Experimenting with Web/Usenet gateway

[cmac...@newsgrouper.invalid]

References:
User-Agent: Newsgrouper 0.2

Hi, I'm working on a Web interface to Usenet, specifically Eternal September.
It's still in a fairly rough state but the basic functionality now seems to be
working. So I would be interested in feedback from anyone who can be bothered
to try it. It's at https://cmacleod.me.uk/newsgrouper .

I hope to have it fully functional by the time Google Groups turn off their
web interface to Usenet.

--
Colin Macleod.

[Jon Ribbens]

On 2024-01-11, cmac...@newsgrouper.invalid <cmac...@newsgrouper.invalid> wrote:
> Hi, I'm working on a Web interface to Usenet, specifically Eternal
> September.
> It's still in a fairly rough state but the basic functionality now
> seems to be working. So I would be interested in feedback from anyone
> who can be bothered to try it. It's at
> https://cmacleod.me.uk/newsgrouper .
>
> I hope to have it fully functional by the time Google Groups turn off
> their web interface to Usenet.

Asking people to enter their Eternal September username and password
into a third-party web site is... not ideal.

[Marco Moock]

Am 11.01.2024 um 15:35:16 Uhr schrieb cmac...@newsgrouper.invalid:

> Hi, I'm working on a Web interface to Usenet, specifically Eternal
> September. It's still in a fairly rough state but the basic
> functionality now seems to be working. So I would be interested in
> feedback from anyone who can be bothered to try it. It's at
> https://cmacleod.me.uk/newsgrouper .

Do you plan to make the content of the groups publicly available
without login?

[cmac...@newsgrouper.invalid]

Jon Ribbens <jon+u...@unequivocal.eu> posted:

You have a point but I don't see how else I could do it.
You can use the site as guest without logging in but that does not allow posting.
I use a common Et.Sept login to pull articles and then cache them on my server.
But letting people post through that without requiring their actual userid would be opening the door to spam.
I also need some form of user identification to be able to track groups and articles read anyway.

Can you suggest a better approach?

Colin.

[cmac...@newsgrouper.invalid]

Marco Moock <mm+s...@dorfdsl.de> posted:

I have a Guest Login facility which allows reading but not posting.

[Ray Banana]

Thus spake Jon Ribbens <jon+u...@unequivocal.eu>

It's also a violation of Eternal-September's TOS, a fact he has chosen
to ignore :-(

,-----------------------------------------------------------------------
| No Redistribution of Account Information
| Account information (user name, password) must not be disclosed to third
| parties ("Account Sharing"). Every user is obliged to keep his account
| information secret, to protect it against unauthorized access, and to
| report any loss or potential leakage.
`------------------------------------------------------------------------

https://www.eternal-september.org/index.php?language=en&showpage=terms

--
Пу́тін — хуйло́
https://www.eternal-september.org

[cmac...@newsgrouper.invalid]

Ray Banana <ray...@raybanana.net> posted:

>
> It's also a violation of Eternal-September's TOS, a fact he has chosen
> to ignore :-(
>

> https://www.eternal-september.org/index.php?language=en&showpage=terms
>
Hi Ray, I sent email to support and Wolfgang a few weeks ago and yourself
more recently asking about this specific point. I got no reply.

Sorry, need to go now, can discuss further later.

Colin

[Ray Banana]

Thus spake cmac...@newsgrouper.invalid

> Hi Ray, I sent email to support and Wolfgang a few weeks ago and yourself
> more recently asking about this specific point. I got no reply.


> Sorry, need to go now, can discuss further later.

Hi Colin, you might want to check your spam folder:

/var/log/maillog-20240107:Jan 6 10:10:53 h2700112 postfix/qmgr[17654]: 5A7A4760419: from=<ray...@raybanana.net>, size=30104, nrcpt=1 (queue active)
/var/log/maillog-20240107:Jan 6 10:10:55 h2700112 postfix/smtp[9702]: 5A7A4760419: to=<colin_g...@yahoo.com>,
relay=mta6.am0.yahoodns.net[67.195.204.74]:25, delay=2.6,
delays=0.17/0.02/1/1.3, dsn=2.0.0, status=sent (250 ok dirdel)
^^^^^^^^^^^

[sticks]

I don't see what's to discuss. He answered your question by showing
that what you're doing is against his TOS. You can't do it. You should
honor that!



--
Stand With Israel!
NOTE: If you use Google Groups I don't see you,
unless you're whitelisted and that's doubtful.

[Bobbie Sellers]

Well a Web/Usenet Gateway does nothing that some of the old
BBSes did. That is how I first read Usenet and got to the Web.

The real problem is getting to the ISP.

bliss

[David W. Hodgins]

On Thu, 11 Jan 2024 11:37:54 -0500, sticks <wolve...@charter.net> wrote:

> On 1/11/2024 10:02 AM, cmac...@newsgrouper.invalid wrote:
>> Ray Banana <ray...@raybanana.net> posted:
>>>
>>> It's also a violation of Eternal-September's TOS, a fact he has chosen
>>> to ignore :-(
>>>
>>> https://www.eternal-september.org/index.php?language=en&showpage=terms
>>>
>> Hi Ray, I sent email to support and Wolfgang a few weeks ago and yourself
>> more recently asking about this specific point. I got no reply.
>>
>> Sorry, need to go now, can discuss further later.
>>
>> Colin
>
> I don't see what's to discuss. He answered your question by showing
> that what you're doing is against his TOS. You can't do it. You should
> honor that!

I don't think he is violating the tos. Anyone other then him that's using his
website is violating the tos as they are the one's sharing their credentials
with a third party.

I think the website could work, but it would have to use javascript or something
similar to login/post the articles directly to e-s without the credentials going
to the website.

Regards, Dave Hodgins

[Dave Royal]

Will you opensource the server? If so I might try running on the
rPi on my home LAN. That shouldn't contravene E-S's
TOS.
--
Remove numerics from email address

[Colin Macleod]

Ray Banana <ray...@raybanana.net> wrote in
news:8m4jfjx...@raybanana.net:

You are right Ray, this had gone to spam. Difficult to find because I
use thunderbird to read mail but this was not in the junk folder there.
Yahoo had filed it as spam before it could be downloaded by thunderbird
(I have tried to turn this behaviour off but can't see how). I also
looked there for any earlier reply to the queries I sent when I was
starting on this development but didn't find any.

In your email you raise several technical issues which should be
fixable, but the Terms of Service issue is the critical one.

I continue to believe that a web gateway to usenet could be a useful
service, and I'm reluctant to abandon the work I have done so far. I
think my options are:

1) Continue with Newsgrouper as a read-only service and just tell people
that if they want to post they will need to find another route. I would
then not need their Et.Sept login details. I would need to create a
separate user registration system if I was to track their read/unread
groups and articles (but perhaps I could just use web cookies for this).

2) Try to find another nntp server with looser policies. In that case I
would need to implement my own spam filtering, which Et.Sept does pretty
well.

3) Run my own news server to support the web service. I'm not very keen
to take that on.

4) If Eternal September felt that offering a web front-end would be a
worthwhile addition to their service, they could take over hosting it
and no "third party" would be involved. I would be happy to assist with
this in the unlikely event that they agreed :-)

--
Colin Macleod

[Colin Macleod]

Dave Royal <da...@dave123royal.com> wrote in news:unpb5g$339fr$1@dont-
email.me:

> Will you opensource the server? If so I might try running on the
> rPi on my home LAN. That shouldn't contravene E-S's
> TOS.

I would be happy to open-source it once it's a bit more solid. But a major
factor in the design is caching headers and articles locally so that if
multiple users read the same things they only get downloaded from the nntp
server (Eternal September) once. That's all redundant if it's only used by
one individual.

[VanguardLH]

Colin Macleod <c...@erehwon.invalid> wrote:

> Ray Banana <ray...@raybanana.net> wrote:
>
>> Hi Colin, you might want to check your spam folder:
>

> You are right Ray, this had gone to spam. Difficult to find because I
> use thunderbird to read mail but this was not in the junk folder there.
> Yahoo had filed it as spam before it could be downloaded by thunderbird
> (I have tried to turn this behaviour off but can't see how).

Why IMAP which shows all subscribed folders is better than POP which
shows only the Inbox folder.

[immibis]

It used to be quite common across the web, until everyone started caring
about security.

What's the worst that can happen - you get banned from E-S?

