolo's nntp server or Jesse's nntp server etc,
generally have both an encrypted (ssl, 563) and plain text (119) option and
they don't change their IP address obfuscation.

Worse, Netfront and a few others don't even obfuscate the IP address.

Others like Blueworld did a good job on obfuscation, but eternal September
uses the same hash method for EVERYONE from the beginning of all time.

So there is no IP privacy without VPN (unless you know something I don't
know about changing the IP address given my IP address is not normal and is
the same for the past five years and there is no concept of an IP "lease"
time like there is with Comcast due to the fact that I'm on a home-grown
network.

> Second: VPN is a valuable function; for some appropriate purposes, not all.

It's great for data protection - but that's not what I'm using it for.
It's also great for changing your IP address but that only works if you use
someone else's VPN server.

Most of you Linux gurus only think of VPN as a home-grown solution, which I
could do too - but my IP address has been the same for so many years that
you'd have geolocated to my very bedroom pillow by now, given I have posted
so much accurate and detailed information for decades.

So I use VPN for a few purposes, which most of you don't need.
1. I change my IP address (which is my primary purpose).
2. I keep my ISP (who is a relative of mine) out of my business.

Hence I use VPN for "privacy" on #1 and "privacy" on #2.

The actual data I send isn't what I'm trying to protect and, in fact, my
data is quite detailed, so you can figure out who I am by what I post
because I don't obfuscate what I post which is always quite detailed.

My motto is that the details should always be sufficient for anyone to
reproduce by cutting and pasting what I write.

Very (very) few people do that. Marek does that. You do that.
But most people (like 9999 out of 10,000) don't do that.

> Third: Some VPN use is 'counter-productive' to privacy; I'm trying to
> discuss that issue along with questioning what you are doing with it.

See above.
The main reason for the VPN is to change the IP address that *you* see.
The secondary reason is to keep my brother (who runs the ISP I use) out of
my business.

He knows I'm using VPN of course, just like he knows when I use Tor.
But he doesn't know what I'm doing with it (we hope).


>> I'll post the two affected VPN configuration files separately.
>
> How about a link to the website with the files?

As Marek well knows, the web site link will *never* have all six thousand
openvpn config files. I already posted the web site of the problem files
numerous times, but I use *all* the web sites that have openvpn config
files. That's about 20 or more at last count.

Nonetheless, here's the URL again of the web site that seems to host the
files that 1 out of 100 add the Avast headers and signature.
http://vpngate.net

Bear in mind that Marek is well aware (as you should be too because we
spent a lot of time together on this about 2 or 3 years ago) that you'll
never get all six thousand files off that web site at any one time.

If you use the web site itself, you'll get about fifty or so at any one
time. If you wget into the site and run the scripts that have been posted
here in their entirety in the past, you'll get about 300 or 400 as I
recall.

But if you do that *every day*, you'll end up with about six thousand
unique vpn configuration files from that one web site alone (ask me how I
know this).

If you add another five hundred or so that you can get by other means from
other locations, that gets you a few thousand VPN files to randomly cycle
through.

Truth be told, you only need a few hundred, but this "bug" of writing
scripts to automate stuff makes you lazy so you grab all you can get since
they're sometimes extremely flaky so you can go through 20 at a time before
you find a good one and sometimes a bad one turns up good months later (as
this one I'm using did).

The last time I used this file was (checking my log ... wow ... December of
last year!) so this file went stale last year and it's working again now.

That's the nature of the beast. If you look in the archives, you'll find
all our conversations of the past. Just look for Marek's posts because he
wrote at least half the scripts.

http://tinyurl.com/alt-os-linux

Blake Snyder

unread,
Sep 20, 2017, 10:56:53 PM9/20/17
to
On Wed, 20 Sep 2017 20:49:51 -0500, in
<news:KKadnWyVu64ih17E...@giganews.com>, Marek Novotny wrote:

> That config file is fine. I'd agree with previous assessment that they
> are adding headers not through your own Linux machine. If you're using
> their client software it would be easy.

Ah, Marek. Good point. They push their client software like a drug pusher
pushes drugs. I don't know why. It's called softether.

I don't use their softether client software. I did, but it sucks.
And it doesn't do anything that your scripts don't do better.

I just use standard open source free openVPN on all platforms (Windows,
Linux, and Android mostly).

I just realized that while Mixmin won't let me post the file without adding
angle brackets, netfront will let me post the file naked. But netfront
won't let you post more than two or three posts per IP so I used that up
already. Drat. Let's try aioe.

The file posted below is the actual VPN config file that if anyone uses
right now and then posts a message, they should see avast headers and
signature tacked on to their Usenet message.

Here is the config file I'm using now, where out of all my scores of
servers I randomly rotate through for each identity, netfront is one of the
set that gives away the IP address so you will see the IP address of the
VPN server in my header too.

Frank, or anyone who knows how to use openvpn freeware.

1. Save this message as whatever.ovpn and strip out the ovpn file part.
2. Run it inside of openVPN (I just doubleclick on it) on any platform.
3. Post a message to Usenet. You'll get the Avast headers & sig lines!

I'm using *this* very file myself right not to post so it will add the
Avast headers and sig.

Notice I switched manually to netfront (I have scores of news servers to
choose from) so you will see the IP address of my nntp host in the header
too.

Be advised these openvpn config files go stale so the sooner you test it
out the better.

Blake Snyder

unread,
Sep 20, 2017, 10:57:58 PM9/20/17
to
On Thu, 21 Sep 2017 02:49:53 -0000 (UTC), in
<news:opv9cg$bkd$1...@news.mixmin.net>, Blake Snyder wrote:

> This email has been checked for viruses by Avast antivirus software.
> https://www.avast.com/antivirus

Mike,
I'm switching to netfront which doesn't requires the leading angle brackets
that mixmin requires to post this file (and which posts the IP address in
the clear in the header).

EDIT: Nefront failed because they don't allow more than 3 or 4 posts per
day per IP address and I used that up already. So I switched to aioe
instead because Mixmin forces me to put angle brackets in front of every
line while aioe will let it go through naked.

Below is the exact openvpn config file used to post this message.

You can try it yourself.
1. Name it foo.ovpn
2. Run it in OpenVPN
3. Send a Usenet message

When you do that, you'll get the Avast headers & sig lines too.
Note: Netfront only allows a couple of posts a day per IP so I can't do
this a lot for you.

Marek Novotny

unread,
Sep 20, 2017, 11:01:11 PM9/20/17
to
On 2017-09-21, Blake Snyder <blakebla...@outlook.com> wrote:
> I think the answer is what Frank Slootweg said, which is that the VPN
> server itself is adding the header and signature lines since it's
> impossible that my Linux box is adding those lines since Avast isn't on the
> Linux box.

Yes, they are adding it. Here is a post using your posted ovpn conf
file. I'm connected right now via that connection and if you look at my
headers they added a few things to it. You can compare any previous
headers to this one. This one will have avast added to it.

Here is the specific ovpn file I am using. It's yours, just cleaned up a
bit.

dev tun
proto tcp

remote vpn812712198.opengw.net 1380

;http-proxy-retry
;http-proxy [proxy server] [proxy port]

cipher AES-128-CBC
auth SHA1
resolv-retry infinite
nobind
persist-key
persist-tun
client
verb 3
#auth-user-pass

Blake Snyder

unread,
Sep 20, 2017, 11:40:28 PM9/20/17
to
On Wed, 20 Sep 2017 22:01:04 -0500, in
<news:bZ6dnX9KxbHttl7E...@giganews.com>, Marek Novotny wrote:

> Yes, they are adding it. Here is a post using your posted ovpn conf
> file. I'm connected right now via that connection and if you look at my
> headers they added a few things to it. You can compare any previous
> headers to this one. This one will have avast added to it.
>
> Here is the specific ovpn file I am using. It's yours, just cleaned up a
> bit.

Thanks Marek for testing this because:
a) What is happening is not what most people *think* is happening
(Most people think it's Avast on our side that is doing this.)
b) You proved what I *thought* was happening (but I wasn't totally sure)
(The VPN server is adding the avast headers and avast signature.)
c) This means I can refer others to your proof which means something
<https://groups.google.com/d/msg/alt.os.linux/a8o3srYBw0U/ijv-OPSnAwAJ>

My openvpn client is standard free open source openVPN software.
My Usenet client is complex because it's really a bunch of scripts.
But the problem happens with *any* Usenet client so it doesn't matter.
It would be the same if I was on Android or iOS or Linux or Windows, etc.

Avast has nothing to do with the problem, even though most people *think*
it's due to Avast on our side (it's Avast on the VPN server's side).

The question can be "why" 1 out of 100 or 200 free VPN servers add the
avast headers & sig, but we'll never really know why.

Another question is whether that means they're *looking* at everything we
type, but, again, so what? It's in the clear anyway. It's Usenet for
heaven's sake.

Most people seem to think that VPN is *only* for data protection.
But that's only one (perfectly valid) viewpoint.

A hammer can be used to do many things, not only hammer nails.

It's like a couple walks by a jewelry store where the guy sees it as
a totally different situation than the gal does. Yet both see the exact
same jewelry store. Yet they can look at the situation from two completely
different viewpoints.

The standard viewpoint is that VPN is meant to keep data private from
everyone but the small number of recipients, let's say it's one to one for
our example.

So in the standard viewpoint, the data is meant to be kept from all prying
eyes except the sender and the recipient. In that viewpoint, the IP address
of the VPN server isn't a meaningful issue. Only the data is.

But that's not my viewpoint (although I understand that standard viewpoint).

My viewpoint is that I'm posting to web forums and to Usenet forums so the
"data" isn't a problem for the entire world to see.

So I am not trying to protect my data from random prying eyes. I happen to
be using an ISP that is run by a relative though, so I do want to protect
my "data" from him, but that's minor because if he wanted to, he could read
this if he knew that I was posting it so I won't say more about protecting
my data from my ISP because that's only a secondary goal of using VPN.

I post all day every day and have done so since I retired about two decades
ago after working in a bunch of startup software companies. I post VERY
VERY DETAILED posts, with thousands (yes, thousands) of photos, where if
anyone wanted to collect them all, they could geolocate me to the exact
spot I sleep in my bed every night. It would be that easy.

My style is always the same.
I'm extremely detailed.
I summarize the results.
I care to be responsive.
I try to add to the overall tribal knowledge of the newsgroup.

But I want to hide my true identity on Usenet (and in web forums).

So how do I hide my identity on Usenet & web forums?
Answer: I randomize it. And I randomize the IP address.
And I randomize the nntp news server. And I randomize the headers.

All this is done with scripts written a few years ago (many of which you
wrote the first incarnations of), almost all of which are posted to Usenet
so anyone can find them if they knew what to look for.

But back to the free public VPN servers...
Specifically, how do I randomize my IP address?

Answer: After years of accumulating freely available public open vpn
configuration files via wget, I have over six thousand openvpn
configuration files to choose from all of which were publicly available at
one point in time.

Each one gives me a different IP address.

If anyone knows of a better way to randomize the IP address for free when
your IP address is static (there is no concept of an IP "lease" at my ISP,
which I get for free anyway), then I'm all ears.

Blake Snyder

unread,
Sep 20, 2017, 11:42:15 PM9/20/17
to
On Wed, 20 Sep 2017 22:01:04 -0500, in
<news:bZ6dnX9KxbHttl7E...@giganews.com>, Marek Novotny wrote:

> Yes, they are adding it. Here is a post using your posted ovpn conf
> file. I'm connected right now via that connection and if you look at my
> headers they added a few things to it. You can compare any previous
> headers to this one. This one will have avast added to it.
>
> Here is the specific ovpn file I am using. It's yours, just cleaned up a
> bit.

Added note: This is important to all three newsgroups so I repeat this one
post which was only originally on a.o.l and not on a.f.n nor n.s.r

Marek Novotny

unread,
Sep 21, 2017, 12:04:22 AM9/21/17
to
On 2017-09-21, Blake Snyder <blakdebl...@outlook.com> wrote:
> On Wed, 20 Sep 2017 22:01:04 -0500, in
><news:bZ6dnX9KxbHttl7E...@giganews.com>, Marek Novotny wrote:
>
>> Yes, they are adding it. Here is a post using your posted ovpn conf
>> file. I'm connected right now via that connection and if you look at my
>> headers they added a few things to it. You can compare any previous
>> headers to this one. This one will have avast added to it.
>>
>> Here is the specific ovpn file I am using. It's yours, just cleaned up a
>> bit.
>
> Thanks Marek for testing this because:
> a) What is happening is not what most people *think* is happening
> (Most people think it's Avast on our side that is doing this.)
> b) You proved what I *thought* was happening (but I wasn't totally sure)
> (The VPN server is adding the avast headers and avast signature.)
> c) This means I can refer others to your proof which means something
> <https://groups.google.com/d/msg/alt.os.linux/a8o3srYBw0U/ijv-OPSnAwAJ>

I think most are familiar with buying anti-virus software that adds
signatures to your email app so they see this and jump to that
conclusion. Not the case here. And it's likely on a few of their servers
but not all. And so some of these ovpn files attach you to a server with
avast running and you get the signature. Other's don't have it running
and those don't give you the signature. Simple as that.

I cut the rest. I think I did an ip randomizer a while back for you. The
way to make up random addresses was to simply do 4 sets of random
numbers between 1 and 255 and exclude on the non-route-able addresses
and broadcast addresses, etc. and then pick one from the pool. I think
we even did one that identified the MAC addresses. I don't save
everything so I have no idea what's become of those.

I know I did a few things back then. One generates random IP addresses,
and one generated random ip addresses and then geo located them and told
you who owned them. That one was pretty fun.

#!/bin/bash

#############################################################
#
# script: randomip
# written by: Marek Novotny
# version: 1.0
# date: Sun May 31 8:52:00 PDT 2015
# purpose: randomly generate ip addresses
# licence: GPL v2 (only)
#
#############################################################

randomizer()
{
IFS=$' '
ary=()
for x in {1..4} ; do
ary+=($(($RANDOM % 221 + 1)))
done

if [[ ${ary[0]} -eq 10 || ${ary[0]} -eq 100 ]] ; then
randomizer
elif [[ ${ary[0]} -eq 169 ]] && [[ ${ary[1]} -eq 254 ]] ; then
randomizer
elif [[ ${ary[0]} -eq 172 ]] && [[ ${ary[1]} -eq 16 ]] ; then
randomizer
elif [[ ${ary[0]} -eq 192 ]] && [[ ${ary[1]} -eq 168 ]] ; then
randomizer
elif [[ ${ary[0]} -eq 198 ]] && [[ ${ary[1]} -eq 18 ]] ; then
randomizer
else
addr=$(echo "${ary[@]}" | awk '{print $1"."$2"."$3"."$4}')
fi
}

for x in {1..25} ; do
randomizer
echo $addr
done

## END ##


#!/bin/bash

#############################################################
#
# script: ranprobe
# written by: marek novotny
# version: 1.0
# date: Sun May 31 14:23:05 PDT 2015
# purpose: randomly gen ip and lookup org / country
#
# licence: GPL v2 (only)
# repository: http://www.github.com/marek-novotny
#
#############################################################

randomizer()
{
IFS=$' '
ary=()
for x in {1..4} ; do
ary+=($(($RANDOM % 221 + 1)))
done

if [[ ${ary[0]} -eq 10 || ${ary[0]} -eq 100 ]] ; then
randomizer
elif [[ ${ary[0]} -eq 169 ]] && [[ ${ary[1]} -eq 254 ]] ; then
randomizer
elif [[ ${ary[0]} -eq 172 ]] && [[ ${ary[1]} -eq 16 ]] ; then
randomizer
elif [[ ${ary[0]} -eq 192 ]] && [[ ${ary[1]} -eq 168 ]] ; then
randomizer
elif [[ ${ary[0]} -eq 198 ]] && [[ ${ary[1]} -eq 18 ]] ; then
randomizer
else
addr=$(echo "${ary[@]}" | awk '{print $1"."$2"."$3"."$4}')
fi
}

query()
{
randomizer
org="$(wget -4 -qO- ipinfo.io/${addr}/org)"
country="$(wget -4 -qO- ipinfo.io/${addr}/country)"
echo "$addr - $country - $org"
}

for x in {1..25} ; do
query
done

## END ##

These are just for fun but I won't have time to play with these. You're
welcome to screw around with them and make what you can from them.

Blake Snyder

unread,
Sep 21, 2017, 12:59:48 AM9/21/17
to
On Wed, 20 Sep 2017 23:04:15 -0500, in
<news:2vidnZ9Sy5iip17E...@giganews.com>, Marek Novotny wrote:

> I think most are familiar with buying anti-virus software that adds
> signatures to your email app so they see this and jump to that
> conclusion.

Yup.
Lots of people jump to conclusions where I admit I do things differently.
I jump to conclusions too.

Even you have, at times, jumped to conclusions which would be perfectly
valid had I been a "normal" poster. Case in point is that I don't know what
my headers say because they're all randomized but locked to the identity
which itself is locked to the thread topic.

I remember one time, about a year or two ago, I asked a Linux question but
the random headers shows a Windows client. You jumped all over me as a
Windows weenie even though I was on Linux the whole time.

So I implemented a kill switch in the randomization software (which I used
for the last few posts) which removes all the randomization and just kills
most of the headers. I also can look ahead of time into the scripts if I
know that my random header will be 'sensitive' (for example, iOS people are
extremely sensitive to platforms - more so than any other type of people on
Usenet).

> Not the case here. And it's likely on a few of their servers
> but not all.

You once asked me years ago to give you statistics on which news servers
are from which country so I gave you that information. Most of the vpngate
servers are in Japan. Korea is second. From there, every major country is
represented, but those are the major ones out of the six thousand files
that I currently have downloaded over the years.

Of those six thousand VPN servers, I'd gonna guess fewer than a few score
of them (which is roughly 1 out of 100 or so) have added the Avast headers
and triple-dash signature. So it's not a big problem.

Some people though start SCREAMING when they see the Avast signature (as
they did today on the Android newsgroup). It infuriates them. So what I do
is deprecate that openVPN config file. (Interestingly the header additions
are more bothersome to me, since I like to control every character of the
header. But the triple-dash signature is what infuriates most people. I
understand that. I really do.)

We can wonder *why* they add the header and signature. We'll never know for
sure. My guess is that it's just a badly configured VPN server. But I never
configured a VPN server so I don't know how it handles Usenet packets
differently than it handles web forum packets (which don't have this
problem).

Some think that this means that the VPN server is *reading* our Usenet
posts, which, if we think about it, is kind of funny because Usenet is a
public cleartext mechanism, so how would it matter if they were reading the
Usenet posts? The only thing they know that world doesn't know is my true
IP address. And I'm not worried about hiding my IP address from the VPN
server. If I was, I wouldn't be using it. Or I'd figure out how to do
doubleVPN, which I can do with web proxies, but not with OpenVPN yet.

Of course, there's always Tor, with or without bridges, but the fatal
problem with Tor is that it's not a Usenet mechanism, and even if it was
used with the likes of Google Groups (oh, the horror), all the exit nodes
are public information so a zillion sites won't work with Tor just because
it's Tor (and certainly Google knows this since Gmail won't work over time
with Tor for that very reason).

> And so some of these ovpn files attach you to a server with
> avast running and you get the signature. Other's don't have it running
> and those don't give you the signature. Simple as that.

Yup. Maybe the server admin thinks he's doing us a favor by scanning our
messages. I don't know. It doesn't matter to me why. It only matters what
is happening, where you helped prove what was happening - which is not what
almost everyone *thinks* is happening.

> I cut the rest. I think I did an ip randomizer a while back for you.

Over the years, especially before you scared the heck out of us with your
sudden need for blood thinners, you wrote tons of scripts that I have
re-purposed for my "environment", which essentially pulls down and tests
and geolocates all the publicly available openvpn config files (and
passwords) on the net. That's hundreds a day!

You wrote all the scripts that *test* these files (since they're highly
unreliable, and they go in and out of use over time so I no longer throw
them away but simply test them every day).

You wrote the scripts that check the network constantly, where you added a
lot of very special sauce since the connection has to be dropped
immediately, if not sooner, when the vpn connection fails. This is
something that is sorely needed on Windows, for example, because it's a
huge issue for safety. Luckily, you solved it for Linux!

Then you wrote the scripts to actually run the VPN files, and if they
didn't work (since they change from moment to moment), you discard them and
pick the next in the list.

To your scripts I added all the scripts that randomize the identity and
headers of my Usenet posts, taking care to ALWAYS lock a single identity to
any one thread topic! Many people consider this a trollish behavior, but I
never troll. Those people who think that are the same people who jump to
conclusions all the time that are wrong, based on just one feature. For
example, if they think all Italians are in the mafia. Or if they think all
Jewish people are out to rob them. Or if they think all Germans hit their
kids. Whatever.

What they see is one thing that trolls do, but they don't see any trolling
going on. They still jump to the wrong conclusion. They're fools, but I
understand them. If they're that ignorant of facts, they can't help me
anyway because they have the wrong attitude and they probably can't handle
detail all that well. And my posts are nothing but detail. As are yours.

They also see that I post to the threads that I author, which they see as
trolling simply because I'm responsive to all valid queries. They again
jump to erroneous conclusions because they can't see that I don't respond
to the trolls except to shut them down, where the "normal" rules of not
feeding the trolls and falling to their level where they win out of sheer
experience works only in the coffee-shop model and not in the Q&A model,
where trolls have more power to destroy a topic of import. People don't see
any of this detail, just like they think the Dunning-Kruger effect is only
about dumb people or that they think Myers-Briggs means anything without
actual numbers for the strengths. People can't handle detail. I know you
can. Mike Easter can. Lots of people can. But even more can't.

> The
> way to make up random addresses was to simply do 4 sets of random
> numbers between 1 and 255 and exclude on the non-route-able addresses
> and broadcast addresses, etc. and then pick one from the pool. I think
> we even did one that identified the MAC addresses. I don't save
> everything so I have no idea what's become of those.

Wow. You reminded me that I also randomized the Mac address and the
hostname and the user id using your scripts!

I changed machines quite a few times since we did that a few years ago, but
yes, we did randomize all that and more!

