Peering request and questions

[opal hart]

Hi all,

I have set up an INNd server at news.volatile.bz. Currently I'm
finalising my configuration and ensuring both that everything is
working well enough and that I understand the essentials for news
server administration. I've also set up a secondary server at home and
peered between the two, so I can play with peering without disturbing
anyone else.

I eventually want to peer (perhaps soon, so feel free to reply or
E-mail me if interested) but first I'd like to clear up some of my
concerns.

First of all: newsgroup population. I assume I'd just send a
checkgroups for hierarchies I'm interested in? The resources at
ftp.isc.org seem non-exhaustive, with much of it out of date, and while
I could seed at least the big-8 hierarchies with the contents I found
on there, I wonder if it's the best approach or if I shouldn't bother.

Also, should I direct further administration questions to n.a.misc or
is there a better discussion platform for stupid people like me? ;) I'd
also be interested in any Web-based resources or FAQ articles that
would clue me into things I missed. I have been reading INN manpages as
necessary and lurking enough to gain a basic understanding of what I'm
doing, but I'm sure I'll run into new exciting things as time passes.

I'm interested in archival as well as participation, too, so I would
like to know the best way to backfill news before the point where I've
actually peered with anyone. I've seen some archival efforts, and I may
hunt online further, but if someone has a decent solution off the top
of their head, then I'd be happy to listen. And while disk space isn't
a horrible concern, I still want to be mindful of how much space these
archives would take (big-8, alt.*, free.*, auxiliary hierarchies)
because it will be a while before I actually have a colocated setup
where I can just shove disks in a rack-mounted NAS and not have to
worry about it ever again.

Finally (for now), how would I get INNd/nnrpd to listen on port 563?
Currently I'm using stunnel for TLS, but since it acts as a reverse
proxy, it sends my machine's IP address to innd. IIRC I can configure
stunnel to send the source IP address, but that requires iptables or
LD_PRELOAD tricks and I'd rather have a cleaner solution than that.


As for my own server and organisation, you can find information about
what I do at <https://volatile.bz/>. I'll soon publish information on
<https://volatile.bz/news.xht> about NNTP itself once I am ready to
publicise the service.

Basically, I'm invested in decentralised free-software communication
platforms, and NNTP seems to fit the bill for the forum aspect. While
I'm of course interested in Usenet (else why would I be posting here?),
I mainly wanted to leverage the protocol itself for a discussion
platform, instead of opting for something such as mailing lists, which
I view to be a "hack" and in general more tedious to set up, more
error-prone, having to worry about bulk mailing policies and delivery
issues, et cetera.

Server specs:

- Location: Moldova (with provider MivoCloud)
- IPv4 and IPv6 connectivity
- Quad-core Intel(R) Xeon(R) CPU E3-1225 V2 @ 3.20GHz
- 1TB HDD (shared with other applications/services, which is why I need
to be wary of disk usage for now)
- 20TB monthly bandwidth limit (I average much less with normal use)
- Gigabit up/down link
- 8GiB memory, most of it is free

I have port 119 open on uta.volatile.bz (563 for TLS) and am currently
carrying a couple of newsgroups for testing or local use. I allow all
posting to certain hierarchies (free.*, volatile.*, possibly ano.* and
a few others as I peer with people I already know) and restrict to
read-only access on other groups for anonymous users. Eventually I'll
have it so that users registered to Volatile can participate with their
accounts on all hierarchies.

I am *not* interested in hosting an open-access server, and as such I
don't deem it necessary to instate restricted policies to users
registered to my service. Should issues arise from my server(s), I would
like to know about it and act upon it accordingly. In reality, risk of
abuse should be low, since Volatile registration is on an invitation or
donation basis. I also have terms listed at
<https://volatile.bz/rules.xht> just to clarify what I act upon.

I'm also uninterested in carrying binary groups. My policy is to allow
attachments where they make sense, but I understand that a majority of
Usenet may not like this, so I advise my users to judge for themselves
whether attachments would be sensible in any given newsgroup or
conversation.