[yamo']

Hi,
cmac...@newsgrouper.invalid a tapoté le 11/01/2024 16:35:

> References:
> User-Agent: Newsgrouper 0.2
>
> Hi, I'm working on a Web interface to Usenet

There are already some solutions :

Rocksolid Light that I had to try :
<https://gitlab.com/rslight-public/rocksolid-light>

And really simple solution with PHP8 for a newsmaster :
<https://gitlab.com/yamo-nntp/newsportal/-/blob/master/README.org>

--
Stéphane

[Jon Ribbens]

Well since you ask I suppose the *worst* that can happen is that someone
uses your details to post some devastating libel about someone rich and
famous, they sue both you and Ray, Eternal September gets shut down, you
get made bankrupt, you're out on the streets, you turn to drugs and crime
to get by, you overdose in a back alley and nobody finds your body until
global warming floods wash it out into the main street where your ageing
mother trips over your decomposing corpse, shattering her hip and shortly
thereafter dying from heartbreak and complications from surgery.

[Sn!pe]

Jon Ribbens <jon+u...@unequivocal.eu> wrote:

[...]

> > What's the worst that can happen - you get banned from E-S?
>
> Well since you ask I suppose the *worst* that can happen is that someone
> uses your details to post some devastating libel about someone rich and
> famous, they sue both you and Ray, Eternal September gets shut down, you
> get made bankrupt, you're out on the streets, you turn to drugs and crime
> to get by, you overdose in a back alley and nobody finds your body until
> global warming floods wash it out into the main street where your ageing
> mother trips over your decomposing corpse, shattering her hip and shortly
> thereafter dying from heartbreak and complications from surgery.

So we escape all-out nuclear war and the demise of the West? Phew!

--
^Ï^. Sn!pe, PA, FIBS - Professional Crastinator

My pet rock Gordon just is.

[Sn!pe]

Jon Ribbens <jon+u...@unequivocal.eu> wrote:

[...]

> > What's the worst that can happen - you get banned from E-S?
>
> Well since you ask I suppose the *worst* that can happen is that someone
> uses your details to post some devastating libel about someone rich and
> famous, they sue both you and Ray, Eternal September gets shut down, you
> get made bankrupt, you're out on the streets, you turn to drugs and crime
> to get by, you overdose in a back alley and nobody finds your body until
> global warming floods wash it out into the main street where your ageing
> mother trips over your decomposing corpse, shattering her hip and shortly
> thereafter dying from heartbreak and complications from surgery.

So we escape all-out nuclear war and the fall of the West? Phew!

[Colin Macleod]

Colin Macleod <c...@erehwon.invalid> wrote in
news:XnsB0F6BEADAE195co...@135.181.20.170:

Here's a further thought - I just realised that there's no real need for
posting to go through the same nntp server as reading. So I could just
require any user who wants to post to enter the details for whatever
server and account they wish to use for posting. This is the same info
you would need to configure any desktop client anyway. Since I am
undertaking not to misuse this info myself or reveal it to anyone else I
don't think this counts as "account sharing". However since Ray thinks
it does I could block the use of E-S accounts for posting.

I am hoping it would be ok to continue reading from E-S using the
"newsgrouper" account I have set up for this purpose. Could
Ray/Wolfgang/Whoever-really-runs-E-S confirm this?

Thanks in advance for any enlightenment.

--
Colin Macleod.

[J. P. Gilliver]

In message <b8m0o99...@v.nguard.lh> at Thu, 11 Jan 2024 14:40:48,
VanguardLH <V...@nguard.LH> writes

I'm not sure what "subscribed folders" _means_ in a POP context.

If you run POP on one machine and IMAP on others, connected to the same
server, this may happen, but if you only run POP, I don't think you can
_have_ folders _on the server_. (You can do whatever you like on the
client, dependent on whether the client software lets you make
"folders", but I don't think the _interface_ [between client and server]
_has_ the concept of folders, in POP.)
--
J. P. Gilliver. UMRA: 1960/<1985 MB++G()AL-IS-Ch++(p)Ar@T+H+Sh0!:`)DNAf

WANTED, Dead AND Alive: Schrodinger's Cat

[Adam H. Kerman]

J. P. Gilliver <G6...@255soft.uk> wrote:
>Thu, 11 Jan 2024 14:40:48, VanguardLH <V...@nguard.LH>:

>>>. . .

>>Why IMAP which shows all subscribed folders is better than POP which
>>shows only the Inbox folder.

>I'm not sure what "subscribed folders" _means_ in a POP context.

>If you run POP on one machine and IMAP on others, connected to the same
>server, this may happen, but if you only run POP, I don't think you can
>_have_ folders _on the server_. (You can do whatever you like on the
>client, dependent on whether the client software lets you make
>"folders", but I don't think the _interface_ [between client and server]
>_has_ the concept of folders, in POP.)

Furthermore, POP has to interact with the inbox, the folder into which
incoming messages are filed. You can have archive folders on the
server but POP cannot interact with them.

As I've been a pine user since the beginning of my email use, I've always
used IMAP. The client and protocol grew up together. In fact, pine was
not a POP client when it was first written.

[Adam H. Kerman]

Colin Macleod <c...@erehwon.invalid> wrote:

>>. . .

>Here's a further thought - I just realised that there's no real need for
>posting to go through the same nntp server as reading. So I could just
>require any user who wants to post to enter the details for whatever
>server and account they wish to use for posting. This is the same info
>you would need to configure any desktop client anyway. Since I am
>undertaking not to misuse this info myself or reveal it to anyone else I
>don't think this counts as "account sharing". However since Ray thinks
>it does I could block the use of E-S accounts for posting.

The client would run on your server. The credentials must be entered on
the same host on which the client runs.

My newsreader lives on a host that I access remotely. I guess that's
comparable, but your adding another intermediary server -- running the
Web interface -- before getting to the client that will submit the proto
article for injection. I have an account on this host. My credentials
live in my account. With a Web interface, your user won't have an
account and his credentials will live in your account. I suppose they
could have an account that's strictly limited to posting the proto
article.

The administrator of my host can read anything in my account so if he
wants to look, he'll see my credentials.

Is there something about the use of the Web interface that makes your
storage of the credentials somehow compromised? I don't think so but I
really don't know.

I heard you say something about slrn. Would the Web interface literally
interface with the composer within slrn? That would make sense since
composers within Web interfaces are rarely written to compose pure plain
text conventional article with no HTML entities, regular line length,
and ASCII whitespace only. In followup, these Web interface composers
are horrid about conventional quoting and ignore the need to reformat
quoted paragraphs when using a shorter line length.

[Colin Macleod]

"Adam H. Kerman" <a...@chinet.com> wrote in
news:unroab$3h21e$1...@dont-email.me:

>
> Furthermore, POP has to interact with the inbox, the folder into which
> incoming messages are filed. You can have archive folders on the
> server but POP cannot interact with them.
>
> As I've been a pine user since the beginning of my email use, I've
> always used IMAP. The client and protocol grew up together. In fact,
> pine was not a POP client when it was first written.
>

Personally I stick to POP because I want to make sure I have all my
email securely downloaded to my machine, where I can back it up and be
sure it won't get lost if the provider has a melt-down, goes bust,
whatever...

--
Colin Macleod.

[Adam H. Kerman]

Colin Macleod <c...@erehwon.invalid> wrote:
>Adam H. Kerman <a...@chinet.com>:

>>Furthermore, POP has to interact with the inbox, the folder into which
>>incoming messages are filed. You can have archive folders on the
>>server but POP cannot interact with them.

>>As I've been a pine user since the beginning of my email use, I've
>>always used IMAP. The client and protocol grew up together. In fact,
>>pine was not a POP client when it was first written.

>Personally I stick to POP because I want to make sure I have all my
>email securely downloaded to my machine, where I can back it up and be
>sure it won't get lost if the provider has a melt-down, goes bust,
>whatever...

IMAP has always been far superior in that respect than POP, although POP
has been improved over the decades.

IMAP can be used for mailbox synchronization but I don't use it like
that. alpine is the wrong client for that purpose. I'd have to change
clients.

[Colin Macleod]

"Adam H. Kerman" <a...@chinet.com> wrote in news:unrpfd$3h7hu$1@dont-
email.me:

>
> Is there something about the use of the Web interface that makes your
> storage of the credentials somehow compromised? I don't think so but I
> really don't know.
>
> I heard you say something about slrn. Would the Web interface literally
> interface with the composer within slrn? That would make sense since
> composers within Web interfaces are rarely written to compose pure plain
> text conventional article with no HTML entities, regular line length,
> and ASCII whitespace only. In followup, these Web interface composers
> are horrid about conventional quoting and ignore the need to reformat
> quoted paragraphs when using a shorter line length.

I didn't mention slrn. The server in this case is a spare oldish PC
sitting on my (physical) desktop at home . I summarised the architecture
at https://news.ycombinator.com/item?id=38923340

--
Colin Macleod.

[Adam H. Kerman]

Colin Macleod <c...@erehwon.invalid> wrote:

>>. . .

>I didn't mention slrn. . . .

My error

[Grant Taylor]

On 1/12/24 09:43, Colin Macleod wrote:
> Here's a further thought - I just realised that there's no real need
> for posting to go through the same nntp server as reading.

I think adding multiple servers into the mix is just asking for more
confusion and largely unnecessary.

