Authenticated Logon Before Posting

Everyone,

This note is being "spammed" across every group on the server to 
make certain that it is seen by everyone reading the articles 
here. If you have not already subscribed to the very low traffic 
"grc.news" group, into which only I am able to post for the 
distribution of this sort of news, please consider subscribing
so you won't miss future announcements.

We have been experiencing increasing trouble with unsolicited 
SPAMMING across our news server, and it appears to be a trend 
that's on the rise.  Since this unwanted newsgroup spamming can
be largely if not completely eliminated by requiring that people 
who wish to post configure their news reading software to 
"Authenticate" itself by providing an identical username and 
password, we will shortly be adopting this posting requirement
for the GRC server.

While I *KNOW* this is an initial annoyance and hurdle for people 
wanting to participate here, once we have created some clear step-
by-step guidelines for configuring every available newsreader, any 
initial confusion should be minimized, and EVERYONE posting will 
also receive the sometimes handy and useful capability to securely 
and instantly CANCEL and delete anything they might regret posting 
to the groups.  (And all future random newsgroup spamming will 
probably be completely eliminated.)

We OFTEN receive eMail from people here who have inadvertently 
posted with their real eMail address, discovering this only after 
witnessing their own posted articles appearing on public.  They 
frantically write to use asking for their leak to be removed.  So 
the up-front adoption of our secure self-cancelling system (which 
prevents others from cancelling articles they did not post) will 
solve these sorts of problems too.

One of our regular contributors here, "Milly", has kindly (and
is probably still kindly) assembling and maintaining a page 
containing notes and instructions for specific news readers:

http://www.imilly.com/noregrets.htm#cancel

Before we switch over to enforcing newsreader authentication, I 
will have "imported" the distillation of all the current confusion 
from our groups and from Milly's page(s) into a page on GRC so 
that newcomers will likely discover this information BEFORE they 
first encounter any posting barriers on our news server.

And after an authentication requirement is imposed, the error 
message returned by our server will also contain a pointer to
our page explaining more about our requirements.

A new newsgroup "grc.test.noauth" will be created to specifically 
allow non-authenticated posting. In this way users will be able to 
test their authenticated posting in "grc.test" and will be able to 
ask for help and test non-authenticated posting in this special 
newsgroup. (Both authenticated and non-authenticated postings will 
succeed in "grc.test.noauth", but only authenticated postings will 
succeed in "grc.test".  This allows us to return an 
"authentication required" error in "grc.test" to cause some 
newsreaders to request this from their users.)

And finally ... for people whose newsreaders simply refuse to 
cooperate, our forthcoming web interface system will allow posting 
after performing a simple eMail verification loop.  So one way or 
another, everyone who wants to should be able to participate.

>----------------------------------------------------------------
Since I want to minimize the impact and inconvenience of these 
changes, there's still plenty of time left to figure out how to 
get your newsreader to authenticate to our news server... and 
today, much more than a week ago, there is also a LARGE BODY of 
working knowledge among our participants here who have figured
out how to get their own newsreaders to behave.

Please see Milly's web page as a starting point ...

http://www.imilly.com/noregrets.htm#cancel

Then PLEASE post any questions you may have about your specific 
situation to our "grc.test" newsgroup.  I am sure any questions 
will be answered quickly there. (To minimize confusion, the 
forthcoming "grc.test.noauth" group has not been created yet.)

The "very short version" of the way this will work is that you 
should choose any unique "Passphrase" for yourself. It should be 
up to 30 characters long, and long enough so that it's unlikely to 
be chosen by someone else. Then use that passphrase as BOTH your 
username and password when logging onto this news server.

If your newsreader offers "Secure Authentication" you MUST DISABLE 
this option.  But "Logon with Authentication" or "Require Server 
Logon" and such ... *is* what you want to select.

Thank you for your patience and understanding with this change, 
and with your help in contributing to making this newsgroup server 
the uniquely valuable and special place its participants have come 
to know.  We have all built a truly special community here.

-- 
_________________________________________________________________
Steve.
0
Steve
11/22/2004 7:36:00 PM
grc.techtalk.linux 3969 articles. 0 followers. Follow

215 Replies
824 Views

Similar Articles

[PageSpeed] 4

"Steve Gibson" <support@grc.com> wrote in message
news:cntfch$5i8$1@news.grc.com...
> Everyone,
>
> This note is being "spammed" across every group on the server to
> make certain that it is seen by everyone reading the articles
> here. If you have not already subscribed to the very low traffic
> "grc.news" group, into which only I am able to post for the
> distribution of this sort of news, please consider subscribing
> so you won't miss future announcements.

I sure thought it was spam when I saw it show up in _all_ the newsgroups.
<g>

Nice to see, Steve.  It seems you have pretty well covered all the bases.

-- 
Robert
GRC Newsgroups/Guidelines/No Regrets
http://news.grc.com/news.exe?cmd=article&group=grc.techtalk&item=116183
0
Robert
11/22/2004 7:49:00 PM
[for the unabridged version, see Robert  Wycoff's post above]

> I sure thought it was spam when I saw it show up in _all_
> the newsgroups.  <g>

Yeah.  Just check out its "Newsgroups" and "Xref" headers!  :)


> Nice to see, Steve.  It seems you have pretty well covered
> all the bases.

Well, thanks to everyone's great work and feedback.  I still
have a LOT of work to do, but I think it's all going to pay off.

-- 
_________________________________________________________________
Steve.
0
Steve
11/22/2004 8:01:00 PM
One question ...

Do you guys think that we need that "grc.test.noauth" group to 
specifically allow non-authenticated posting? ... or could I 
simply do as Jim Crowther suggested and allow non-auth postings 
into grc.test?

The issue is: does ANYONE's newsreader wait until a postings
FAILS to present the authentication request? ... or are the
pop-up dialogs always presented upon initial connection?

-- 
_________________________________________________________________
Steve.
0
Steve
11/22/2004 8:04:00 PM
"Steve Gibson" <support@grc.com> wrote in message 
news:cnth1b$5i8$7@news.grc.com...
<snip>
> Do you guys think that we need that "grc.test.noauth" group to
> specifically allow non-authenticated posting?
<snip>

I don't think it's necessary. If the website explains the requirements, and 
the error messages are clear enough that ought to be sufficient for anyone 
wanting to post to a newsgroup of this nature.....

Ed Metcalfe. 
0
Ed
11/22/2004 8:09:00 PM
Hello Steve,

EVERYONE except our newer or quieter friends need *not* be concerned until
they wish to voice a question or an opinion.

Correct?

-- 
Paul S. Nofs
0
Paul
11/22/2004 8:10:00 PM
Steve Gibson wrote:

> We have been experiencing increasing trouble with unsolicited
> SPAMMING across our news server, and it appears to be a trend
> that's on the rise.

Yeah, yeah.. we know by now ;-)
But seriously, how bad is it anyway?
I haven't seen anything unusual in any group I read here (mostly techtalk,
security and feedback).