I've signed this message with my primary PGP key -- the one I'll be
using to send pretty much all my messages here from now on. You can
import it and view info at <https://wowana.me/pgp.xht>.

Other than that, I'm looking forward to hearing back about my questions
and about any peering proposals. Thanks.

[opal hart]

On Thu, 29 Jul 2021 00:51:57 +0000
opal hart <use...@wowana.me> wrote:

> [...]

Forgot to mention that while I do/will carry a few extra hierarchies, I
will only carry those groups for other servers at request. Please let
me know if you wish to have them, since I do not want to inadvertantly
pollute the hierarchy namespace.

[Aioe]

Il 29/07/21 02:51, opal hart ha scritto:

> First of all: newsgroup population. I assume I'd just send a
> checkgroups for hierarchies I'm interested in?

no, you don't need to send anything
checkgroups are issued by hierarchies administrators not by server admins.

> The resources at
> ftp.isc.org seem non-exhaustive, with much of it out of date, and while
> I could seed at least the big-8 hierarchies with the contents I found
> on there, I wonder if it's the best approach or if I shouldn't bother.
>

actysnc is your friend

> Also, should I direct further administration questions to n.a.misc or
> is there a better discussion platform for stupid people like me? ;)

we mostly use news.software.nntp

> I'd
> also be interested in any Web-based resources or FAQ articles that
> would clue me into things I missed.

at the moment, there's no ready to use web based newsreader since
newsportal isn't compatible with modern PHP versions

>
> Finally (for now), how would I get INNd/nnrpd to listen on port 563?

is you version of innd compiled with openssl support?
'nnrpd -D -S' or as xinetd service (stunnel is never a good idea)

>
> - Location: Moldova (with provider MivoCloud)
> - IPv4 and IPv6 connectivity
> - Quad-core Intel(R) Xeon(R) CPU E3-1225 V2 @ 3.20GHz
> - 1TB HDD (shared with other applications/services, which is why I need
> to be wary of disk usage for now)
> - 20TB monthly bandwidth limit (I average much less with normal use)
> - Gigabit up/down link
> - 8GiB memory, most of it is free

for nntp service, a VPS is much enough
https://news.aioe.org/stats/innreport-reports/

>
> I am *not* interested in hosting an open-access server, and as such I
> don't deem it necessary to instate restricted policies to users
> registered to my service.

you should set some access restriction even if your clients are
authenticated. 500 messages per day per user are a good threshold for
your kind of server

if you need a peer, write me an email.

[Aioe]

Il 29/07/21 10:00, Aioe ha scritto:
>
> actysnc is your friend

it'sa typeo, real name is actsync

https://linux.die.net/man/8/actsync

[Retro Guy]

Aioe wrote:

> Il 29/07/21 02:51, opal hart ha scritto:

>> The resources at
>> ftp.isc.org seem non-exhaustive, with much of it out of date, and while
>> I could seed at least the big-8 hierarchies with the contents I found
>> on there, I wonder if it's the best approach or if I shouldn't bother.
>>

> actysnc is your friend

Thanks for the pointer to actsync. I was unaware of this tool.

>> I'd
>> also be interested in any Web-based resources or FAQ articles that
>> would clue me into things I missed.

> at the moment, there's no ready to use web based newsreader since
> newsportal isn't compatible with modern PHP versions

Rocksolid Light is a fork of Newsportal that works on modern systems. I'm reading/posting with it now. https://www.novabbs.com (note: I'm the developer)

>>
>> Finally (for now), how would I get INNd/nnrpd to listen on port 563?

> is you version of innd compiled with openssl support?
> 'nnrpd -D -S' or as xinetd service (stunnel is never a good idea)

From https://www.eyrie.org/~eagle/software/inn/docs-2.4/nnrpd.html
the easiest way is probably to add a line like:

nntps stream tcp nowait news /usr/lib/news/bin/nnrpd nnrpd -S

to /etc/inetd.conf or the equivalent on your system and let inetd run nnrpd. (Change the path to nnrpd to match your installation if needed.) You may need to replace nntps with 563 if nntps isn't defined in /etc/services on your system.

