auth failing?

[Tease'n'Seize]

auth repeatedly failing,
I'm using news.eternal-september.org:563

Thanks

[Enzo Lombardo]

Yes, on the Eternal-September website they say he's down.

[Tease'n'Seize]

Enzo Lombardo wrote:

> Yes, on the Eternal-September website they say he's down.

I didn't (still can't) see anything on the site that says there's an
issue, but if he's aware that's good, E-S isn't my primary server.

[Paul Edwards]

On 15/02/24 17:30, Tease'n'Seize wrote:
> auth repeatedly failing,
> I'm using news.eternal-september.org:563

I was bitten by that too (port 119).

Thunderbird seemed to suggest that it was time
to change my password. But I don't remember
reading any rule about needing to change that
at a particular interval.

And I also wondered whether the underlying
problem was that my password had been hacked,
and someone had changed it already.

So I spent a lot of time trying to find out
whether my password was working or not. I could
log on to the website, but maybe the hacker had
changed it for the news reader, but not the
website.

When I was running Linux I would have used telnet
to check, but now I was using Windows 10 and I
don't have a telnet command. I do have ssh though,
and I wondered if ssh fell back to telnet. I did
a brief search but it wasn't conclusive, and a
test of ssh was inconclusive too.

Then I remembered that I had my own NNTP program
(pdpnntp) which I could run under PDOS/386, so I
tried that.

That was inconclusive because the command was so
long and it looked like it was timing out. It's
a very crude program - it's not designed to cope
with failure. It's more just proof of concept.
But I did get it to the point where it appeared
to be failing a password check. And then I put
the command into a batch file so that timeouts
weren't an issue, and by the time I had done
all that it had started working again.

Is it too much to ask that in 2024, with pretty
much everyone already moved to 64-bit, because
apparently 4 GiB of memory isn't enough in the
modern world, that Thunderbird or the underlying
infrastructure can report "system down - nothing
you can do but wait" instead of suggesting that
the user is doing something wrong (or not knowing
which party is at fault)?

Or - maybe it's the other way around. Maybe it's
the 64-bit and above 4 GiB memory and the year
2024 that we've already reached Idiocracy (see
the movie) and what we actually need is a return
to a simpler time - UUCP, 640k memory, 4.77 MHz,
and understandable and debuggable code.

I'm working on it ...

BFN. Paul.

[Andy Burns]

Paul Edwards wrote:

> On 15/02/24 17:30, Tease'n'Seize wrote:
>> auth repeatedly failing,
>> I'm using news.eternal-september.org:563
>
> I was bitten by that too (port 119).

problem seems over now.

[maybe not, can receive from E-S, but I couldn't post this reply via E-S]

> Thunderbird seemed to suggest that it was time
> to change my password. But I don't remember
> reading any rule about needing to change that
> at a particular interval.

TB interprets an auth failure as a need to enter a new password, usually
best to hit cancel instead

> And I also wondered whether the underlying
> problem was that my password had been hacked,
> and someone had changed it already.

you could logon to the website to check that
<https://www.eternal-september.org/signon.php>

> So I spent a lot of time trying to find out
> whether my password was working or not. I could
> log on to the website, but maybe the hacker had
> changed it for the news reader, but not the
> website.

ok, probably a hint that the webserver can read the (LDAP?) backend but
the news server can't?

> When I was running Linux I would have used telnet
> to check, but now I was using Windows 10 and I
> don't have a telnet command.

you can install telnet from add/remove components in control panel
or use puTTY instead

[Paul Edwards]

On 15/02/24 19:12, Andy Burns wrote:

>> Thunderbird seemed to suggest that it was time
>> to change my password. But I don't remember
>> reading any rule about needing to change that
>> at a particular interval.
>
> TB interprets an auth failure as a need to enter a new password, usually
> best to hit cancel instead

Well that's a very diabolical thing to suggest
to the user.

As I said - this needs to be redone from the
ground up.

>> So I spent a lot of time trying to find out
>> whether my password was working or not. I could
>> log on to the website, but maybe the hacker had
>> changed it for the news reader, but not the
>> website.
>
> ok, probably a hint that the webserver can read the (LDAP?) backend but
> the news server can't?

Or that the hacker had changed the password on
the news server using some nntp command and the
change hadn't propagated to the webserver?

I have no idea.

Adding higher resolution screens and refreshing
the monitor 300 times per second and adding more
and more memory for the last 30 years hasn't
solved the underlying problem of the systems
being too complicated and no-one caring.