Don't get me wrong, authentication is easy enough to setup... for us
"techies". Don't tell the spammers, though!
-- 
Kuifmans
0
Kuifmans
11/22/2004 8:17:00 PM
[For the unexcerpted original, see above]
Steve Gibson wrote ...

> Do you guys think that we need that "grc.test.noauth" group to 
> specifically allow non-authenticated posting? ... or could I 
> simply do as Jim Crowther suggested and allow non-auth postings 
> into grc.test?

It may be less confusing to allow non-authenicated posting to grc.test, 
as it has always been, and setup grc.test.auth to test authenticated 
posting.

-- 

Terry Webb ///
0
Terry
11/22/2004 8:27:00 PM
Steve Gibson wrote:

> Do you guys think that we need that "grc.test.noauth" group to
> specifically allow non-authenticated posting? ... or could I
> simply do as Jim Crowther suggested and allow non-auth postings
> into grc.test?

That would be a nice gesture. The test group has a short retention anyway, and
people reading it can try to help setup other's nntp client.

> The issue is: does ANYONE's newsreader wait until a postings
> FAILS to present the authentication request? ... or are the
> pop-up dialogs always presented upon initial connection?

This may be off topic, but I frequently get messages from OE saying "server
has dropped the connection" after reading a long posting or pausing for a
coffee or potty break or such.
OE will reconnect, no problem... but the timeout seems fairly short (5 mins or
so?).

Just a minor annoyance but with the news server relocated, would a persistent
connection cause any extra load? I guess the server will never have hundreds
of simultaneous connections at any time...
-- 
Kuifmans
0
Kuifmans
11/22/2004 8:28:00 PM
Kuifmans wrote:
[snip]
> This may be off topic, but I frequently get messages from OE saying "server
> has dropped the connection" after reading a long posting or pausing for a
> coffee or potty break or such.
> OE will reconnect, no problem... but the timeout seems fairly short (5 mins or
> so?).
> 
> Just a minor annoyance but with the news server relocated, would a persistent
> connection cause any extra load? I guess the server will never have hundreds
> of simultaneous connections at any time...

I think it's a case of my mileage varying... the connections are always 
there while my mail clients are running - Netscape Mail 7.2 on the 
desktop and TBird on the laptop. I would check your OE inactivity 
settings, your Internet properties settings and if you have a router, 
check if it tears down a connection that has had no activity for X minutes.


-- 
Le Flake
from deepest, darkest Qu�bec
0
Le
11/22/2004 8:35:00 PM
In article <MPG.1c0c15a9efe52c5f9898ff@news.grc.com> "Terry L. Webb"
wrote:
> 
> It may be less confusing to allow non-authenicated posting to grc.test,
> as it has always been, and setup grc.test.auth to test authenticated
> posting.
> 
I authentiicated my original CECIL-ID right there in grc.test and
AFAICT most others do too. :)

-- 
Alan
The universal principle of energy:
Energy has an objective, independent physical existence and exists 
in the absence of matter, but matter is entirely dependent upon
energy and cannot exist in the absence of energy.  - A.T. Williams
< http://www.cox-internet.com/hermital/book/holoprt2-1.htm >
0
hermital
11/22/2004 8:40:00 PM
[For the unexcerpted original, see above]
hermital wrote ...

> I authentiicated my original CECIL-ID right there in grc.test and
> AFAICT most others do too. :)

As did I. :)  However, if you want to test your newsreader to see if it 
works in a group that *requires* authentication you'll need a place to 
do it.

-- 

Terry Webb ///
0
Terry
11/22/2004 8:46:00 PM
Le Flake wrote:

> I think it's a case of my mileage varying... the connections are
> always there while my mail clients are running - Netscape Mail 7.2 on
> the
> desktop and TBird on the laptop. I would check your OE inactivity
> settings, your Internet properties settings and if you have a router,
> check if it tears down a connection that has had no activity for X
> minutes.

Sorry but...
The timeout setting in OE is just for the initial connection and not for
inactivity (60 seconds is the default, and works fine).
Also, I'm on a direct connection to the internet, and no router, firewall or
any other hardware or software here blocking or breaking connections (don't
try this at home kids! ;-)
So I guess it must be the server, and GRC is the only news server I use that
does this (disconnect a session after only a few minutes of inactivity).

Going off topic... but thanks for the input Le Flake!
-- 
Kuifmans
0
Kuifmans
11/22/2004 8:48:00 PM
Hi Terry,

> As did I. :)  However, if you want to test your newsreader to see if it
> works in a group that *requires* authentication you'll need a place to
> do it.

In OE6 I just tested that. When I went to view the message source
(Properties>Details>Message Source) at the end of the 'Poster:' line it said
Non authenticated or a long random string of values (the CECIL ID).

I quickly tried to find the same info in Gravity 2.60 but I'm new at that
and did not find the message source yet.

But it would be nice if the feedback was quick and certain. Like you
suggest, a group that tests Authentication.

-- 
Paul S. Nofs
0
Paul
11/22/2004 8:54:00 PM
In article <MPG.1c0c1a1ce45946b3989900@news.grc.com> "Terry L. Webb"
wrote:
> [For the unexcerpted original, see above]
> hermital wrote ...
> 
> > I authentiicated my original CECIL-ID right there in grc.test and
> > AFAICT most others do too. :)
> 
> As did I. :)  However, if you want to test your newsreader to see if it
> works in a group that *requires* authentication you'll need a place to
> do it.
> 
You have a point, Terry.  I suppose I'm looking at from the POV that
if one can *see* the C-ID and *cancel* a post that contains the C-ID
in the header the authentication for the rest of the GRC NGs is
guaranteed. :)

-- 
Alan
The universal principle of energy:
Energy has an objective, independent physical existence and exists 
in the absence of matter, but matter is entirely dependent upon
energy and cannot exist in the absence of energy.  - A.T. Williams
< http://www.cox-internet.com/hermital/book/holoprt2-1.htm >
0
hermital
11/22/2004 8:54:00 PM
In message <cntho3$7pu$1@news.grc.com>, Kuifmans 
<nospam@nospam.demon.nl> writes
>Steve Gibson wrote:
>
>> We have been experiencing increasing trouble with unsolicited
>> SPAMMING across our news server, and it appears to be a trend
>> that's on the rise.
>
>Yeah, yeah.. we know by now ;-)
>But seriously, how bad is it anyway?
>I haven't seen anything unusual in any group I read here (mostly techtalk,
>security and feedback).

That's because someone went to the trouble to remove them from the 
server. :-) I have at least two of them, plus a couple of follow-ups to 
one of them. Apparently [based on a post from Steve] all were removed 
from the server. And if you didn't happen to connect between the time 
they were posted and the time they were deleted, you'd never see them. 
But only because someone spent the time to remove them.

IIRC there used to be a few of them a year. Apparently there have been a 
few in the last week or two. And we all know how spam grows. :-(

-- 
GRC Newsgroups/Guidelines/No Regrets:
http://www.imilly.com/noregrets.htm
 From invalid, Reply To works.
Kevin A.
0
Kevin
11/22/2004 9:00:00 PM
Hello Alan,

> You have a point, Terry.  I suppose I'm looking at from the POV that
> if one can *see* the C-ID and *cancel* a post that contains the C-ID
> in the header the authentication for the rest of the GRC NGs is
> guaranteed. :)

I agree with seeing the CECIL ID. But 'Deletion' can apply to the client
only, it seems. I was able to delete everyone else's headers from OE6 and
Gravity2.60, but that does not mean that they are gone from the server.