[b...@ripco.com]

opal hart <use...@wowana.me> wrote:

> I'm interested in archival as well as participation, too, so I would
> like to know the best way to backfill news before the point where I've
> actually peered with anyone. I've seen some archival efforts, and I may
> hunt online further, but if someone has a decent solution off the top
> of their head, then I'd be happy to listen. And while disk space isn't
> a horrible concern, I still want to be mindful of how much space these
> archives would take (big-8, alt.*, free.*, auxiliary hierarchies)
> because it will be a while before I actually have a colocated setup
> where I can just shove disks in a rack-mounted NAS and not have to
> worry about it ever again.

> - 1TB HDD (shared with other applications/services, which is why I need
> to be wary of disk usage for now)

A comment from the peanut gallery...

Although you seem to have done more research getting the server up and
running than most have in the past, this storage bit makes me chuckle.

A non-binary, text only server only receives around 50mb a day currently.

So that 1TB drive, if totally used for articles will hold over 50 years of
posts. Plans to move to a NAS, unless you want a raid mirror for fault
tolerance, is just not going to be needed.

If you want to peek at daily stats, https://nntp.ripco.com is usually up and
running all the time. Never could figure out how far back it goes but I'm
pretty sure it's 10+ years.

But the question I have is, you already have an audience for this project?

Sounds like one of those "I'll build it and they will come" things which is
going to lead into disappointment me thinks.

-bruce
b...@ripco.com

[Aioe]

Il 29/07/21 11:15, Retro Guy ha scritto:

> Rocksolid Light is a fork of Newsportal that works on modern systems.
> I'm reading/posting with it now. https://www.novabbs.com (note: I'm the
> developer)

thank you, it seems nice
i will study your script as soon as possible, it seems an interesting
project

>
> From https://www.eyrie.org/~eagle/software/inn/docs-2.4/nnrpd.html
> the easiest way is probably to add a line like:

imho best choice depends by the number of users
if your server is *private* and it has only a few clients that make use
of SSL, nnrpd -D -S is probably enough

if your server is public, xinetd offers more features compared with
inetd, mostly it supports command line arguments (read nnrpd man page
about -P flag) and a limit of connections per source.
BTW INN 2.4 is obsolete since 15 years, if you're seriously still using
it you should upgrade as soon as possible

this is my xinetd conf for nntps

service nntps
{
socket_type = stream
wait = no
disable = no
nice = -5
user = news
server = /usr/lib/news/bin/nnrpd-ssl
server_args = -n -s PPPPPPPPPPPPPPPPPPPPP -S
port = 563
bind = 46.165.242.91
per_source = 2
}

[Aioe]

Il 29/07/21 11:15, Retro Guy ha scritto:

> I'm reading/posting with it now. https://www.novabbs.com (note: I'm the
> developer)

have you ever isued a checkgroup about your hierarchy?

exploring rocksolid.* i've found some group that is missing on my side

[Retro Guy]

I have done so a couple of times:
http://usenet.trigofacile.com/hierarchies/index.py?see=ROCKSOLID

You can find details here: https://www.novabbs.com/hierarchy/

[opal hart]

On Thu, 29 Jul 2021 12:28:20 -0000 (UTC)
b...@ripco.com wrote:

> Although you seem to have done more research getting the server up and
> running than most have in the past, this storage bit makes me chuckle.
>
> A non-binary, text only server only receives around 50mb a day currently.
>
> So that 1TB drive, if totally used for articles will hold over 50 years of
> posts. Plans to move to a NAS, unless you want a raid mirror for fault
> tolerance, is just not going to be needed.

Well, I need the NAS anyway for the amount of shit I hoard and the size
my PostgreSQL database grows with some of the bloated services I run. ;)

Good to know that NNTP will be a very small slice of that usage, though.