We could find the scripts if we just searched in
<http://tinyurl.com/alt-os-linux>
Which I created a decade or so ago so that people didn't have to remember:
<https://groups.google.com/forum/#!forum/alt.os.linux>

I created hundreds of those URLs for hundreds of Usenet newsgroups so that
everyone else could benefit. Spammers destroyed some of them by linking to
their spam, so the tinyurl domain deprecated them - but luckily the
alt.os.linux one still works about ten years later!

> I know I did a few things back then. One generates random IP addresses,
> and one generated random ip addresses and then geo located them and told
> you who owned them. That one was pretty fun.

Yup. I then took the output and sed/grep/awk/col/etc, the heck out of the
geolocate results to geolocate each working VPN server and then the script
would rename the files based on their geolocation and IP address.

That is how I can maintain the hierarchy of over six thousand freely
available openvpn config files over the years to cull out duplicates.

This randomization project has probably a hundred separate jeweled nuggets
such as that, in order to create the unique environment I have, which
essentially has me on VPN at random times, and when they drop, it puts me
on another VPN instantly, and when I post it gives me a random identity
with random headers on a random news server, but locked to a Usenet thread
title for the identity, headers, and server.

There is always more to do: for example, when someone changes the subject
line I have to be careful to notice that and hit the manual switch to
maintain the same header, and sometimes I have to deal with the way that
news servers update their software (for example, when they switched to the
latest time and date convention, I had to modify the scripts because of the
newly added plus and minus UTC time intricacies that were involved which
were different for each news server implementation).

> These are just for fun but I won't have time to play with these. You're
> welcome to screw around with them and make what you can from them.

There are *many* powerful scripts you've written, but some of the ones
exhibiting the most genius on your part were the ones that killed the
network the moment the VPN dropped, and the one that stepped through the
VPN files and figured out that they were bad (because they all failed in
different ways) and your scripts that figured out how to step through
working VPN files to name them quickly and then move on to the next one,
etc.

I tied all your scripts (maybe fifteen or twenty in toto?) together with a
dozen or more of my own (which are mostly just shell scripts automating
what I did by hand) to create the environment that I currently use to
randomize everything but the subject and body of the Usenet post.

You've even helped me double-vpn/proxy using Opera, where you were the only
one who understood the question of how to clear out the one-to-one identity
relationship with the Opera VPN (proxy) which is something that happens
automatically for me now (but only on Windows as I didn't script it for
Linux yet).

Thanks to you, and others, the newsgroup has fantastic resources, all
archived at your github site and on DejaGoogle.
http://www.github.com/marek-novotny
http://tinyurl.com/alt-os-linux

BTW, even Steve Crook has helped, in that he is the Mixmin admin, and where
he listened to my request (many years ago) to obfuscate the header
information, where he did it on a per-post basis at first but then had to
change it to a monthly obfuscation because the spammers were killing him.
http://tinyurl.com/alt-free-newsservers
Specifically:
https://groups.google.com/d/msg/alt.free.newsservers/3v8koZIW_NQ/TOLwAB1kAwAJ

Everyone pitches in together to bring the tribal knowledge of the group
forward as a whole!

J.O. Aho

unread,
Sep 21, 2017, 1:11:58 AM9/21/17
to
On 09/20/17 20:36, Blake Snyder wrote:
> Ping Steve Crook & other free server admins:
> How/why are Avast headers & sig added to these messages?
>
> Luckily, out of the thousands of free VPN servers my scripts randomly put
> me on during the day (thanks greatly to Marek and other linux coders for
> invaluable tidbits over the decades), only 1 out of hundreds pulls this
> Avast header crap.

This is about the free vpn's reputation and keeping them from getting
blacklisted, so they don't want to be seen as a virus spreading source,
so they make anti virus checks on things they can like mail and
newsgroup posts.

If you want to get rid of it, you need to have a mail server which you
have control of, you configure it as your outgoing mail server, you set
up some mimedefang rules which filters away the header.

Keep in mind that those who add the header shows you that they do
something with your data, those who don't they still may mess with your
data and you don't know anything about it. The likelihood is quite slim
they give you free vpn out of goodness, they want something from you and
they get it...


--

//Aho

Snit

unread,
Sep 21, 2017, 2:16:28 AM9/21/17
to
On 9/20/17, 9:59 PM, in article opvh02$od9$1...@news.mixmin.net, "Blake Snyder"
<blakdebl...@outlook.com> wrote:

> On Wed, 20 Sep 2017 23:04:15 -0500, in
> <news:2vidnZ9Sy5iip17E...@giganews.com>, Marek Novotny wrote:
>
>> I think most are familiar with buying anti-virus software that adds
>> signatures to your email app so they see this and jump to that
>> conclusion.
>
> Yup.
> Lots of people jump to conclusions where I admit I do things differently.

Once you said it impacts all clients and only happens with specific nodes it
was clear it was not your own machine.

> I jump to conclusions too.

We each see the world through our own lens.

> Even you have, at times, jumped to conclusions which would be perfectly
> valid had I been a "normal" poster. Case in point is that I don't know what
> my headers say because they're all randomized but locked to the identity
> which itself is locked to the thread topic.
>
> I remember one time, about a year or two ago, I asked a Linux question but
> the random headers shows a Windows client. You jumped all over me as a
> Windows weenie even though I was on Linux the whole time.

Marek is very knowledgeable and giving, but he has odd ideas about who is a
"real" Linux user and insists on treating those who do not pass his "purity"
tests or whatever poorly.

> So I implemented a kill switch in the randomization software (which I used
> for the last few posts) which removes all the randomization and just kills
> most of the headers. I also can look ahead of time into the scripts if I
> know that my random header will be 'sensitive' (for example, iOS people are
> extremely sensitive to platforms - more so than any other type of people on
> Usenet).

Not sure what you mean by this.
There are folks who use Google Groups through proxies -- and at least hint
they do so through the Tor browser.

...
> You wrote the scripts that check the network constantly, where you added a
> lot of very special sauce since the connection has to be dropped
> immediately, if not sooner, when the vpn connection fails. This is
> something that is sorely needed on Windows, for example, because it's a
> huge issue for safety. Luckily, you solved it for Linux!

Have you tested to make sure not a single packet gets though if the VPN goes
down?

> Then you wrote the scripts to actually run the VPN files, and if they
> didn't work (since they change from moment to moment), you discard them and
> pick the next in the list.
>
> To your scripts I added all the scripts that randomize the identity and
> headers of my Usenet posts, taking care to ALWAYS lock a single identity to
> any one thread topic! Many people consider this a trollish behavior, but I
> never troll. Those people who think that are the same people who jump to
> conclusions all the time that are wrong, based on just one feature. For
> example, if they think all Italians are in the mafia. Or if they think all
> Jewish people are out to rob them. Or if they think all Germans hit their
> kids. Whatever.

A lot of people jump to MANY bizarre conclusions in usenet. :)

I tend to focus more on the content than the poster. I do not use multiple
names but if someone does I have no real issue with it as long as they are
not actively seeking to fool people.

...
>> These are just for fun but I won't have time to play with these. You're
>> welcome to screw around with them and make what you can from them.
>
> There are *many* powerful scripts you've written, but some of the ones
> exhibiting the most genius on your part were the ones that killed the
> network the moment the VPN dropped,

How is this better than using a firewall which makes sure ZERO packets get
through?

> and the one that stepped through the VPN files and figured out that they were
> bad (because they all failed in different ways) and your scripts that figured
> out how to step through working VPN files to name them quickly and then move
> on to the next one, etc.

That is pretty cool.


...

Nadegda

unread,
Sep 21, 2017, 3:29:14 AM9/21/17
to
On Thu, 21 Sep 2017 01:18:44 +0000, Blake Snyder wrote:

> Another set of scripts which run during the time that the Usenet client
> is running randomly selects an identity and news server for each subject
> line, where that identity is locked forever to that subject line so that
> it doesn't change identities in any one thread.
>
> In addition, those random identities have random header lines, all of
> which is meaningless except for the subject line and hard-locked
> associated identity - which allows the integrity of the subject thread
> to remain as one identity.
>
> At any time I don't bother to even look at what the identity is, nor the
> headers, because they're all meaningless. This is done to foil privacy
> aggregate attacks. It is never done to troll although I'm sure a troll
> would love to have done the appreciable amount of work it took to get it
> all working together.

Keep that up, and in another couple of years you might manage to break
murphy's sock-count record.

<snicker>

--
FNVWe Nadegda

Fakey couldn't teach a monkey to eat a banana, much less answer a direct
question posed to him. -- Fakey's Dogwhistle Holder

Blake Snyder

unread,
Sep 21, 2017, 4:46:43 AM9/21/17
to
On Wed, 20 Sep 2017 23:16:21 -0700, in
<news:D5E8A745.B7472%use...@gallopinginsanity.com>, Snit wrote:

>> So I implemented a kill switch in the randomization software (which I used
>> for the last few posts) which removes all the randomization and just kills
>> most of the headers. I also can look ahead of time into the scripts if I
>> know that my random header will be 'sensitive' (for example, iOS people are
>> extremely sensitive to platforms - more so than any other type of people on
>> Usenet).
>
> Not sure what you mean by this.

It's understandable because most people didn't notice the change in header
standards implemented, one by one, painfully for me, by each news server
over the span of a few months' time last year.

Here is a summary from http://tinyurl.com/alt-free-newsservers for you:
<https://groups.google.com/d/msg/alt.free.newsservers/ICO7H3PwqtI/QMf7huTGBAAJ>

Basically, about a year ago, all heck broke loose for anyone who cared
about controlling their time/date headers in Usenet posts.

If you never controlled your time/date headers, you'd not even notice it.
:)

Here's a summary from Steve who is the mixmin news server admin.
The discrepancy between servers is almost certainly due to the INN
version they're running. Mixmin is frequently updated against the
development branch while (I expect) the others are running a stable
release. You can view the relevent code for INN here:-
https://inn.eyrie.org/trac/browser/trunk/lib/date.c
Look for the function: parsedate_rfc5322_lax

The text on the last change to this file reads:-

"Use -0000 instead of +0000 as the time zone in generated headers not at
Universal Time nnrpd now uses -0000 as the time zone for Date: and
Injection-Date: header fields it generates. It was previously using
+0000, wrongly systematically indicating a local time zone at Universal
Time when the localtime paramater is set to false (which is the default)
in readers.conf. The +0000 time zone will now be used only if localtime
is set to true and UTC is really the local time zone of the server.
Improve the documentation of readers.conf, mentioning a use case for the
localtime parameter. Thanks to Russ for it. convdate now similarly also
uses -0000."

The server (by default) adds a Date header in UTC but it can be
configured to use localtime instead. In my case that would be confusing
as the server runs GMT/BST to match my local time, not that of its
location.

Blake Snyder

unread,
Sep 21, 2017, 4:55:34 AM9/21/17
to
On Wed, 20 Sep 2017 23:16:21 -0700, in
<news:D5E8A745.B7472%use...@gallopinginsanity.com>, Snit wrote:

>> Of course, there's always Tor, with or without bridges, but the fatal
>> problem with Tor is that it's not a Usenet mechanism, and even if it was
>> used with the likes of Google Groups (oh, the horror), all the exit nodes
>> are public information so a zillion sites won't work with Tor just because
>> it's Tor (and certainly Google knows this since Gmail won't work over time
>> with Tor for that very reason).
>
> There are folks who use Google Groups through proxies -- and at least hint
> they do so through the Tor browser.

I didn't expressly say that Google Groups won't work through Tor or certain
proxies because I don't use Google Groups (and you wouldn't want me to, at
least not to post to the Usenet via Google Groups).

However ...

I have more experience with Google Gmail on Tor than most people do, and I
have lots of experience with all sorts of things Google on VPN, which is
essentially what a proxy is to Google Gmail.

While I can certainly get Google Gmail to work with some VPNs, Gmail makes
your life utterly miserable if "it" thinks you're coming in from a
different country each time you log into Gmail.

As an example, you can create an account where you log in from, oh, say,
Kansas, and then the next time you log in from, oh, say Bermuda, and the
next time (just five minutes later perhaps) you log in from Japan, and then
the next time (maybe a few hours later) you log in from Germany, etc.

It doesn't take long for Gmail to shut you down like the Berlin Wall, even
though you might have never even sent an email or you simply sent emails to
a couple of people.

I have had running battles for years with Gmail support because I
completely understand that they have to look for spammers but just like I
said that people who say all Germans hit their kids aren't correct all the
time, neither is Gmail who thinks that you're a spammer if you simply log
in from a zillion places.

Tor just makes it far worse far faster because Google knows all the exit
nodes.

Personally I think Google Gmail people should actually look for spam, but
their point of view is that they have to prevent it and they don't know if
your account was compromised, so they preempt it.

There are heroic ways around this Gmail propensity to make your life
miserable when you log in from multiple countries in the same day or week
or month, but I don't want to go into the myriad details that it takes to
make Gmail play nice with constantly changing IP addresses.

Suffice to say that it's possible but if you don't know about a half-dozen
tricks, you'll be locked out in a week or less.

I forgot to mention that I never give them a phone number, which is another
trick that takes a lot of effort to figure out how to get around it. I also
try not to give them a "recovery email address" which also takes work to
get around.

Nonetheless, if you knew what I know about obtaining and keeping a Gmail
account that truly doesn't have contact information that bounces back to
you somehow - then you'd know why I said what I said.

Blake Snyder

unread,
Sep 21, 2017, 4:58:29 AM9/21/17
to
On Wed, 20 Sep 2017 23:16:21 -0700, in
<news:D5E8A745.B7472%use...@gallopinginsanity.com>, Snit wrote:

>> You wrote the scripts that check the network constantly, where you added a
>> lot of very special sauce since the connection has to be dropped
>> immediately, if not sooner, when the vpn connection fails. This is
>> something that is sorely needed on Windows, for example, because it's a
>> huge issue for safety. Luckily, you solved it for Linux!
>
> Have you tested to make sure not a single packet gets though if the VPN goes
> down?

Nope.
Marek's scripts kill the network pretty quickly though.

Can a packet get through?
Probably. Maybe. I don't know.

Am I hiding from a state-sponsored adversary?
Nope.

Face it. If your adversary is a state-sponsored adversary, or even a
well-funded adversary, you're dead already.

But can you hide from the hoi polloi?
I hope so.

Blake Snyder

unread,
Sep 21, 2017, 5:06:37 AM9/21/17
to
On Wed, 20 Sep 2017 23:16:21 -0700, in
<news:D5E8A745.B7472%use...@gallopinginsanity.com>, Snit wrote:

> A lot of people jump to MANY bizarre conclusions in usenet. :)

I have a theory that is unproven which is that there are people who trust
their intuition more than they trust facts to the contrary.

Me?
I don't trust my intuition one bit.

I always test my intuition against facts.

I don't want to start a war on this next comment but I bring it up simply
because everyone's intuition is wrong on this next statement - even mine.

I intuit (just like you probably do) that cell phone use while driving
should cause accidents such that the increased cell phone ownership from
zero cellphones to ubiquitous cell phones over a very short span of years
should cause an increase in the accident rate in the US and in Australia
(which are two countries with good statistics on accident rates).

I also intuit that being cold causes colds.
I also intuit that gravity is a force.
I also intuit that time is invariant.
I also intuit that boiling water should sterilize it.
I also intuit that the sun goes around the earth.
I also intuit that if some crazy glue is good, then more must be better.
etc.

All those intuitive thoughts above are dead wrong.
Let's not argue the intuitive thoughts because this isn't the place.

My point is that facts trump intuition for people who are willing to test
their intuition but that facts never trump intuition for people who take a
political/religious approach to their intuition.

Don't even get me started on global warming hoax/alarm issues or the
religious/political implications of "common core" math/english education in
the USA.

My only point is that people who can't doublecheck their intuition are dead
wrong a lot more than they realize because most of us intuit a hellova lot
of things wrong.

> I tend to focus more on the content than the poster. I do not use multiple
> names but if someone does I have no real issue with it as long as they are
> not actively seeking to fool people.

I'm happy you said that because in my Q&A model, nothing in the header is
meaningful *except* the content and the subject line.

For a Q&A style, all that is needed is three things:
1. The question (with details)
2. The answer (which includes followup clarification questions & answers)
3. The summary (so that the tribal knowledge is increased overall)

In the "coffee-shop" style of Usenet, none of that above is important.
What's important in the coffee-shop model is the banter.

For banter, who you are can be more important than what you say.

Blake Snyder

unread,
Sep 21, 2017, 5:09:15 AM9/21/17
to
On Wed, 20 Sep 2017 23:16:21 -0700, in
<news:D5E8A745.B7472%use...@gallopinginsanity.com>, Snit wrote:

>> There are *many* powerful scripts you've written, but some of the ones
>> exhibiting the most genius on your part were the ones that killed the
>> network the moment the VPN dropped,
>
> How is this better than using a firewall which makes sure ZERO packets get
> through?

I don't know the answer to that question.
I'm not well versed in software firewalls.

How do you tell the firewall that you're on an arbitrary VPN server and
then, when that arbitrary VPN server drops out (for whatever reason), that
you never want anything to happen on the net ever again until the user
manually hits a switch somewhere?

If you know how to do that on Ubuntu 16.04, that would be useful.

Blake Snyder

unread,
Sep 21, 2017, 5:23:15 AM9/21/17
to
On Wed, 20 Sep 2017 19:14:04 -0700, in
<news:D5E86E7C.B743D%use...@gallopinginsanity.com>, Snit wrote:

> A fourth issue: if he is using Marek's scripts, or ones based on them, or
> even using them as a model he should be aware there may be a risk of SOME
> packets going through NOT via the VPN connection.

I agree that some packets might get through.
I never tested it with Wireshark.

> As cool as Marek's solution is (and his scripting capabilities
> are FAR beyond what mine are), it seems safer to use other methods to make
> sure programs do not use the non-VPN connection.

I think a fifth issue of using VPN that Mike Easter may have been alluding
to is that it makes you stand out for anyone who is watching VPN traffic,
and that the VPN server knows what you're doing so you have to trust them.

> For my part I do not really need this but I found a third party solution
> that has a firewall built in... and since it is a reputable third party they
> are less likely to be doing the nasty things the free services are at least
> rumored to do.

I'd be interested in knowing how the firewall detects that the VPN service
went down so that it stops all future traffic until you manually restart
another VPN service.

Blake Snyder

unread,
Sep 21, 2017, 5:34:18 AM9/21/17
to
On Thu, 21 Sep 2017 07:11:56 +0200, in
<news:f2h00s...@mid.individual.net>, J.O. Aho wrote:

> This is about the free vpn's reputation and keeping them from getting
> blacklisted, so they don't want to be seen as a virus spreading source,
> so they make anti virus checks on things they can like mail and
> newsgroup posts.
>
> If you want to get rid of it, you need to have a mail server which you
> have control of, you configure it as your outgoing mail server, you set
> up some mimedefang rules which filters away the header.
>
> Keep in mind that those who add the header shows you that they do
> something with your data, those who don't they still may mess with your
> data and you don't know anything about it. The likelihood is quite slim
> they give you free vpn out of goodness, they want something from you and
> they get it...

Not gonna disagree nor am I going to assert that the NSA doesn't run some
of these free VPN services. The ones I use are all the ones I can find on
the net that will allow wget to grab their config files daily so they run
the gamut of what's out there.

But I will say that we always have to keep in mind the jewelry store
example, where a guy and a gal walk by a jewelry store and see exactly the
same things but they can easily be taking completely different viewpoints
using the exact same data.

Standard viewpoint on VPN:
. It's for data security (i.e., nobody sees your data but your recipient)
. It's not for anonymity (i.e., the VPN server IP address isn't hidden)
. It's often home grown (i.e., generally you don't use free VPN services)

Different viewpoint on VPN:
. There is little need for data security when posting to the Usenet!
. There is a much greater need for anonymity when posting to the Usenet!
. There are advantages to having six thousand IP addresses to post from.

My point is that everyone likes to point out that the VPN service knows
what you are posting to the Usenet, which isn't the problem since the whole
world knows what you are posting to the Usenet.

The main thing the VPN service knows that the hoi polloi don't know is what
IP address you really came from when you posted what you posted to the
Usenet.

Given that this is something that they know and they'd give to anyone who
asked them for it, you just have to make sure you're not doing anything
illegal or something that will get you killed (like insulting rocket man or
something like that).

If all you're doing is hiding your IP address from the hoi polloi by
randomly using one of six thousand IP addresses, then the free public VPN
service "can" be a good approach.

Lord knows I'm all for good approaches so if you have a *better* approach,
let's know about it. That's what we're here for. To raise the overall
tribal knowledge above what it would have been without us.

Blake Snyder

unread,
Sep 21, 2017, 5:45:54 AM9/21/17
to
On Wed, 20 Sep 2017 21:47:21 -0500, in
<news:ILKdnWj3ksCktV7E...@giganews.com>, Marek Novotny wrote:

>> このEメールはアバスト アンチウイルスによりウイルススキャンされています。
>> https://www.avast.com/antivirus
>
> That conf file didn't work for me. Said the private key was bad. What
> client are using?

The free VPN servers come and go.
They work one moment, and then don't work the next moment.
Then they work again.
Then they stop working for months.
And then they work again.

That's why your automation scripts are so useful because they allow a user
to maintain a library of thousands of freely available VPN config files
where at any one time, only 1 out of 5 or 1 out of 10 are working.

By now I know you were able to get at least one to work that inserted the
Avast headers and signature line, which is all that matters since you
confirmed what I had confirmed for myself, which is that the Avast lines
are added by the VPN server.

That's really all that we need here by way of summary.
Thanks for testing it out.

Marek Novotny

unread,
Sep 21, 2017, 8:47:03 AM9/21/17
to
On 2017-09-21, Blake Snyder <blakdebl...@outlook.com> wrote:
> On Wed, 20 Sep 2017 23:04:15 -0500, in
><news:2vidnZ9Sy5iip17E...@giganews.com>, Marek Novotny wrote:
>
>> I think most are familiar with buying anti-virus software that adds
>> signatures to your email app so they see this and jump to that
>> conclusion.
>
> Yup.
> Lots of people jump to conclusions where I admit I do things differently.
> I jump to conclusions too.
>
> Even you have, at times, jumped to conclusions which would be perfectly
> valid had I been a "normal" poster. Case in point is that I don't know what
> my headers say because they're all randomized but locked to the identity
> which itself is locked to the thread topic.