-- 
Paul S. Nofs
0
Paul
11/22/2004 9:02:00 PM
Paul Nofs wrote:
> Hi Terry,
> 
> 
>>As did I. :)  However, if you want to test your newsreader to see if it
>>works in a group that *requires* authentication you'll need a place to
>>do it.
> 
> 
> In OE6 I just tested that. When I went to view the message source
> (Properties>Details>Message Source) at the end of the 'Poster:' line it said
> Non authenticated or a long random string of values (the CECIL ID).
> 
> I quickly tried to find the same info in Gravity 2.60 but I'm new at that
> and did not find the message source yet.
> 
> But it would be nice if the feedback was quick and certain. Like you
> suggest, a group that tests Authentication.
> 

Perhaps, it might be an idea from Steve to added a line to the *body* of 
all messages posted to grc.test saying whether the poster has cecil or 
not.  That way new users won't have to search around in the preferences 
of their news readers looking for the options to show message headers.
0
sparky
11/22/2004 9:11:00 PM
On Mon, 22 Nov 2004 12:04:37 -0800, Steve Gibson wrote:

> One question ...
> 
> Do you guys think that we need that "grc.test.noauth" group to 
> specifically allow non-authenticated posting? ... or could I 
> simply do as Jim Crowther suggested and allow non-auth postings 
> into grc.test?
> 
> The issue is: does ANYONE's newsreader wait until a postings
> FAILS to present the authentication request? ... or are the
> pop-up dialogs always presented upon initial connection?

The only 'non-preset' newsreader I use is Thunderbird. With the 'Always
request authentication' option preselected, I always get the 'Username' and
'Password' prompts at the  news.grc.com level, even when going to grc.test.
OE and Dialog are preset, so I don't ever get asked. And, until
authentication is fully in place all over (or in a temporary test group?)
'tis hard to test against what ain't there yet...
-- 
Bruce Henderson
'...and hold our large heads high...'
0
Bruce
11/22/2004 9:15:00 PM
[For the unexcerpted original, see above]
hermital wrote ...

snip

> You have a point, Terry.  I suppose I'm looking at from the POV that
> if one can *see* the C-ID and *cancel* a post that contains the C-ID
> in the header the authentication for the rest of the GRC NGs is
> guaranteed. :)

What you say is absolutely true and that was all that I needed to set my 
Cecil-ID a few months ago. :)

-- 

Terry Webb ///
0
Terry
11/22/2004 9:21:00 PM
[For the unexcerpted original, see above]
Paul Nofs wrote ...

Hello Paul,

> (Properties>Details>Message Source) at the end of the 'Poster:' line it said
> Non authenticated or a long random string of values (the CECIL ID).
> 
> I quickly tried to find the same info in Gravity 2.60 but I'm new at that
> and did not find the message source yet.

I'm using Gravity 2.5.  Try Article>Show Full Header, or press 'H'.
> 
> But it would be nice if the feedback was quick and certain. Like you
> suggest, a group that tests Authentication.

It may be easier for less experienced users to have a place to quickly 
test their newsreader's authentication settings.

-- 

Terry Webb ///
0
Terry
11/22/2004 9:26:00 PM
In grc.news.feedback sparky wrote:

> Paul Nofs wrote:
>> Hi Terry,
>> 
>> 
>>>As did I. :)  However, if you want to test your newsreader to see
>>>if it works in a group that *requires* authentication you'll need
>>>a place to do it.
>> 
 
>> In OE6 I just tested that. When I went to view the message source
>> (Properties>Details>Message Source) at the end of the 'Poster:'
>> line it said Non authenticated or a long random string of values
>> (the CECIL ID). 
 
[ ]
>> But it would be nice if the feedback was quick and certain. Like
>> you suggest, a group that tests Authentication.
 
> Perhaps, it might be an idea from Steve to added a line to the
> *body* of all messages posted to grc.test saying whether the
> poster has cecil or not.  That way new users won't have to search
> around in the preferences of their news readers looking for the
> options to show message headers. 

A header line displayed by default in the HTML interface!
0
Mark
11/22/2004 9:36:00 PM
Paul Nofs wrote:
> 
> I agree with seeing the CECIL ID. But 'Deletion' can apply to the client
> only, it seems. I was able to delete everyone else's headers from OE6 and
> Gravity2.60, but that does not mean that they are gone from the server.
> 
As you know, Paul, CECIL-ID is *not* required to simply 'delete'
headers from your own newsreader(s).  At the moment, CECIL-ID is
designed only to allow the authorized user to use 'control/cancel' to
delete his or her own posts completely *off* the news.grc.com server.

If you 'control/cancel' a post off the GRC news server, you must close
the newsreader(s) presently online.  The next time you connect to the
GRC news server your newsreader will not see the canceled post in your
HDD storage.

Well, darn.  I think I just verified the simpler suggestion you and
Terry made for a separate "authentication" NG. ;)

-- 
Alan
The universal principle of energy:
Energy has an objective, independent physical existence and exists 
in the absence of matter, but matter is entirely dependent upon
energy and cannot exist in the absence of energy.  - A.T. Williams
< http://www.cox-internet.com/hermital/book/holoprt2-1.htm >
0
hermital
11/22/2004 9:38:00 PM
Kevin A. wrote:

> That's because someone went to the trouble to remove them from the
> server. :-) I have at least two of them, plus a couple of follow-ups
>
> IIRC there used to be a few of them a year. Apparently there have
> been a few in the last week or two. And we all know how spam grows.

So true :(
I couldn't imagine any sensible person following up on them, so I figured the
trouble of deleting those sparse messages (or just not reading them, I don't
need more loans or Rolex watches) would outweigh the "hassle" of *everyone*
having to set up a Cecil-ID.
On the other hand, the vast majority of us have been using it for ages, to be
able to cancel our own postings. So it's not a big deal or major challenge for
anyone.

Still, it leaves me with some questions...
First of all... spammers, trolls and other NG pollutors could easily do it
too.
Second, what if I "forget" mine? Will I not be able to post using the same
username again?
Third, my username (not the password) is stored in plain text in my nntp
authentication settings, which means that anyone (or any admin) who has access
to my PC can easily "steal" it (if they know the username and password are
identical).

On yet another hand... it's not too difficult to steal any password out of a
Windows machine if you have admin access, plus I have my Cecil ID set to some
random junk not used anywhere else.
-- 
Just some thoughts,
Kuifmans
0
Kuifmans
11/22/2004 9:47:00 PM
Hello Alan,

> If you 'control/cancel' a post off the GRC news server, you must close
> the newsreader(s) presently online.  The next time you connect to the
> GRC news server your newsreader will not see the canceled post in your
> HDD storage.