> If you want to peek at daily stats, https://nntp.ripco.com is usually up and
> running all the time. Never could figure out how far back it goes but I'm
> pretty sure it's 10+ years.

Thanks, I'll refer to that.

> But the question I have is, you already have an audience for this project?
>
> Sounds like one of those "I'll build it and they will come" things which is
> going to lead into disappointment me thinks.

I have people following the Volatile project on XMPP, people who have
accounts for E-mail/XMPP/Matrix, and a couple of those people who
already have extensive NNTP/Usenet experience. One of them develops
nksrv [1] which is a Go implementation of NNTP designed primarily to
work as an imageboard, and the other just participates a lot in the
lore of Usenet.

So, definitely we already have quite a bit of interest and investment
into this.

[1]: <https://github.com/cathugger/nksrv>

[opal hart]

On Thu, 29 Jul 2021 10:00:02 +0200
Aioe <est...@aioe.org> wrote:

> checkgroups are issued by hierarchies administrators not by server admins.

> act[sy]nc is your friend

Thanks for clarifying. I'll check out actsync(8).

> we mostly use news.software.nntp

Awesome.

> at the moment, there's no ready to use web based newsreader since newsportal isn't compatible with modern PHP versions

Sorry, I meant guides and FAQs other than the manual pages provided
with INN. Common beginner pitfalls that are easily avoided. Unless it's
a rite of passage for me to fuck up a bit at the start ;)

> >
> > Finally (for now), how would I get INNd/nnrpd to listen on port 563?
>
> is you version of innd compiled with openssl support?
> 'nnrpd -D -S' or as xinetd service (stunnel is never a good idea)

Yeah, I built with TLS support and nnrpd is linked against libssl.so.

I don't use (x)inetd but I will try using a UCSPI-based solution such
as s6-tlsserver. I'm a djb nut :) and if I need to patch in support for
the UCSPI protocol (which is very simple, just a few env vars and
pipes) so that I can get IP address information forwarded to nnrpd, then
that won't be too difficult for me.

> for nntp service, a VPS is much enough
> https://news.aioe.org/stats/innreport-reports/

I've wasted too much money on VPSes in the past, but it's good to know
that my resource requirements won't be high for this.

> if you need a peer, write me an email.

I'll look over some of the resources provided in this thread,
reconfigure TLS, and definitely get back once I'm interested in
peering. Thanks a lot for the detailed reply.

[opal hart]

On Thu, 29 Jul 2021 14:38:54 +0200
Aioe <est...@aioe.org> wrote:

> imho best choice depends by the number of users
> if your server is *private* and it has only a few clients that make use of SSL, nnrpd -D -S is probably enough
>
> if your server is public, xinetd offers more features compared with inetd, mostly it supports command line arguments (read nnrpd man page about -P flag) and a limit of connections per source.

I'll probably move to an "inet-like" setup -- as I mentioned in my last
reply, though, it'll be with a UCSPI-based tool. I find it to be a
cleaner and more-lightweight setup than inetd, and there exist tools
for it to limit connections in a variety of ways as well. Of course,
there's also my firewall.

Over time, the best way to figure out what I need will be to keep a
watch on my NNTP traffic, of course.

> BTW INN 2.4 is obsolete since 15 years, if you're seriously still using
> it you should upgrade as soon as possible

It should be 2.6.3. Is it reporting another version?

[Aioe]

Il 30/07/21 03:08, opal hart ha scritto:

> I'll probably move to an "inet-like" setup -- as I mentioned in my last
> reply, though, it'll be with a UCSPI-based tool.

how many users do you think your server will have?
if you imagine your server will have hundreds of users, perhaps
ucspi-tcp may also be an idea. If your users are going to be just
yourself and five friends, ucspi-tcp is probably oversized. xinetd is
not perfect but it is simple, safe and does everything necessary without
causing problems. It is a minimal choice that is good in all cases where
the load is low.

if you plan to open your server to the public, you must remember to
impose some limit on the number of messages that each user can post in a
day. This is to avoid floods. If you plan to use authentication, you
need to configure nnrpd for this purpose. It is not a very simple
operation if the users are more than a few.