>> When I was running Linux I would have used telnet
>> to check, but now I was using Windows 10 and I
>> don't have a telnet command.
>
> you can install telnet from add/remove components in control panel
> or use puTTY instead

Thanks. I now have telnet on Windows 10, and went
to do the same thing for my Windows 2000 system
(running under Virtualbox) if it was available,
and found that telnet was already available and
I could have used it all this time.

Once again degeneracy/Idiocracy. A command that
previously worked no longer exists. Like fdisk too.

BFN. Paul.

[VanguardLH]

Andy Burns <use...@andyburns.uk> wrote:

> TB interprets an auth failure as a need to enter a new password,
> usually best to hit cancel instead

It may not even get to authentication, but give an error claiming auth
failure. An auth failure shouldn't be reported when, say, the client
can't even find the server, or doesn't get an ACK from the server on a
connect request.

Does Tbird give the same error when:
- It cannot find the server.
- Server cannot be found (DNS error).
- Server is unreachable (failure of node/hop in route to server).
- Server found, connect accepted (ACK sent back), but client does not
get a 200 status back from server (program not running, hung).
- Connects to the server (gets back an ACK), gets 200 status from
server, but server won't respond to USER or PASS commands.
- Server sends bad status after client issues USER command (no such
user).
- Server sends bad status after client issues PASS command (wrong
password).

Lumping all those states together is highly misleading to users. Seems
all those states are detectable and reportable by the client. Only if
there was bad status on USER, or on PASS, should the client be claiming
there is an auth failure. Alas, devs often lump lots of failures under
one catch-all error message. Error reporting could be improved.

[VanguardLH]

Not sure the telnet client was bundled in Windows 2000. As I recall, I
had to get the Windows 2000 Resource Kit to get Microsoft's telnet
client. Or I could use a 3rd-party one (Andy already mentioned PuTTY).
I remember decades ago using Rumba. Another was Hilgraeve HyperTerminal
which was free back in the Win9x heydays (it was bundled with Windows),
but now it's trial payware. Cygwin/X includes telnet, but maybe you
have to also get the inetutils package.

[Paul Edwards]

On 15/02/24 20:19, VanguardLH wrote:

> Does Tbird give the same error when:
> - It cannot find the server.
> - Server cannot be found (DNS error).
> - Server is unreachable (failure of node/hop in route to server).
> - Server found, connect accepted (ACK sent back), but client does not
> get a 200 status back from server (program not running, hung).
> - Connects to the server (gets back an ACK), gets 200 status from
> server, but server won't respond to USER or PASS commands.
> - Server sends bad status after client issues USER command (no such
> user).
> - Server sends bad status after client issues PASS command (wrong
> password).
>
> Lumping all those states together is highly misleading to users. Seems
> all those states are detectable and reportable by the client. Only if
> there was bad status on USER, or on PASS, should the client be claiming
> there is an auth failure. Alas, devs often lump lots of failures under
> one catch-all error message. Error reporting could be improved.

Right - it's been 30-40 years since we had 640k,
which should be enough to put the required error
messages in without needing to waste valuable
developer time on tricks to cope with limited
memory.

It's time to stop/slow down, and ask what we are
doing here.

30-40 years. Usenet is not a radical new invention.
But something as basic as ASCII text still hasn't
been sorted out. In reality at least.

I'm not going to be a hypocrite and say I'm not one
of those developers doing exactly the same thing
(or worse) with error messages. My software isn't
really for mainstream use.

So yeah - you can lump me in with the people to be
criticized. But I do want "us" to be sorted out.
You'll never get developers to agree on everything -
even which language to use - but I would expect to
see multiple solutions, in different languages, but
all actually SOLVING the above problem - error
messages lumped in - plus more problems with the
computer industry.

You can see one of them here (from someone else):

https://www.quora.com/Why-did-you-leave-software-engineering/answer/Jeff-Sturm-2

Someone needs to sit down and sort this out.

I suspect a lot of the big players don't actually
want it sorted out, as this is how they make their
money. There was a Dilbert cartoon on that:

https://web.archive.org/web/20220619042348/https://dilbert.com/strip/2000-03-19

So we potentially need to attack this problem from
a different direction.

The above people (and others - including you just
now) have just pointed out the problem exists.
No-one seems to be doing anything to actually fix it.

BFN. Paul.