Well, I deleted yat7 from the test group from OE6. Waited 5 or so minutes.
Closed OE6 opened Gravity 2.6. Headers refreshed, and there was the yat7
message, undeleted. Now I am confused.

-- 
Paul S. Nofs
0
Paul
11/22/2004 9:53:00 PM
In message <cntndk$dsi$1@news.grc.com>, Paul Nofs <tech@home.sit> writes
>Hello Alan,
>
>> If you 'control/cancel' a post off the GRC news server, you must close
>> the newsreader(s) presently online.  The next time you connect to the
>> GRC news server your newsreader will not see the canceled post in your
>> HDD storage.
>
>Well, I deleted yat7 from the test group from OE6. Waited 5 or so minutes.
>Closed OE6 opened Gravity 2.6. Headers refreshed, and there was the yat7
>message, undeleted. Now I am confused.

It's still there.
<http://client.grc.com/news.exe?cmd=article&group=grc.test&item=11063&uta
g=>

Are you deleting it by choosing it in the message list [unopened], then 
Message | Cancel?

-- 
GRC Newsgroups/Guidelines/No Regrets:
http://www.imilly.com/noregrets.htm
 From invalid, Reply To works.
Kevin A.
0
Kevin
11/22/2004 10:01:00 PM
[For the unexcerpted original, see above]
Paul Nofs wrote ...

> Well, I deleted yat7 from the test group from OE6. Waited 5 or so minutes.
> Closed OE6 opened Gravity 2.6. Headers refreshed, and there was the yat7
> message, undeleted. Now I am confused.

Try setting the same Cecil-ID in Gravity 2.6 and then read yat7, do 
Article>Cancel Article...

Then do View>Outbox to see if the cancellation was successful.


-- 

Terry Webb ///
0
Terry
11/22/2004 10:08:00 PM
"Kuifmans" <nospam@nospam.demon.nl> wrote in message
news:cntn1h$dgq$1@news.grc.com...
> Kevin A. wrote:
>
> > That's because someone went to the trouble to remove them from the
> > server. :-) I have at least two of them, plus a couple of follow-ups
> >
> > IIRC there used to be a few of them a year. Apparently there have
> > been a few in the last week or two. And we all know how spam grows.

> So true :(
> I couldn't imagine any sensible person following up on them, so I figured
the
> trouble of deleting those sparse messages (or just not reading them, I
don't
> need more loans or Rolex watches) would outweigh the "hassle" of
*everyone*
> having to set up a Cecil-ID.
> On the other hand, the vast majority of us have been using it for ages, to
be
> able to cancel our own postings. So it's not a big deal or major challenge
for
> anyone.
>
> Still, it leaves me with some questions...
> First of all... spammers, trolls and other NG pollutors could easily do it
> too.

I think Steve said something about this in his "spam". <g>

> Second, what if I "forget" mine? Will I not be able to post using the same
> username again?

The way you "forget" is if you delete or lose your news reader's
configuration settings.  They can be backed up, depending on which news
reader you use.  But if you lose your passphrase for some reason, all you
have to do is enter a new one and you will get a new CID.  It just means you
can't cancel any posts that were made with the old CID.

> Third, my username (not the password) is stored in plain text in my nntp
> authentication settings, which means that anyone (or any admin) who has
access
> to my PC can easily "steal" it (if they know the username and password are
> identical).

.... Which is true for everything else on your computer, including your email
userid and password, which are much more important than a CID.  I will be
more than happy to tell you what my passphrase is, if you are the least bit
interested.  But using my passphrase will not allow you to cancel my posts,
because my posts are made with my newsreader settings.  Here is some more
information on how Steve implements the CID.

http://www.imilly.com/noregrets.htm#cancel

"
The CECIL-ID:

The GRC solution creates a cryptographically secure means of authenticating
cancel requests:

  a.. Anyone who logs onto this system with authentication (with matching
username and password, as required) will be assigned a third-generation
Cecil-ID. Any postings made will have that Cecil-ID appended to the end of
the article's "Poster" header. You will see it bracketed by curly "{ }"
braces. This custom GRC header also contains the user's IP at the time of
posting and the exact time of arrival of that article at our server.


  b.. There is no practical way for anyone to ever "forge" your identity in
any posting here. Although they might duplicate your name and other visible
data, they have NO WAY of generating and mimicking your Cecil-ID which
appears in the "Poster" header.


  c.. And, as a consequence of this ...

  The presence of that curly-braced Cecil-ID in the Poster header NOW allows
your own newsreader's built-in Article "Cancel" function to operate as it
does in any other public cancel-enabled newsgroup. This makes it MUCH
quicker and easily to cancel any posts you have made. But, thanks to the
Cecil system, no one *else* (who doesn't know your secret logon) can ever
cancel any of your postings. (Other than the management and administrators
of the GRC server, of course.)"


-- 
Robert
GRC Newsgroups/Guidelines/No Regrets
http://news.grc.com/news.exe?cmd=article&group=grc.techtalk&item=116183
0
Robert
11/22/2004 10:13:00 PM
In message <cntn1h$dgq$1@news.grc.com>, Kuifmans 
<nospam@nospam.demon.nl> writes
>Kevin A. wrote:
>
>> That's because someone went to the trouble to remove them from the
>> server. :-) I have at least two of them, plus a couple of follow-ups
>>
>> IIRC there used to be a few of them a year. Apparently there have
>> been a few in the last week or two. And we all know how spam grows.
>
>So true :(
>I couldn't imagine any sensible person following up on them, so I figured the
>trouble of deleting those sparse messages (or just not reading them, I don't
>need more loans or Rolex watches) would outweigh the "hassle" of *everyone*
>having to set up a Cecil-ID.

Some people simply can't resist following up though. Sometimes with 
legitimate information.

>On the other hand, the vast majority of us have been using it for ages, to be
>able to cancel our own postings. So it's not a big deal or major challenge for
>anyone.
>
>Still, it leaves me with some questions...
>First of all... spammers, trolls and other NG pollutors could easily do it
>too.

Yep. But it would probably give Steve more control over access.

>Second, what if I "forget" mine? Will I not be able to post using the same
>username again?

See below. I'd suggest writing it down somewhere. I keep mine [and other 
passwords] in http://www.schneier.com/passsafe.html, there's a newer 
version now available at SourceForge, which is what I'm using.

>Third, my username (not the password) is stored in plain text in my nntp
>authentication settings, which means that anyone (or any admin) who has access
>to my PC can easily "steal" it (if they know the username and password are
>identical).

Yep. But the worst they could do with it is delete your old posts. They 
could attempt to impersonate you too, but the Cecil is only useful for 
that if someone is trying _really_ hard. Usually faking the name and 
address would be enough for a little while. And Steve could probably 
block that Cecil if needed.

>On yet another hand... it's not too difficult to steal any password out of a
>Windows machine if you have admin access, plus I have my Cecil ID set to some
>random junk not used anywhere else.