> It should be 2.6.3. Is it reporting another version?

2.6.3 is the most modern stable version of innd

[opal hart]

On Fri, 30 Jul 2021 08:16:57 +0200
Aioe <est...@aioe.org> wrote:

> if you imagine your server will have hundreds of users, perhaps ucspi-tcp may also be an idea. If your users are going to be just yourself and five friends, ucspi-tcp is probably oversized. xinetd is not perfect but it is simple, safe and does everything necessary without causing problems. It is a minimal choice that is good in all cases where the load is low.
>
> if you plan to open your server to the public, you must remember to impose some limit on the number of messages that each user can post in a day. This is to avoid floods. If you plan to use authentication, you need to configure nnrpd for this purpose. It is not a very simple operation if the users are more than a few.

I'll look into nnrpd authentication and an appropriate-enough rate
limiting to avoid floods while not impeding on general posting. Thanks.

> 2.6.3 is the most modern stable version of innd

I double-checked, that's what I have installed and currently running.

[Matija Nalis]

On Thu, 29 Jul 2021 00:51:57 +0000, opal hart <use...@wowana.me> wrote:
> like to know the best way to backfill news before the point where I've
> actually peered with anyone. I've seen some archival efforts, and I may

Back in time when I needed to backfill, pullnews(1) worked just fine.
https://linux.die.net/man/1/pullnews

--
Opinions above are GNU-copylefted.

[Grant Taylor]

On 7/30/21 5:12 PM, Matija Nalis wrote:
> Back in time when I needed to backfill, pullnews(1) worked just fine.

What, if anything, did you need to reconfigure on your news server to
allow older articles?

I find this to be the biggest annoyance when I try to back fill newsgroups.



--
Grant. . . .
unix || die

[Julien ÉLIE]

Hi Grant,

> What, if anything, did you need to reconfigure on your news server to
> allow older articles?
>
> I find this to be the biggest annoyance when I try to back fill newsgroups.

INN by default will reject articles older than 10 days. So, yes, a few
commands should be passed before filling newsgroups with old articles:

ctlinnd param c 0
ctlinnd perl n
ctlinnd python n

--
Julien ÉLIE

« Traversez la rivière en foule, le crocodile ne vous mangera pas. »
(proverbe malgache)

[Julien ÉLIE]

Hi Paolo,

>> It should be 2.6.3. Is it reporting another version?
>
> 2.6.3 is the most modern stable version of innd

Note that INN 2.6.4 was released on January 2021 and is currently the
most modern stable version :)

--
Julien ÉLIE

« Le chemin le plus court d'un point à un autre est la ligne droite, à
condition que les deux points soient bien en face l'un de l'autre. »
(Pierre Dac)

[Julien ÉLIE]

Hi Paolo,

> at the moment, there's no ready to use web based newsreader since
> newsportal isn't compatible with modern PHP versions

FYI, Stéphane recently forked NewsPortal to be compatible with modern
PHP versions and also with smartphone display:
https://gitlab.com/yamo-nntp/newsportal/-/tree/master

A running version here:
http://news2web.pasdenom.info/thread.php?group=news.admin.peering

--
Julien ÉLIE

« Two secrets to keep your marriage brimming:
1. Whenever you're wrong, admit it.
2. Whenever you're right, shut up. » (Patrick Murray)

[John Goerzen]

On 2021-07-29, Retro Guy <retr...@rocksolidbbs.com> wrote:
> Thanks for the pointer to actsync. I was unaware of this tool.