You switch your name so often I never know. It takes me a while to
realize who you are by the context of your post. And you cross post a
lot which we frown on here, especially if you cross post to windows and
mobile which invites a lot of noise here.

> I remember one time, about a year or two ago, I asked a Linux question but
> the random headers shows a Windows client. You jumped all over me as a
> Windows weenie even though I was on Linux the whole time.

See above.

> So I implemented a kill switch in the randomization software (which I used
> for the last few posts) which removes all the randomization and just kills
> most of the headers. I also can look ahead of time into the scripts if I
> know that my random header will be 'sensitive' (for example, iOS people are
> extremely sensitive to platforms - more so than any other type of people on
> Usenet).

I can only guess they are sick of trolls bothering them. Usenet is
unmoderated so this invites trolls. I've been considering leaving usenet
all together for months now.

>> Not the case here. And it's likely on a few of their servers
>> but not all.
>
> You once asked me years ago to give you statistics on which news servers
> are from which country so I gave you that information. Most of the vpngate
> servers are in Japan. Korea is second. From there, every major country is
> represented, but those are the major ones out of the six thousand files
> that I currently have downloaded over the years.
>
> Of those six thousand VPN servers, I'd gonna guess fewer than a few score
> of them (which is roughly 1 out of 100 or so) have added the Avast headers
> and triple-dash signature. So it's not a big problem.
>
> Some people though start SCREAMING when they see the Avast signature (as
> they did today on the Android newsgroup). It infuriates them. So what I do
> is deprecate that openVPN config file. (Interestingly the header additions
> are more bothersome to me, since I like to control every character of the
> header. But the triple-dash signature is what infuriates most people. I
> understand that. I really do.)

If they had a good newsreader like slrn, they could easily toggle on and
off not just the signature, but the gpg info as well. Can't stop
recommending slrn as it is simply one of the best news readers I've ever
used. Just takes a little getting used to is all.

> We can wonder *why* they add the header and signature. We'll never know for
> sure. My guess is that it's just a badly configured VPN server. But I never
> configured a VPN server so I don't know how it handles Usenet packets
> differently than it handles web forum packets (which don't have this
> problem).

My guess is that they do it to advertise.

> Some think that this means that the VPN server is *reading* our Usenet
> posts, which, if we think about it, is kind of funny because Usenet is a
> public cleartext mechanism, so how would it matter if they were reading the
> Usenet posts? The only thing they know that world doesn't know is my true
> IP address. And I'm not worried about hiding my IP address from the VPN
> server. If I was, I wouldn't be using it. Or I'd figure out how to do
> doubleVPN, which I can do with web proxies, but not with OpenVPN yet.

usenet is very public. I wouldn't care one bit if Giganews had banks of
live humans reading all my posts.

> Of course, there's always Tor, with or without bridges, but the fatal
> problem with Tor is that it's not a Usenet mechanism, and even if it was
> used with the likes of Google Groups (oh, the horror), all the exit nodes
> are public information so a zillion sites won't work with Tor just because
> it's Tor (and certainly Google knows this since Gmail won't work over time
> with Tor for that very reason).

Not a fan of Google Groups and if it were not for a few talented people
using it, I would just block them as a whole. I might just block them as
a whole in specific groups.

>> And so some of these ovpn files attach you to a server with
>> avast running and you get the signature. Other's don't have it running
>> and those don't give you the signature. Simple as that.
>
> Yup. Maybe the server admin thinks he's doing us a favor by scanning our
> messages. I don't know. It doesn't matter to me why. It only matters what
> is happening, where you helped prove what was happening - which is not what
> almost everyone *thinks* is happening.

It's nothing. Linux makes that sort of thing easy to do.
Some things discussed here I don't like to talk about because they can
become tools for trolls. The VPN thing I happened to find interesting.
Though I modified a version of what I did here for you for myself. I use
a network of proxies most of time and for vpn I typically I only use
that when I wish to connect to my own network. I think we have very
different use-cases. I actually want people to know it is me, not the
other way around. So I try to keep a consistent news reader, header,
local, etc. Typically coming from my own server in San Francisco.
I removed much of it from my github as well. In light of recent trolling
I don't like to discuss some topics in this regard.
You give me way too much credit.

> I tied all your scripts (maybe fifteen or twenty in toto?) together with a
> dozen or more of my own (which are mostly just shell scripts automating
> what I did by hand) to create the environment that I currently use to
> randomize everything but the subject and body of the Usenet post.
>
> You've even helped me double-vpn/proxy using Opera, where you were the only
> one who understood the question of how to clear out the one-to-one identity
> relationship with the Opera VPN (proxy) which is something that happens
> automatically for me now (but only on Windows as I didn't script it for
> Linux yet).
>
> Thanks to you, and others, the newsgroup has fantastic resources, all
> archived at your github site and on DejaGoogle.
> http://www.github.com/marek-novotny
> http://tinyurl.com/alt-os-linux
>
> BTW, even Steve Crook has helped, in that he is the Mixmin admin, and where
> he listened to my request (many years ago) to obfuscate the header
> information, where he did it on a per-post basis at first but then had to
> change it to a monthly obfuscation because the spammers were killing him.
> http://tinyurl.com/alt-free-newsservers
> Specifically:
> https://groups.google.com/d/msg/alt.free.newsservers/3v8koZIW_NQ/TOLwAB1kAwAJ
>
> Everyone pitches in together to bring the tribal knowledge of the group
> forward as a whole!


Marek Novotny

unread,
Sep 21, 2017, 10:06:24 AM9/21/17
to
On 2017-09-21, Blake Snyder <blakdebl...@outlook.com> wrote:
> On Wed, 20 Sep 2017 23:16:21 -0700, in
><news:D5E8A745.B7472%use...@gallopinginsanity.com>, Snit wrote:

// snip

>> Have you tested to make sure not a single packet gets though if the VPN goes
>> down?
>
> Nope.
> Marek's scripts kill the network pretty quickly though.
>
> Can a packet get through?
> Probably. Maybe. I don't know.

With your script the kernel instantly drops the applications you list. So
the kernel isn't running the app so how would the app continue to pass
packets through the network?

Marek Novotny

unread,
Sep 21, 2017, 10:08:28 AM9/21/17
to
On 2017-09-21, Blake Snyder <blakdebl...@outlook.com> wrote:
I am still amazed how quickly the status of those config files change
from working to not working and back again. They likely didn't think
someone would scrap them all and organize them. It's a little funny.

Snit

unread,
Sep 21, 2017, 11:38:44 AM9/21/17
to
On 9/21/17, 1:46 AM, in article opvu9e$f92$1...@news.mixmin.net, "Blake Snyder"
Not sure what you mean by iOS people being more sensitive to your changes.

Snit

unread,
Sep 21, 2017, 11:41:44 AM9/21/17
to
On 9/21/17, 1:55 AM, in article opvuq3$g40$1...@news.mixmin.net, "Blake Snyder"
<blakdebl...@outlook.com> wrote:

> On Wed, 20 Sep 2017 23:16:21 -0700, in
> <news:D5E8A745.B7472%use...@gallopinginsanity.com>, Snit wrote:
>
>>> Of course, there's always Tor, with or without bridges, but the fatal
>>> problem with Tor is that it's not a Usenet mechanism, and even if it was
>>> used with the likes of Google Groups (oh, the horror), all the exit nodes
>>> are public information so a zillion sites won't work with Tor just because
>>> it's Tor (and certainly Google knows this since Gmail won't work over time
>>> with Tor for that very reason).
>>
>> There are folks who use Google Groups through proxies -- and at least hint
>> they do so through the Tor browser.
>
> I didn't expressly say that Google Groups won't work through Tor or certain
> proxies because I don't use Google Groups (and you wouldn't want me to, at
> least not to post to the Usenet via Google Groups).
>
> However ...
>
> I have more experience with Google Gmail on Tor than most people do, and I
> have lots of experience with all sorts of things Google on VPN, which is
> essentially what a proxy is to Google Gmail.
>
> While I can certainly get Google Gmail to work with some VPNs, Gmail makes
> your life utterly miserable if "it" thinks you're coming in from a
> different country each time you log into Gmail.

There are the flooding Google Groups posts which come from proxies... how do
people do that?

> As an example, you can create an account where you log in from, oh, say,
> Kansas, and then the next time you log in from, oh, say Bermuda, and the
> next time (just five minutes later perhaps) you log in from Japan, and then
> the next time (maybe a few hours later) you log in from Germany, etc.
>
> It doesn't take long for Gmail to shut you down like the Berlin Wall, even
> though you might have never even sent an email or you simply sent emails to
> a couple of people.
>
> I have had running battles for years with Gmail support because I
> completely understand that they have to look for spammers but just like I
> said that people who say all Germans hit their kids aren't correct all the
> time, neither is Gmail who thinks that you're a spammer if you simply log
> in from a zillion places.
>
> Tor just makes it far worse far faster because Google knows all the exit
> nodes.
>
> Personally I think Google Gmail people should actually look for spam, but
> their point of view is that they have to prevent it and they don't know if
> your account was compromised, so they preempt it.

With Google Groups they ignore complaints.

> There are heroic ways around this Gmail propensity to make your life
> miserable when you log in from multiple countries in the same day or week
> or month, but I don't want to go into the myriad details that it takes to
> make Gmail play nice with constantly changing IP addresses.
>
> Suffice to say that it's possible but if you don't know about a half-dozen
> tricks, you'll be locked out in a week or less.
>
> I forgot to mention that I never give them a phone number, which is another
> trick that takes a lot of effort to figure out how to get around it. I also
> try not to give them a "recovery email address" which also takes work to
> get around.
>
> Nonetheless, if you knew what I know about obtaining and keeping a Gmail
> account that truly doesn't have contact information that bounces back to
> you somehow - then you'd know why I said what I said.

I have a Gmail account but do not use it much. Do use a gmail email these
days... which is a bit bothersome. My ISP sucks. :)

Snit

unread,
Sep 21, 2017, 11:42:29 AM9/21/17
to
On 9/21/17, 1:58 AM, in article opvuvj$g8c$1...@news.mixmin.net, "Blake Snyder"
<blakdebl...@outlook.com> wrote:

> On Wed, 20 Sep 2017 23:16:21 -0700, in
> <news:D5E8A745.B7472%use...@gallopinginsanity.com>, Snit wrote:
>
>>> You wrote the scripts that check the network constantly, where you added a
>>> lot of very special sauce since the connection has to be dropped
>>> immediately, if not sooner, when the vpn connection fails. This is
>>> something that is sorely needed on Windows, for example, because it's a
>>> huge issue for safety. Luckily, you solved it for Linux!
>>
>> Have you tested to make sure not a single packet gets though if the VPN goes
>> down?
>
> Nope.
> Marek's scripts kill the network pretty quickly though.
>
> Can a packet get through?
> Probably. Maybe. I don't know.

This is why I think a firewall is a better option than killing programs.
Also, killing programs can lead to data errors.

> Am I hiding from a state-sponsored adversary?
> Nope.
>
> Face it. If your adversary is a state-sponsored adversary, or even a
> well-funded adversary, you're dead already.
>
> But can you hide from the hoi polloi?
> I hope so.


Snit

unread,
Sep 21, 2017, 11:48:17 AM9/21/17
to
On 9/21/17, 2:06 AM, in article opvveq$h43$1...@news.mixmin.net, "Blake Snyder"
<blakdebl...@outlook.com> wrote:

> On Wed, 20 Sep 2017 23:16:21 -0700, in
> <news:D5E8A745.B7472%use...@gallopinginsanity.com>, Snit wrote:
>
>> A lot of people jump to MANY bizarre conclusions in usenet. :)
>
> I have a theory that is unproven which is that there are people who trust
> their intuition more than they trust facts to the contrary.
>
> Me?
> I don't trust my intuition one bit.
>
> I always test my intuition against facts.

Have you tested that? :)

> I don't want to start a war on this next comment but I bring it up simply
> because everyone's intuition is wrong on this next statement - even mine.
>
> I intuit (just like you probably do) that cell phone use while driving
> should cause accidents such that the increased cell phone ownership from
> zero cellphones to ubiquitous cell phones over a very short span of years
> should cause an increase in the accident rate in the US and in Australia
> (which are two countries with good statistics on accident rates).
>
> I also intuit that being cold causes colds.
> I also intuit that gravity is a force.
> I also intuit that time is invariant.
> I also intuit that boiling water should sterilize it.
> I also intuit that the sun goes around the earth.
> I also intuit that if some crazy glue is good, then more must be better.
> etc.
>
> All those intuitive thoughts above are dead wrong.

If you boil water doesn't it sterilize it? Need to do it for a minimum
amount of time... but even that is fairly short... a minute or so. Might be
some exceptions such as bacteria that live near vents in the ocean, but few
microbes can survive that.

The rest I know are not true... even if I cannot say I fully understand them
(gravity and time, for example).

> Let's not argue the intuitive thoughts because this isn't the place.
>
> My point is that facts trump intuition for people who are willing to test
> their intuition but that facts never trump intuition for people who take a
> political/religious approach to their intuition.
>
> Don't even get me started on global warming hoax/alarm issues or the
> religious/political implications of "common core" math/english education in
> the USA.

I had a discussion with a number of people who loath the way Common Core
approaches math yesterday. Not saying it is perfect, but their arguments
against it were odd (mostly: not the way they learned).

> My only point is that people who can't doublecheck their intuition are dead
> wrong a lot more than they realize because most of us intuit a hellova lot
> of things wrong.

Agreed.

>> I tend to focus more on the content than the poster. I do not use multiple
>> names but if someone does I have no real issue with it as long as they are
>> not actively seeking to fool people.
>
> I'm happy you said that because in my Q&A model, nothing in the header is
> meaningful *except* the content and the subject line.
>
> For a Q&A style, all that is needed is three things:
> 1. The question (with details)
> 2. The answer (which includes followup clarification questions & answers)
> 3. The summary (so that the tribal knowledge is increased overall)
>
> In the "coffee-shop" style of Usenet, none of that above is important.
> What's important in the coffee-shop model is the banter.
>
> For banter, who you are can be more important than what you say.

I do eventually see patterns in the "who", but if someone changes names and
wants a fresh start I have no real issue with that. Or if they do so for
privacy. No big deal to me.

Snit

unread,
Sep 21, 2017, 11:58:23 AM9/21/17
to
On 9/21/17, 2:09 AM, in article opvvjp$hi5$1...@news.mixmin.net, "Blake Snyder"
<blakdebl...@outlook.com> wrote:

> On Wed, 20 Sep 2017 23:16:21 -0700, in
> <news:D5E8A745.B7472%use...@gallopinginsanity.com>, Snit wrote:
>
>>> There are *many* powerful scripts you've written, but some of the ones
>>> exhibiting the most genius on your part were the ones that killed the
>>> network the moment the VPN dropped,
>>
>> How is this better than using a firewall which makes sure ZERO packets get
>> through?
>
> I don't know the answer to that question.
> I'm not well versed in software firewalls.

A firewall has the benefit of not allowing ANY packets through if your VPN
has a hiccup, not killing programs on such a hiccup, and allowing downloads
(or whatever) to continue once the VPN is back up (same node or another).

> How do you tell the firewall that you're on an arbitrary VPN server and
> then, when that arbitrary VPN server drops out (for whatever reason), that
> you never want anything to happen on the net ever again until the user
> manually hits a switch somewhere?

There are VPN solutions that do that for you automatically. Made a video for
someone on it here: <https://youtu.be/vNcNUw6yN34?t=4m29s>.

That jumps you to where I start speaking of quitting apps and the use of a
firewall.

My solution, though, is not free.

> If you know how to do that on Ubuntu 16.04, that would be useful.

The same program (Windscribe) has Linux and Windows clients. Again, though,
not free and, as far as I know, limited to their supported nodes.

Snit

unread,
Sep 21, 2017, 11:59:37 AM9/21/17
to
On 9/21/17, 2:23 AM, in article oq00e1$j85$1...@news.mixmin.net, "Blake Snyder"
<blakdebl...@outlook.com> wrote:

> On Wed, 20 Sep 2017 19:14:04 -0700, in
> <news:D5E86E7C.B743D%use...@gallopinginsanity.com>, Snit wrote:
>
>> A fourth issue: if he is using Marek's scripts, or ones based on them, or
>> even using them as a model he should be aware there may be a risk of SOME
>> packets going through NOT via the VPN connection.
>
> I agree that some packets might get through.
> I never tested it with Wireshark.
>
>> As cool as Marek's solution is (and his scripting capabilities
>> are FAR beyond what mine are), it seems safer to use other methods to make
>> sure programs do not use the non-VPN connection.
>
> I think a fifth issue of using VPN that Mike Easter may have been alluding
> to is that it makes you stand out for anyone who is watching VPN traffic,
> and that the VPN server knows what you're doing so you have to trust them.

With my solution of just using Windscribe or another paid solution you have
to trust them. No doubt.

>> For my part I do not really need this but I found a third party solution
>> that has a firewall built in... and since it is a reputable third party they
>> are less likely to be doing the nasty things the free services are at least
>> rumored to do.
>
> I'd be interested in knowing how the firewall detects that the VPN service
> went down so that it stops all future traffic until you manually restart
> another VPN service.

Showed in another response already... but Windscribe does this:

<https://youtu.be/vNcNUw6yN34?t=4m29s>

Mike Easter

unread,
Sep 21, 2017, 2:18:57 PM9/21/17
to
Blake Snyder wrote:
> So in the case of mixmin, I don't need VPN for data security but I still
> need VPN for IP privacy because Steve Crook, at my request, obfuscated the
> IP addresses but he found that he couldn't do that for every post because
> spammers drove him nuts so he changes his obfuscation each month per IP
> address.
>
> But Ray's nntp server or Paolo's nntp server or Jesse's nntp server etc,
> generally have both an encrypted (ssl, 563) and plain text (119) option and
> they don't change their IP address obfuscation.

Are you saying you can crack Ray Banana's (e-s) or Paolo Amoroso's
(aioe) or Jesse Rehmer's (blueworld) IP obfuscation? Or NIN's X-trace?

> Worse, Netfront and a few others don't even obfuscate the IP address.

There are also/alternatively sometimes advantages in using a news server
which exposes the IP address.

> Others like Blueworld did a good job on obfuscation, but eternal September
> uses the same hash method for EVERYONE from the beginning of all time.

I think there is always some debate about *exactly* what is the strategy
for a news admin's IP obfuscation. Personally I doubt that it is as
crackable as you presume.

> So there is no IP privacy without VPN (unless you know something I don't
> know about changing the IP address given my IP address is not normal and is
> the same for the past five years and there is no concept of an IP "lease"
> time like there is with Comcast due to the fact that I'm on a home-grown
> network.

As a general rule, it is quite inconvenient to (try to) change one's IP
address when one's dynamic IP is cable, which turns out to be very
'static' because lease renewal generally gives you back the same IP you had.

I think everyone gets to address their own sense of privacy or not in
their own way; and altho' I'm 'hearing' you about what your concerns
are, what you expose to your relative running your ISP and the fact that
you don't like showing your obfuscated IP on some news servers, I don't
know that I would approach what you perceive as the problem in the same way.


--
Mike Easter

Mike Easter

unread,
Sep 21, 2017, 4:00:17 PM9/21/17
to
Snit wrote:
> The same program (Windscribe) has Linux and Windows clients. Again, though,
> not free and, as far as I know, limited to their supported nodes.

Windscribe has a free model; and I think it will make their pay model
very successful.

The free model works with such as Win with bandwidth and server
limitations; and/but the interface is slick and will tempt those users
to upgrade to their pro/pay package.

The linux openvpn access isn't free. I've experimented with the free
openvpn access at vpnbook.

--
Mike Easter

Blake Snyder

unread,
Sep 21, 2017, 4:14:34 PM9/21/17
to
On Thu, 21 Sep 2017 09:08:23 -0500, in
<news:SfOdnW6hiq5KWl7E...@giganews.com>, Marek Novotny wrote:

> I am still amazed how quickly the status of those config files change
> from working to not working and back again. They likely didn't think
> someone would scrap them all and organize them. It's a little funny.

I agree with you that they "think" people will do everything manually from
the web site at the same time that they purport to be a method to avoid
state-sponsored censorship.

Any state will have the wherewithal to hire a programmer like you such that
they'd have all the servers identified in short order, running scripts much
like yours that you kindly posted a couple of years ago for us to use.

Of course, if it truly is a university research project, it's not unheard
of for research projects to advertise a different aim than that which is
their true purview, so as to be able to claim a single-blind study.

Who knows?
Not me.

All I know is that, with your wonderful scripts which you wrote years ago,
I have been able to bounce from server to server as needed when they drop,
without any major hitches.

That's an accomplishment which I have you to thank for!
Thanks!

Marek Novotny

unread,
Sep 21, 2017, 4:20:48 PM9/21/17
to
On 2017-09-21, Blake Snyder <blakdebl...@outlook.com> wrote:
Have you found the VPNs to drop off a lot or are they pretty stable once
you are connected to them for the duration of your use?

Blake Snyder

unread,
Sep 21, 2017, 4:27:46 PM9/21/17
to
On Thu, 21 Sep 2017 08:38:38 -0700, in
<news:D5E92B0E.B74DA%use...@gallopinginsanity.com>, Snit wrote:

> Not sure what you mean by iOS people being more sensitive to your changes.

Two different beasts
. time-date headers
. iOS users' sensitivity

Regarding the time-date headers, about a year ago the "standard" changed,
which threw me for a loop, but once by one I got the hang of how each news
server handled that change over a span of months. So my main point of
bringing up that snafu was that my privacy-related randomization scripts
are never done because at some point, they leaked my actual time zone when
I didn't want it to be leaked (I can now set it in the newserver header to
anything I want it to be set to where I usually have the script match it to
the domain of the identity).

As for iOS users, they are a strange bunch in general but in general, they
bunch together (unlike Linux users who bunch separately).

While everyone is an individual, as a general rule, those who buy/use/like
iOS are herd animals (where you can probably tell I'm not so much a herd
animal).

