I see a lot of folks that ask for older usenet software
and try to recompile and do all kind of hacks to make it work,
such is ok, but I see a lack of support to the new school developers
that make an effort to try to add usenet support to their projects
to just later just drop them because lack of use and support from
the usenet community, an example of this is a very promissing email client
called "meli" https://github.com/meli/meli
she added support for nntp/usenet since day 1, I been the only person helping
troubleshoot bugs etc, but after some time she is thinking in dropping the ball
and only continue with email support because only 2 people uses usenet and
helps with patches/submiting bugs and such.. I can see why a developer
will get desmorilized if nobody uses a feature, so why instead of "hacking"
old software we do not support/help new projects?
I hear aerc another very good email client talking about supporting nntp/usenet
someone comencted it on the matrix #golang channel but I never hear back..
maybe developers thing nobody is going to use it and dont want to
put an effort it on ... *shrugs*

Happy Hacking
ReK2
First language is Spanish.
--
- {gemini,https}://{,rek2.}hispagatos.org - mastodon: @rek2@hispagatos.space
- [https|gemini]://2600.Madrid - https://hispagatos.space/@rek2
- https://keyoxide.org/A31C7CE19D9C58084EA42BA26C0B0D11E9303EC5

Am 02.11.2023 um 18:26:54 Uhr schrieb rek2 hispagatos:

> I can see why a developer will get desmorilized if nobody uses a
> feature, so why instead of "hacking" old software we do not
> support/help new projects?

I don't use abandoned software for networking, it won't support current
encryption standard and other stuff like IPv6.
I also don't want to deal with old stuff that isn't developed anymore
because nobody will fix the bugs (I am not a developer and I can't do
that).

Marco Moock <mm+usenet-es@dorfdsl.de> wrote:

> rek2 hispagatos:
>
>> I can see why a developer will get desmorilized if nobody uses a
>> feature, so why instead of "hacking" old software we do not
>> support/help new projects?
>
> I don't use abandoned software for networking, it won't support
> current encryption standard and other stuff like IPv6. I also don't
> want to deal with old stuff that isn't developed anymore because
> nobody will fix the bugs (I am not a developer and I can't do that).

Why is encryption required for Usenet? For login, yes. For content,
no, because you're publishing to the public.

A problem is Usenet is not strongly supported. The number of NNTP
clients is dismal, and many are actually e-mail clients with newsgroups
tacked on, because the tree structure for e-mail folders can be reused
for newsgroups. However, constructs permitted in e-mail do not always
translate well to Usenet. E-mail and newsgroups are different
communication venues with differing histories that have some overlap.

As for old clients that don't support the latest encryption protocols
and/or ciphers, a solution is to add another program as a proxy that
does, like sTunnel. Not all NNTP providers have logins (they don't
assign accounts to users), so encryption is meaningless. Some have both
port 119 (not encrypted) and 563 (encrypted) connections. If your old
NNTP client doesn't support the encryption protocols or ciphers needed
on port 563, instead use 119.

I've been using an ancient NNTP client that got abandoned around 2002
(with an .84 update in 2005 that was buggy, so I went back to .41). New
doesn't mean better. Lots of users just must have the newest hardware
drivers despite the changes are not relevant to their hardware or
software setup, and give them nothing more than they had before which
was working. New code may fix old bugs (which may not apply to you),
but new code introduces new bugs, too.

So, what do you use as your NNTP client? Your choice of client, or how
you configured it, does not identify itself in a UA header. There are
few NNTP clients that are supported today, and some of those that are
new have very crappy or no support.

Also, "abandoned" doesn't mandate decades ago. As with the OP's topic,
abandoning has not yet happened, and if it does it will happen on a new
program.

Marco Moock <mm+usenet-es@dorfdsl.de> wrote:
> Am 02.11.2023 um 18:26:54 Uhr schrieb rek2 hispagatos:
>
>> I can see why a developer will get desmorilized if nobody uses a
>> feature, so why instead of "hacking" old software we do not
>> support/help new projects?
>
> I don't use abandoned software for networking, it won't support current
> encryption standard and other stuff like IPv6.

Personally that doesn't matter at all for me with news readers.
NNTP mercifully hasn't gone crazy forcing encryption for everything
like the web, and until getting an IPv4 address actually starts
requiring work, using IPv6 in clients is just a hobby for users.

> I also don't want to deal with old stuff that isn't developed anymore
> because nobody will fix the bugs (I am not a developer and I can't do
> that).

True, but then there's nobody introducing new bugs either. Once I
find a version that doesn't have any bugs that significantly affect
my own usage, I'm inclined to stick with it unless a significant
new feature is introduced. Of course security and compatibility
concerns do force me out of that comfy habit with some software,
and I'm glad that Usenet clients aren't included with that. I'm
using an old version of Tin because it works for me and trying out
the newer releases doesn't reveal any interesting new
functionality.