This may do the trick for you:

cd /tmp
wget ftp://ftp.isc.org/pub/usenet/CONFIG/active
su -s /bin/bash - news
/usr/lib/news/bin/actsync -p 0 -v 2 -i /etc/news/actsync.ign localhost /tmp/active > /tmp/foo
# review /tmp/foo here!
/usr/lib/news/bin/mod-active /tmp/foo

Some excerpts from my actsync.ign:

## For now by default do not sync.
i *

## Sync on the 8 majors.
c comp.*
c humanities.*
c misc.*
c news.*
c rec.*
c sci.*
c soc.*
c talk.*

c alt.*
c gnu.*

## From https://news.aioe.org/documentation/how-to-setup-a-feed-with-aioeorg/, roughly
i *.bina*
i *.bain*
i *.dateien*
i *.pictures*

>> at the moment, there's no ready to use web based newsreader since
>> newsportal isn't compatible with modern PHP versions
>
> Rocksolid Light is a fork of Newsportal that works on modern systems. I'm reading/posting with it now. https://www.novabbs.com (note: I'm the developer)

I am intrigued. That's a nice system, an interesting community also. Where is the code for Rocksolid Light?

>> is you version of innd compiled with openssl support?
>> 'nnrpd -D -S' or as xinetd service (stunnel is never a good idea)
>
> From https://www.eyrie.org/~eagle/software/inn/docs-2.4/nnrpd.html
> the easiest way is probably to add a line like:
>
> nntps stream tcp nowait news /usr/lib/news/bin/nnrpd nnrpd -S

On my Debian box, I dropped this in /etc/systemd/system/nnrpd-tls.service:

[Unit]
Description=NNRPD for TLS

[Service]
ExecStart=/usr/lib/news/bin/nnrpd -D -f -p 563 -S
Restart=always
User=news
Group=news

[Install]
WantedBy=multi-user.target

Then systemctl daemon-reload; systemctl enable nnrpd-tls; systemctl start nnrpd-tls

- John

[Gérald Niel]

Le Jeudi 29 juillet 2021 à 09:15 UTC, Retro Guy écrivait sur
news.admin.peering :

>> at the moment, there's no ready to use web based newsreader since
>> newsportal isn't compatible with modern PHP versions

> Rocksolid Light is a fork of Newsportal that works on modern systems.
> I'm reading/posting with it now. https://www.novabbs.com (note: I'm
> the developer)

Have you seen the work of Yamo to make Newsportal compatible with the
latest versions of PHP?

https://gitlab.com/yamo-nntp/newsportal

Maybe it would be interesting to work together rather than on
different forks?

--
On ne le dira jamais assez, l'anarchisme, c'est l'ordre sans le
gouvernement ; c'est la paix sans la violence. C'est le contraire
précisément de tout ce qu'on lui reproche, soit par ignorance, soit
par mauvaise foi. -+- Hem Day -+-

[Retro Guy]

Gérald Niel wrote:

> Le Jeudi 29 juillet 2021 à 09:15 UTC, Retro Guy écrivait sur
> news.admin.peering :

>>> at the moment, there's no ready to use web based newsreader since
>>> newsportal isn't compatible with modern PHP versions

>> Rocksolid Light is a fork of Newsportal that works on modern systems.
>> I'm reading/posting with it now. https://www.novabbs.com (note: I'm
>> the developer)

> Have you seen the work of Yamo to make Newsportal compatible with the
> latest versions of PHP?

> https://gitlab.com/yamo-nntp/newsportal

> Maybe it would be interesting to work together rather than on
> different forks?

I was not aware of this fork until very recently. It's a nice update to
Newsportal and I've taken a look at the code. It seems both of us have
put effort into making it useable on small devices and of course having
it work with the latest php.

It's also nice to see that Yamo has given credit to Florian Amrhein as I
have, since they are the developer who gave us Newsportal in the first place.

If you're looking for a great update to Newsportal for php7, Yamo has done it.
My version, Rocksolid Light, has diverged aggressively, adding a built in nntp
server and major changes to css. It all depends on what you'd prefer to use.

I'll continue to take a look at Yamo's code and maybe we can share bug fixes, etc.
(Yes, Newsportal came with bugs just like any software). It's great to see that
someone else decided Newsportal was a very nice project to keep alive, and now
there are two versions, each suited for different tastes/needs.