I can wax prolifically on the various and sundry arguments for why iOS
users are herd animals, but this isn't really the ng or thread for that
pontification.

But to help explain your wonderment as to why I mentioned their
"sensitivity", if you ask for an off-the-beaten-path question of Linux
users, you're likely to get a more open-minded response than if you ask the
typical iOS users how to do something that Apple doesn't want you to do and
which isn't already provided to you by a button
written/scripted-and-directed by Apple Marketing.

Snit

unread,
Sep 21, 2017, 4:32:04 PM9/21/17
to
On 9/21/17, 1:01 PM, in article f2ik2d...@mid.individual.net, "Mike
Easter" <Mi...@ster.invalid> wrote:

> Snit wrote:
>> The same program (Windscribe) has Linux and Windows clients. Again, though,
>> not free and, as far as I know, limited to their supported nodes.
>
> Windscribe has a free model; and I think it will make their pay model
> very successful.
>
> The free model works with such as Win with bandwidth and server
> limitations; and/but the interface is slick and will tempt those users
> to upgrade to their pro/pay package.

Correct. Should have noted: I get 10 GB a month for free. Have used it off
and on and it works well enough where I forgot it was even turned on.

> The linux openvpn access isn't free.

Ah, my mistake. How expensive is it. Saw a Windscribe lifetime offer for $50
or so... did not bother with it (again, I have little need for this). If I
see another offer like that, though, I might just for privacy sake. My main
browser now blocks tracking fairly well, but having a changing IP which is
harder to track would be better.

> I've experimented with the free
> openvpn access at vpnbook.


--

Snit

unread,
Sep 21, 2017, 4:39:58 PM9/21/17
to
On 9/21/17, 1:27 PM, in article oq17c1$uo9$1...@news.mixmin.net, "Blake Snyder"
<blakdebl...@outlook.com> wrote:

> On Thu, 21 Sep 2017 08:38:38 -0700, in
> <news:D5E92B0E.B74DA%use...@gallopinginsanity.com>, Snit wrote:
>
>> Not sure what you mean by iOS people being more sensitive to your changes.
>
> Two different beasts
> . time-date headers
>
> . iOS users' sensitivity

Right: I was in reference to the perceived sensitivity. I suspect that is an
untested intuition of yours.

> Regarding the time-date headers, about a year ago the "standard" changed,
> which threw me for a loop, but once by one I got the hang of how each news
> server handled that change over a span of months. So my main point of
> bringing up that snafu was that my privacy-related randomization scripts
> are never done because at some point, they leaked my actual time zone when
> I didn't want it to be leaked (I can now set it in the newserver header to
> anything I want it to be set to where I usually have the script match it to
> the domain of the identity).
>
> As for iOS users, they are a strange bunch in general but in general, they
> bunch together (unlike Linux users who bunch separately).

Not sure I have seen any groups of iOS users, but Apple users in general
tend to be a lot more open to people criticizing Apple than I have seen in
Linux groups, BUT, that is based on my experience with Cult of Mac vs. the
cesspool of COLA. Even those who post to COLA and post here tend to act
better here.

> While everyone is an individual, as a general rule, those who buy/use/like
> iOS are herd animals (where you can probably tell I'm not so much a herd
> animal).

I use iOS, Android, macOS, Linux, and Windows. I do not see iOS users as you
do in any way (nor do I agree with your assessment of iOS users).

> I can wax prolifically on the various and sundry arguments for why iOS
> users are herd animals, but this isn't really the ng or thread for that
> pontification.

Agreed... but you made the assertion and I disagree.

> But to help explain your wonderment as to why I mentioned their
> "sensitivity", if you ask for an off-the-beaten-path question of Linux
> users, you're likely to get a more open-minded response than if you ask the
> typical iOS users how to do something that Apple doesn't want you to do and
> which isn't already provided to you by a button
> written/scripted-and-directed by Apple Marketing.

I think it depends on the group. This group, for example, is very different
from COLA (both of which are focused on Linux). In general, though, I think
people in such groups tend to focus on what their platform does best. One of
the areas of contention I get into with Linux users is I tend to focus on
areas where macOS excels but ask about doing such things in Linux. Does not
mean Linux CANNOT do those things, nor that it might not do those things in
different (and sometimes even better) ways, but I find when I ask about even
simple things (say PDF annotation workflows) I find Linux users getting
frustrated. It is not as if such things are not even possible in Linux, for
the example I have used it is just go to the web resource (recipe, lesson
plan, art project, whatever), "print" to PDF, open in a PDF annotation
program (there are many), and then email or save or whatever you want to do
with it. Not really a bad workflow (and not putting Linux or Linux users
down for it)... but I think macOS handles such tasks better.

Blake Snyder

unread,
Sep 21, 2017, 4:41:46 PM9/21/17
to
On Thu, 21 Sep 2017 08:41:34 -0700, in
<news:D5E92BBE.B74E4%use...@gallopinginsanity.com>, Snit wrote:

> There are the flooding Google Groups posts which come from proxies... how do
> people do that?

If what you say is true (I don't know and I'm not going to look it up), I
can't explain it because I already said I don't use Google Groups (and you
wouldn't want me to).

I do use Google "stuff" such as Gmail and reverse image searches, for
example, and that Google stuff doesn't like constantly changing IP
addresses.

That's really all I'm saying because the details are miserable.

Having said that, I'm sure true spammers have TONS of ways of obtaining
Gmail accounts. It's trivial if you have money.

Just by way of a simple example, Google will give any Android user an
account just by virtue that the user pressed a few button clicks on their
Android phone.

Any spammer buys a hundred cheap Android phones and he has a hundred valid
accounts in the time it takes him to boot up the phone the first time on
WiFi.

I'm not suggesting this approach as a well-thought-out approach; I'm just
saying that a well-funded spammer (Spamford Wallace was making millions a
month, wasn't he?) will have a ton of ways to obtain valid Gmail accounts
that I wouldn't think of doing myself.

>> Personally I think Google Gmail people should actually look for spam, but
>> their point of view is that they have to prevent it and they don't know if
>> your account was compromised, so they preempt it.
>
> With Google Groups they ignore complaints.

As I said, I can't go into a lot of detail about circumventing VPN-based
controls on Google Groups because I abhor GG on principle, just like many
of you do.

What I can say is that the email support folks at Google "do" respond to
complaints, and they do (eventually) let you back into your account when
you explain to them that you never once sent a spam nor was your account
compromised - but - and here is the part that makes your life miserable if
you don't know all the tricks - but - you have to do this over and over and
over and over and over and over and over again.

So you learn myriad tricks to prevent you from having to ask for your gmail
account back.

In summary, they will give you your account back (because you never did
anything wrong), but you've already lost the real battle if you have to
ask.

>> Nonetheless, if you knew what I know about obtaining and keeping a Gmail
>> account that truly doesn't have contact information that bounces back to
>> you somehow - then you'd know why I said what I said.
>
> I have a Gmail account but do not use it much. Do use a gmail email these
> days... which is a bit bothersome. My ISP sucks. :)

Gmail is, paradoxically, great because it almost never has a lot of spam!
:)

But the main reason for a Gmail account is that web forum validations trust
Gmail where they won't trust, say, mailinator or trashmail accounts.

The hard part about Gmail accounts is mainly in two areas
. Creating and maintaining them without any connection to the real you
. A subset is that Gmail hates people who constantly change geolocations

Usenet news servers and web forums, by way of contrast, don't mind at all
when you change your geolocation.

Blake Snyder

unread,
Sep 21, 2017, 5:05:41 PM9/21/17
to
On Thu, 21 Sep 2017 13:39:54 -0700, in
<news:D5E971AA.B757F%use...@gallopinginsanity.com>, Snit wrote:

> Right: I was in reference to the perceived sensitivity. I suspect that is an
> untested intuition of yours.

Every once in a while someone (like you perhaps?) forgets not only that
they're on Usenet, but they also forget that the nature of a Usenet
conversation is completely different than the nature of writing a college
calculus textbook, or a physics textbook, or writing a business transaction
contract.

I've written plenty of extremely well documented and backed up papers
published in peer-reviewed journals and delivered at industry conferences
where every single darn sentence needs to have references and needs to be
carefully crafted such that it is like a legal contract or a mathematical
treatise in that everything said is technically extremely correct.

HINT: Why do you think legal fine print is so hard to read?
HINT: It's the same reason that you need a teacher to explain what a math
text just said.

We can write in extremely precise legalese on Usenet.
But we don't.

I certainly don't.
So if you bought too many arguments this week, you can easily pin me into a
corner basing your argument on some imprecise implication by me or
inference by you, where we can spend the rest of our living days trying to
worm our way out of the conundrum.

Suffice to say that I've been on the iOS newsgroups since they were formed
(Michelle started the comp.mobile.ipad group, for example), which even
predate the Android newsgroups, and I *know* the fundamental character of
iOS users.

If you think they have a different fundamental character than I ascribe to
them, so be it. I'm not a professor of iOSology. I'm not (yet) a
world-famous psychologist either. I'm not an Apple-official professor of
Apple Psychology.

I just happen to understand well the fundamental nature of iOS users better
than most iOS users know themselves.

Do you disagree with my assessment of iOS users' propensities?
Almost certainly.

Is that ok?
Definitely.

Is this the place to drag us down into the dirt on iOS users's sensitivity
to anything that isn't already scripted and approved by Apple Marketing?

No.
If you want, please take this discussion over to either:
http://tinyurl.com/misc-phone-mobile-iphone or
http://tinyurl.com/comp-mobile-ipad

Note that there is no "comp.mobile.ios" but there is comp.mobile.android
http://tinyurl.com/comp-mobile-android
Go figure.

Some day, when I find that round tuit, I'll figure out what the process is
for proposing and getting the new newsgroup created (comp.mobile.ios).

>> As for iOS users, they are a strange bunch in general but in general, they
>> bunch together (unlike Linux users who bunch separately).
>
> Not sure I have seen any groups of iOS users, but Apple users in general
> tend to be a lot more open to people criticizing Apple than I have seen in
> Linux groups, BUT, that is based on my experience with Cult of Mac vs. the
> cesspool of COLA. Even those who post to COLA and post here tend to act
> better here.

I've been on Usenet for decades and I've used Windows,
UNIX/VMS/Masscomp/SunOS/Solaris/Linux, Mac, Android, and iOS for as long as
they have existed.

My fundamental nature is the same, whether I'm on iOS or if I'm on Linux.
But, the "average" iOS user is nothing like the average Linux user.
In fact, almost every thing you can think of between them is different.

Trust me when I say I post prolifically to the Apple-related newsgroups,
where they know me on sight by my writing style. And I know every one of
them (because I keep a log of my perception of their personalities).

That includes intelligent but closed-minded knowledgeable people like David
Empson as much as it includes extremely unintelligent and extremely
closed-minded people like Jolly Roger, JaimeJK.

It includes the prolific posters such as "nospam" and "Rod Speed" whom I
often wonder if they work for Apple Marketing, they're so tuned to only one
side of every query.

And it includes the three somewhat unscholared little old ladies such as
Patty Winters, Michelle, Dorayme, and Greta.

I know them all rather well, where a few (very few) are open minded such as
Sobriquet and Poutnik; but the vast majority live and breath Apple
Marketing doublespeak.

Mind you we all fall prey to marketing doublespeak (it's why Apple
Marketing spends millions every year on their advertisements after all),
but the vast majority of the iOS users have utterly lost any ability to put
"things" into perspective.

Oh oh .. here I did it. I followed you into the hole of oblivion. If you
want to carry on this conversation, let's at least bring it over to the
Apple newsgroups, because I've been there, done that, a billion times.

For example, it's a well known fact that there is absolutely zero
functionality on Apple phones that isn't on Android phones, and conversely,
there is tons of functionality on Android phones that isn't on Apple
phones, and yet, the hardware is 'about the same' for the high end
equipment. True Apple cameras always come out in the bottom of the top ten
on Android mobile phone cameras (where most people have trouble believing
that until you show them proof from reliable sources) but being on the
bottom of the top ten is pretty damn good.

Nobody says it is the Apple hardware that cripples the functionality
allowed in Apple mobile devices - it's the fact that Apple disallows that
functionality (which we've listed so many times on the Apple and Android
newsgroups that if you ask me to list them yet again, I'm going to barf
because it means you just want to argue but you don't actually want the
facts).

Hell.... here I go again.

Let's stop this tirade in a.o.l and if you want to proceed, just open a
thread on m.p.m.i or c.m.i or on the mac groups c.s.m.a or c.s.m.s.

Snit

unread,
Sep 21, 2017, 5:17:07 PM9/21/17
to
On 9/21/17, 1:41 PM, in article oq1868$ir$1...@news.mixmin.net, "Blake Snyder"
<blakdebl...@outlook.com> wrote:

> On Thu, 21 Sep 2017 08:41:34 -0700, in
> <news:D5E92BBE.B74E4%use...@gallopinginsanity.com>, Snit wrote:
>
>> There are the flooding Google Groups posts which come from proxies... how do
>> people do that?
>
> If what you say is true (I don't know and I'm not going to look it up), I
> can't explain it because I already said I don't use Google Groups (and you
> wouldn't want me to).

Fair enough.

> I do use Google "stuff" such as Gmail and reverse image searches, for
> example, and that Google stuff doesn't like constantly changing IP
> addresses.

I do reverse image searches myself... cannot see where Google cares about my
IP.

<https://youtu.be/fas2Vmb-tgU>

Maybe if I did it a lot more? I tend to keep the same IP but you can see I
do reverse image searches enough where I have several options in my menu. :)

> That's really all I'm saying because the details are miserable.
>
> Having said that, I'm sure true spammers have TONS of ways of obtaining
> Gmail accounts. It's trivial if you have money.

They are free.

> Just by way of a simple example, Google will give any Android user an
> account just by virtue that the user pressed a few button clicks on their
> Android phone.
>
> Any spammer buys a hundred cheap Android phones and he has a hundred valid
> accounts in the time it takes him to boot up the phone the first time on
> WiFi.

Can't a single person make as many as they want?

> I'm not suggesting this approach as a well-thought-out approach; I'm just
> saying that a well-funded spammer (Spamford Wallace was making millions a
> month, wasn't he?) will have a ton of ways to obtain valid Gmail accounts
> that I wouldn't think of doing myself.

Seems it is even easier than that.

>>> Personally I think Google Gmail people should actually look for spam, but
>>> their point of view is that they have to prevent it and they don't know if
>>> your account was compromised, so they preempt it.
>>
>> With Google Groups they ignore complaints.
>
> As I said, I can't go into a lot of detail about circumventing VPN-based
> controls on Google Groups because I abhor GG on principle, just like many
> of you do.

No argument here. :)

I think the reason people post to usenet with GG is because Google does not
care about their trolling / flooding / etc.

> What I can say is that the email support folks at Google "do" respond to
> complaints, and they do (eventually) let you back into your account when
> you explain to them that you never once sent a spam nor was your account
> compromised - but - and here is the part that makes your life miserable if
> you don't know all the tricks - but - you have to do this over and over and
> over and over and over and over and over again.
>
> So you learn myriad tricks to prevent you from having to ask for your gmail
> account back.
>
> In summary, they will give you your account back (because you never did
> anything wrong), but you've already lost the real battle if you have to
> ask.

I have complained about the flooding accounts... no action taken. Maybe
email is different?

>>> Nonetheless, if you knew what I know about obtaining and keeping a Gmail
>>> account that truly doesn't have contact information that bounces back to
>>> you somehow - then you'd know why I said what I said.
>>
>> I have a Gmail account but do not use it much. Do use a gmail email these
>> days... which is a bit bothersome. My ISP sucks. :)
>
> Gmail is, paradoxically, great because it almost never has a lot of spam!
> :)
>
> But the main reason for a Gmail account is that web forum validations trust
> Gmail where they won't trust, say, mailinator or trashmail accounts.
>
> The hard part about Gmail accounts is mainly in two areas
> . Creating and maintaining them without any connection to the real you
>
> . A subset is that Gmail hates people who constantly change geolocations

And they read all your email.

> Usenet news servers and web forums, by way of contrast, don't mind at all
> when you change your geolocation.

Right... or at least generally.

Blake Snyder

unread,
Sep 21, 2017, 5:17:46 PM9/21/17
to
On Thu, 21 Sep 2017 09:06:18 -0500, in
<news:SfOdnW-hiq7HWl7E...@giganews.com>, Marek Novotny wrote:

>> Can a packet get through?
>> Probably. Maybe. I don't know.
>
> With your script the kernel instantly drops the applications you list. So
> the kernel isn't running the app so how would the app continue to pass
> packets through the network?

Yup. I'm not going to argue because what happened, which I appreciate, as I
recall, is that you gave me the script long ago (years?) and I used it and
you improved it and I used it and then at one point there were a few
hiccups (I forget which they were) and then you completely rewrote the
script (as I recall) adding a list of applications to drop as a variable.

Did I remember that history correctly?

Point is that it's not me who is questioning whether a packet can slip
through, because of two reasons:
. I assume the scripts works well (because it appears to me to work well)
. Even if a packet or three slipped through, that's OK (sort of).

I'm only hiding from the proletariat; not the state apparatus.
It's a constant struggle though ... :)
http://www.marx2mao.com/Lenin/SPSB05.html

Blake Snyder

unread,
Sep 21, 2017, 5:27:14 PM9/21/17
to
On Thu, 21 Sep 2017 14:16:51 -0700, in
<news:D5E97A53.B758F%use...@gallopinginsanity.com>, Snit wrote:

> I do reverse image searches myself... cannot see where Google cares about my
> IP.

Try it from the Tor Browser Bundle a few times.
Or from a VPN that Google deprecates.

Watch what happens to the little "camera" reverse-search icon.

> Maybe if I did it a lot more? I tend to keep the same IP but you can see I
> do reverse image searches enough where I have several options in my menu. :)

It's not the change of IP.

It's that spammers use the same IP addresses that I use.
Try it with the Tor Browser Bundle, for example, and report back, where
everything depends on whether Google hates the specific exit node or not.

>> Having said that, I'm sure true spammers have TONS of ways of obtaining
>> Gmail accounts. It's trivial if you have money.
>
> They are free.

If you say that, you missed the entire point.
(Are you related to "nospam"? He has a lifetime supply of arguments already
paid for.)

>> Any spammer buys a hundred cheap Android phones and he has a hundred valid
>> accounts in the time it takes him to boot up the phone the first time on
>> WiFi.
>
> Can't a single person make as many as they want?

Again, you missed the point.
It's not really on topic for me to go deep on this for you.

>> I'm not suggesting this approach as a well-thought-out approach; I'm just
>> saying that a well-funded spammer (Spamford Wallace was making millions a
>> month, wasn't he?) will have a ton of ways to obtain valid Gmail accounts
>> that I wouldn't think of doing myself.
>
> Seems it is even easier than that.

Jesus. Don't you have any concept of what an offhand "example" is?

> I think the reason people post to usenet with GG is because Google does not
> care about their trolling / flooding / etc.

Does that make sense?
I can post to Mixmin and Steve doesn't necessarily care about trolling.
I can post to AIOE and Paulo doesn't necessarily care about trolling.
I can post to Eternal September and Ray doesn't care about trolling.
etc.

NOTE: They all try to work together to shut down spammers who spam the heck
out of the net though.

>> In summary, they will give you your account back (because you never did
>> anything wrong), but you've already lost the real battle if you have to
>> ask.
>
> I have complained about the flooding accounts... no action taken. Maybe
> email is different?

All I can say is what I've said for people who constantly change their
geolocations (and other things such as platforms and browser fingerprints
which are part of the privacy equation).

Google will lock you out of your email.
You ask to get back in.
They let you back in.
Then they lock you out again.
You ask to get back in.
They let you back in.
Then they lock you out again.
You ask to get back in.
They let you back in.
Then they lock you out again.
You ask to get back in.
They let you back in.
Then they lock you out again.
You ask to get back in.
They let you back in.
Then they lock you out again.
You ask to get back in.
They let you back in.
Then they lock you out again.
You ask to get back in.
They let you back in.
Then they lock you out again.
You ask to get back in.
They let you back in.
Then they lock you out again.
You ask to get back in.
They let you back in.
Then they lock you out again.
You ask to get back in.
They let you back in.
...

My point was that there are ways to prevent this spiral of death which are
complex to explain but the summary is that if you have to ask to get back
in, you've already lost the battle.

>> . A subset is that Gmail hates people who constantly change geolocations
>
> And they read all your email.

Yup.

>> Usenet news servers and web forums, by way of contrast, don't mind at all
>> when you change your geolocation.
>
> Right... or at least generally.

And they can read all your posts too.

Snit

unread,
Sep 21, 2017, 5:41:55 PM9/21/17
to
On 9/21/17, 2:05 PM, in article oq19j3$361$1...@news.mixmin.net, "Blake Snyder"
You have an intuition. OK.

> If you think they have a different fundamental character than I ascribe to
> them, so be it. I'm not a professor of iOSology. I'm not (yet) a
> world-famous psychologist either. I'm not an Apple-official professor of
> Apple Psychology.
>
> I just happen to understand well the fundamental nature of iOS users better
> than most iOS users know themselves.
>
> Do you disagree with my assessment of iOS users' propensities?
> Almost certainly.
>
> Is that ok?
> Definitely.

Agreed.

> Is this the place to drag us down into the dirt on iOS users's sensitivity
> to anything that isn't already scripted and approved by Apple Marketing?
>
> No.
> If you want, please take this discussion over to either:
> http://tinyurl.com/misc-phone-mobile-iphone or
> http://tinyurl.com/comp-mobile-ipad
>
> Note that there is no "comp.mobile.ios" but there is comp.mobile.android
> http://tinyurl.com/comp-mobile-android
> Go figure.
>
> Some day, when I find that round tuit, I'll figure out what the process is
> for proposing and getting the new newsgroup created (comp.mobile.ios).
>
>>> As for iOS users, they are a strange bunch in general but in general, they
>>> bunch together (unlike Linux users who bunch separately).
>>
>> Not sure I have seen any groups of iOS users, but Apple users in general
>> tend to be a lot more open to people criticizing Apple than I have seen in
>> Linux groups, BUT, that is based on my experience with Cult of Mac vs. the
>> cesspool of COLA. Even those who post to COLA and post here tend to act
>> better here.
>
> I've been on Usenet for decades and I've used Windows,
> UNIX/VMS/Masscomp/SunOS/Solaris/Linux, Mac, Android, and iOS for as long as
> they have existed.
>
> My fundamental nature is the same, whether I'm on iOS or if I'm on Linux.
> But, the "average" iOS user is nothing like the average Linux user.
> In fact, almost every thing you can think of between them is different.