I've often looked at all the NNTP-related software that's
available, including much currently maintained (for Linux at
least), and thought that there almost seems to be more people
working on NNTP software now than actually using NNTP. If they want
to do it then that's fine, but I think they'd achieve more for
Usenet by spending their time actually posting from their clients
rather than developing them.

--
__ __
#_ < |\| |< _# | Note: I won't see posts made from Google Groups |

Computer Nerd Kev <not@telling.you.invalid> wrote:

> I've often looked at all the NNTP-related software that's
> available, including much currently maintained (for Linux at
> least), and thought that there almost seems to be more people
> working on NNTP software now than actually using NNTP. If they want
> to do it then that's fine, but I think they'd achieve more for
> Usenet by spending their time actually posting from their clients
> rather than developing them.

True. They need to participate in Usenet a lot while using the
User-Agent header to advertise what client they use.

Terminal clients (e.g., [al]pine, mutt) aren't much used outside of the
*NIX platforms. Per https://github.com/meli/meli, searching is
cumbersome. Didn't see mention of filters or rules without which Usenet
would be far too onerous in having to ignore, skip and scroll past all
the dross. Most users love to use HTML in e-mails. To view those,
would meli have to pass them to a web browser?

Am 02.11.2023 um 16:47:41 Uhr schrieb VanguardLH:

> Marco Moock <mm+usenet-es@dorfdsl.de> wrote:
>
> > rek2 hispagatos:
> >
> >> I can see why a developer will get desmorilized if nobody uses a
> >> feature, so why instead of "hacking" old software we do not
> >> support/help new projects?
> >
> > I don't use abandoned software for networking, it won't support
> > current encryption standard and other stuff like IPv6. I also don't
> > want to deal with old stuff that isn't developed anymore because
> > nobody will fix the bugs (I am not a developer and I can't do
> > that).
>
> Why is encryption required for Usenet? For login, yes.

That's the point.

> A problem is Usenet is not strongly supported. The number of NNTP
> clients is dismal, and many are actually e-mail clients with
> newsgroups tacked on, because the tree structure for e-mail folders
> can be reused for newsgroups. However, constructs permitted in
> e-mail do not always translate well to Usenet. E-mail and newsgroups
> are different communication venues with differing histories that have
> some overlap.

Most of them can be used well for Usenet too.

> As for old clients that don't support the latest encryption protocols
> and/or ciphers, a solution is to add another program as a proxy that
> does, like sTunnel. Not all NNTP providers have logins (they don't
> assign accounts to users), so encryption is meaningless.

That is only possible for your own network, but not for public server.
Wait some time and they are being abused for posting spam and troll
posts.

> Some have both port 119 (not encrypted) and 563 (encrypted) connections.

119 can be encrypted with STARTTLS.

> So, what do you use as your NNTP client?

Claws Mail and true, it doesn't set User-Agent.

On Fri, 3 Nov 2023 18:50:29 +0100, Marco Moock <mm+usenet-es@dorfdsl.de>
wrote in <ui3bt6$2s5s4$2@dont-email.me>:

> Am 02.11.2023 um 16:47:41 Uhr schrieb VanguardLH:
>
>> Marco Moock <mm+usenet-es@dorfdsl.de> wrote:
>>
>> > rek2 hispagatos:
>> >
>> >> I can see why a developer will get desmorilized if nobody uses a
>> >> feature, so why instead of "hacking" old software we do not
>> >> support/help new projects?
>> >
>> > I don't use abandoned software for networking, it won't support
>> > current encryption standard and other stuff like IPv6. I also don't
>> > want to deal with old stuff that isn't developed anymore because
>> > nobody will fix the bugs (I am not a developer and I can't do that).
>>
>> Why is encryption required for Usenet? For login, yes.
>
> That's the point.
>
>> A problem is Usenet is not strongly supported. The number of NNTP
>> clients is dismal, and many are actually e-mail clients with newsgroups
>> tacked on, because the tree structure for e-mail folders can be reused
>> for newsgroups. However, constructs permitted in e-mail do not always
>> translate well to Usenet. E-mail and newsgroups are different
>> communication venues with differing histories that have some overlap.
>
> Most of them can be used well for Usenet too.
>
>> As for old clients that don't support the latest encryption protocols
>> and/or ciphers, a solution is to add another program as a proxy that
>> does, like sTunnel. Not all NNTP providers have logins (they don't
>> assign accounts to users), so encryption is meaningless.
>
> That is only possible for your own network, but not for public server.
> Wait some time and they are being abused for posting spam and troll
> posts.
>
>> Some have both port 119 (not encrypted) and 563 (encrypted)
>> connections.
>
> 119 can be encrypted with STARTTLS.
>
>> So, what do you use as your NNTP client?
>
> Claws Mail and true, it doesn't set User-Agent.