Yep again, but this isn't PGP or anything similar, it's partly an 
authentication scheme, partly a convenience for us to allow us to delete 
posts.
-- 
GRC Newsgroups/Guidelines/No Regrets:
http://www.imilly.com/noregrets.htm
 From invalid, Reply To works.
Kevin A.
0
Kevin
11/22/2004 10:16:00 PM
On Mon, 22 Nov 2004 16:53:31 -0500, Paul Nofs wrote:

> Hello Alan,
> 
>> If you 'control/cancel' a post off the GRC news server, you must close
>> the newsreader(s) presently online.  The next time you connect to the
>> GRC news server your newsreader will not see the canceled post in your
>> HDD storage.
> 
> Well, I deleted yat7 from the test group from OE6. Waited 5 or so minutes.
> Closed OE6 opened Gravity 2.6. Headers refreshed, and there was the yat7
> message, undeleted. Now I am confused.

To add to the confusion, I got the header but message was blank. (Using
Dialog).
-- 
Bruce Henderson
'...and hold our large heads high...'
0
Bruce
11/22/2004 10:19:00 PM
In message <cntoii$es2$1@news.grc.com>, Robert  Wycoff
<rwycoff@[127.0.0.1]> writes
>... Which is true for everything else on your computer, including your
>email userid and password, which are much more important than a
>CID.  I will be more than happy to tell you what my passphrase is, if
>you are the least bit interested.  But using my passphrase will not
>allow you to cancel my posts, because my posts are made with my
>newsreader settings.

Au Contraire, it _would_ allow someone to cancel your posts. It happens
that I just tested that. Posted from OE with one ID [1]. Canceled it
from Turnpike with a different ID and totally different information
except for the Cecil. And of course the MID to cancel. I then tried the
same thing on someone else's post and was told [as expected] that the
Cecil's didn't match and the cancel was rejected.

        [1] By ID in this case I mean the name, email address, MID
        domain and more. The Cecil IDs were the same.
-- 
GRC Newsgroups/Guidelines/No Regrets:
http://www.imilly.com/noregrets.htm
From invalid, Reply To works.
Kevin A.
0
Kevin
11/22/2004 11:16:00 PM
In Steve Gibson's grc.news.feedback - Steve Gibson wrote:

> This note is being "spammed" across every group on the server
>

Ha! I did not see your article as crosspost to 4+ groups are killed.

Whatever on the "Expires and Supersedes" issue...

I just script a Cancel to post when there is a new notification.
(not the right protocol as articles are indeed Superseded)


-- 
Regards,
Guy

<URL:http://guysalias.batcave.net/pgpkeys.txt> [Updated: 4/29/2004]
0
Guy
11/22/2004 11:25:00 PM
Kevin A. wrote:

> Yep. But the worst they could do with it is delete your old posts.
> They could attempt to impersonate you too, but the Cecil is only
> useful for that if someone is trying _really_ hard. Usually faking
> the name and address would be enough for a little while. And Steve
> could probably block that Cecil if needed.
>
>> On yet another hand... it's not too difficult to steal any password
>> out of a Windows machine if you have admin access, plus I have my
>> Cecil ID set to some random junk not used anywhere else.
>
> Yep again, but this isn't PGP or anything similar, it's partly an
> authentication scheme, partly a convenience for us to allow us to
> delete posts.

Thanks for the lenghty explanation, and Robert W too (hey, my name is Robert
too, you can probably Google up more info on Kuifmans and my IP address ;-)

Anyway, I'm learning all the time. It's past midnight here, so I guess I need
some daylight (and strong coffee instead of Heinekens) to see the usefulness
of the Cecil-ID procedure preventing *anyone* from posting to the GRC server
as they wish...

Ok, it will block spambots spewing junk out to random news servers, but their
IP can be so easily blocked. Is that what this is all about? It would take any
person 5 minutes per day to delete the spam (or it could be done automatically
by forwarding suspicious messages to some kind of "abuse" address for review
and delete).

I can live with a few unwanted messages here and there, and would ignore them.
You should see the amount of spam my SpamAssassin and one of my ISPs
BrightMail (now owned by Symantec) catches.
Hey, even my default Outlook 2003 Junk Mail filter is surprisingly good at
deciding what to reject (with nothing but the default rules in place).

Still, I agree that authorization is a good thing, even though the
implementation is pretty basic ;-)
-- 
Kuifmans
0
Kuifmans
11/22/2004 11:25:00 PM
In grc.news.feedback Guy wrote:

> In Steve Gibson's grc.news.feedback - Steve Gibson wrote:
> 
>> This note is being "spammed" across every group on the server
>>
> 
> Ha! I did not see your article as crosspost to 4+ groups are killed.

LOL  Me too.  I had to go to the <gasp> web interface to see it!  
(or change settings locally).  It just *resembled* a spammer.  :)

> Whatever on the "Expires and Supersedes" issue...

There is only one of him you know? <G>  Despite appearances to the 
contrary. <G>

> 
> I just script a Cancel to post when there is a new notification.
> (not the right protocol as articles are indeed Superseded)
0
Mark
11/23/2004 12:19:00 AM
Mark V wrote in grc.news.feedback:

> In grc.news.feedback Guy wrote:
> 
>> In Steve Gibson's grc.news.feedback - Steve Gibson wrote:
>> 
>>> This note is being "spammed" across every group on the
>>> server 
>>>
>> 
>> Ha! I did not see your article as crosspost to 4+ groups
>> are killed. 
> 
> LOL  Me too.  I had to go to the <gasp> web interface to
> see it!  (or change settings locally).  It just *resembled*
> a spammer.  :) 
> 

I wondered why I wasn't seeing the messages too.

XNews kills crossposts to more that five groups here but I must 
admit that this is the first time I have seen it in use.

-- 
Kayode Okeyode
http://www.kayodeok.co.uk/weblog/
http://www.kayodeok.btinternet.co.uk/favorites/webdesign.htm
0
kayodeok
11/23/2004 12:23:00 AM
Steve Gibson <support@grc.com> wrote in
<news:cnth1b$5i8$7@news.grc.com>:

> One question ...
>
> Do you guys think that we need that "grc.test.noauth" group to
> specifically allow non-authenticated posting? ... or could I
> simply do as Jim Crowther suggested and allow non-auth postings
> into grc.test?
>
> The issue is: does ANYONE's newsreader wait until a postings
> FAILS to present the authentication request? ... or are the
> pop-up dialogs always presented upon initial connection?

Xnews will not put up a dialog (actually just an error message) about
authentication unless the server requires it on connect.  Xnews has no
'prompt' setting for username/password;  it must be stored in Xnews'
settings for each server.  Xnews will give no indication that anything
is wrong until the server tells it so, by refusing a connection or by
sending an error code.

If you allow reading without authentication, here's what would happen
to a newbie Xnewser.  He'd connect to the server ok without
username/password.  Whether the server returned code 200 or 201 would
not matter, unless he was paying close attention to the statusbar.
He'd read for a while ok, and when he tried to post, the server would
refuse and he'd be shown the error message.  He'd then have to change
his settings, reconnect, and resend.

-- 
�Q�
0
Temporary
11/23/2004 1:14:00 AM
In grc.news.feedback Temporary Q. Placeholder wrote:

 From: "Temporary Q. Placeholder" <boxcars@gmx.net>
LOL!