And you have intuitions about how each group acts. I am OK with that.

> Trust me when I say I post prolifically to the Apple-related newsgroups,
> where they know me on sight by my writing style. And I know every one of
> them (because I keep a log of my perception of their personalities).
>
> That includes intelligent but closed-minded knowledgeable people like David
> Empson as much as it includes extremely unintelligent and extremely
> closed-minded people like Jolly Roger, JaimeJK.
>
> It includes the prolific posters such as "nospam" and "Rod Speed" whom I
> often wonder if they work for Apple Marketing, they're so tuned to only one
> side of every query.
>
> And it includes the three somewhat unscholared little old ladies such as
> Patty Winters, Michelle, Dorayme, and Greta.
>
> I know them all rather well, where a few (very few) are open minded such as
> Sobriquet and Poutnik; but the vast majority live and breath Apple
> Marketing doublespeak.
>
> Mind you we all fall prey to marketing doublespeak (it's why Apple
> Marketing spends millions every year on their advertisements after all),
> but the vast majority of the iOS users have utterly lost any ability to put
> "things" into perspective.

Again, your intuition. OK.

> Oh oh .. here I did it. I followed you into the hole of oblivion. If you
> want to carry on this conversation, let's at least bring it over to the
> Apple newsgroups, because I've been there, done that, a billion times.

Nothing really to discuss: you have an intuition I do not share. I am OK
with that.

> For example, it's a well known fact that there is absolutely zero
> functionality on Apple phones that isn't on Android phones, and conversely,
> there is tons of functionality on Android phones that isn't on Apple
> phones, and yet, the hardware is 'about the same' for the high end
> equipment.

Sounds like you are judging each OS by a check mark list of features. I
personally disagree with that approach.

> True Apple cameras always come out in the bottom of the top ten
> on Android mobile phone cameras (where most people have trouble believing
> that until you show them proof from reliable sources) but being on the
> bottom of the top ten is pretty damn good.

Depends on how you measure it... if you mean megapixels, sure. But I admit I
do not keep track of such things. Doing a search now I find Apple does
better than you suggest, but I am sure there are other articles which may
say otherwise.

The ones I found with a quick search:

<https://www.cnet.com/topics/phones/best-phones/camera/>

<http://www.techadvisor.co.uk/test-centre/mobile-phone/best-phone-camera-201
7-3612824/> OR <https://goo.gl/mPKRi7>

Both rate it well though perhaps not #1.

> Nobody says it is the Apple hardware that cripples the functionality
> allowed in Apple mobile devices - it's the fact that Apple disallows that
> functionality (which we've listed so many times on the Apple and Android
> newsgroups that if you ask me to list them yet again, I'm going to barf
> because it means you just want to argue but you don't actually want the
> facts).

Sounds like you prefer Android... and have a hard time understanding why
others prefer iOS. Fair enough.

> Hell.... here I go again.
>
> Let's stop this tirade in a.o.l and if you want to proceed, just open a
> thread on m.p.m.i or c.m.i or on the mac groups c.s.m.a or c.s.m.s.


Blake Snyder

unread,
Sep 21, 2017, 5:42:48 PM9/21/17
to
On Thu, 21 Sep 2017 08:48:10 -0700, in
<news:D5E92D4A.B74E7%use...@gallopinginsanity.com>, Snit wrote:

> If you boil water doesn't it sterilize it?
You answered your own question two sentences later.

> Need to do it for a minimum
> amount of time... but even that is fairly short... a minute or so. Might be
> some exceptions such as bacteria that live near vents in the ocean, but few
> microbes can survive that.

HINT: Look up the definition of "sterilize".

> The rest I know are not true... even if I cannot say I fully understand them
> (gravity and time, for example).

My only point was that our intuition often is wrong.
Those who don't test their intuition, are often wrong (as a result).

I picked those examples off the top of my head to be things that "most
people intuit" that are wrong once they check their facts against their
intuition.

That was my main point in the list since this is a linux ng and not a
psychology or science ng.

> I had a discussion with a number of people who loath the way Common Core
> approaches math yesterday. Not saying it is perfect, but their arguments
> against it were odd (mostly: not the way they learned).

To understand "common core" takes three levels of understanding.
. The political reality for the promulgation of Math/English CC "standards"
. The implementation reality in each school in the country
. The actual technical description of the Math/English CC standards

If someone does not have a realistic handle on the depth of detail on each
of those three vastly different "realities", then it is my supposition that
they know absolutely nothing about what common core actually "is". (IMHO)

Put it this way using my example that people tend to intuit incorrectly
which Marketing takes full advantage of - if you think that "octane"
ratings of gasoline are what the oil company advertising "implies" they
are, or if you don't know the implementation reality of how different
octane-rated fuels actually work inside your particular high-or-low
compression engine, or if you don't know the underlying chemistry of the
American AKI research and motor numbers, then you actually don't know the
whole story on what octane ratings really "are".

In both examples, there are three underlying "realities" that comprise what
"it" is.

If you don't know all three underlying realities, it's my supposition that
you don't fully understand "it".

>> For banter, who you are can be more important than what you say.
>
> I do eventually see patterns in the "who", but if someone changes names and
> wants a fresh start I have no real issue with that. Or if they do so for
> privacy. No big deal to me.

Lots of people claim troll for someone who merely changes nyms, just as
they claim that all priests are pedophiles or that all black kids wearing
Nike leather Cortez shoes stole them, or that all CEOs are dishonest, etc.

Marek Novotny

unread,
Sep 21, 2017, 5:46:05 PM9/21/17
to
On 2017-09-21, Blake Snyder <blakdebl...@outlook.com> wrote:
> On Thu, 21 Sep 2017 09:06:18 -0500, in
><news:SfOdnW-hiq7HWl7E...@giganews.com>, Marek Novotny wrote:
>
>>> Can a packet get through?
>>> Probably. Maybe. I don't know.
>>
>> With your script the kernel instantly drops the applications you list. So
>> the kernel isn't running the app so how would the app continue to pass
>> packets through the network?
>
> Yup. I'm not going to argue because what happened, which I appreciate, as I
> recall, is that you gave me the script long ago (years?) and I used it and
> you improved it and I used it and then at one point there were a few
> hiccups (I forget which they were) and then you completely rewrote the
> script (as I recall) adding a list of applications to drop as a variable.
>
> Did I remember that history correctly?

At one point yes the script was patched so much I didn't want to deal
with it so I just wrote a new one from scratch. I've done that a few
times when things no longer have a consistent and simple overall method
to them.

> Point is that it's not me who is questioning whether a packet can slip
> through, because of two reasons:
> . I assume the scripts works well (because it appears to me to work well)
> . Even if a packet or three slipped through, that's OK (sort of).
>
> I'm only hiding from the proletariat; not the state apparatus.
> It's a constant struggle though ... :)
> http://www.marx2mao.com/Lenin/SPSB05.html

I don't think you have anything to worry about.

Snit

unread,
Sep 21, 2017, 5:51:28 PM9/21/17
to
On 9/21/17, 2:27 PM, in article oq1arg$5ra$1...@news.mixmin.net, "Blake Snyder"
<blakdebl...@outlook.com> wrote:

> On Thu, 21 Sep 2017 14:16:51 -0700, in
> <news:D5E97A53.B758F%use...@gallopinginsanity.com>, Snit wrote:
>
>> I do reverse image searches myself... cannot see where Google cares about my
>> IP.
>
> Try it from the Tor Browser Bundle a few times.
> Or from a VPN that Google deprecates.
>
> Watch what happens to the little "camera" reverse-search icon.

Sounds like it blocks some IPs... but does not care if you use others.

>> Maybe if I did it a lot more? I tend to keep the same IP but you can see I
>> do reverse image searches enough where I have several options in my menu. :)
>
> It's not the change of IP.
>
> It's that spammers use the same IP addresses that I use.

Got it. This is a weakness of using such IPs.

> Try it with the Tor Browser Bundle, for example, and report back, where
> everything depends on whether Google hates the specific exit node or not.

Fits what I say above. OK.

>>> Having said that, I'm sure true spammers have TONS of ways of obtaining
>>> Gmail accounts. It's trivial if you have money.
>>
>> They are free.
>
> If you say that, you missed the entire point.

Perhaps I have. If you want tons of Google accounts no need to buy anything
as far as I can tell.

> (Are you related to "nospam"? He has a lifetime supply of arguments already
> paid for.)
>
>>> Any spammer buys a hundred cheap Android phones and he has a hundred valid
>>> accounts in the time it takes him to boot up the phone the first time on
>>> WiFi.
>>
>> Can't a single person make as many as they want?
>
> Again, you missed the point.
> It's not really on topic for me to go deep on this for you.

You suggested it would take a lot of money to make many Gmail accounts. I do
not think that is accurate... so if you meant another point, sure. I missed
it. Can you explain?

>>> I'm not suggesting this approach as a well-thought-out approach; I'm just
>>> saying that a well-funded spammer (Spamford Wallace was making millions a
>>> month, wasn't he?) will have a ton of ways to obtain valid Gmail accounts
>>> that I wouldn't think of doing myself.
>>
>> Seems it is even easier than that.
>
> Jesus. Don't you have any concept of what an offhand "example" is?

So your point was not about Gmail but that was an offhand example of...
something? Not getting Gmail accounts though.

Yes, I admit, I am missing your point.

>> I think the reason people post to usenet with GG is because Google does not
>> care about their trolling / flooding / etc.
>
> Does that make sense?

For their goals of trolling, yes.

> I can post to Mixmin and Steve doesn't necessarily care about trolling.
> I can post to AIOE and Paulo doesn't necessarily care about trolling.
> I can post to Eternal September and Ray doesn't care about trolling.
> etc.
>
> NOTE: They all try to work together to shut down spammers who spam the heck
> out of the net though.

At least Eternal September, I know, listens to complaints.
Sounds like this is true IF you use known spam VPNs.

>>> . A subset is that Gmail hates people who constantly change geolocations
>>
>> And they read all your email.
>
> Yup.
>
>>> Usenet news servers and web forums, by way of contrast, don't mind at all
>>> when you change your geolocation.
>>
>> Right... or at least generally.
>
> And they can read all your posts too.

Well, anyone can read your usenet posts (though you can encrypt, of course,
but that sorta defeats the point).

Snit

unread,
Sep 21, 2017, 5:56:52 PM9/21/17
to
On 9/21/17, 2:42 PM, in article oq1bom$7h8$1...@news.mixmin.net, "Blake Snyder"
<blakdebl...@outlook.com> wrote:

> On Thu, 21 Sep 2017 08:48:10 -0700, in
> <news:D5E92D4A.B74E7%use...@gallopinginsanity.com>, Snit wrote:
>
>> If you boil water doesn't it sterilize it?
> You answered your own question two sentences later.

Ok, you meant that as an absolute. Got it.

>> Need to do it for a minimum
>> amount of time... but even that is fairly short... a minute or so. Might be
>> some exceptions such as bacteria that live near vents in the ocean, but few
>> microbes can survive that.
>
> HINT: Look up the definition of "sterilize".

Done. Seems it DOES sterilize it (at least in the vast majority of cases --
most real world examples will not have the risk of microbes that can take
that type of heat).

>> The rest I know are not true... even if I cannot say I fully understand them
>> (gravity and time, for example).
>
> My only point was that our intuition often is wrong.

And on that I agree. An example is your intuition of iOS users. I think that
is based on your own preference of Android. That is, of course, my
intuition... it is not as if either of us can support our views here.

> Those who don't test their intuition, are often wrong (as a result).
>
> I picked those examples off the top of my head to be things that "most
> people intuit" that are wrong once they check their facts against their
> intuition.
>
> That was my main point in the list since this is a linux ng and not a
> psychology or science ng.
>
>> I had a discussion with a number of people who loath the way Common Core
>> approaches math yesterday. Not saying it is perfect, but their arguments
>> against it were odd (mostly: not the way they learned).
>
> To understand "common core" takes three levels of understanding.
> . The political reality for the promulgation of Math/English CC "standards"
>
> . The implementation reality in each school in the country
>
> . The actual technical description of the Math/English CC standards
>
>
> If someone does not have a realistic handle on the depth of detail on each
> of those three vastly different "realities", then it is my supposition that
> they know absolutely nothing about what common core actually "is". (IMHO)

Agree, at least mostly.

> Put it this way using my example that people tend to intuit incorrectly
> which Marketing takes full advantage of - if you think that "octane"
> ratings of gasoline are what the oil company advertising "implies" they
> are, or if you don't know the implementation reality of how different
> octane-rated fuels actually work inside your particular high-or-low
> compression engine, or if you don't know the underlying chemistry of the
> American AKI research and motor numbers, then you actually don't know the
> whole story on what octane ratings really "are".
>
> In both examples, there are three underlying "realities" that comprise what
> "it" is.
>
> If you don't know all three underlying realities, it's my supposition that
> you don't fully understand "it".

Sure. And in day-to-day life there is much we cannot test.

>>> For banter, who you are can be more important than what you say.
>>
>> I do eventually see patterns in the "who", but if someone changes names and
>> wants a fresh start I have no real issue with that. Or if they do so for
>> privacy. No big deal to me.
>
> Lots of people claim troll for someone who merely changes nyms, just as
> they claim that all priests are pedophiles or that all black kids wearing
> Nike leather Cortez shoes stole them, or that all CEOs are dishonest, etc.

I know few who claim any of those (though the first I have seen).

Blake Snyder

unread,
Sep 21, 2017, 7:19:39 PM9/21/17
to
On Thu, 21 Sep 2017 07:46:56 -0500, in
<news:x_adncBqjtpdKV7E...@giganews.com>, Marek Novotny wrote:

> You switch your name so often I never know.
I agree.

> It takes me a while to
> realize who you are by the context of your post.

Yes. Because I never change my style. My purpose isn't to hide from
individual humans but from lazy aggregate sofware machines which use
headers exclusively.

I have toyed with the idea of putting inside the body a keyword, such as
"it-is-i" but that would juat invite lazy aggregators to key off that
keyword.

> And you cross post a
> lot which we frown on here, especially if you cross post to windows and
> mobile which invites a lot of noise here.

I admit that fault. I try to edify the world. It's not always a good thing.

> I can only guess they are sick of trolls bothering them.

This troll thing is abused by the people who accuse others of trolling.

If, for example, I respond to all relevant queries in a thread, I often get
accused of being a troll even though I'm just being a responsible Usenet
citizen.

If I make a statement that others don't believe (such as the one I made
that Google reverse-image-search engines hate Tor exit nodes), then those
who don't believe my statement accuse me of being a troll.

In the case of the Opera post on this very newsgroup about three or four
months ago, I got accused of being a troll (as I recall) simply for asking
a question that nobody had ever asked before - which is how to remove the
one-to-one link of the Opera VPN ID & Browser-UniqueID.

That thread is classic where even you jumped on me, simply because I asked
a simple question that had two very important factors:
. It was a question that nobody had ever asked before
. It had a very difficult answer

While I could argue that those type of questions are perfect for Usenet
newsgroups such as this one, as I recall, in that thread, *you* were the
only one who provided *any* help whatsoever - and even then - only after I
chastised you for your initial actions.

Everyone else just effectively called me a troll simply for asking a
question that was never asked before and which had a hard answer.

NOTE: To be fair to them, they didn't *care* about the question or the
answer; but to be fair to me, they didn't have to respond to the thread
then, where all they did was fill a 100-post thread with 99 useless
responses.

> Usenet is
> unmoderated so this invites trolls. I've been considering leaving usenet
> all together for months now.

I can't blame you. I have given up on certain newsgroups, the
alt.comp.freeware and alt.free.newsservers being two of those. I may post
to them infrequently but only when I really (really) need help.

Anything on the iOS newsgroups that fits the model of the Opera-privacy
question I just lambasted you for also is usually a waste of time because
it has 99 opinions that Apple is always right and only 1 true answer to the
actual question.

So, like you, I find Usenet less and less and less useful; but there are
some groups (sci.electronics.repair, alt.internet.wireless,
comp.mobile.android, etc.) which are still useful.

> If they had a good newsreader like slrn, they could easily toggle on and
> off not just the signature, but the gpg info as well. Can't stop
> recommending slrn as it is simply one of the best news readers I've ever
> used. Just takes a little getting used to is all.

I started with "rn" as I recall, and then used "tin" as I recall. But 'dem
days were in the days where we had to assemble our own binaries out of
scores of posts. In those days, I actually posted with my real name and
real email address. Can you believe that!

> My guess is that they do it to advertise.

Maybe. It actually is interesting how much it irks people where it would
irk me too if I didn't know that I had no overt control over it.

> usenet is very public. I wouldn't care one bit if Giganews had banks of
> live humans reading all my posts.

Exactly. People even today tell me that my use of VPN services doesn't aid
my privacy because the server can read my posts, when I tell them that
anyone can read my posts because they are on Usenet or in a web forum in
clear text. It doesn't dawn on some people that teeny tiny detail.

I must say one thing though, that LOTS of people on a.o.l fell prey to in
the past. I've been an early adopter of lots of technologies (I was the
first at my company, for example, to propose PDF as a cross-platform
standard when the IT department thundered down on me that they weren't
going to "support yet another editing standard", which just shows you that
people read into statements what they want to read into them.

Same thing happened for *years* here on a.o.l where any time I asked about
a free public VPN service, everyone immediately jumped to the conclusion
that I was talking about the roll-your-own methodology - where they
couldn't grasp the point.

Only in the last two or three years when I talk about VPN do people
intuitively realize that freely available public VPN services exist.

I don't know if you remember or understand what I'm saying, but everyone
intuits from their perspective where they just don't get new ideas when
they're new.

I'll give you another example of how people get new ideas all wrong because
they intuit too much using their prejudices. I started with UNIX variants
since before DOS existed (or about the time that Bill Gates was still it
Harvard or so), so I knew the concept of /tmp/ rather well.

To you and to me, the "name" is meaningless; what matters is the *concept*.

What happened when I first proposed (oh, maybe two decades ago?) the
concept of having a single c:\tmp directory on Windows, my IT department
got on my case in spades saying I was trying to turn Windows into Linux.

Even today, just yesterday in fact, I was talking about the c:\tmp concept
in that I have redefined all the Windows system temp variables (of which
there are four main ones) to sub directories of C:\tmp\ along with the vim
sub directories.
https://groups.google.com/d/msg/alt.comp.freeware/ilkn4uXQIic/5lYibZlAAgAJ

Interestingly, even you complained vehemently when I asked (a few months
ago) on the Linux and Windows newsgroups how to set up VIM so that the turd
files aren't splayed all over my desktop (where my reasoning, as stated in
that thread, was that Linux people know the syntax of VIM exrc/vimrc files
better than Windows people and the syntax is exactly the same for the turd
files). But you (and others) jumped all over me nonetheless. :) Just
because I posted from a seemingly Windows user base. :)

> Not a fan of Google Groups and if it were not for a few talented people
> using it, I would just block them as a whole. I might just block them as
> a whole in specific groups.

I hate that GG has distorted what is their own implementation of "groups"
with Usenet. It doesn't help that the search engine for Usenet on Google
sucks (let's not go there).

> Some things discussed here I don't like to talk about because they can
> become tools for trolls. The VPN thing I happened to find interesting.
> Though I modified a version of what I did here for you for myself.

Yes. I remember very early on you said it was interesting, and I stayed up
all night for a few nights in a row working with you on responding as
quickly as I could by testing it.

You may note that EVERY test you asked for I did.
I responded back on all those tests.

And I found a few initial bugs (not many, but some).
You probably don't remember because this was, oh, I don't know, three or
four years ago?

You were instrumental. A few other people pitched in. Lots of ideas on how
to code key things cropped up. It was a good discussion, productive, and I
tested EVERYTHING (as you may recall).

> I think we have very
> different use-cases. I actually want people to know it is me, not the
> other way around. So I try to keep a consistent news reader, header,
> local, etc. Typically coming from my own server in San Francisco.

Yes. Of course. I certainly realize I'm not a herd animal in any way, other
than I want to blend in with the herd when it comes to privacy. :)

We're all oxymoronic in some ways...

I'm so well known in my field that I can't afford to have my Usenet posts
cloud people's assessment of me since just using Usenet is a bad thing in
this field. I won't say more so just assume that I must be anonymous for
professional reasons.

You can be well known for similar professional reasons.
Everything depends on the perspective taken.

> I removed much of it from my github as well. In light of recent trolling
> I don't like to discuss some topics in this regard.

You used to update them a lot where I had problems with the versions as I
gave them my own version numbers because my versions branched off of yours,
so it was a nightmare keeping the versions intact while you were still
updating them!

But that's normal with non-modular code branches that don't really branch
fully but which maintain base-update connections. :)

Like you, I no longer post my code either, mainly because I would have to
clean up too much for a bunch of reasons, not the least of which is
embarrassment for my lousy solutions but also for privacy reasons.

Anyway, I think we resolved this problem which I thank you for testing.

Blake Snyder

unread,
Sep 21, 2017, 8:29:13 PM9/21/17
to
On Thu, 21 Sep 2017 15:20:41 -0500, in
<news:c_WdnYpAUb-EglnE...@giganews.com>, Marek Novotny wrote:

> Have you found the VPNs to drop off a lot or are they pretty stable once
> you are connected to them for the duration of your use?

I don't run formal statistics ... but ... I've been using this stuff for
years now ... so my informal assessment is...

I have found empirically that there are three kinds of servers at
vpngate.net although I also use your scripts for other freely available VPN
services, and not just vpngate.net.

The three types at vpngate.net are
. Reliable (mostly Japan)
. Flaky (mostly Korea)
. Unreliable (everything else)

Of the reliable servers, most are Japanese, and most geolocate to Tokyo and
the major cities. Some last literally for months and then die for a day or
two, and then come alive again. When on these reliable VPN servers, the
connection is the fastest (although never truly "fast") and most ports are
allowed (e.g., they rarely, if ever, negate Usenet posts).