> So I could just require any user who wants to post to enter the details
> for whatever server and account they wish to use for posting. This is
> the same info you would need to configure any desktop client anyway.

Yes, it's the same information.

However where the information is used and who it is used by is
completely different.

> Since I am undertaking not to misuse this info myself or reveal
> it to anyone else I don't think this counts as "account sharing".

It /is/ sharing.

The user is providing their credentials for you / your server to do
something on their behalf. Thus you have / your server has their
credentials in addition to them.

> However since Ray thinks it does I could block the use of E-S accounts
> for posting.

Adding exceptions is usually a symptom of a questionable design.

What if someone /only/ has an E-S account?



--
Grant. . . .

[Grant Taylor]

On 1/12/24 10:30, Adam H. Kerman wrote:
> The administrator of my host can read anything in my account so if
> he wants to look, he'll see my credentials.

This is why it's best practice to encrypt sensitive things, like SSH
keys being protected with a pass phrase.

> Is there something about the use of the Web interface that makes your
> storage of the credentials somehow compromised? I don't think so but
> I really don't know.

Even if the client provides them every time and they aren't stored on
the web server, the web server still has access to them. Thus the
credentials are accessible by three different entities; the client, the
news server, /and/ /the/ /web/ /server/.

> I heard you say something about slrn. Would the Web interface literally
> interface with the composer within slrn? That would make sense since
> composers within Web interfaces are rarely written to compose pure
> plain text conventional article with no HTML entities, regular line
> length, and ASCII whitespace only. In followup, these Web interface
> composers are horrid about conventional quoting and ignore the need
> to reformat quoted paragraphs when using a shorter line length.

That's a UI / UX issue and not directly related to the web, though the
web does complicate that in that it usually is white space agnostic,
thereby hiding some of the underlying problems.

[Grant Taylor]

On 1/12/24 13:46, Grant Taylor wrote:
> Thus the credentials are accessible by three different entities;

> the client, the news server, and the web server.

I wonder if it's possible to write an NNTP client in JavaScript such
that the end user's computer is what communicate with the far end news
server.

If that was done with encryption between the end user and the far news
server, the intermediate web server would not see any credential
information.

I doubt that JavaScript on the end user's computer will be able to talk
NNTP on the far end news server for various web related security
reasons. However I suspect that it would be possible to get JavaScript
on the end user's computer to use the intermediate web server as a
WebSocket gateway to convert between WebSocket and TCP connection to the
far end news server.

This would mean that the JavaScript NNTP client would tunnel through the
web server to talk to the far end news server. Thereby meaning that
only the JavaScript news client and the far end news server would be
involved in credential handling.

You would want to use the NNTPS (563) port and implement TLS support in
the JavaScript news client running on the end user's computer. Thereby
encryption the communications between the client's computer and the far
end news server so that there is no way for the intermediate web server
to sniff anything.

It would probably be possible for the JavaScript news client to use the
intermediate web server as storage for articles, subscriptions, drafts,
settings, and maybe even an encrypted blob that contains account
credentials.

This seems like it should be possible, but also seems like a large /
heavy lift.

The only other way that I see something like this being possible is with
some sort of authentication wherein the client can delegate proxy
credentials without disclosing real credentials to the intermediate web
server. The first thing that comes to mind to support this is Kerberos.
But that's a three headed beast of another type.

[Adam H. Kerman]

Grant Taylor <gta...@tnetconsulting.net> wrote:
>On 1/12/24 10:30, Adam H. Kerman wrote:

>>The administrator of my host can read anything in my account so if
>>he wants to look, he'll see my credentials.

>This is why it's best practice to encrypt sensitive things, like SSH
>keys being protected with a pass phrase.

That's how I get to the shell. I don't have a practical way of passing
along my credentials to Ray's site in that manner given my current
setup. I'm sure there's a way to do it, though.

>>. . .

[Andy Burns]

Grant Taylor wrote:

> I wonder if it's possible to write an NNTP client in JavaScript

That's exactly how Thunderbird now speaks NNTP, not sure how practical
it is to detach it from TB would be though ...

[Andy Burns]

Grant Taylor wrote:

> he user is providing their credentials for you / your server to do
> something on their behalf.

oAuth2 for NNTP servers? Somehow I doubt it ...

[Grant Taylor]

On 1/12/24 14:02, Adam H. Kerman wrote:
> I don't have a practical way of passing along my credentials to Ray's
> site in that manner given my current setup. I'm sure there's a way
> to do it, though.

Ya. That's something I consider to be a perpetual problem.

Howe do you have an encrypted file that a program that doesn't
understand encryption can work with while preventing other programs from
accessing the file.

The best that I've come up with and gotten to work the few times that I
needed it was to use file descriptor redirection:

cat <(gpg -d file.gpg)

gpg syntax is from rough memory.

This has all sorts of limitations like rewinding and file access being
one way.

Then you can have gpg use a forwarded socket to talk to a GPG agent on
your local client system.

[Grant Taylor]

On 1/12/24 14:16, Andy Burns wrote:
> oAuth2 for NNTP servers?  Somehow I doubt it ...

I was responding as if end users were providing username and password to
the intermediate web to news gateway and it was logging into the news
server on their behalf.

Read: an application layer gateway / proxy in the truist of forms.

[Adam H. Kerman]

Thank you

[Dan Purgert]

POP (just like IMAP) doesn't do anything for "security". That's the job
of TLS (nee SSL). Likewise, you won't "lose" your email when pulled via
IMAP, if the server copy goes away (nor does it prevent you from making
backups, etc.)


--
|_|O|_|
|_|_|O| Github: https://github.com/dpurgert
|O|O|O| PGP: DDAB 23FB 19FA 7D85 1CC1 E067 6D65 70E5 4CE7 2860

[Jon Ribbens]

On 2024-01-13, Dan Purgert <d...@djph.net> wrote:
> On 2024-01-12, Colin Macleod wrote:
>> "Adam H. Kerman" <a...@chinet.com> wrote in
>> news:unroab$3h21e$1...@dont-email.me:
>>> Furthermore, POP has to interact with the inbox, the folder into which
>>> incoming messages are filed. You can have archive folders on the
>>> server but POP cannot interact with them.
>>>
>>> As I've been a pine user since the beginning of my email use, I've
>>> always used IMAP. The client and protocol grew up together. In fact,
>>> pine was not a POP client when it was first written.
>>
>> Personally I stick to POP because I want to make sure I have all my
>> email securely downloaded to my machine, where I can back it up and be
>> sure it won't get lost if the provider has a melt-down, goes bust,
>> whatever...
>
> POP (just like IMAP) doesn't do anything for "security".

That's not really true. POP3 has the APOP command, for example, which
provides a way of authenticating over an unencrypted connection in a
way which means that anyone snooping on the connection cannot work out
what the password is, or use the data for a replay attack.

(Or at least wouldn't be able to, if MD5 hadn't been comprehensively
broken since 1996 when the POP3 protocol was published.)

The IMAP protocol similarly provides multiple different cryptographic
authentication mechanisms via its AUTHENTICATE command.

[Dave Royal]

Grant Taylor wrote:

> I wonder if it's possible to write an NNTP client in JavaScript such that
> the end user's computer is what communicate with the far end news server.

I've thought about it. My Android python-kivy-based nntp client*
is far too slow, partly because it's all single-threaded. The
only other language I know is javascript, and that can do async
functions.

So a web app? I too doubted whether a web app can talk nntp to a
random server (because SOP). Maybe it could exchange messages
with an external program which would do it: the external
messaging API exists on desktop and is async. But it's not (yet?)
implemented on Firefox on Android.

But I'd then have to write that bit in java or whatever. And with
Android what works today may not work tomorrow. So I stopped
thinking about it.

*Not the one I'm using now.

[J. P. Gilliver]

In message <65a1f957$1...@news.ausics.net> at Sat, 13 Jan 2024 12:45:43,
noel <delet...@invalid.lan> writes
[]
>to deal with 20 years ago, and the fact now days most the population are
>windows and mac users who tend to use thunderbird for Email also use it
>for usenet, so walked away from it as time-involved unjustifiable)
[]
I get the _impression_ - I don't have figures - that the majority of the
online population are now smartphone users (Android an iPhone), with
Windows and Mac very much in the minority (and thought of as dinosaurs).
Though that probably doesn't apply to usenet users (I know several who
_do_ use usenet from Android or iPhone, but they're probably a minority
- most will never have heard of usenet).

--
J. P. Gilliver. UMRA: 1960/<1985 MB++G()AL-IS-Ch++(p)Ar@T+H+Sh0!:`)DNAf

I don't see the requirement to upset people. ... There's enough to make fun of
without offending. - Ronnie Corbett, in Radio Times 6-12 August 2011.