I usually have the User-Agent turned off.

I think it's turned on for this post.

(Pan, built from git).

--
-v

Marco Moock <mm+usenet-es@dorfdsl.de> wrote:

> VanguardLH:
>
>> Why is encryption required for Usenet? For login, yes.
>
> That's the point.
>
>> Some have both port 119 (not encrypted) and 563 (encrypted) connections.
>
> 119 can be encrypted with STARTTLS.

I use individual.net on non-encrypted port 119. They only encrypt on
port 563. They also have ports 80 and 8119 should a user be blocked on
the normal NNTP ports.

I've never been concerned about a hacker grabbing my login credentials
when connecting to port 119. Individual.net is very responsive to user
requests, like killing a login that is getting abused by a forger, and
will simply issue a new password.

Of course, they don't even need my login credentials to attempt forging
me. They could use an individual.net account of their own, so the
injection node in PATH shows the same as for me, and have their client
use the same headers as for me. The wonderful anarchy of Usenet.
However, abuse reports to individual.net are acted upon.

VanguardLH wrote:

snip

> I use individual.net on non-encrypted port 119. They only encrypt on
> port 563. They also have ports 80 and 8119 should a user be blocked on
> the normal NNTP ports.

> I've never been concerned about a hacker grabbing my login credentials
> when connecting to port 119. Individual.net is very responsive to user
> requests, like killing a login that is getting abused by a forger, and
> will simply issue a new password.

> Of course, they don't even need my login credentials to attempt forging
> me. They could use an individual.net account of their own, so the
> injection node in PATH shows the same as for me, and have their client
> use the same headers as for me. The wonderful anarchy of Usenet.
> However, abuse reports to individual.net are acted upon.

What I do at i2pn2.org is to provide a hash of the logged in user in
posting-account in Injection-Info in the headers. This should always be
the same for the authenticated user. It doesn't matter what they provide
in the From: header, the hash is generated from their login credentials.

I added this in the headers so a reader could filter by that hash if they
wished. No reason to filter the server, just the user.

I just checked, and it doesn't look like individual.net uses this header
at all. Maybe they would consider it, or maybe they have a good reason to
not use it.

--
Retro Guy

Marco Moock <mm+usenet-es@dorfdsl.de> wrote:
> Am 02.11.2023 um 16:47:41 Uhr schrieb VanguardLH:
>
>> As for old clients that don't support the latest encryption protocols
>> and/or ciphers, a solution is to add another program as a proxy that
>> does, like sTunnel. Not all NNTP providers have logins (they don't
>> assign accounts to users), so encryption is meaningless.
>
> That is only possible for your own network, but not for public server.
> Wait some time and they are being abused for posting spam and troll
> posts.

As you well know, it is possible, you just don't like it. Anyone,
like me right now, who uses a news server without user
accounts/log-ins wouldn't care to have a password encrypted if they
were posting from a news server that did require free accounts
either, because it would still provide much more protection against
people spoofing them than they feel is required.

--
__ __
#_ < |\| |< _# | Note: I won't see posts made from Google Groups |

On 2023-11-02, rek2 hispagatos <rek2@hispagatos.org.invalid> wrote:
> I see a lot of folks that ask for older usenet software
> and try to recompile and do all kind of hacks to make it work,
> such is ok, but I see a lack of support to the new school developers
> that make an effort to try to add usenet support to their projects
> to just later just drop them because lack of use and support from
> the usenet community, an example of this is a very promissing email client
> called "meli" https://github.com/meli/meli
> she added support for nntp/usenet since day 1, I been the only person helping
> troubleshoot bugs etc, but after some time she is thinking in dropping the ball
> and only continue with email support because only 2 people uses usenet and
> helps with patches/submiting bugs and such.. I can see why a developer
> will get desmorilized if nobody uses a feature, so why instead of "hacking"
> old software we do not support/help new projects?
> I hear aerc another very good email client talking about supporting nntp/usenet
> someone comencted it on the matrix #golang channel but I never hear back..
> maybe developers thing nobody is going to use it and dont want to
> put an effort it on ... *shrugs*
>
>
> Happy Hacking
> ReK2
> First language is Spanish.

Because slrn for news and mutt for email work perfectly. Slrnpull
caches all the stories offline and mutt can be set with msmtp+mbsync
(isync) making your answers/posts and offline reading very convenient
over flakey connections. Or just going to rural places, read and answer
all the posts and posting them back in a better place.