The flaky servers are mostly Korean (South, of course), and the more
reliable ones geolocate to the big cities (Seoul for example). These
servers far more often just drop out and disappear after just days, and
about 1 out of 10 (or so) won't do Usenet but will do web and ping.

Bear in mind that of 500 servers downloaded in any one wget session,
something like 300 will be Japanese or Korean, so, these are the builk of
the servers.

However, another 200 or so will be the rest of the world, which is
basically three geolocated areas:
. US & Canada
. GB & Europe
. Mexico & South America

All of these, almost to a server, are unreliable. They may last only hours,
and they very often drop while in use. They drop out far more than the
Korean connections do which themselves drop out more than do the Japanese
connections.

It's unfortunate these are so unreliable because the US servers are the
most critical, where I use them to establish Gmail accounts, because the
requirements for US Gmail geolocated accounts are less than, say, Korean
Gmail geolocated accounts.

While somtimes I can get a US server to stay alive (in and out) for a week
or more, most of the time they don't last a day, let alone a few hours.

Meanwhile the Japanese servers can go strong for at least days, if not
weeks, and the rare ones go months.

I could hazard a guess that the vpngate site is mostly from Japanese
universities with compatriots in Korea while the rest of the world are
idealistic volunteers who are people like you and me.

Since I rename all the files using your scripts, based on the IP address
and geolocation, this mixes in the UDP, TCP and DNS configuratrions with
the ones where the IP address is specified. That is, I haven't culled out
the reliablity of the four types below:
. UDP
. TCP
and
. DNS
. Static IP Address

So I am lumping all four types into this seat-of-the-pants assessment.

However, I should note that the vpngate web site specifically mentions that
the DNS-based config files will be more reliable (which makes sense) but in
my experience, offhand anyway, they're no more reliable or unreliable than
the Static IP Address based config files.

BTW, here is an example below of a Japanese config file that I just can't
kill, so it's a canonical example of a reliable one.

NOTE: I'll change servers manually to netfront so that I can post this file
without the leading angle brackets.

###############################################################################
# OpenVPN 2.0 Sample Configuration File
# for PacketiX VPN / SoftEther VPN Server
#
# !!! AUTO-GENERATED BY SOFTETHER VPN SERVER MANAGEMENT TOOL !!!
#
# !!! YOU HAVE TO REVIEW IT BEFORE USE AND MODIFY IT AS NECESSARY !!!
#
# This configuration file is auto-generated. You might use this config file
# in order to connect to the PacketiX VPN / SoftEther VPN Server.
# However, before you try it, you should review the descriptions of the
file
# to determine the necessity to modify to suitable for your real
environment.
# If necessary, you have to modify a little adequately on the file.
# For example, the IP address or the hostname as a destination VPN Server
# should be confirmed.
#
# Note that to use OpenVPN 2.0, you have to put the certification file of
# the destination VPN Server on the OpenVPN Client computer when you use
this
# config file. Please refer the below descriptions carefully.


###############################################################################
# Specify the type of the layer of the VPN connection.
#
# To connect to the VPN Server as a "Remote-Access VPN Client PC",
# specify 'dev tun'. (Layer-3 IP Routing Mode)
#
# To connect to the VPN Server as a bridging equipment of "Site-to-Site
VPN",
# specify 'dev tap'. (Layer-2 Ethernet Bridgine Mode)

dev tun


###############################################################################
# Specify the underlying protocol beyond the Internet.
# Note that this setting must be correspond with the listening setting on
# the VPN Server.
#
# Specify either 'proto tcp' or 'proto udp'.

proto udp


###############################################################################
# The destination hostname / IP address, and port number of
# the target VPN Server.
#
# You have to specify as 'remote <HOSTNAME> <PORT>'. You can also
# specify the IP address instead of the hostname.
#
# Note that the auto-generated below hostname are a "auto-detected
# IP address" of the VPN Server. You have to confirm the correctness
# beforehand.
#
# When you want to connect to the VPN Server by using TCP protocol,
# the port number of the destination TCP port should be same as one of
# the available TCP listeners on the VPN Server.
#
# When you use UDP protocol, the port number must same as the configuration
# setting of "OpenVPN Server Compatible Function" on the VPN Server.

remote vpn100895633.opengw.net 1698


###############################################################################
# The HTTP/HTTPS proxy setting.
#
# Only if you have to use the Internet via a proxy, uncomment the below
# two lines and specify the proxy address and the port number.
# In the case of using proxy-authentication, refer the OpenVPN manual.

;http-proxy-retry
;http-proxy [proxy server] [proxy port]


###############################################################################
# The encryption and authentication algorithm.
#
# Default setting is good. Modify it as you prefer.
# When you specify an unsupported algorithm, the error will occur.
#
# The supported algorithms are as follows:
# cipher: [NULL-CIPHER] NULL AES-128-CBC AES-192-CBC AES-256-CBC BF-CBC
# CAST-CBC CAST5-CBC DES-CBC DES-EDE-CBC DES-EDE3-CBC DESX-CBC
# RC2-40-CBC RC2-64-CBC RC2-CBC
# auth: SHA SHA1 MD5 MD4 RMD160

cipher AES-128-CBC
auth SHA1


###############################################################################
# Other parameters necessary to connect to the VPN Server.
#
# It is not recommended to modify it unless you have a particular need.

resolv-retry infinite
nobind
persist-key
persist-tun
client
verb 3
#auth-user-pass


###############################################################################
# The certificate file of the destination VPN Server.
#
# The CA certificate file is embedded in the inline format.
# You can replace this CA contents if necessary.
# Please note that if the server certificate is not a self-signed, you have
to
# specify the signer's root certificate (CA) here.

<ca>
-----BEGIN CERTIFICATE-----
MIIF2DCCA8CgAwIBAgIQTKr5yttjb+Af907YWwOGnTANBgkqhkiG9w0BAQwFADCB
hTELMAkGA1UEBhMCR0IxGzAZBgNVBAgTEkdyZWF0ZXIgTWFuY2hlc3RlcjEQMA4G
A1UEBxMHU2FsZm9yZDEaMBgGA1UEChMRQ09NT0RPIENBIExpbWl0ZWQxKzApBgNV
BAMTIkNPTU9ETyBSU0EgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkwHhcNMTAwMTE5
MDAwMDAwWhcNMzgwMTE4MjM1OTU5WjCBhTELMAkGA1UEBhMCR0IxGzAZBgNVBAgT
EkdyZWF0ZXIgTWFuY2hlc3RlcjEQMA4GA1UEBxMHU2FsZm9yZDEaMBgGA1UEChMR
Q09NT0RPIENBIExpbWl0ZWQxKzApBgNVBAMTIkNPTU9ETyBSU0EgQ2VydGlmaWNh
dGlvbiBBdXRob3JpdHkwggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoICAQCR
6FSS0gpWsawNJN3Fz0RndJkrN6N9I3AAcbxT38T6KhKPS38QVr2fcHK3YX/JSw8X
pz3jsARh7v8Rl8f0hj4K+j5c+ZPmNHrZFGvnnLOFoIJ6dq9xkNfs/Q36nGz637CC
9BR++b7Epi9Pf5l/tfxnQ3K9DADWietrLNPtj5gcFKt+5eNu/Nio5JIk2kNrYrhV
/erBvGy2i/MOjZrkm2xpmfh4SDBF1a3hDTxFYPwyllEnvGfDyi62a+pGx8cgoLEf
Zd5ICLqkTqnyg0Y3hOvozIFIQ2dOciqbXL1MGyiKXCJ7tKuY2e7gUYPDCUZObT6Z
+pUX2nwzV0E8jVHtC7ZcryxjGt9XyD+86V3Em69FmeKjWiS0uqlWPc9vqv9JWL7w
qP/0uK3pN/u6uPQLOvnoQ0IeidiEyxPx2bvhiWC4jChWrBQdnArncevPDt09qZah
SL0896+1DSJMwBGB7FY79tOi4lu3sgQiUpWAk2nojkxl8ZEDLXB0AuqLZxUpaVIC
u9ffUGpVRr+goyhhf3DQw6KqLCGqR84onAZFdr+CGCe01a60y1Dma/RMhnEw6abf
Fobg2P9A3fvQQoh/ozM6LlweQRGBY84YcWsr7KaKtzFcOmpH4MN5WdYgGq/yapiq
crxXStJLnbsQ/LBMQeXtHT1eKJ2czL+zUdqnR+WEUwIDAQABo0IwQDAdBgNVHQ4E
FgQUu69+Aj36pvE8hI6t7jiY7NkyMtQwDgYDVR0PAQH/BAQDAgEGMA8GA1UdEwEB
/wQFMAMBAf8wDQYJKoZIhvcNAQEMBQADggIBAArx1UaEt65Ru2yyTUEUAJNMnMvl
wFTPoCWOAvn9sKIN9SCYPBMtrFaisNZ+EZLpLrqeLppysb0ZRGxhNaKatBYSaVqM
4dc+pBroLwP0rmEdEBsqpIt6xf4FpuHA1sj+nq6PK7o9mfjYcwlYRm6mnPTXJ9OV
2jeDchzTc+CiR5kDOF3VSXkAKRzH7JsgHAckaVd4sjn8OoSgtZx8jb8uk2Intzna
FxiuvTwJaP+EmzzV1gsD41eeFPfR60/IvYcjt7ZJQ3mFXLrrkguhxuhoqEwWsRqZ
CuhTLJK7oQkYdQxlqHvLI7cawiiFwxv/0Cti76R7CZGYZ4wUAc1oBmpjIXUDgIiK
boHGhfKppC3n9KUkEEeDys30jXlYsQab5xoq2Z0B15R97QNKyvDb6KkBPvVWmcke
jkk9u+UJueBPSZI9FoJAzMxZxuY67RIuaTxslbH9qh17f4a+Hg4yRvv7E491f0yL
S0Zj/gA0QHDBw7mh3aZw4gSzQbzpgJHqZJx64SIDqZxubw5lT2yHh17zbqD5daWb
QOhTsiedSrnAdyGN/4fy3ryM7xfft0kL0fJuMAsaDk527RH89elWsn2/x20Kk4yl
0MC2Hb46TpSi125sC8KKfPog88Tk5c0NqMuRkrF8hey1FGlmDoLnzc7ILaZRfyHB
NVOFBkpdn627G190
-----END CERTIFICATE-----

</ca>


###############################################################################
# The client certificate file (dummy).
#
# In some implementations of OpenVPN Client software
# (for example: OpenVPN Client for iOS),
# a pair of client certificate and private key must be included on the
# configuration file due to the limitation of the client.
# So this sample configuration file has a dummy pair of client certificate
# and private key as follows.

<cert>
-----BEGIN CERTIFICATE-----
MIICxjCCAa4CAQAwDQYJKoZIhvcNAQEFBQAwKTEaMBgGA1UEAxMRVlBOR2F0ZUNs
aWVudENlcnQxCzAJBgNVBAYTAkpQMB4XDTEzMDIxMTAzNDk0OVoXDTM3MDExOTAz
MTQwN1owKTEaMBgGA1UEAxMRVlBOR2F0ZUNsaWVudENlcnQxCzAJBgNVBAYTAkpQ
MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA5h2lgQQYUjwoKYJbzVZA
5VcIGd5otPc/qZRMt0KItCFA0s9RwReNVa9fDRFLRBhcITOlv3FBcW3E8h1Us7RD
4W8GmJe8zapJnLsD39OSMRCzZJnczW4OCH1PZRZWKqDtjlNca9AF8a65jTmlDxCQ
CjntLIWk5OLLVkFt9/tScc1GDtci55ofhaNAYMPiH7V8+1g66pGHXAoWK6AQVH67
XCKJnGB5nlQ+HsMYPV/O49Ld91ZN/2tHkcaLLyNtywxVPRSsRh480jju0fcCsv6h
p/0yXnTB//mWutBGpdUlIbwiITbAmrsbYnjigRvnPqX1RNJUbi9Fp6C2c/HIFJGD
ywIDAQABMA0GCSqGSIb3DQEBBQUAA4IBAQChO5hgcw/4oWfoEFLu9kBa1B//kxH8
hQkChVNn8BRC7Y0URQitPl3DKEed9URBDdg2KOAz77bb6ENPiliD+a38UJHIRMqe
UBHhllOHIzvDhHFbaovALBQceeBzdkQxsKQESKmQmR832950UCovoyRB61UyAV7h
+mZhYPGRKXKSJI6s0Egg/Cri+Cwk4bjJfrb5hVse11yh4D9MHhwSfCOH+0z4hPUT
Fku7dGavURO5SVxMn/sL6En5D+oSeXkadHpDs+Airym2YHh15h0+jPSOoR6yiVp/
6zZeZkrN43kuS73KpKDFjfFPh8t4r1gOIjttkNcQqBccusnplQ7HJpsk
-----END CERTIFICATE-----

</cert>

<key>
-----BEGIN RSA PRIVATE KEY-----
MIIEpAIBAAKCAQEA5h2lgQQYUjwoKYJbzVZA5VcIGd5otPc/qZRMt0KItCFA0s9R
wReNVa9fDRFLRBhcITOlv3FBcW3E8h1Us7RD4W8GmJe8zapJnLsD39OSMRCzZJnc
zW4OCH1PZRZWKqDtjlNca9AF8a65jTmlDxCQCjntLIWk5OLLVkFt9/tScc1GDtci
55ofhaNAYMPiH7V8+1g66pGHXAoWK6AQVH67XCKJnGB5nlQ+HsMYPV/O49Ld91ZN
/2tHkcaLLyNtywxVPRSsRh480jju0fcCsv6hp/0yXnTB//mWutBGpdUlIbwiITbA
mrsbYnjigRvnPqX1RNJUbi9Fp6C2c/HIFJGDywIDAQABAoIBAERV7X5AvxA8uRiK
k8SIpsD0dX1pJOMIwakUVyvc4EfN0DhKRNb4rYoSiEGTLyzLpyBc/A28Dlkm5eOY
fjzXfYkGtYi/Ftxkg3O9vcrMQ4+6i+uGHaIL2rL+s4MrfO8v1xv6+Wky33EEGCou
QiwVGRFQXnRoQ62NBCFbUNLhmXwdj1akZzLU4p5R4zA3QhdxwEIatVLt0+7owLQ3
lP8sfXhppPOXjTqMD4QkYwzPAa8/zF7acn4kryrUP7Q6PAfd0zEVqNy9ZCZ9ffho
zXedFj486IFoc5gnTp2N6jsnVj4LCGIhlVHlYGozKKFqJcQVGsHCqq1oz2zjW6LS
oRYIHgECgYEA8zZrkCwNYSXJuODJ3m/hOLVxcxgJuwXoiErWd0E42vPanjjVMhnt
KY5l8qGMJ6FhK9LYx2qCrf/E0XtUAZ2wVq3ORTyGnsMWre9tLYs55X+ZN10Tc75z
4hacbU0hqKN1HiDmsMRY3/2NaZHoy7MKnwJJBaG48l9CCTlVwMHocIECgYEA8jby
dGjxTH+6XHWNizb5SRbZxAnyEeJeRwTMh0gGzwGPpH/sZYGzyu0SySXWCnZh3Rgq
5uLlNxtrXrljZlyi2nQdQgsq2YrWUs0+zgU+22uQsZpSAftmhVrtvet6MjVjbByY
DADciEVUdJYIXk+qnFUJyeroLIkTj7WYKZ6RjksCgYBoCFIwRDeg42oK89RFmnOr
LymNAq4+2oMhsWlVb4ejWIWeAk9nc+GXUfrXszRhS01mUnU5r5ygUvRcarV/T3U7
TnMZ+I7Y4DgWRIDd51znhxIBtYV5j/C/t85HjqOkH+8b6RTkbchaX3mau7fpUfds
Fq0nhIq42fhEO8srfYYwgQKBgQCyhi1N/8taRwpk+3/IDEzQwjbfdzUkWWSDk9Xs
H/pkuRHWfTMP3flWqEYgW/LW40peW2HDq5imdV8+AgZxe/XMbaji9Lgwf1RY005n
KxaZQz7yqHupWlLGF68DPHxkZVVSagDnV/sztWX6SFsCqFVnxIXifXGC4cW5Nm9g
va8q4QKBgQCEhLVeUfdwKvkZ94g/GFz731Z2hrdVhgMZaU/u6t0V95+YezPNCQZB
wmE9Mmlbq1emDeROivjCfoGhR3kZXW1pTKlLh6ZMUQUOpptdXva8XxfoqQwa3enA
M7muBbF0XN7VO80iJPv+PmIZdEIAkpwKfi201YB+BafCIuGxIF50Vg==
-----END RSA PRIVATE KEY-----

</key>

Blake Snyder

unread,
Sep 21, 2017, 8:39:29 PM9/21/17
to
On Fri, 22 Sep 2017 00:29:11 -0000 (UTC), in
<news:oq1lgm$232f$1...@adenine.netfront.net>, Blake Snyder wrote:

> BTW, here is an example below of a Japanese config file that I just can't
> kill, so it's a canonical example of a reliable one.

I should note that I append this one line to the bottom of all config files
on Windows nowadays so that they die more gracefully when I start a billion
of them at once on Windows.

--connect-retry-max 1

On Windows, I also have modified the registry entry to remove the "pause
exit", as shown below. But I don't do any of this on Linux.

Remove "pause-exit" from these two keys (actually one does the other):
HKCR\OpenVPNFile\shell\run\command
Default [Type=REG_SZ]
FROM:
Data=["C:\path\openvpn\bin\openvpn.exe" --pause-exit --config "%1"]
https://s10.postimg.org/udr4wo64p/regedit.gif
TO:
Data=["C:\path\openvpn\bin\openvpn.exe" --config "%1"]
https://s15.postimg.org/f4hlcgfx7/openvpn1.gif

HKLM\SOFTWARE\Classes\OpenVPNFile\shell\run\command
Default [Type=REG_SZ]
FROM:
Data=["C:\path\openvpn\bin\openvpn.exe" --pause-exit --config "%1"]
https://s23.postimg.org/flza7tm0b/regedit2.gif
TO:
Data=["C:\path\openvpn\bin\openvpn.exe" --config "%1"]
https://s7.postimg.org/8orbqfo4b/openvpn2.gif

I have been completely unsuccessful at getting a BELL to ring when the
connections are established on Windows even after boning up on Windows
event triggers. Sigh. So much to improve. It never ends.
https://s7.postimg.org/wmho9m0cr/vpn1.gif

Marek Novotny

unread,
Sep 21, 2017, 8:55:57 PM9/21/17
to
On 2017-09-21, Blake Snyder <blakdebl...@outlook.com> wrote:
> On Thu, 21 Sep 2017 07:46:56 -0500, in
><news:x_adncBqjtpdKV7E...@giganews.com>, Marek Novotny wrote:
>
>> You switch your name so often I never know.
> I agree.
>
>> It takes me a while to
>> realize who you are by the context of your post.
>
> Yes. Because I never change my style. My purpose isn't to hide from
> individual humans but from lazy aggregate sofware machines which use
> headers exclusively.
>
> I have toyed with the idea of putting inside the body a keyword, such as
> "it-is-i" but that would juat invite lazy aggregators to key off that
> keyword.

We'll have to get you a cow bell or something.

> This troll thing is abused by the people who accuse others of trolling.

Well, we have a troll flooding quite a few of the groups I'm on
specifically. And one troll tactic is to ask some really vague question
and then move the goal post a lot to suck people into it.

> While I could argue that those type of questions are perfect for Usenet
> newsgroups such as this one, as I recall, in that thread, *you* were the
> only one who provided *any* help whatsoever - and even then - only after I
> chastised you for your initial actions.

Yeah, I think I remember that one. Think I'm guilty as charged, too.

> Everyone else just effectively called me a troll simply for asking a
> question that was never asked before and which had a hard answer.

I try to take that attitude more and more and just not answer at all.
Why add to it.

> Interestingly, even you complained vehemently when I asked (a few months
> ago) on the Linux and Windows newsgroups how to set up VIM so that the turd
> files aren't splayed all over my desktop (where my reasoning, as stated in
> that thread, was that Linux people know the syntax of VIM exrc/vimrc files
> better than Windows people and the syntax is exactly the same for the turd
> files). But you (and others) jumped all over me nonetheless. :) Just
> because I posted from a seemingly Windows user base. :)

I apologize for that, too.

>> Some things discussed here I don't like to talk about because they can
>> become tools for trolls. The VPN thing I happened to find interesting.
>> Though I modified a version of what I did here for you for myself.
>
> Yes. I remember very early on you said it was interesting, and I stayed up
> all night for a few nights in a row working with you on responding as
> quickly as I could by testing it.
>
> You may note that EVERY test you asked for I did.
> I responded back on all those tests.
>
> And I found a few initial bugs (not many, but some).
> You probably don't remember because this was, oh, I don't know, three or
> four years ago?
>
> You were instrumental. A few other people pitched in. Lots of ideas on how
> to code key things cropped up. It was a good discussion, productive, and I
> tested EVERYTHING (as you may recall).

Yes, and you have a particular voice on usenet. After a few posts I know
who you are. There have been a few fun projects to work on over the
years. I did one called, Linfo for quite a while and there were many
contributions and once a very person, don't know if I should mention his
name here or not, but he once re-wrote it in one night to help with the
the way it dealt with the dimension of the console. Later I rewrote it
again and still later on I finally discovered a method for dealing with
the size of the screen. At that point I felt like I finished learning
from the project.

The important thing with learning some of these Linux/UNIX technologies
is to find little projects that help you learn and that are interesting
to you. If you can do that you'll learn quickly and enjoy it at the same
time. If you crack open a book and just try to read it cover to cover
and follow the lessons, it will not be nearly as effective.

For whatever reason, the vpn thing was interesting at the time. If I saw
such a post today I might ignore it and not be too interested in hashing
all those subjects you raised at the time. But at the time I was already
doing things like scraping my logs for hackers, getting the ip addresses
and then getting the geo-local for them because I was amazed how often
people try to break into my boxes. I'd say I get between 33,000 and
60,000 attempts per month. I can watch it in real time and it means
nothing to me now. But the first time I saw it happening it was quite
interesting.