> Steve Gibson <support@grc.com> wrote in
> <news:cnth1b$5i8$7@news.grc.com>:
> 
>> One question ...
>>
>> Do you guys think that we need that "grc.test.noauth" group to
>> specifically allow non-authenticated posting? ... or could I
>> simply do as Jim Crowther suggested and allow non-auth postings
>> into grc.test?
>>
>> The issue is: does ANYONE's newsreader wait until a postings
>> FAILS to present the authentication request? ... or are the
>> pop-up dialogs always presented upon initial connection?
> 
> Xnews will not put up a dialog (actually just an error message)
[ ]

I did run into another Xnews behavior not directly related (thanks 
Kevin) wherein Xnews does check the *currently* configured Posting 
Name and e-mail address with that of the header information in a post 
to be Canceled.  No match = Error (in Xnews).
0
Mark
11/23/2004 1:46:00 AM
On Mon, 22 Nov 2004 11:36:27 -0800, Steve Gibson <support@grc.com> wrote:

> Everyone,
 
> We have been experiencing increasing trouble with unsolicited 
> SPAMMING across our news server, and it appears to be a trend 
> that's on the rise.  Since this unwanted newsgroup spamming can
> be largely if not completely eliminated by requiring that people 
> who wish to post configure their news reading software to 
> "Authenticate" itself by providing an identical username and 
> password, we will shortly be adopting this posting requirement
> for the GRC server.

Steve, I think this is wrong.

Is spamming and trolling really such a problem that requiring people to
provide some kind of identification before they can ask a question really
the right way to go? l remember the first time I went on-line decades ago.

I was terrified! (But it was exciting!)

To me, everything was new and I had maybe three clues about what I was
doing and where to look for help. Just figuring out how to compose and post
a message much less take part in an ongoing discussion with real, live
people from all over the Earth was not just a technical challenge, it was
also a personal challenge. I mean, what if I said something really stupid
in front of all of those people?

> Thank you for your patience and understanding with this change, 
> and with your help in contributing to making this newsgroup server 
> the uniquely valuable and special place its participants have come 
> to know.  We have all built a truly special community here.

But if you're new or you have questions... is there no other way?


Regards,

Scott

"Be strict in what you send, and tolerant in what you accept."

Jon Postel (1943-1998)
0
3Phase
11/23/2004 2:04:00 AM
Wandering aimlessly about grc.news.feedback, I heard 3Phase say:

> On Mon, 22 Nov 2004 11:36:27 -0800, Steve Gibson <support@grc.com> wrote:
> 
>> Everyone,
>  
[...]
> Steve, I think this is wrong.
> 
> Is spamming and trolling really such a problem that requiring people to
> provide some kind of identification before they can ask a question really
> the right way to go? l remember the first time I went on-line decades ago.
[...]
> 
> But if you're new or you have questions... is there no other way?

My regular Usenet service also requires a user-id and password, so I 
don't see Steve's requirement for the same as being a burden. 

-- 
Dutch

GRC Newsgroups/Guidelines/No Regrets
http://www.imilly.com/noregrets.htm
0
Dutch
11/23/2004 2:24:00 AM
In message <ju35q0pegrsebhgnucia3onlfn5aug5kik@4ax.com>, 3Phase 
<Phase3@worldnet.att.net> writes
>Is spamming and trolling really such a problem that requiring people to 
>provide some kind of identification before they can ask a question 
>really the right way to go? l remember the first time I went on-line 
>decades ago.

No identification required. At least no more than you provide now by 
sending your IP address with your post. You can use a totally random 
phrase as your username and passphrase. In this case it's 
"authentication" instead of "identification". :-)

But based on the number of people having trouble with it, there will 
need to be some very clear instructions on how to make it work. 
Fortunately Steve is rather good at explaining things clearly. :-)

-- 
GRC Newsgroups/Guidelines/No Regrets:
http://www.imilly.com/noregrets.htm
 From invalid, Reply To works.
Kevin A.
0
Kevin
11/23/2004 2:25:00 AM
On Mon, 22 Nov 2004 21:24:43 -0500, Dutch <me2@privacy.net> wrote:
> Wandering aimlessly about grc.news.feedback, I heard 3Phase say:
> > On Mon, 22 Nov 2004 11:36:27 -0800, Steve Gibson <support@grc.com> wrote:
> > Steve, I think this is wrong.
> > 
> > Is spamming and trolling really such a problem that requiring people to
> > provide some kind of identification before they can ask a question really
> > the right way to go? l remember the first time I went on-line decades ago.
> [...]
> > 
> > But if you're new or you have questions... is there no other way?
> 
> My regular Usenet service also requires a user-id and password, so I 
> don't see Steve's requirement for the same as being a burden. 

Dutch,

It's not a burden for me but it's one more step. If you actually have a
news service with a log-in and password you're light years ahead of
most of the folks that need help with security and privacy.

I suppose I'm unusual as I don't use a killfile to censor news, I use it to
sort news. I ignore any article/thread I don't want to read and go to the
next article. It just doesn't bother me. I suppose it bothers me that it
bothers other people enough that they actually set up killfiles to censor
their news instead of using it to sort their news.  Appending a mandatory
cryptographic signature to every article goes way beyond killfiling. If
that's what Steve wants to do, fine, but I'm still going to speak up.


Regards,

Scott
0
3Phase
11/23/2004 2:57:00 AM
On Mon, 22 Nov 2004 18:25:57 -0800, "Kevin A." <klex49@blackhole.2kevin.net>
wrote:
> In message <ju35q0pegrsebhgnucia3onlfn5aug5kik@4ax.com>, 3Phase 
> <Phase3@worldnet.att.net> writes
> >Is spamming and trolling really such a problem

[]
 
> No identification required. At least no more than you provide now by 
> sending your IP address with your post. You can use a totally random 
> phrase as your username and passphrase. In this case it's 
> "authentication" instead of "identification". :-)

Pedants, place is crawlin' with 'em. <g>

Kevin, if you have to set up a username and password for a mandatory
cryptographic signature it's authorization after providing identification.
 
> But based on the number of people having trouble with it, there will 
> need to be some very clear instructions on how to make it work. 
> Fortunately Steve is rather good at explaining things clearly. :-)

Of that I have absolutely no doubt. :) The only reason I got a CECIL ID is
because it was not mandatory, it was only so I could cancel my own articles.
There is a significant difference between a voluntary, "No Regrets" and,
"Stand and deliver!"

Regards,

Scott
0
3Phase
11/23/2004 3:10:00 AM
On Mon, 22 Nov 2004 21:24:43, Dutch wrote:

>My regular Usenet service also requires a user-id and password, so I
>don't see Steve's requirement for the same as being a burden.

That is what was in the back of my mind.  There must be many here who 
use news.individual.net.  Was authentication there a problem?  No.  I am 
bemused why there is so much trouble with grc, or are the 
readers/potential posters here UseNet virgins?