[Colin Macleod]

Grant Taylor <gta...@tnetconsulting.net> wrote in news:uns5hr$dji$3
@tncsrv09.home.tnetconsulting.net:

>
> I wonder if it's possible to write an NNTP client in JavaScript such
> that the end user's computer is what communicate with the far end news
> server.

...

> This would mean that the JavaScript NNTP client would tunnel through the
> web server to talk to the far end news server. Thereby meaning that
> only the JavaScript news client and the far end news server would be
> involved in credential handling.
>

Yes that would be a neat way to go.

> This seems like it should be possible, but also seems like a large /
> heavy lift.

Indeed, beyond my capabilities I'm afraid.

--
Colin Macleod.

[Colin Macleod]

noel <delet...@invalid.lan> wrote in news:65a1f957$1...@news.ausics.net:
>
> I can't fathom out in in 2024 why, or even how, someone in a half sane
> mind would expect to setup a third party website requiring someone to
> enter their "other sites" user creds, I mean say it out loud to
> yourself, go on, do it, and ask yourself how the hell that sounds
> acceptable...

I and millions of other people regularly enter credit/debit card details
into third-party websites (i.e. not run directly by Visa/Mastercard/my-
bank) and trust them not to misuse or disclose that info. Of course
that *does* sometimes go wrong, but people continue making online
payments for all kinds of things.

Many people also routinely entrust their login details for other sites
to password manager software which can communicate to "sync across
devices" etc.. I avoid such things but many people do not, even though
some *have* been known to go wrong.

>
> I digress.... you could of course put your code on github where all
> the real smart cookies out there can grab it and scrutinise it,
> finding and fixing any problems you don't see.
>

I have no problem to make the code available, I would prefer to clean it
up a bit first and I won't have time to do that until next week.

--
Colin Macleod.

[J. P. Gilliver]

In message <65a2a201$1...@news.ausics.net> at Sun, 14 Jan 2024 00:45:21,
noel <delet...@invalid.lan> writes

>On Sat, 13 Jan 2024 09:18:43 +0000, J. P. Gilliver wrote:
>
>> I get the _impression_ - I don't have figures - that the majority of the
>> online population are now smartphone users (Android an iPhone), with
>> Windows and Mac very much in the minority (and thought of as dinosaurs).
>

>I often hear this claim, yet the evidence has never supported it, well,
[]
Ah. I supposed that the reason many web pages didn't work very well was
that they were designed for use on smartphones, and were just about made
to work on computers - or, that they overcompensated for what they think
are the huge screens on computers, and thus switch in huge header and
footer banners.

Maybe it's just that web design has gone down the tubes (-:

--
J. P. Gilliver. UMRA: 1960/<1985 MB++G()AL-IS-Ch++(p)Ar@T+H+Sh0!:`)DNAf

as St Augustine says, feeling resentment is like drinking poison and waiting
for the other person to die. Ed Stourton, in RT 2023/1/21-27

[Grant Taylor]

On 1/13/24 03:18, J. P. Gilliver wrote:
> I get the _impression_ - I don't have figures - that the majority of the
> online population are now smartphone users (Android an iPhone), with
> Windows and Mac very much in the minority (and thought of as dinosaurs).

I don't consider what most people do to be a guiding light.

There was a time when most people didn't live inside or didn't cook
their food (ate it raw) or didn't have inside plumbing or smoked on a
plane or or or.

IMHO, doing what most people do is like trying to drive by looking in
the rear view mirror while going forward.

[Grant Taylor]

On 1/13/24 09:52, Grant Taylor wrote:
> I don't consider what most people do to be a guiding light.

Look at the quality and length of content produced on phones; it tends
to be short video and of relatively little value in the grand scheme of
things.

IMHO almost all worthwhile content is produced on things other than
smart phones.

Tablets tend to be more akin to portable computers when it comes to
producing content.

[Grant Taylor]

On 1/13/24 07:09, Colin Macleod wrote:
> I and millions of other people regularly enter credit/debit
> card details into third-party websites (i.e. not run directly by
> Visa/Mastercard/my- bank) and trust them not to misuse or disclose
> that info. Of course that *does* sometimes go wrong, but people
> continue making online payments for all kinds of things.

That analogy doesn't work the way you want it to.

Credit cards, by design, from the very get go, expected that you would
provide the CC details to the 3rd party merchant so that said 3rd party
merchant could bill the 2nd party CC company who would in turn bill the
1st party CC holder, you.

Credit cards are a three party system /by/ /design/.

[Grant Taylor]

On 1/13/24 08:51, noel wrote:
> Are you seriously going to use a method that must undergo a multitude
> of tightly controlled checks and audits to be PCI-DSS compliant
> as a reason to say "oh fuck it we'll give this dude our creds",
> seriously????

Those methods that you're talking about were added /after/ /the/ /fact/
to try to bolt some security onto the 3-party system that credit cards are.

[J. P. Gilliver]

Followup set to .talk

In message <unubq0$qn1$2...@tncsrv09.home.tnetconsulting.net> at Sat, 13
Jan 2024 09:55:44, Grant Taylor <gta...@tnetconsulting.net> writes

>On 1/13/24 09:52, Grant Taylor wrote:
>> I don't consider what most people do to be a guiding light.

No, nor do I. But if it (accessing the internet via smartphone) is what
most people do, some web designers will optimise for it, just supporting
computers as an afterthought so not done well.

>
>Look at the quality and length of content produced on phones; it tends
>to be short video and of relatively little value in the grand scheme of
>things.

And, of course, in a thin vertical strip. Doesn't have to be, but most
moan users don't think to turn it horizontal, and the OS writers don't
seem to want to remind them to do so.

>
>IMHO almost all worthwhile content is produced on things other than
>smart phones.

Agreed.

>
>Tablets tend to be more akin to portable computers when it comes to
>producing content.
>

Better than moans, at least.

>
>
--
J. P. Gilliver. UMRA: 1960/<1985 MB++G()AL-IS-Ch++(p)Ar@T+H+Sh0!:`)DNAf

Speed has never killed anyone. Suddenly becoming stationary, that's what gets
you. - Jeremy Clarkson, Top Gear

[Adam H. Kerman]

Colin Macleod <c...@erehwon.invalid> wrote:

>>. . .

>I and millions of other people regularly enter credit/debit card details
>into third-party websites (i.e. not run directly by Visa/Mastercard/my-
>bank) and trust them not to misuse or disclose that info. Of course
>that *does* sometimes go wrong, but people continue making online
>payments for all kinds of things.

You must provide payment details to the merchant. How else can you get
billed? He provides them to his processor, which sends it to Visa or
MasterCard or American Express or others. Visa and MasterCard send the
transaction to the cardholder's bank to bill the cardholder. If a credit
card and not a bank card like American Express, the cardholder is billed
directly by the network.

And yes, fraud can occur. See from George Santos who was expelled from
the House of Representatives because the Republican Party was terrified
that it could no longer do on line fundraising.

It's not analogous to what you are proposing since using an intermediary
to the client is unusual.

A better analogy would be handing one's credit card to a personal
shopper who is entrusted to buy items from various merchants one behalf
of the customer.

>Many people also routinely entrust their login details for other sites
>to password manager software which can communicate to "sync across
>devices" etc.. I avoid such things but many people do not, even though
>some *have* been known to go wrong.

Ok. That's a better analogy.

>>. . .

[immibis]

On 1/11/24 18:49, David W. Hodgins wrote:
> On Thu, 11 Jan 2024 11:37:54 -0500, sticks <wolve...@charter.net> wrote:
>
>> On 1/11/2024 10:02 AM, cmac...@newsgrouper.invalid wrote:
>>> Ray Banana <ray...@raybanana.net> posted:
>>>>
>>>> It's also a violation of Eternal-September's TOS, a fact he has chosen
>>>> to ignore :-(
>>>>
>>>> https://www.eternal-september.org/index.php?language=en&showpage=terms
>>>>
>>> Hi Ray, I sent email to support and Wolfgang a few weeks ago and
>>> yourself
>>> more recently asking about this specific point.  I got no reply.
>>>
>>> Sorry, need to go now, can discuss further later.
>>>
>>> Colin
>>
>> I don't see what's to discuss.  He answered your question by showing
>> that what you're doing is against his TOS.  You can't do it.  You should
>> honor that!
>
> I don't think he is violating the tos. Anyone other then him that's
> using his
> website is violating the tos as they are the one's sharing their
> credentials
> with a third party.
>
> I think the website could work, but it would have to use javascript or
> something
> similar to login/post the articles directly to e-s without the
> credentials going
> to the website.

This is deliberately impossible in Javascript as it could allow a
website owner to make your computer send spam.

My suggestion: just make the website. If someone wants to give you their
credentials, it isn't your problem. Try to use a different IP address
for posting than reading, so that if Ray bans it from E-S, you can still
fetch the news. If your server has both IPv4 and IPv6, you already have
at least two addresses.