I've considered for over a year now the concept of letting them break in
and monitoring what they do as a project. I just never get around to it.

> You used to update them a lot where I had problems with the versions as I
> gave them my own version numbers because my versions branched off of yours,
> so it was a nightmare keeping the versions intact while you were still
> updating them!

yeah, I like github and still use it. Much easier. Just subscribe to it
and if an update hits you grab it. Easy.

> But that's normal with non-modular code branches that don't really branch
> fully but which maintain base-update connections. :)
>
> Like you, I no longer post my code either, mainly because I would have to
> clean up too much for a bunch of reasons, not the least of which is
> embarrassment for my lousy solutions but also for privacy reasons.

I still post but I am much less focused on the shell these days. Some of
the projects I used to be very excited about I don't even want to think
about now. I guess that's how it goes.

There is much to do in the Linux world. Many things are very interesting
and I wish I had more time to spend learning all the interesting things
I run into.

> Anyway, I think we resolved this problem which I thank you for testing.

This one was easy. :)

Blake Snyder

unread,
Sep 21, 2017, 9:11:11 PM9/21/17
to
On Thu, 21 Sep 2017 14:41:47 -0700, in
<news:D5E9802B.B75A0%use...@gallopinginsanity.com>, Snit wrote:

> Sounds like you are judging each OS by a check mark list of features. I
> personally disagree with that approach.

You say exactly what I've heard said by many iOS users forever.
In fact, you have no concept of what you just said.

Literally, it's like a kid looking up at the moon and saying that he wants
to take the elevator to the moon ... where the father looks down on this
kid and wonders how to respond.

There are so many things that are impossible to do on iOS devices that it
isn't even funny. It's not a checklist. It's things I do EVERY DAY on
Android that I can't do on any of my iOS devices. [Note: We're talking
modern iOS/Android non-jailbroken/non-rooted devices just in case you want
to play the argument game some more.]

I'll just list a few but your statement above show you are apparently so
clueless about the lack of functional abilities on iOS devices that I must
look at your statements like the father looks down at the kid wondering how
to respond to such naivety where the kid things he can just take an
elevator to the moon.

- I automatically record all my phone calls on my Android devices
. Nobody on this planet can do that on their iOS devices

- Daily I look at my cellular microtower signal by graph & unique id
. Nobody on this planet can do that on current iOS devices

- Since I troubleshoot local networks, I often graph wifi signal over time
. Nobody on this planet can do something as simple as that on iOS devices

- Since I control my desktop and user environment, I load my own launcher
. Nobody on this planet can load their own launcher on an iOS device

- Since I organize my desktop as I see fit, I rename icons as I see fit
. Nobody on this planet can organize well on an iOS device

- Since I back up my device to my SD card, I save all APKs for future use
where I can install them on almost any phone at any time of any version I
want just like on all operating systems other than iOS software
. Of all operating systems, only iOS doesn't have this capability (the
details are grim)

- The list goes on, but iOS doesn't even have the functionality of a simple
app-drawer applet for heaven's sake. You can't create placeholder folders.
You can't rename app names. You can't torrent. You can't even use the
"real" tor browser bundle (don't be fooled by all the tricksters naming
their stuff with "tor" in the name). You can't automatically answer the
phone. You can't

And the iOS-based mobile device camera functionality, as tested by
independent labs, have *never* been better than the worst of the top ten
Android cameras out there at any one time. (This is all extremely well
known information which, if you don't know it, you're either blind, or you
are not clued in and certainly you don't read the iOS newsgroups.)

Don't even get me started on the restrictions of the file system,
specifically because that is a huge use model difference between iOS and
every other operating system on the planet. (In the case of the file
system, the argument is that the user is willing to forgo functionality for
safety ... it's like taking a chain saw and turning it into a butter knife
for safety's sake ...).

Did you really mean to get me started. That's just off the top of my head.

And yet, when you look at the opposite, there is *nothing* (absolutely
nothing) of functionality (we're not talking Apple marketing brand name bs
here) that is on iOS that isn't already on Android.

MANY MANY MANY threads have proven this on the iOS and Android newsgroups,
so if you're not aware that the escalator does not go up to the moon, it's
time you opened your eyes to the reality that exists.

Don't get me wrong. I have as many iOS devices as I have Android devices. I
know them both well. But you don't buy an iOS device for functionality just
like you don't buy a motorcycle to haul heavy cargo.

>> True Apple cameras always come out in the bottom of the top ten
>> on Android mobile phone cameras (where most people have trouble believing
>> that until you show them proof from reliable sources) but being on the
>> bottom of the top ten is pretty damn good.
>
> Depends on how you measure it... if you mean megapixels, sure.

You're so naieve in all that you assert that I have to say that talking to
you is like talking to that kid looking up at the moon and having to
explain to him that there is no escalator that takes him there.

Why don't you just search the newsgroups for the keywords "camera
functionality" for heaven's sake. Here, I'll give you a URL.
http://tinyurl.com/misc-phone-mobile-iphone

Search for:
Is there is a *single* useful photographic functionality on Apple iOS
cameras that isn't already on Android?
<https://groups.google.com/d/msg/misc.phone.mobile.iphone/qcRetD6w1o4/-kYqKRuQBgAJ>

Independent tests *always* show the same thing, which is that iOS based
mobile phone cameras are 'good' but never better than the top ten or dozen
Android based mobile phone cameras at any given time.

That you're apparently unaware of the obvious does not make the obvious
facts incorrect.


> But I admit I
> do not keep track of such things.

Obviously! :)

> Doing a search now I find Apple does
> better than you suggest, but I am sure there are other articles which may
> say otherwise.
>
> The ones I found with a quick search:
>
> <https://www.cnet.com/topics/phones/best-phones/camera/>
>
> <http://www.techadvisor.co.uk/test-centre/mobile-phone/best-phone-camera-201
> 7-3612824/> OR <https://goo.gl/mPKRi7>
>
> Both rate it well though perhaps not #1.

I have been studying this for years and Apple based phone based camera
functionality (as rated by reliable sources) is usually in the bottom of
the top ten of phone-based cameras.

That's not bad.
It's just not the best.

> Sounds like you prefer Android... and have a hard time understanding why
> others prefer iOS. Fair enough.

You miss the point completely.
There is no escalator to the moon.

It's just a fact.
It's not that I "prefer" an escalator to the moon or I don't.
It's just a fact.

My "preference" has *nothing* to do with the facts.
What you're doing, because you apparently don't like the facts, is that
you're trying to say that I don't like iOS when I have as many iOS devices
as I have Android devices.

Put it this way.
Is it a fact that a truck carries cargo better than does a car?
If so, then it's a fact.

It's not that I like a truck better than I like a car.
It's that a truck has more cargo carrying functionality than does a car.

It's simply a fact.
That you try to turn it into a preference is merely that you don't like the
fact.

You not liking a fact doesn't turn into me no liking either iOS or Android.
Facts are just facts.

There is zero functionality that anyone has ever proposed on all the iOS
newsgroups of any functionality on IOS that isn't already on Android, while
there is well known functionality on Android that is never going to be on
iOS - not because the hardware can't do it - as the hardware is essentially
the same (which has been proven time and time and time again).

It's not the hardware that prevents iOS phone from automatically recording
phone calls, for example. It's Apple.

--
Darn. You got me started. You really need to bring this over to the iOS ng.

Blake Snyder

unread,
Sep 21, 2017, 9:18:46 PM9/21/17
to
On Thu, 21 Sep 2017 14:50:48 -0700, in
<news:D5E98248.B75A9%use...@gallopinginsanity.com>, Snit wrote:

> You suggested it would take a lot of money to make many Gmail accounts.

Your entire thread was an "argument game".
You infer the wrong thing, and then you argue I implied it.

I'm not going to give your response the courtesy of more than that
explanation of why I'm not going there.

You bought too many completely-made-up arguments this week.
Either that, or you didn't comprehend correctly anything I said.

You choose.

Blake Snyder

unread,
Sep 21, 2017, 9:24:52 PM9/21/17
to
On Thu, 21 Sep 2017 14:56:13 -0700, in
<news:D5E9838D.B75B0%use...@gallopinginsanity.com>, Snit wrote:

>>
>> HINT: Look up the definition of "sterilize".
>
> Done. Seems it DOES sterilize it (at least in the vast majority of cases --
> most real world examples will not have the risk of microbes that can take
> that type of heat).

Hint. Look up the temperature, pressure, and humidity involved in an
autoclave sterilization of instruments as just one example of well
recognized sterilization conditions.

Don't you think they'd just boil their steel instruments if they could take
the water if boiling water truly sterilized?

Anyway, methinks you bought too many arguments this week because this is
all OT.

Blake Snyder

unread,
Sep 21, 2017, 9:37:03 PM9/21/17
to
On Thu, 21 Sep 2017 19:55:50 -0500, in
<news:3LqdnU03j74LwlnE...@giganews.com>, Marek Novotny wrote:

>> Anyway, I think we resolved this problem which I thank you for testing.
>
> This one was easy. :)

Thanks.
I'll read all replies in this thread for a while, but I think we're done.

Thank you all!

SOLVED:
The summary is as simple as this:

Q: How did the Avast headers and signature get in the Usenet post?
A: The VPN server (for whatever reason), put it there.

Blake Snyder

unread,
Sep 21, 2017, 9:54:19 PM9/21/17
to
On Thu, 21 Sep 2017 11:20:35 -0700, in
<news:f2ie4d...@mid.individual.net>, Mike Easter wrote:

> Are you saying you can crack Ray Banana's (e-s) or Paolo Amoroso's
> (aioe) or Jesse Rehmer's (blueworld) IP obfuscation? Or NIN's X-trace?

Nope. I never said anything like that. I didn't even imply it.
So you can't infer it! :)

I've been on the free newsserver newgroups for so long I won't say because
I can be off by more years than my grandchildren are old. Over the years,
we've learned that the obfuscation isn't all that sophisticated.

I don't remember the details as I'm not all that interested in it other
than to know that the obfuscation isn't as good as just changing the IP
address (which nullifies the need for strong obfuscation).

Some servers use dynamic obfuscation per IP address (and other headers)
while some use static obfuscation per IP address (and other headers) while
some use the same seed for everything ever posted through their server.

I went into my obfuscation log file which is over 10,000 lines long, which
I did *years* (and years ago) so everything may be different, but here's
just a snippet...
// aioe = obfuscates the NNTP Posting Host & never changes it
// esept = obfuscates account information & never changes it
// mixmin = obfuscates NNTP posting host on a monthly hash
// albasani = obfuscates NNTP posting host & account differently for each
post
// solani = obfuscates NNTP posting host & account differently for each
post
// netfront = reveals NNTP posting host in cleartext
// sunsite = reveals NNTP posting host in cleartext
// mozilla = used to post in the clear but I'm no longer sure what it does
etc.

The reason you won't get a comprehensive obfuscation (aka hashing) answer
out of me is sort of the same reason why you won't get a good answer out of
me as to why I don't wear tattoos, lipstick and ear rings.

If I want to look nice, I wear a suit and tie and I take a bath.
My approach to looking nice doesn't depend on tattoos, lipstick & earrings.

I don't trust the obfuscation.
So I change my IP address and user accounts instead.

>> Worse, Netfront and a few others don't even obfuscate the IP address.
>
> There are also/alternatively sometimes advantages in using a news server
> which exposes the IP address.

Huh? What's the advantage of telling the entire world your IP address?

>> Others like Blueworld did a good job on obfuscation, but eternal September
>> uses the same hash method for EVERYONE from the beginning of all time.
>
> I think there is always some debate about *exactly* what is the strategy
> for a news admin's IP obfuscation. Personally I doubt that it is as
> crackable as you presume.

Notice that my obfuscate.log says that Paolo has never changed his hashing
algorithm ever.

That's generally not what people do when they have a cipher that they don't
want others to figure out over time, simply from traffic analysis.

Anyway, I don't want to get into an obfuscation discussion mainly it's like
asking me if I like red motorcycles or blue motorcycles when I'm not in the
market for a motorcycle.

I use a car instead.
In the case of header obfuscation, I use the IP address and the account
username instead of trusting in the header hash.

I think mine is a reasonable approach.
But your approach is fine too.

Suffice to say that YEARS ago I gave up on trusting the obfuscation after
spending just a little bit of time testing out the obfuscation under
various conditions.

> As a general rule, it is quite inconvenient to (try to) change one's IP
> address when one's dynamic IP is cable, which turns out to be very
> 'static' because lease renewal generally gives you back the same IP you had.

All of us have lived through the days of single duplex modems (the physical
ones where we literally put a black phone into the earmuffs) and then on to
the US Robotics dialup modems and then on to (fast forward) today.

Today, most addresses are "relatively" static, but mine is super duper
static, so, it's not something I have control over.

My main question is just to ask if you know of a way, legally, from home,
to change the IP address for all ports (like VPN does) when the IP address
is super positively definitely static, then I'm all ears.

> I think everyone gets to address their own sense of privacy or not in
> their own way; and altho' I'm 'hearing' you about what your concerns
> are, what you expose to your relative running your ISP and the fact that
> you don't like showing your obfuscated IP on some news servers, I don't
> know that I would approach what you perceive as the problem in the same way.v

I'm not a herd animal in what I do, even as I slink among the herd to hide
who I am. The fact that Marek can tell, by my posts, who I am, is
indication enough that I don't hide what I do - where all I hide is who I
am.

If you have better ways to accomplish that simple (and realistic) goal,
then I'm all ears.

Snit

unread,
Sep 21, 2017, 10:13:30 PM9/21/17
to
On 9/21/17, 6:11 PM, in article oq1nvd$v94$1...@news.mixmin.net, "Blake Snyder"
<blakdebl...@outlook.com> wrote:

> On Thu, 21 Sep 2017 14:41:47 -0700, in
> <news:D5E9802B.B75A0%use...@gallopinginsanity.com>, Snit wrote:
>
>> Sounds like you are judging each OS by a check mark list of features. I
>> personally disagree with that approach.
>
> You say exactly what I've heard said by many iOS users forever.

Well, I *do* think judging a system by a checkmark list of features is bad.

I talked about this in this group the other day with KDE: it is why I went
to it to see if it had a feature (showing durations in the file browser and
allowing searches). But overall I think KDE is done very poorly (I have done
videos on it and submitted many bug reports).

> In fact, you have no concept of what you just said.

Sure I do, though it is possible YOU do not. And if that is the case, fine.
Heck, you might even think I am wrong about your meaning... and if so you
can speak about the features iOS has where you think Android does it better
and ask if I know counter examples.

I am on the newest iOS and NOT the newest Android (though my iOS device is
older).

> Literally, it's like a kid looking up at the moon and saying that he wants
> to take the elevator to the moon ... where the father looks down on this
> kid and wonders how to respond.
>
> There are so many things that are impossible to do on iOS devices that it
> isn't even funny. It's not a checklist. It's things I do EVERY DAY on
> Android that I can't do on any of my iOS devices. [Note: We're talking
> modern iOS/Android non-jailbroken/non-rooted devices just in case you want
> to play the argument game some more.]

I have no desire to argue... but I do note you are pushing one. :)

> I'll just list a few but your statement above show you are apparently so
> clueless about the lack of functional abilities on iOS devices that I must
> look at your statements like the father looks down at the kid wondering how
> to respond to such naivety where the kid things he can just take an
> elevator to the moon.

See: that is you pushing an argument. Why?

> - I automatically record all my phone calls on my Android devices
> . Nobody on this planet can do that on their iOS devices
>
>
> - Daily I look at my cellular microtower signal by graph & unique id
> . Nobody on this planet can do that on current iOS devices
>
>
> - Since I troubleshoot local networks, I often graph wifi signal over time
> . Nobody on this planet can do something as simple as that on iOS devices
>
>
> - Since I control my desktop and user environment, I load my own launcher
> . Nobody on this planet can load their own launcher on an iOS device
>
>
> - Since I organize my desktop as I see fit, I rename icons as I see fit
> . Nobody on this planet can organize well on an iOS device
>
>
> - Since I back up my device to my SD card, I save all APKs for future use
> where I can install them on almost any phone at any time of any version I
> want just like on all operating systems other than iOS software
> . Of all operating systems, only iOS doesn't have this capability (the
>
> details are grim)
>
> - The list goes on, but iOS doesn't even have the functionality of a simple
> app-drawer applet for heaven's sake. You can't create placeholder folders.
> You can't rename app names. You can't torrent. You can't even use the
> "real" tor browser bundle (don't be fooled by all the tricksters naming
> their stuff with "tor" in the name). You can't automatically answer the
> phone. You can't

First, good of you to post that list. I do not know if it is accurate, and,
of course, even if it is that does not back your claim that iOS lacks
features Android has.

> And the iOS-based mobile device camera functionality, as tested by
> independent labs, have *never* been better than the worst of the top ten
> Android cameras out there at any one time. (This is all extremely well
> known information which, if you don't know it, you're either blind, or you
> are not clued in and certainly you don't read the iOS newsgroups.)

It is a claim I would like to see you support. I have no horse in this
race... but it is clear you do. Also clear you make claims without backing
them. When this is noted it is frustrating to you. Interesting.

> Don't even get me started on the restrictions of the file system,
> specifically because that is a huge use model difference between iOS and
> every other operating system on the planet. (In the case of the file
> system, the argument is that the user is willing to forgo functionality for
> safety ... it's like taking a chain saw and turning it into a butter knife
> for safety's sake ...).

That is one argument... and there are others. Pros and cons to each way of
doing things.

> Did you really mean to get me started. That's just off the top of my head.

You made an argument about Android being able to do things iOS cannot, but
yoru claim was the opposite (that iOS can not do things Android can). You
did not back that. Seems like it would be a very hard thing to back.

> And yet, when you look at the opposite, there is *nothing* (absolutely
> nothing) of functionality (we're not talking Apple marketing brand name bs
> here) that is on iOS that isn't already on Android.

This is the original claim of yours which is not backed. Just for starters I
can name screen recording: iOS does this natively, Android requires third
party apps. Another big one for me is having my older device run the newest
OS. But, again, I have no horse in this race... I am happy both exist.

Doing a quick search I find others:

<http://www.gadgetsnow.com/slideshows/7-ios-11-features-that-are-missing-in-
android/drag-and-drop-support-for-content/photolist/59021705.cms> OR
<https://goo.gl/oJ2Mx5>

That includes my native video recording.

What they do not include is third-party recording. Even with that are there
Android apps that allow you to record your own voice, the sounds from the
system, AND the screen at the same time? Not that I have found -- maybe you
know of one. Or how about tying into a PC and allowing recording of all of
those PLUS the computer screen (and sounds) where they are automatically
synced so you can show how they work together? Again, if you know of any of
these I would love to see them!

<http://www.mensxp.com/technology/smart-phones/32082-5-things-iphone-owners-
can-do-that-android-users-can-only-dream-of.html> OR <https://goo.gl/ld8vTy>

This includes apps. Ah, yes... I am glad they mention that. I find that apps
do more on my iOS device... Words With Friends and FaceBook to name just
two. In my case my Android device is not running the newest OS version --
maybe the apps do more on the newer versions? I do not know. Also know there
are several apps I use which do not exist on Android (WordRoll is one I use
often). Of course there are also Android apps that do not exist on iOS, but
it shows your claim of iOS users not being able to do things Android users
cannot as false.

Anyway, back to that second list: they put in "Simple to use". This ties
back to my "checklist". It is not just WHAT you can do but HOW you can do it
that matters.

Instant updates. True enough... when iOS 11 came out I got it with NO issue
as is true of any even relatively modern device. When a new version of
Android comes out... hit or miss.

Going on: security. Seems right up your ally! Android gets hit with a lot of
malware... iOS almost none. That matters.

Fewer ads: again, that matters to me and seems to be a concern of yours.
Maybe not.



Now I want to be clear on the next part -- important you do not miss it:

Does this mean I am saying iOS is better for everyone than Android? NO!
Does this mean I am saying you are wrong to prefer Android? NO!
Does this mean Android is a poor choice? NO!
Does this mean your list of Android benefits is wrong? NO!
(They might be but I do not know).

But what it does mean is your claim that iOS does nothing Android does not
is simply not true.

> MANY MANY MANY threads have proven this on the iOS and Android newsgroups,
> so if you're not aware that the escalator does not go up to the moon, it's
> time you opened your eyes to the reality that exists.
>
> Don't get me wrong. I have as many iOS devices as I have Android devices. I
> know them both well. But you don't buy an iOS device for functionality just
> like you don't buy a motorcycle to haul heavy cargo.

I *do* buy iOS devices for the functionality they offer, including HOW they
allow me to get the tasks done.

This goes back, to some extent, to my example of PDF annotation workflows
(Marek loves that one).

Linux handles the task well:
* Go to a recipe, art project, lesson plan, or whatever
* "Print" to PDF
* Open in a PDF annotation program... edit and save
* Open an email client and attach

That is fine... but I like having more choice and options. The competition
offers that. It is not that the task is impossible on Linux (or even hard!)
but I like the flexibility of workflow and the efficiency offered on the
competition. And that is, of course, just an example task -- we can look at
many others.

Again: does that mean desktop Linux is horrible and should not be used? NO!

I use it... it does many things very well and is the best solution in some
cases. But that does not mean it is the best solution in ALL cases.

>>> True Apple cameras always come out in the bottom of the top ten
>>> on Android mobile phone cameras (where most people have trouble believing
>>> that until you show them proof from reliable sources) but being on the
>>> bottom of the top ten is pretty damn good.
>>
>> Depends on how you measure it... if you mean megapixels, sure.
>
> You're so naieve in all that you assert that I have to say that talking to
> you is like talking to that kid looking up at the moon and having to
> explain to him that there is no escalator that takes him there.

You are doing a fine job of demonstrating the insults and attacks I noted in
SOME Linux users. This goes against your claim about iOS users (your
intuition is being shown to be wrong by you).

> Why don't you just search the newsgroups for the keywords "camera
> functionality" for heaven's sake.

This is a common tactic of those who troll: demand those they are insulting
should do research FOR them to help back their claims.