-- 
Jim Crowther                  "It's MY computer" (tm SMG)

Always learning.
0
Jim
11/23/2004 3:21:00 AM
In message <ge85q0p6rjn7atgv34ekp0injujc6aaud1@4ax.com>, 3Phase 
<Phase3@worldnet.att.net> writes
>I suppose I'm unusual as I don't use a killfile to censor news, I use it to
>sort news. I ignore any article/thread I don't want to read and go to the
>next article.

A killfile seems like a strange way to ignore articles, but whatever 
works for you. I just mark them as Read, or in rare cases, flag a whole 
thread to Ignore. Killfiles IIRC are based on author, not subject. 
Although I guess there could be other definitions. :-)

>It just doesn't bother me. I suppose it bothers me that it bothers 
>other people enough that they actually set up killfiles to censor their 
>news instead of using it to sort their news.

Umm, killfiles _are_ for censoring news. They're for the people [in 
Usenet] that consistently post nothing but outrageous, argumentative, 
off topic articles. IMO. Just too much crap to wade through if you don't 
have a good server that does some sort of filtering.

>Appending a mandatory cryptographic signature to every article goes way 
>beyond killfiling.

AFAIK it's not related to killfiling at all. I suppose I could make a 
filter to work on that header, but many clients [especially OE which is 
a large percentage of readers here] can't filter on headers. And 
changing a Cecil is the work of only a few seconds for a troll anyway. 
So it would be nearly useless as a filter against a real troll.

>If that's what Steve wants to do, fine, but I'm still going to speak 
>up.

Which you're certainly welcome to do. IMO. :-)

-- 
GRC Newsgroups/Guidelines/No Regrets:
http://www.imilly.com/noregrets.htm
 From invalid, Reply To works.
Kevin A.
0
Kevin
11/23/2004 3:29:00 AM
In message <afa5q053kdeig12382he2a0ogg11e7nami@4ax.com>, 3Phase
<Phase3@worldnet.att.net> writes
>Pedants, place is crawlin' with 'em. <g>

<fx> looks over shoulder </fx> Hmm, I don't see any here with me?

>Kevin, if you have to set up a username and password for a
>mandatory cryptographic signature it's authorization after providing
>identification.

I fail to see how using "kfghdighgfl" for a Cecil on one post and " the
brown cow jumped over the moon" for a Cecil on another [1] qualifies as
providing identification, but YMMV.

        [1] You can change your Cecil for every post if you want, the
        server certainly won't care, and I doubt Steve will. :-)
-- 
GRC Newsgroups/Guidelines/No Regrets:
http://www.imilly.com/noregrets.htm
From invalid, Reply To works.
Kevin A.
0
Kevin
11/23/2004 3:32:00 AM
Wandering aimlessly about grc.news.feedback, I heard Jim Crowther say:

> On Mon, 22 Nov 2004 21:24:43, Dutch wrote:
> 
>>My regular Usenet service also requires a user-id and password, so I
>>don't see Steve's requirement for the same as being a burden.
> 
> That is what was in the back of my mind.  There must be many here who 
> use news.individual.net.  Was authentication there a problem?  No.  I am 
> bemused why there is so much trouble with grc, or are the 
> readers/potential posters here UseNet virgins?

Yep, that's the one I use... Of course, anyone using any of the premium
paid services knows the routine as well. I too have been surprised at
the volume of problems we're seeing here, especially with the
combination mail/news clients, where the news authentication routine is
little different than the mail side setup.

-- 
Dutch

GRC Newsgroups/Guidelines/No Regrets
http://www.imilly.com/noregrets.htm
0
Dutch
11/23/2004 3:43:00 AM
Hello Terry L. Webb,
> Try setting the same Cecil-ID in Gravity 2.6 and then read yat7, do
> Article>Cancel Article...
>
> Then do View>Outbox to see if the cancellation was successful.

I mistook deleting for canceling.

Oh, I see, never looked in outbox. I'm new to Gravity

Thanks.

-- 
Paul S. Nofs
0
Paul
11/23/2004 4:36:00 AM
In article <afa5q053kdeig12382he2a0ogg11e7nami@4ax.com>, Phase3
@worldnet.att.net says...
> On Mon, 22 Nov 2004 18:25:57 -0800, "Kevin A." <klex49@blackhole.2kevin.net>

<snipped>

 The only reason I got a CECIL ID is
> because it was not mandatory, it was only so I could cancel my own articles.
> There is a significant difference between a voluntary, "No Regrets" and,
> "Stand and deliver!"

I had to chuckle lightly on this as backward from me. The fact that 
CECIL was voluntary was the reason I *didn't* get one before. <G>

As to cancelling posts; if I make a booboo, I probably deserve the 
embarrassment...incentive to be careful what I write. If I write 
something really offensive, I figger staff would kill it soon enough 
anyway. That would be another clue or incentive to be careful what I 
write. <G>

As to difficulty or burden, I'm not sure where problems might lie, 
unless Gravity is a lot easier than others to set for authentication. 
Server properties had the lines for 'no authentication required', and 
'logon using:'. I just punched the 'radio dot' to "logon using:", and 
made up some tripe, and hit enter. Posted in 'Test', and it came through 
with a CECIL critter. First one since it started. 

Since I'm 3 days older than dirt, retired, senile, and dumb as dirt or a 
rock, it shouldn't be much trouble for others. <G>

I haven't tried them, but I think Netscape 4x, Mozilla, and Thunderbird 
work similarly. But it's also been a while since I've used anything but 
Gravity for GRC News. It was the only one that didn't get lost on huge 
article bases.

Of course, it could also be that Steve has made it much easier than 
other folks, but I've not done it elsewhere except banks, either, so I 
don't know the whole story of authentication.
  

Heiwa

Waldo
0
Waldo
11/23/2004 4:46:00 AM
On Mon, 22 Nov 2004 19:32:55 -0800, "Kevin A." <klex49@blackhole.2kevin.net>
wrote:
> In message <afa5q053kdeig12382he2a0ogg11e7nami@4ax.com>, 3Phase
> <Phase3@worldnet.att.net> writes
> >Pedants, place is crawlin' with 'em. <g>
>
> <fx> looks over shoulder </fx> Hmm, I don't see any here with me?

<grin> 

> >Kevin, if you have to set up a username and password for a
> >mandatory cryptographic signature it's authorization after providing
> >identification.
> 
> I fail to see how using "kfghdighgfl" for a Cecil on one post and " the
> brown cow jumped over the moon" for a Cecil on another [1] qualifies as
> providing identification, but YMMV.
> 
>         [1] You can change your Cecil for every post if you want, the
>         server certainly won't care, and I doubt Steve will. :-)

That's another good reason for not using a mandatory CECIL ID. I've had two
or three (don't remember) CECIL IDs and that's only because Steve changed
from CECIL I to CECIL II. Trolls and sockpuppets and script kiddies face no
such limitation. For me it just comes down to being mandatory as opposed to
voluntary

Regards,

Scott
0
3Phase
11/23/2004 4:53:00 AM
On Tue, 23 Nov 2004 03:21:02 +0000, Jim Crowther
<Don't_bother@blackhole.do-not-spam.me.uk> wrote:
> On Mon, 22 Nov 2004 21:24:43, Dutch wrote:
> 
> >My regular Usenet service also requires a user-id and password, so I
> >don't see Steve's requirement for the same as being a burden.
> 
> That is what was in the back of my mind.  There must be many here who 
> use news.individual.net.  Was authentication there a problem?  No.  I am 
> bemused why there is so much trouble with grc, or are the 
> readers/potential posters here UseNet virgins?