[immibis]

You have to decide whether you want to strictly follow someone else's
ToS or not. But let me remind you: nobody ever got successful and
popular by following a ToS. When Facebook let people log in with their
Myspace account details, they weren't following Myspace's ToS. Myspace
had to allow it anyway, or those users would piss off to Facebook. When
Microsoft said you have to use Windows and Internet Explorer or else,
they weren't following computer vendors' ToS. When Hollywood bribed
legislators to extend copyright law well beyond reasonable limits, they
didn't follow Congress's ToS. Open source is the diametric opposite of
the intentions of the design of copyright law.

In a more current year, Nitter ignores Twitter's ToS; Invidious ignores
YouTube's ToS. The EFF calls it "adversarial interoperability" - someone
doesn't want you to interoperate, but you do it anyway.

You have to decide for yourself whether you want to engage in it.
Probable upsides: your project exists; more people on Usenet. Possible
downsides: IP bans; scary email from Ray; lawsuit; being seen as an
annoying person. Remember to weigh up the probability of him actually
doing them, though, not just the worst case scenario. Most people don't
act unless provoked, and a lawsuit would cost him money for little gain
as well. Courts seem to not be big fans of website ToS. If you like Ray
a lot, you might decide to respect his wishes even in cases where it
doesn't make a lot of sense. If you hate him, you might decide to
violate his ToS out of spite. If your opinion is somewhere in the
middle, so might be your actions. Your choice.

[Jim Jackson]

On 2024-01-14, immibis <ne...@immibis.com> wrote:
> ... snip ... Open source is the diametric opposite of

> the intentions of the design of copyright law.

Actually it isn't. Open Source is about licensing not copyright. You can
release software under an Opensource License e.g. GPL2 or 3, and still
retain copyright over the work.

simply do a search if you want to quibble.

[Colin Macleod]

Colin Macleod <c...@erehwon.invalid> wrote in
news:XnsB0F6BEADAE195co...@135.181.20.170:
>
> I continue to believe that a web gateway to usenet could be a useful
> service, and I'm reluctant to abandon the work I have done so far. I
> think my options are:
>
> 1) Continue with Newsgrouper as a read-only service and just tell
> people that if they want to post they will need to find another route.
> I would then not need their Et.Sept login details. I would need to
> create a separate user registration system if I was to track their
> read/unread groups and articles (but perhaps I could just use web
> cookies for this).
>
> 2) Try to find another nntp server with looser policies. In that case
> I would need to implement my own spam filtering, which Et.Sept does
> pretty well.
>
> 3) Run my own news server to support the web service. I'm not very
> keen to take that on.
>
> 4) If Eternal September felt that offering a web front-end would be a
> worthwhile addition to their service, they could take over hosting it
> and no "third party" would be involved. I would be happy to assist
> with this in the unlikely event that they agreed :-)
>

Ok, I think the whole idea of operating as a front-end to someone else's
nntp server has been fairly comprehensively shot down. Also Ray hasn't
shown any interest in hosting my front-end. I think running a read-only
server would be pointless, I want to enable people to participate in
those groups which remain worthwhile.

So I'm coming back to option 3 - run my own news server. I don't want
the complexity of running INN, but I just came across Leafnode
(https://www.leafnode.org) which looks simpler to run. So I'm thinking
I could set that up and connect my web interface to it. I would have to
take on the hassle of managing user registrations myself, which I was
hoping to avoid, but maybe that's the only way forward. Of course I
would also need to get one or two upstream servers to peer with - any
chance of that Ray?

--
Colin Macleod.

[Ray Banana]

Thus spake Colin Macleod <c...@erehwon.invalid>

> So I'm coming back to option 3 - run my own news server. I don't want
> the complexity of running INN, but I just came across Leafnode
> (https://www.leafnode.org) which looks simpler to run. So I'm thinking
> I could set that up and connect my web interface to it. I would have to
> take on the hassle of managing user registrations myself, which I was
> hoping to avoid, but maybe that's the only way forward. Of course I
> would also need to get one or two upstream servers to peer with - any
> chance of that Ray?

I'm glad you consider this option and have no objections to this setup
;-)

--
Пу́тін — хуйло́
https://www.eternal-september.org

[sticks]

Gawd I love a happy ending!


--
Stand With Israel!
NOTE: If you use Google Groups I don't see you,
unless you're whitelisted and that's doubtful.

[Grant Taylor]

On 1/14/24 11:13, Colin Macleod wrote:
> So I'm coming back to option 3 - run my own news server.

:-)

> I don't want the complexity of running INN,

Please elaborate on what complexity you think there is in running INN.

Other than initial setup, which isn't bad, INN is mostly set it and
forget it like almost all other Internet services.

I have multiple INN servers and I spend less than 5 minutes a month on
all of them combined (as in news service, OS updates are independent).

> but I just came across Leafnode (https://www.leafnode.org) which looks
> simpler to run.

I do not consider leafnode to be a real NNTP server.

Yes it is a server that speaks NNTP. But my understanding is that
leafnode /reactively/ adds a group /after/ someone tries to make use of
it. Additionally I believe it will stop carrying a group after no use
for a long enough time.

I think that this will manifest itself in a few primary problems:

1) Users will have to access a newsgroup before leafnode will start
putting articles in it.

2) You will not have history in a newsgroup past the first time someone
showed any interest in the newsgroup.

3) People will likely end up with a false sense of lack of content
because the newsgroup will not have articles in it because of #1 & #2.

> So I'm thinking I could set that up and connect my web interface to it.

Probably. You would be creating a new two party system; your news
server + your web gateway and the end user.

> I would have to take on the hassle of managing user registrations
> myself, which I was hoping to avoid, but maybe that's the only way
> forward.

Such are the price for doing what you want to do.

Does leafnode have a concept of multiple user accounts connecting to it
as a server? Do you have a framework to put end user accounts into?

> Of course I would also need to get one or two upstream servers to
> peer with - any chance of that Ray?

I wasn't aware that leafnode supported multiple upstreams.

Does leafnode support traditional peering in any way? Either sending or
receiving articles? If it doesn't how do you send articles from
leafnode? Do those articles become associated with the account that you
are having leafnode point to the upstream?

There's a lot I don't know about leafnode. But given my experience with
INN, I seriously question if INN is the amount of work you think it will
be. What's more is I question if INN will be /more/ work than leafnode
or not. Especially if you have to get creative to support multiple
upstreams and / or down stream end user accounts.

My money is on a proper NNTP server, which I consider leafnode to not be.

[David W. Hodgins]

On Sun, 14 Jan 2024 13:06:31 -0500, Grant Taylor <gta...@tnetconsulting.net> wrote:
> I do not consider leafnode to be a real NNTP server.
>
> Yes it is a server that speaks NNTP. But my understanding is that
> leafnode /reactively/ adds a group /after/ someone tries to make use of
> it. Additionally I believe it will stop carrying a group after no use
> for a long enough time.

It only stops carrying the inactive groups if fetchnews is run without
the -n option.

> I think that this will manifest itself in a few primary problems:
>
> 1) Users will have to access a newsgroup before leafnode will start
> putting articles in it.

Ensuring all groups are included would just require a script to take the
newsrc file from the peer(s) and for each group run (as root)

"touch /var/spool/news/interesting.groups/$GROUPNAME"

> 2) You will not have history in a newsgroup past the first time someone
> showed any interest in the newsgroup.

That's true, but can be worked around by a oneshot task of downloading all
of the articles from the peer(s) and putting them in the group's directory
in /var/spool/news.

> 3) People will likely end up with a false sense of lack of content
> because the newsgroup will not have articles in it because of #1 & #2.
>
>> So I'm thinking I could set that up and connect my web interface to it.
>
> Probably. You would be creating a new two party system; your news
> server + your web gateway and the end user.
>
>> I would have to take on the hassle of managing user registrations
>> myself, which I was hoping to avoid, but maybe that's the only way
>> forward.
>
> Such are the price for doing what you want to do.
>
> Does leafnode have a concept of multiple user accounts connecting to it
> as a server? Do you have a framework to put end user accounts into?

Leafnode does not handle authentication of users at all. That would have
to be done by something else.

>> Of course I would also need to get one or two upstream servers to
>> peer with - any chance of that Ray?
>
> I wasn't aware that leafnode supported multiple upstreams.

There are multiple references to "multiple upstream" in the comments in
/etc/leafnode/config, so it appears it does support them.

> Does leafnode support traditional peering in any way? Either sending or
> receiving articles? If it doesn't how do you send articles from
> leafnode? Do those articles become associated with the account that you
> are having leafnode point to the upstream?
>
> There's a lot I don't know about leafnode. But given my experience with
> INN, I seriously question if INN is the amount of work you think it will
> be. What's more is I question if INN will be /more/ work than leafnode
> or not. Especially if you have to get creative to support multiple
> upstreams and / or down stream end user accounts.
>
> My money is on a proper NNTP server, which I consider leafnode to not be.