> Here, I'll give you a URL.
> http://tinyurl.com/misc-phone-mobile-iphone

That points to misc.phone.mobile.iphone -- not to any article or whatever
noting the pros and cons of the phones. You failed to back your claim.

> Search for:

Nope. I want to be clear here -- if YOU want to back your claim I may very
well listen, but I am not going to do searches to help you back a claim you
cannot.

> Is there is a *single* useful photographic functionality on Apple iOS
> cameras that isn't already on Android?
> <https://groups.google.com/d/msg/misc.phone.mobile.iphone/qcRetD6w1o4/-kYqKRuQ
> BgAJ>
>
> Independent tests *always* show the same thing, which is that iOS based
> mobile phone cameras are 'good' but never better than the top ten or dozen
> Android based mobile phone cameras at any given time.

I already showed you counter-evidence to this claim.

> That you're apparently unaware of the obvious does not make the obvious
> facts incorrect.

LOL! I do hope you realize the irrationality and irony of your claim there.
:)

>> But I admit I do not keep track of such things.
>
> Obviously! :)
>
>> Doing a search now I find Apple does
>> better than you suggest, but I am sure there are other articles which may
>> say otherwise.
>>
>> The ones I found with a quick search:
>>
>> <https://www.cnet.com/topics/phones/best-phones/camera/>
>>
>> <http://www.techadvisor.co.uk/test-centre/mobile-phone/best-phone-camera-201
>> 7-3612824/> OR <https://goo.gl/mPKRi7>
>>
>> Both rate it well though perhaps not #1.
>
> I have been studying this for years and Apple based phone based camera
> functionality (as rated by reliable sources) is usually in the bottom of
> the top ten of phone-based cameras.
>
> That's not bad.
> It's just not the best.

Your claim... but completely unsupported. And that is fine... no need for
you to back it, but do not expect me to accept it with no support. Remember
how recently you noted the value of support?

>> Sounds like you prefer Android... and have a hard time understanding why
>> others prefer iOS. Fair enough.
>
> You miss the point completely.

Yet your frustration and lashing out support my claim well. Interesting.

> There is no escalator to the moon.
>
> It's just a fact.
> It's not that I "prefer" an escalator to the moon or I don't.
> It's just a fact.
>
> My "preference" has *nothing* to do with the facts.

All you are talking about is your preference for Android... and as you do
so you make claims which are unsupported and, in at least some cases,
trivially shown to be wrong.

> What you're doing, because you apparently don't like the facts, is that
> you're trying to say that I don't like iOS when I have as many iOS devices
> as I have Android devices.
>
> Put it this way.
> Is it a fact that a truck carries cargo better than does a car?
> If so, then it's a fact.
>
> It's not that I like a truck better than I like a car.
> It's that a truck has more cargo carrying functionality than does a car.
>
> It's simply a fact.
> That you try to turn it into a preference is merely that you don't like the
> fact.
>
> You not liking a fact doesn't turn into me no liking either iOS or Android.
> Facts are just facts.

But your "facts" are unsupported and, as shown, often incorrect.

What you are doing, though, is giving a fine example of my comments about
SOME Linux users. You are backing my claim. For that I thank you.

> There is zero functionality that anyone has ever proposed on all the iOS
> newsgroups of any functionality on IOS that isn't already on Android,

See above: it was pretty easy to do (though I am open to being shown to be
wrong... as I have noted, I am hardly an expert in either).

> while there is well known functionality on Android that is never going to be
> on iOS - not because the hardware can't do it - as the hardware is essentially
> the same (which has been proven time and time and time again).

My Android devices have MUCH worse hardware than my iOS device... but they
are also a LOT cheaper.

> It's not the hardware that prevents iOS phone from automatically recording
> phone calls, for example. It's Apple.

Same can be said of the video recording tasks I speak of above... the
hardware is not the limiting factor (or, hmmm, is it with the syncing...
might be). In other cases it is the hardware, at least in part, such as the
getting the latest OS updates.

Snit

unread,
Sep 21, 2017, 10:40:39 PM9/21/17
to
On 9/21/17, 6:18 PM, in article oq1odl$c0$1...@news.mixmin.net, "Blake Snyder"
<blakdebl...@outlook.com> wrote:

> On Thu, 21 Sep 2017 14:50:48 -0700, in
> <news:D5E98248.B75A9%use...@gallopinginsanity.com>, Snit wrote:
>
>> You suggested it would take a lot of money to make many Gmail accounts.
>
> Your entire thread was an "argument game".

Perhaps... and if so I am not interested.

> You infer the wrong thing, and then you argue I implied it.
>
> I'm not going to give your response the courtesy of more than that
> explanation of why I'm not going there.
>
> You bought too many completely-made-up arguments this week.
> Either that, or you didn't comprehend correctly anything I said.
>
> You choose.

If you think you were misunderstood perhaps you can speak about where and
not just issue insults. As noted above, I am not interested in the "argument
game".

Snit

unread,
Sep 21, 2017, 10:49:18 PM9/21/17
to
On 9/21/17, 6:24 PM, in article oq1op1$10l$1...@news.mixmin.net, "Blake Snyder"
<blakdebl...@outlook.com> wrote:

> On Thu, 21 Sep 2017 14:56:13 -0700, in
> <news:D5E9838D.B75B0%use...@gallopinginsanity.com>, Snit wrote:
>
>>>
>>> HINT: Look up the definition of "sterilize".
>>
>> Done. Seems it DOES sterilize it (at least in the vast majority of cases --
>> most real world examples will not have the risk of microbes that can take
>> that type of heat).
>
> Hint. Look up the temperature, pressure, and humidity involved in an
> autoclave sterilization of instruments as just one example of well
> recognized sterilization conditions.
>
> Don't you think they'd just boil their steel instruments if they could take
> the water if boiling water truly sterilized?

You have moved goal posts to if boiled water is sterile (in most cases yes,
assuming you boil for more than a minute or so) to if boiling water can be
used to sterilize non-liquid elements larger placed in it.

As far as medical equipment and other steel tools, yes, putting them in
boiling water can be used to sterilize them, though you first want to wash
off debris and dirt. The recommended time, at least from one link, is 20
minutes:

<http://thesurvivaldoctor.com/2014/01/13/sterilize/>
-----
Boiling. This is a good method for larger instruments or those that
might melt under the flame. Let the instrument soak in boiling water
for 20 minutes.
-----

I am going to guess the 20 minutes is for two basic reasons:

1) To be extra cautious. If you are talking about cutting into someone or
the like you want to make sure you sterilize better than if you are merely
drinking.

2) Even with cleaning there are crevices and the like, and possible dirt you
did not get off, which will allow microbes to last longer than in the water
itself.

> Anyway, methinks you bought too many arguments this week because this is
> all OT.

Not sure why you are bringing these off topic issues up... but I am happy to
discuss them (though not really interesting in the "argument game" as you
call it).

Look at your Android vs. iOS debate... more on topic but it seems your
primary point is you can list things you believe Android does that iOS does
not and you reject their being things iOS does that Android does not. Sorta
weird. Then you got into your "argument game" or whatever and became
frustrated and started pushing insults and accusations and pretending to
know all. It was a poor showing on your part.

But, as I have noted, I am happy to move forward. I do not hold grudges
(generally). Use a different name or whatever if that is something that will
help you to move forward. I have no issue with that (though I keep the same
name).

Snit

unread,
Sep 21, 2017, 11:46:11 PM9/21/17
to
On 9/21/17, 5:55 PM, in article
3LqdnU03j74LwlnE...@giganews.com, "Marek Novotny"
<marek....@marspolar.com> wrote:

> On 2017-09-21, Blake Snyder <blakdebl...@outlook.com> wrote:
>> On Thu, 21 Sep 2017 07:46:56 -0500, in
>> <news:x_adncBqjtpdKV7E...@giganews.com>, Marek Novotny wrote:
>>
>>> You switch your name so often I never know.
>> I agree.
>>
>>> It takes me a while to
>>> realize who you are by the context of your post.
>>
>> Yes. Because I never change my style. My purpose isn't to hide from
>> individual humans but from lazy aggregate sofware machines which use
>> headers exclusively.
>>
>> I have toyed with the idea of putting inside the body a keyword, such as
>> "it-is-i" but that would juat invite lazy aggregators to key off that
>> keyword.
>
> We'll have to get you a cow bell or something.
>
>> This troll thing is abused by the people who accuse others of trolling.
>
> Well, we have a troll flooding quite a few of the groups I'm on
> specifically.

I do not think he is targeting you... he has been following me around from
group to group to group since 2004 or so. I no longer respond to him
directly (and have not for years). Does not seem to slow him down.

> And one troll tactic is to ask some really vague question
> and then move the goal post a lot to suck people into it.

I think often when people ask questions they come "loaded" with assumptions.
I do not consider that trolling as long as the person is willing to explain
what they want and at least some part of the goal. Really, without knowing
the WHY you are left with helping someone handle a specific workflow even
when they are asking how to get an overall task done. Sometimes, of course,
that is fine... but other times people get one specific method to get a task
done and miss that their stated goal can be achieved in other ways. Also we
all have different tastes and styles: you tend to go to the CLI first, I
tend to go to the GUI. Neither is wrong, but my way might not "feel" right
to you and vice-versa.

William Poaster

unread,
Sep 22, 2017, 5:50:04 AM9/22/17
to
On 22/9/2017 02:18 in alt.os.linux, Blake Snyder posted:

> On Thu, 21 Sep 2017 14:50:48 -0700, in
> <news:D5E98248.B75A9%use...@gallopinginsanity.com>, Snit wrote:
>
>> You suggested it would take a lot of money to make many Gmail accounts.
>
> Your entire thread was an "argument game".
> You infer the wrong thing, and then you argue I implied it.

And welcome to the Michael 'Snit' Glasser circus. Many have been on his
merry-go-round, but eventually they stop responding to him & quite often
block him.

> I'm not going to give your response the courtesy of more than that
> explanation of why I'm not going there.
>
> You bought too many completely-made-up arguments this week.
> Either that, or you didn't comprehend correctly anything I said.
>
> You choose.

--
By W3Cook's analysis of Alexa's data, 96.3 percent of the top 1 million
web servers are running Linux. The remainder is split between Windows,
1.9 percent, and FreeBSD, 1.8 percent.
ZDNet - October 2015.

Mike Easter

unread,
Sep 22, 2017, 5:57:02 PM9/22/17
to
Mike Easter wrote:
> Snit wrote:

>> The same program (Windscribe) has Linux and Windows clients.
>> Again, though, not free and, as far as I know, limited to their
>> supported nodes.
>
> Windscribe has a free model; and I think it will make their pay
> model very successful.
>
> The free model works with such as Win with bandwidth and server
> limitations; and/but the interface is slick and will tempt those users
> to upgrade to their pro/pay package.
>
> The linux openvpn access isn't free. I've experimented with the free
> openvpn access at vpnbook.
>
The Proton VPN (of Proton Mail product) also has a free and pay model.
Recently the free access required 'waiting in line' for an invitation.

Today I was able to sign up for a free account and follow their
instructions for linux working a live Lub 16.04 to get access with a US
proton vpn server. The connection broke off (and my network manager
disappeared from the notification area) but I was able to get
re-established using the same ovpn and the 2nd time I had a different IP
from the first.

I had some early trouble at the proton vpn webpage not working properly
to setup the account.

I think it is a smart idea for these pay vpn providers to have a free
model, which of course is significantly restricted compared to what you
get with the various pay models.

--
Mike Easter

Snit

unread,
Sep 22, 2017, 7:56:44 PM9/22/17
to
On 9/22/17, 2:58 PM, in article f2lf9c...@mid.individual.net, "Mike
Windscribe will even give me 10GB a month free... as opposed to total of 10
GB and then done, if I get enough Monero hashes for them (10,000,000). If
anyone cares to help me get there, this is the link:

<https://windscribe.com/miner/zji9wldf>

If they do, please let me know here and I will let you know when I get to
the 10,000,000. Or if not looks like I can do it myself in a few days.
Started this morning and already nearing 1,000,000... so looks like maybe a
week to get to the full amount.

Blake Snyder

unread,
Sep 23, 2017, 5:52:32 AM9/23/17
to
On Thu, 21 Sep 2017 19:13:24 -0700, in
<news:D5E9BFD4.B75F6%use...@gallopinginsanity.com>, Snit wrote:

>> You say exactly what I've heard said by many iOS users forever.
>
> Well, I *do* think judging a system by a checkmark list of features is bad.

When you say naive things like that, it's like you asserting with all your
righteous fervor that you think drinking polluted water is bad.

You're just wasting everyone's time because it's just meaningless rhetoric
on your part designed to imply that everyone else is drinking polluted
water (i.e., judging by check mark) except you.

I'll tell you as much as you just told us:
- Well, I *do* think swimming in a lava pit is bad.
- Well, I *do* think splashing bleach in my eyes is bad.
- Well, I *do* think diving off the Brooklyn Bridge is bad.
etc.

> I am on the newest iOS and NOT the newest Android (though my iOS device is
> older).

Again, you constantly seem to be akin to the hypothetical kid staring at
the moon asking the dad to take him there.

The fact that you think the iOS lack of functionality has *anything* to do
with the *version* of the operating system means my entire previous post
had zero impact on your brain.

It's like you can't comprehend cold bare basic fact.

I can only draw one of two possible conclusions from that fact that you
miss the most basic of fact, but I won't state what those two possibilities
are.

I will just again explain that the *reason* that iOS will *always* be far
less functional than Android has *nothing* to do with the phone hardware.

The hardware is about the same.

The reason that iOS will always be less functional than Android also has
absolutely nothing to do with the *version* of the operating system. Heck,
it has been proven time and again that a 5-year-old Android device is more
functional than the *next* (upcoming!) iOS operating system!

It doesn't matter *what* version of the iOS operating system we talk about
(even future versions, like iOS 12 for heaven's sake).

The reason the next iOS will (still be) far less functional than Android
was five years ago is because Apple limits what the operating system can
do.

It's no more complicated than that cold bare hard fact.
Why you can't see cold hard bare facts is the question here.

You try to push the cold bare hard fact out of your mind by claiming that
people have a "preference" for one OS or the other when all we are talking
about are cold hard facts.

There is no escalator to the moon.
Apple is the only entity that limits what iOS can do.

When you get *that* cold hard fact into your head, then you can talk to an
adult like adults talk to an adult.

> First, good of you to post that list. I do not know if it is accurate, and,
> of course, even if it is that does not back your claim that iOS lacks
> features Android has.

Anyone can (and has many times) listed the functionality that Android
phones almost all do (even phones five years old) that the latest (iO11)
Apple phones still can't do.

On the flip side, nobody can list *any* functionality on iOS that Android
doesn't already have. All the iOS people can list are brand names and
trademark names, which are meaningless in terms of functionality.

When you compare the actual functionality, Android either had it first or
Android copied what Apple had. Either way, there is no functionality on iOS
that anyone has ever been able to name that isn't already on Android.

The iOS users try but all they can list are meaningless brand names and
trademark names, which they naively think are "functionality".

But I will ask you the same thing that has been asked on the iOS newsgroups
umpteen times where they came up blank every single time (sure, they listed
trademarks, but they can't list functionality because they don't even
understand their own devices for the most part - they just press buttons).

Tell us oh vaunted Snit.
. Name one (just one) functionality on iOS that isn't on Android already.

Note: I have cc'd the misc.phone.mobile.iphone group, who can only name
brand names - that's how certain I am of the outcome of that question.

NOTE: About two months ago, someone mentioned something, I don't remember
what it was, that iOS actually did that Android didn't do ... so there
might be a single bit of functionality - whatever it was - that iOS can do
that Android can't do. If so, there is only one. But I don't remember what
it was - where certainly the iOS people must know what it is if it is true
that there might be a single bit of functionality that iOS has over
Android.

> It is a claim I would like to see you support. I have no horse in this
> race... but it is clear you do. Also clear you make claims without backing
> them. When this is noted it is frustrating to you. Interesting.

Did you read the thread that I pointed you to?
(Hint: Apparently not.)

> That is one argument... and there are others. Pros and cons to each way of
> doing things.

Again, you're like the kid staring at the moon asking his dad to take him
there.

Since Apple's idea of a chain saw is a butterknife, it's a lot *safer* to
use, which is *why* people *love* iOS so much.

The reason people love iOS is it make them *feel* safe.

We could argue from now until the end of time whether that feeling of
safety is functionality in and of itself.

> You made an argument about Android being able to do things iOS cannot, but
> yoru claim was the opposite (that iOS can not do things Android can). You
> did not back that. Seems like it would be a very hard thing to back.

Do you realize what you just said?
You sound so similar - are you really not "nospam" in disguise?

You're saying that I didn't prove that an escalator doesn't exist that
takes the little boy to the moon!

I already said that *nobody* on this planet can show a single
functionalities that iOS has that Android doesn't have, and I said that I
even added the misc.phone.mobile.iphone people to this thread, and *they*
can only come up with meaningless trademarks.

How do you expect anyone to prove to you that an escalator doesn't exist to
the moon?

> This is the original claim of yours which is not backed. Just for starters I
> can name screen recording: iOS does this natively, Android requires third
> party apps.

You're just playing an argument game like 'nospam' does all the time.

Again, only two conclusions can be drawn from that (moronic) argument you
just proposed. You know why I say it's "moronic"? Because you just told me
that you read my arguments of what Android does that iOS can't possibly do
where I listed things that are *added* to Android (like phone recording
tools, wifi recording tools, cellular recording tools, app launchers,
torrent downloaders, etc.).

Did you *not* understand a *single* thing that was already said?
Or are you just being duplicitous?

Those are the only two conclusions that can be drawn when you subsequently
assert this "native" claim.

Talking to you like an adult is difficult because:
a. You read and seem to understand the argument that tools are added
b. Then you claim the opposite by arguing what is native

Your own argument makes no sense, just like your checklist argument.
You are sputtering like nospam does all the time.

You just don't like the fact that there is no escalator to the moon.
You just don't like the fact that Apple limits what iOS can do.

Be an adult and either *understand* or *admit* the facts.
If you don't want to admit the fact, then at least give an adult reason why
you think the fact is true.

HINT: If you say nobody can prove that an escalator doesn't exist that
takes the boy to the moon, and that is the *entire basis* of your point of
view that you believe the escalator does exist, then that would not be
considered an adult argument (except in philosophy). :)

> Another big one for me is having my older device run the newest iOS.

Wow. You really don't get the *simplest* of facts.
It's amazing, actually, how much you and nospam are alike.

You can't *comprehend* a simple fact that it's *Apple* who limits what iOS
can do, such that even a five-year-old Android device can do things that
iOS will never be able to do (even the next ten iOS versions!).

Unless Apple changes (which is unlikely), iOS will *never* have the
functionality of Android.

It's a basic fact that is born of the iOS philosophy versus the Android
philosophy.

Let's talk to you as if you are an adult by saying that it's *obvious* that
Android will just *copy* anything that iOS comes up with that it can copy,
right? If it's worth copying, then Android will copy it, right?

What can't Android copy?
Trademarks. OK.
Brand names. OK.

But functionality?
Android can copy that.

We already established beyond a shadow of a doubt that the hardware is
"about the same" (for high end devices) as Apple doesn't have any better
chip-making abilities than anyone else. Sure, *brand names* differ and
*patents* can be bought and sold, but Apple can copy good hardware ideas
just as all the Android phone makers can copy good hardware ideas.

So, continuing our adult conversation, it's logical that the hardware will
always be "about the same".

Now let's get to that Android functionality, shall we?

If Android has good functionality, say, oh, the ability to load any
launcher, or the ability to automatically record phone calls, or the
ability to use any app loader concept (even APKs from other phones), or,
the ability to graph wifi signal over a period of time, or ...

Here is the *adult* question for you:
Q: Why isn't *that* kind of stuff on iOS devices?

C'mon now. What's the answer?
Be an adult.

The adult answer is that Apple *limits* what iOS can do.

Think about this now.
a. If the hardware is "about the same", and,
b. If Android makers copy all that iOS can do, and,
b. If Apple literally limits what iOS can do, then...

What is the adult answer to this fundamental adult question:
Q: Which platform is always going to be less functional?

--
The fup is set to misc.phone.mobile.iphone as this isn't a linux issue.

Blake Snyder

unread,
Sep 25, 2017, 1:34:24 AM9/25/17
to
On Thu, 21 Sep 2017 19:49:13 -0700, in
<news:D5E9C839.B75FF%use...@gallopinginsanity.com>, Snit wrote:

> You have moved goal posts to if boiled water is sterile (in most cases yes,
> assuming you boil for more than a minute or so) to if boiling water can be
> used to sterilize non-liquid elements larger placed in it.

An autoclave has certain temperature, humidity, pressure, and time
constraints for a reason.
HINT: spores

"...immersion in boiling water for 10 minutes at sea level will kill all
viruses and all vegetative bacteria, but not spores, particularly those of
tetanus and gas gangrene. A boiling water ''sterilizer' is therefore badly
named. At a height of 3000 metres water boils at 90[de]C and is much less
effective."

http://www.meb.uni-bonn.de/dtc/primsurg/docbook/html/x518.html

Snit

unread,
Sep 25, 2017, 11:25:45 AM9/25/17
to
On 9/24/17, 10:34 PM, in article oqa4gt$4od$1...@news.mixmin.net, "Blake
Even if not perfect sterilization... it still is a useful sterilization
technique to know. OK.

Anonymous Remailer (austria)

unread,
Oct 9, 2017, 3:28:37 PM10/9/17
to

In article <opv509$36v$1...@news.mixmin.net>
Blake Snyder <blakebla...@outlook.com> wrote:
>
> On Thu, 21 Sep 2017 01:29:23 -0000 (UTC), in
> <news:opv4li$25f$1...@news.mixmin.net>, Blake Snyder wrote:
>
> > Here is the complete unadulterated config file which was valid today which
> > produces not only the signature but also the header lines.
>
> Here is a corresponding openvpn config file which I'm using at this exact
> moment which does NOT produce the Avast header and signature in Usenet
> posts.

Dude, it has nothing to do with OpenVPN. The signature is added
by the client exit. There are no personally identifying
features, just the annoying sig.

Note the client IP and don't use it, or send a note to Tsukuba
about it.

Or, use a modern OS and something other than Avast.

0 new messages