[Paul Edwards]

On 15/02/24 20:47, VanguardLH wrote:

> Paul Edwards <muta...@gmail.com> wrote:

> Not sure the telnet client was bundled in Windows 2000. As I recall, I
> had to get the Windows 2000 Resource Kit to get Microsoft's telnet
> client. Or I could use a 3rd-party one (Andy already mentioned PuTTY).
> I remember decades ago using Rumba. Another was Hilgraeve HyperTerminal
> which was free back in the Win9x heydays (it was bundled with Windows),
> but now it's trial payware. Cygwin/X includes telnet, but maybe you
> have to also get the inetutils package.

I'm running Windows 2000 Professional.

Note that Windows 2000 was the last version that
didn't require "activation".

It's also the last version to support OS/2 1.x
applications.

It's not capable of running 64-bit applications,
but it is capable of running Visual Studio 2005
Professional and creating 64-bit applications.

I (very recently) have a flavor of gcc 3.2.3 that
can do that for any version of Windows too.


C:\WINNT\system32>dir telnet.exe
Volume in drive C has no label.
Volume Serial Number is 7856-1268

Directory of C:\WINNT\system32

2003-06-19 12:05p 80,144 telnet.exe
1 File(s) 80,144 bytes
0 Dir(s) 8,258,551,808 bytes free


C:\WINNT\system32>telnet /?


telnet [host [port]]

host specifies the hostname or IP address of the remote
computer to connect to.

port Specifies the port number or
service name.


(without parms this shows up, but it disappears
on close)


Microsoft (R) Windows 2000 (TM) Version 5.00 (Build 2195)
Welcome to Microsoft Telnet Client
Telnet Client Build 5.00.99206.1

Escape Character is 'CTRL+]'

Microsoft Telnet>


BFN. Paul.

[Ivo Gandolfo]

-------- Original Message --------
From: Paul Edwards <muta...@gmail.com>
Date: gio, feb 15 2024 10:41:43AM GMT+00:00
Subject: auth failing?

> When I was running Linux I would have used telnet
> to check, but now I was using Windows 10 and I
> don't have a telnet command.

Just go to Windows Control Panel, Program & Feature, Windows Function
active/disactive, and activate Telnet checkbox.


Sincerely


--
Ivo Gandolfo

[Tease'n'Seize]

Paul Edwards wrote:

> Andy Burns wrote:
>
>> TB interprets an auth failure as a need to enter a new password, usually
>> best to hit cancel instead
>
> Well that's a very diabolical thing to suggest
> to the user.
>
> As I said - this needs to be redone from the
> ground up.

Getting TB to display the actual NNTP status code to the user would be a
start ...

[Ray Banana]

Thus spake Tease'n'Seize <tease-and-seize@invalid>

> Getting TB to display the actual NNTP status code to the user would be
> a start ...

The status code for authentification failed is always 481, no matter
what reason. Eternal-September returns a status message stating the
exact reason for the failure (e.g. "Invalid credentials", "User access
revoked" or, in this case, "Unable to connect to LDAP server"). Real
newsreaders display this status the user.

JFTR: There was a problem with the server firewall this morning (UTC)
after moving the LDAP server to a new location.



--
Пу́тін — хуйло́
https://www.eternal-september.org

[Jeff Layman]

On 15/02/2024 11:12, Andy Burns wrote:
> Paul Edwards wrote:
>
>> On 15/02/24 17:30, Tease'n'Seize wrote:
>>> auth repeatedly failing,
>>> I'm using news.eternal-september.org:563
>>
>> I was bitten by that too (port 119).
>
> problem seems over now.
>
> [maybe not, can receive from E-S, but I couldn't post this reply via E-S]

E-S is still out for me. Even rebooting makes no difference to TB. I'm
still getting the "password" pop-up.

--

Jeff

[Andy Burns]

Jeff Layman wrote:

> E-S is still out for me. Even rebooting makes no difference to TB. I'm
> still getting the "password" pop-up.

is it possible you didn't click 'cancel'? if you clicked ok, you might
have altered the saved password within TB to be blank, and therefore
need to re-enter the old one?

[Jeff Layman]

I didn't /think/ I had clicked on ok, but must have done. Rather oddly,
TB now didn't offer me the password change - it just had the
"cursor-spinner" going all the time. So I shut it down and restarted it,
when the "Enter username and password" box appeared (actually, two of
them!). I entered the old username and PW for both, and it worked - as
you can see from this reply post. Thanks for the suggestion.

--

Jeff