Leafnode is fine for use as a private server, but for a public use news server,
authentication of users is a must have.

Leafnode could still work though if the web server handles the authentication
side of things, and keeping track of subscribed groups, last article number
fetched, etc. for each user.

Regards, Dave Hodgins

[Colin Macleod]

Grant Taylor <gta...@tnetconsulting.net> wrote in news:uo17r7$97k$1
@tncsrv09.home.tnetconsulting.net:

>
> I do not consider leafnode to be a real NNTP server.
>

Well I shall give it a go and see how I get on!

--
Colin Macleod.

[Adam H. Kerman]

immibis <ne...@immibis.com> wrote:

>>. . .

>You have to decide whether you want to strictly follow someone else's
>ToS or not. But let me remind you: nobody ever got successful and
>popular by following a ToS. When Facebook let people log in with their
>Myspace account details, they weren't following Myspace's ToS. Myspace
>had to allow it anyway, or those users would piss off to Facebook. When
>Microsoft said you have to use Windows and Internet Explorer or else,
>they weren't following computer vendors' ToS. When Hollywood bribed
>legislators to extend copyright law well beyond reasonable limits, they
>didn't follow Congress's ToS. Open source is the diametric opposite of
>the intentions of the design of copyright law.

You don't know what the hell your are talking about. You are making shit
up, as per usual.

The term of exclusive use for copyrighted material was extended several
times at the behest of Hollywood studios and book publishers, but that
didn't change other aspects of copyright law. DMCA added enforcement
requirements against third parties, plus the kiddie pr0n stuff that was
unconstitutional, without changing other aspects of copyright.

Congress never intended code and software to be copyrighted. It doesn't
make sense that it is copyrighted because code has to be written in a
particular way in order to function. That happened because a very
effective lawyer once convinced a judge who had absolutely no
understanding, and the judge was upheld at the appelate court and it
became legal precedent. But this is an expansive application of
statutory law, not in the statute itself.

>. . .

[David W. Hodgins]

I just realized one major drawback of using leafnode for this.

With leafnode, the user's account on the peer (e-s in this case) and their
password specified in /etc/leafnode/config. Using leafnode to post articles
with the real user's "From:" address if it's not yours. It would trigger
the morphing rule ...
https://www.eternal-september.org/index.php?showpage=faq#nymshifting

That means no more than 5 user's posting using the system in any 24 hour
period.

Regards, Dave Hodgins

[Marco Moock]

Am 14.01.2024 um 17:13:58 Uhr schrieb Colin Macleod:

> So I'm coming back to option 3 - run my own news server. I don't want
> the complexity of running INN, but I just came across Leafnode
> (https://www.leafnode.org) which looks simpler to run.

IIRC leafnode act as an NNTP reader (NNRP, MODE READER) against another
NNTP server.
That means all of the articles sent via your interface will go through
the upstream server you choose in Leafnode.
You need to find an NNTP server that is willing that behavior.
leafnode isn't a replacement for INN and doesn't act like a normal news
server to other servers.
It acts like a news reader.

[Colin Macleod]

"David W. Hodgins" <dwho...@nomail.afraid.org> wrote in
news:op.2hjvrpx...@hodgins.homeip.net:

>
> I just realized one major drawback of using leafnode for this.
>
> With leafnode, the user's account on the peer (e-s in this case) and
> their password specified in /etc/leafnode/config. Using leafnode to
> post articles with the real user's "From:" address if it's not yours.
> It would trigger the morphing rule ...
> https://www.eternal-september.org/index.php?showpage=faq#nymshifting
>
> That means no more than 5 user's posting using the system in any 24
> hour period.

Yes I think you're right. I've just been poking through the leafnode code
and I see it transfers new posts to the upstream server(s) using POST not
IHAVE/SENDME

:-(

--
Colin Macleod.

[Grant Taylor]

On 1/14/24 12:33, David W. Hodgins wrote:
> Leafnode is fine for use as a private server, but for a public use
> news server, authentication of users is a must have.
>
> Leafnode could still work though if the web server handles the
> authentication side of things, and keeping track of subscribed groups,
> last article number fetched, etc. for each user.

Thank you for clarification Dave. #TIL

[Grant Taylor]

On 1/14/24 14:25, Colin Macleod wrote:
> Yes I think you're right. I've just been poking through the leafnode
> code and I see it transfers new posts to the upstream server(s)
> using POST not IHAVE/SENDME

*nod*

Yet another reason to not use Leafnode for this.

[immibis]

(crosspost and followup-to e-s.talk)

On 1/14/24 12:36, Jim Jackson wrote:
> On 2024-01-14, immibis <ne...@immibis.com> wrote:
>> ... snip ... Open source is the diametric opposite of
>> the intentions of the design of copyright law.
>
> Actually it isn't. Open Source is about licensing not copyright. You can
> release software under an Opensource License e.g. GPL2 or 3, and still
> retain copyright over the work.
>

Copyright licenses are exceptions to copyright granted by the copyright
owner. If you have a copyrighted work I wish to distribute, I may offer
to pay you $1 per copy, and you may agree. This is a license - like any
agreement, the legalese is optional, but may be very useful in case of a
possible dispute later. Without an agreement, you could sue me for
infringing your copyright.

The intention of copyright is that *nobody* can use or reproduce a
creative work without asking the copyright owner.

The copyright owner can also publish a one-sided "agreement", or
license, granting permission automatically under the circumstances they
desire, such as for non-commercial use.

FOSS subverts the intention of copyright law by having the copyright
owner publish a one-sided "agreement" which essentially says: you can
reproduce this and make derivative works, if you share. If you try to
enforce your copyright other than to enforce this agreement itself, you
lose the right to have made the reproduction or derivative work.

It's a bit like a copyright suicide pact, or copyright extortion: If you
sue someone in a way I don't like, because you agreed to this license I
can sue you and win.

That's opposite to the normal intention of copyright, which is to enable
suing people, not prevent it.

[Colin Macleod]

Grant Taylor <gta...@tnetconsulting.net> wrote in news:uo212k$4eq$2
@tncsrv09.home.tnetconsulting.net:

Actually the functionality that Leafnode provides is already included in my
own code - pulling articles on-demand from an upstream server and caching
them locally, except that Leafnode caches on-disk, while I'm using Redis to
cache in-memory.

So I'm going to have to grapple with INN!

--
Colin Macleod.

[Colin Macleod]

Grant Taylor <gta...@tnetconsulting.net> wrote in news:uo17r7$97k$1
@tncsrv09.home.tnetconsulting.net:

>
> Please elaborate on what complexity you think there is in running INN.
>
> Other than initial setup, which isn't bad, INN is mostly set it and
> forget it like almost all other Internet services.

I can believe that it's not much trouble *once* you get everything properly
configured, but the path to that point looks steep to me. The INN FAQ
itself at https://www.eyrie.org/~eagle/faqs/inn.html#S6.7 says
"It's also worth noting that INN is a fairly complex package"

One thing that jumped out at me reading the FAQ was the need to have
functioning email on the server machine, which is not something I have any
other need for on that machine and was not planning to set up.

--
Colin Macleod.

[Marco Moock]

Am 15.01.2024 um 07:25:57 Uhr schrieb Colin Macleod:

> One thing that jumped out at me reading the FAQ was the need to have
> functioning email on the server machine, which is not something I
> have any other need for on that machine and was not planning to set
> up.

You need that for moderated groups because posts injected in such a
group via you server will need to be send to the moderation address.

Installing and setting up sendmail isn't that hard and other MTAs exist
if you prefer them.

[immibis]

and DMARC and DKIM and SPF?

[Colin Macleod]

Marco Moock <mm+s...@dorfdsl.de> wrote in news:uo2n97$fll7$1...@solani.org:

Once upon a time I knew sendmail inside-out, even writing custom
sendmail.cf rules, but I'm getting too old for that now :-/

--
Colin Macleod.

[Grant Taylor]

On 1/15/24 01:25, Colin Macleod wrote:
> I can believe that it's not much trouble *once* you get everything
> properly configured, but the path to that point looks steep to me.

The gist of it is that you install the software, configure it to listen
on the desired port(s) on desired IP(s), populate your active file, and
establish peer connections.

That's likely the case for any proper Usenet NNTP server.

You /should/ put something like cleanfeed in place, but that's not
strictly required for a functional Usenet NNTP server. But it is
strongly advised.

> The INN FAQ itself at https://www.eyrie.org/~eagle/faqs/inn.html#S6.7
> says "It's also worth noting that INN is a fairly complex package"

N.B. complexity of something does not directly have anything to do with
it's operation.

Cars are complex, yet some surprisingly unintelligent people
successfully purchase and drive them without any problem.

> One thing that jumped out at me reading the FAQ was the need to have
> functioning email on the server machine, which is not something I
> have any other need for on that machine and was not planning to set up.

I don't think that's a strict requirement.

But it's also something advisable in general to have things like email
notifications from cron jobs to work.

[Winston]

Colin Macleod <c...@erehwon.invalid> writes:
> So I'm coming back to option 3 - run my own news server. I don't want
> the complexity of running INN,

I liked C-News back when I ran my own personal news server in the dialup
days to minimize phone charges. My memory is that it was simpler than
INN. It's a real NNTP news server, and you can easily specify and change
the groups you want.
-WBE

[Colin Macleod]

Ray Banana <ray...@raybanana.net> wrote in
news:8ma5p7o...@raybanana.net:

Hi Ray,

I'm wondering if you are familiar with Leafnode. Once I started looking
at it in detail I realised that:

1) For reading, its functionality is equivalent to what my software
already does. It pulls articles on-demand from upstream servers and
caches them locally so multiple users can read them without pulling them
again.

2) For posting, it just uses the POST command under a single login to
the upstream server to send articles from multiple users. I could
reconfigure my software to do the same thing, managing user identities
on my site. But as David Hodgkins pointed out, this would soon hit the
E-S limit on switching "From" identities. Perhaps you were not aware of
this, or are you offering to lift that restriction?

I started looking into INN as an alternative, but it looks like an awful
lot of work to set up and operate.

--
Colin Macleod.

[Marco Moock]

Am 15.01.2024 um 15:25:39 Uhr schrieb Colin Macleod:

> 2) For posting, it just uses the POST command under a single login to
> the upstream server to send articles from multiple users. I could
> reconfigure my software to do the same thing, managing user identities
> on my site. But as David Hodgkins pointed out, this would soon hit
> the E-S limit on switching "From" identities. Perhaps you were not
> aware of this, or are you offering to lift that restriction?

Maybe there are other NNTP servers that allow such a usage, I would
think about paganini.bofh.team and mixmin.net, maybe ask those admins
about your idea if you really don't like to run INN.

[Marco Moock]

Mails goes to the isc server. They might whitelist that server or don't
check DKIM/SPF at all for moderated newsgroups.
DKIM is part of the sender domain in from, so it can't be set.
SPF will also fail if the MAIL FROM: is the same as the From: of the
newsgroup message.

[Marco Moock]

How can moderated groups work without it?

[Ray Banana]

Thus spake Colin Macleod <c...@erehwon.invalid>

> I'm wondering if you are familiar with Leafnode. Once I started looking
> at it in detail I realised that:
> 1) For reading, its functionality is equivalent to what my software
> already does. It pulls articles on-demand from upstream servers and
> caches them locally so multiple users can read them without pulling them
> again.
> 2) For posting, it just uses the POST command under a single login to
> the upstream server to send articles from multiple users. I could
> reconfigure my software to do the same thing, managing user identities
> on my site. But as David Hodgkins pointed out, this would soon hit the
> E-S limit on switching "From" identities. Perhaps you were not aware of
> this, or are you offering to lift that restriction?

The excessive nymshifting restriction applies to all nnrpd connections
and can not be lifted. When you mentioned leafnode, I was thinking of
leafnode 2, which supports UUCP for exchanging articles with Usenet
servers. Meanwhile I searched for leafnode 2 packages for download and
unfortunately leafnode 2 doesn't seem to be available anymore.

[J. P. Gilliver]

(F-U to .talk [I'd have replied by email but could see it was invalid]
to take load off Ray.)

In message <65a3...@news.ausics.net> at Sun, 14 Jan 2024 21:50:28, noel
<delet...@invalid.lan> writes
>On Sat, 13 Jan 2024 15:30:35 +0000, J. P. Gilliver wrote:
>
>> In message <65a2a201$1...@news.ausics.net> at Sun, 14 Jan 2024 00:45:21,
>> noel <delet...@invalid.lan> writes
>>>On Sat, 13 Jan 2024 09:18:43 +0000, J. P. Gilliver wrote:
>>>
>>>> I get the _impression_ - I don't have figures - that the majority of
>>>> the online population are now smartphone users (Android an iPhone),
>>>> with Windows and Mac very much in the minority (and thought of as
>>>> dinosaurs).
>>>
>>>I often hear this claim, yet the evidence has never supported it, well,
>> []
>> Ah. I supposed that the reason many web pages didn't work very well was
>> that they were designed for use on smartphones, and were just about made
>> to work on computers - or, that they overcompensated for what they think
>> are the huge screens on computers, and thus switch in huge header and
>> footer banners.
>>
>> Maybe it's just that web design has gone down the tubes (-:
>
>its been down there for a long, long time, but it's getting better,
>haven't stumbled upon many flash sites lately :D

More than outnumbered by script files now.
--
J. P. Gilliver. UMRA: 1960/<1985 MB++G()AL-IS-Ch++(p)Ar@T+H+Sh0!:`)DNAf

"Purgamentum init, exit purgamentum." Translation: "Garbage in, garbage out."

[Colin Macleod]

Ray Banana <ray...@raybanana.net> wrote in

news:8mply2o...@raybanana.net:

>
> The excessive nymshifting restriction applies to all nnrpd connections
> and can not be lifted. When you mentioned leafnode, I was thinking of
> leafnode 2, which supports UUCP for exchanging articles with Usenet
> servers. Meanwhile I searched for leafnode 2 packages for download and
> unfortunately leafnode 2 doesn't seem to be available anymore.
>

Hi Ray, I found what appears to be Leafnode 2 at
https://gitlab.com/leafnode-2/leafnode-2/tree/master
but the ChangeLog-2003 file has an entry saying:

New BUG: UUCP may now be broken (but it has never worked for posting,
so there).

Also the config.example file includes:

## Determine how you want to feed your own posts to the upstream.
## Available types are NNTP (the default), UUCP (not yet implemented),

So it looks as if UUCP was only ever implemented for reading, not for
posting.

However since you seem to be open to receiving posts through that route,
maybe I could figure out how to generate uucp-format files for postings
and send them to you?

Alternatively I could try to see if I can find another server that would
allow me to feed articles via POST.

Thanks for the attention you have given to this.

--
Colin Macleod.

[Adam H. Kerman]

Grant Taylor <gta...@tnetconsulting.net> wrote:

>. . .

>Cars are complex, yet some surprisingly unintelligent people
>successfully purchase and drive them without any problem.

Have you met people?

The vast majority of collisions are due to the driver at fault not
caring to drive safely, taking into account other vehicles, nonmotorized
vehicles, and pedestrians that also occupy the road.

>. . .

[Grant Taylor]

On 1/15/24 10:47, Marco Moock wrote:
> How can moderated groups work without it?

Moderated groups can't work without email per standard process.

There are other ways of dealing with moderated groups.

[Grant Taylor]

On 1/15/24 14:43, Adam H. Kerman wrote:
> Have you met people?
>
> The vast majority of collisions are due to the driver at fault not
> caring to drive safely, taking into account other vehicles, nonmotorized
> vehicles, and pedestrians that also occupy the road.

What the people successfully drive the cars into is independent of the
ability for said people to drive the cars and associated inability to
build the cars.

[Marco Moock]

And those are?

[Jon Ribbens]

(a) you can post the article via NNTP POST, if you are a newsreader
(b) you can email the article

What other ways are you thinking of?

[Adam H. Kerman]

Grant, I expect never to be trolled by you. Post editing in followup
to remove context is trolling.

I followed up to your statement:

Cars are complex, yet some surprisingly unintelligent people
successfully purchase and drive them without any problem.

People do drive cars. They drive them WITH PROBLEMS. Typically, it's not
due to the complexity of the automobile, I agree. It's because they
don't give a shit about other people who are sharing the right of way.

That makes your declaration wrong. If you hadn't included "without any
problems," there would have been nothing to disagree with.

[Grant Taylor]

On 1/15/24 14:53, Marco Moock wrote:
> And those are?

}:-)

They require running your own server properly peered with other news
servers.

From that position you can do some things. }:-)

[Grant Taylor]

On 1/15/24 16:07, Adam H. Kerman wrote:
> Grant, I expect never to be trolled by you. Post editing in followup
> to remove context is trolling.

Sorry, I wasn't trying to troll.

I was trying to provide a counter point that people don't necessarily
need an understanding of a complex system to utilize it.

> That makes your declaration wrong. If you hadn't included "without any
> problems," there would have been nothing to disagree with.

Fair enough.

Problems was more "ability to drive the car without an understanding of
how it works".

[Marco Moock]

And how does that work for moderated groups in the intended behavior of
them?

I am aware that is is possible to add the Approved: header and then
send it with IHAVE to the peers, but that is definitely NOT the idea
behind it.

[Colin Macleod]

Colin Macleod <c...@erehwon.invalid> wrote in
news:XnsB0FAD27262AFFco...@135.181.20.170:

>
> However since you seem to be open to receiving posts through that route,
> maybe I could figure out how to generate uucp-format files for postings
> and send them to you?

The uucp batch format appears to be defined in
https://datatracker.ietf.org/doc/html/rfc1036#section-4.3
and would be suitable to feed to the rnews program which comes with INN.
The articles sent would need to be fully-formed, including Date, Message-
ID, and Path.

This looks entirely do-able. I'm not sure what mechanism would be used to
transfer the batch files. Can you advise, Ray?

--
Colin Macleod.

[Ray Banana]

Thus spake Colin Macleod <c...@erehwon.invalid>

> The uucp batch format appears to be defined in
> https://datatracker.ietf.org/doc/html/rfc1036#section-4.3
> and would be suitable to feed to the rnews program which comes with INN.
> The articles sent would need to be fully-formed, including Date, Message-
> ID, and Path.
> This looks entirely do-able. I'm not sure what mechanism would be used to
> transfer the batch files. Can you advise, Ray?

UUCP will do this for you. You need a UUCP account on the INN server,
configure your local UUCP instance and run the uucico utility at regular
intervals, using cron, for example.

[Colin Macleod]

Ray Banana <ray...@raybanana.net> wrote in

news:8mjzo9a...@raybanana.net:

> Thus spake Colin Macleod <c...@erehwon.invalid>
>

>> This looks entirely do-able. I'm not sure what mechanism would be
>> used to transfer the batch files. Can you advise, Ray?
>
> UUCP will do this for you. You need a UUCP account on the INN server,
> configure your local UUCP instance and run the uucico utility at
> regular intervals, using cron, for example.

Thanks Ray, that's helpful. I will investigate.

--
Colin Macleod.

[songbird]

Grant Taylor wrote:

> On 1/14/24 11:13, Colin Macleod wrote:
>> So I'm coming back to option 3 - run my own news server.
>

>:-)

>
>> I don't want the complexity of running INN,
>

> Please elaborate on what complexity you think there is in running INN.
>
> Other than initial setup, which isn't bad, INN is mostly set it and
> forget it like almost all other Internet services.
>

> I have multiple INN servers and I spend less than 5 minutes a month on
> all of them combined (as in news service, OS updates are independent).

>
>> but I just came across Leafnode (https://www.leafnode.org) which looks
>> simpler to run.
>

> I do not consider leafnode to be a real NNTP server.
>
> Yes it is a server that speaks NNTP. But my understanding is that
> leafnode /reactively/ adds a group /after/ someone tries to make use of
> it. Additionally I believe it will stop carrying a group after no use
> for a long enough time.

this is configurable and you can set it to never delete
an article, so the group would also persist.


...
> I wasn't aware that leafnode supported multiple upstreams.

yes. it's fine, i have mine using several sources to
pull from and i can post to each of them.


> Does leafnode support traditional peering in any way? Either sending or
> receiving articles? If it doesn't how do you send articles from
> leafnode? Do those articles become associated with the account that you
> are having leafnode point to the upstream?

yes. you have different .slrnrc files for each
id and source the one you want to use for writing
articles. once an article is written it is held
in a spool file until it gets sent.


> There's a lot I don't know about leafnode. But given my experience with
> INN, I seriously question if INN is the amount of work you think it will
> be. What's more is I question if INN will be /more/ work than leafnode
> or not. Especially if you have to get creative to support multiple
> upstreams and / or down stream end user accounts.
>
> My money is on a proper NNTP server, which I consider leafnode to not be.

true. i would go with INN if i was contemplating
a full peered feed connection and had the space to
mirror the whole feed. spam makes it a mess IMO and
i'm very glad that Ray and others do what they do
to reduce that mess.


songbird

[Grant Taylor]

On 1/15/24 23:08, Marco Moock wrote:
> I am aware that is is possible to add the Approved: header and then
> send it with IHAVE to the peers, but that is definitely NOT the idea
> behind it.

I never said what I'm thinking of is within the spirit of approvals.

Hence why I'm not confirming nor denying what the unofficial method is.

[Grant Taylor]

On 1/16/24 07:49, songbird wrote:
> this is configurable and you can set it to never delete an article,
> so the group would also persist.

That addresses the retention. But I was talking about Leafnode stoping
processing of a newsgroup when clients weren't interested in it in
enough time. -- Maybe I'm incorrect in that Leafnode will stop after
enough lack of interest in a newsgroup.

> yes. you have different .slrnrc files for each id and source the one
> you want to use for writing articles. once an article is written it
> is held in a spool file until it gets sent.

Why does Leafnode use a runtime configuration file for slrn?

> true. i would go with INN if i was contemplating a full peered feed
> connection and had the space to mirror the whole feed. spam makes
> it a mess IMO and i'm very glad that Ray and others do what they do
> to reduce that mess.

What is different with spam handling between Leafnode and INN? Would
you effectively see the same articles coming in from Ray's server if you
pull from him via Leafnode as you do if you were a proper peer where he
was feeding you articles?

I fail to see how Leafnode alters this.

[David W. Hodgins]

On Tue, 16 Jan 2024 09:55:16 -0500, Grant Taylor <gta...@tnetconsulting.net> wrote:

> On 1/16/24 07:49, songbird wrote:
>> this is configurable and you can set it to never delete an article,
>> so the group would also persist.
>
> That addresses the retention. But I was talking about Leafnode stoping
> processing of a newsgroup when clients weren't interested in it in
> enough time. -- Maybe I'm incorrect in that Leafnode will stop after
> enough lack of interest in a newsgroup.

<snip>

With leafnode, the removal of zero traffic groups occurs when fetchnews
is run. There is an option to skip that removal. From "man fetchnews"

-n Do not expire newsgroup subscriptions. Technically: do not unlink files in the interesting.groups directory.

Regards, Dave Hodgins

[songbird]

Grant Taylor wrote:
> On 1/16/24 07:49, songbird wrote:
>> this is configurable and you can set it to never delete an article,
>> so the group would also persist.
>
> That addresses the retention. But I was talking about Leafnode stoping
> processing of a newsgroup when clients weren't interested in it in
> enough time. -- Maybe I'm incorrect in that Leafnode will stop after
> enough lack of interest in a newsgroup.

that's what it will do if you don't expire articles.

>> yes. you have different .slrnrc files for each id and source the one
>> you want to use for writing articles. once an article is written it
>> is held in a spool file until it gets sent.
>
> Why does Leafnode use a runtime configuration file for slrn?

you were asking about how to handle different
ids. slrn puts the From line on the article.

>> true. i would go with INN if i was contemplating a full peered feed
>> connection and had the space to mirror the whole feed. spam makes
>> it a mess IMO and i'm very glad that Ray and others do what they do
>> to reduce that mess.
>
> What is different with spam handling between Leafnode and INN? Would
> you effectively see the same articles coming in from Ray's server if you
> pull from him via Leafnode as you do if you were a proper peer where he
> was feeding you articles?
>
> I fail to see how Leafnode alters this.

it's not about different articles as much as how
efficient and correct INN would be for handling a
lot of volume vs. leafnode.

leafnode doesn't really have much set up for
filtering unless you add it yourself. i consider
that a rabbit hole i don't have any desire to
fall down.


songbird

[The Bjornsdottirs - Ellenor]

On Mon, 15 Jan 2024 08:36:07 +0100, Marco Moock wrote:

> Am 15.01.2024 um 07:25:57 Uhr schrieb Colin Macleod:
>

>> One thing that jumped out at me reading the FAQ was the need to have
>> functioning email on the server machine, which is not something I have
>> any other need for on that machine and was not planning to set up.
>

> You need that for moderated groups because posts injected in such a
> group via you server will need to be send to the moderation address.
>
> Installing and setting up sendmail isn't that hard and other MTAs exist
> if you prefer them.

qmail is widely reputed more difficult and even that can Be Done If You
Need

--
Ellenor Bjornsdottir <ze...@umbrellix.net> Pan makes it quite difficult to
set a multi-line signature. Some say it should be that way. Most of those
people already have us on their killfile.

[Marco Moock]

Am 18.01.2024 um 06:28:19 Uhr schrieb The Bjornsdottirs - Ellenor:

> On Mon, 15 Jan 2024 08:36:07 +0100, Marco Moock wrote:
>
> > Am 15.01.2024 um 07:25:57 Uhr schrieb Colin Macleod:
> >
> >> One thing that jumped out at me reading the FAQ was the need to
> >> have functioning email on the server machine, which is not
> >> something I have any other need for on that machine and was not
> >> planning to set up.
> >
> > You need that for moderated groups because posts injected in such a
> > group via you server will need to be send to the moderation address.
> >
> > Installing and setting up sendmail isn't that hard and other MTAs
> > exist if you prefer them.
>
>
> qmail is widely reputed more difficult and even that can Be Done If
> You Need

qmail is dead since the end of the 90s...
Do people still use that?

[Blueshirt]

Seemingly most of the people spamming Usenet...