Jim,

Most Internet users have never even heard of a news reader or the USENET
so, yes, there are a lot of virgins out there. My ISP has free news servers
with my dialup account; I don't need a username or password to access them.

Regards,

Scott

P.S. I'd probably be using Turnpike instead of Agent but no one in the UK
returned my e-mails or phone calls about buying a seat to replace Outlook
Express. :/
0
3Phase
11/23/2004 4:53:00 AM
On Mon, 22 Nov 2004 19:29:36 -0800, "Kevin A." <klex49@blackhole.2kevin.net>
wrote:
> In message <ge85q0p6rjn7atgv34ekp0injujc6aaud1@4ax.com>, 3Phase 
> <Phase3@worldnet.att.net> writes
> >I suppose I'm unusual as I don't use a killfile to censor news, I use it to
> >sort news. I ignore any article/thread I don't want to read and go to the
> >next article.
> 
> A killfile seems like a strange way to ignore articles, but whatever 
> works for you. I just mark them as Read, or in rare cases, flag a whole 
> thread to Ignore. Killfiles IIRC are based on author, not subject. 
> Although I guess there could be other definitions. :-)

I don't know how Turnpike does it, but my news reader has Kill/Watch
filters that can be set to do a number of useful things by Author or
Subject. If I wanted to hack the program I could set Kill/Watch filters
to do almost anything I choose.

> >It just doesn't bother me. I suppose it bothers me that it bothers 
> >other people enough that they actually set up killfiles to censor their 
> >news instead of using it to sort their news.
> 
> Umm, killfiles _are_ for censoring news. They're for the people [in 
> Usenet] that consistently post nothing but outrageous, argumentative, 
> off topic articles. IMO. Just too much crap to wade through if you don't 
> have a good server that does some sort of filtering.

Killfiles are not just for censoring news. I've been on the 'net for years
and I've used my killfile to block an obnoxious poster exactly once, and
that didn't even last a week.

Here are some FAQs from Forte::
http://www.forteinc.com/agent/faq.php

<Quote>
USENET Filters
Can I set one filter to apply to a subset of my groups?
Can I use wildcards at the beginning of words (e.g., *money)?
How do I copy a filter from one group to another?
I've ignored a thread, but a Watch filter hits on a message in the thread.
What happens?

I have Agent configured to get all bodies in a group. How do I set a Kill
filter to skip the bodies of some messages, but still get the headers?

Is 'subject: $' more efficient than just '$'?
Is 'subject: (A or B or C)' more efficient than three separate filters?
My filter expression is "$$$*". Why doesn't the wildcard work?
Why do I need three characters in a wildcard expression?
Why doesn't the following filter expression work: $*
</Quote>

> >Appending a mandatory cryptographic signature to every article goes
> >way beyond killfiling.
> 
> AFAIK it's not related to killfiling at all. I suppose I could make a 
> filter to work on that header, but many clients [especially OE which is 
> a large percentage of readers here] can't filter on headers. And 
> changing a Cecil is the work of only a few seconds for a troll anyway. 
> So it would be nearly useless as a filter against a real troll.

That's a very good argument against mandatory CECIL IDs. It won't stop
trolls but it will put another step in front of people that don't know or
care about the difference between a news server and a web server.

What Outlook Express can and cannot do isn't the point at all, the
mandatory use of a CECIL ID is the point.
 
> >If that's what Steve wants to do, fine, but I'm still going to speak 
> >up.
> 
> Which you're certainly welcome to do. IMO. :-)

Thank you. :)

Regards,

Scott
0
3Phase
11/23/2004 4:53:00 AM
Hello Kevin A.,

> Are you deleting it by choosing it in the message list [unopened],
> then Message | Cancel?

Yes, I was deleting and not canceling. The former affects only the client,
caceling removes the article from server.

Thanks!

-- 
Paul S. Nofs
0
Paul
11/23/2004 5:13:00 AM
On Mon, 22 Nov 2004 20:46:31 -0800, Waldo Hamilton <waldo@mei.ws> wrote:
> In article <afa5q053kdeig12382he2a0ogg11e7nami@4ax.com>, Phase3
> @worldnet.att.net says...
> > On Mon, 22 Nov 2004 18:25:57 -0800, "Kevin A." <klex49@blackhole.2kevin.net>
> 
> <snipped>
> 
>  The only reason I got a CECIL ID is
> > because it was not mandatory, it was only so I could cancel my own articles.
> > There is a significant difference between a voluntary, "No Regrets" and,
> > "Stand and deliver!"
> 
> I had to chuckle lightly on this as backward from me. The fact that 
> CECIL was voluntary was the reason I *didn't* get one before. <G>

I remember the discussions, yep. :)
 
> As to cancelling posts; if I make a booboo, I probably deserve the 
> embarrassment...incentive to be careful what I write. If I write 
> something really offensive, I figger staff would kill it soon enough 
> anyway. That would be another clue or incentive to be careful what I 
> write. <G>

It wasn't just cancelling our own posts, it was also a sudden slew of people
deleting other peoples' posts that helped spawn CECIL.
 
> As to difficulty or burden, I'm not sure where problems might lie, 
> unless Gravity is a lot easier than others to set for authentication. 
> Server properties had the lines for 'no authentication required', and 
> 'logon using:'. I just punched the 'radio dot' to "logon using:", and 
> made up some tripe, and hit enter. Posted in 'Test', and it came through 
> with a CECIL critter. First one since it started. 

News readers don't provide helpful messages. Since there is no requirement
to have a CECIL ID to *read* anything here at GRC if a new user finds GRC,
figures out how to fire up Outlook Express, downloads the group list,
subscribes to a few groups, then downloads a bazillion headers and reads
some articles and tries to join in a thread or post a question the error
message, if they understand it, is going to throw them for a loop.

I suppose the groups could be salted with messages warning new users about
trying to post without a CECIL ID, but who reads FAQs, anyway? ;)

> Since I'm 3 days older than dirt, retired, senile, and dumb as dirt or a 
> rock, it shouldn't be much trouble for others. <G>
> 
> I haven't tried them, but I think Netscape 4x, Mozilla, and Thunderbird 
> work similarly. But it's also been a while since I've used anything but 
> Gravity for GRC News. It was the only one that didn't get lost on huge 
> article bases.

There is no error message to connect and read messages, only to post.
No, I don't know how every one of them handles a posting error. Outlook
Express seems to display whatever error message Steve sends from GRC,
so he could include a small tutorial or a link to Milly's place. Some folks
will go get a CECIL ID, some will just go somewhere else, some don't know
right-click from left-click and won't have a clue what to do next.
 
> Of course, it could also be that Steve has made it much easier than 
> other folks, but I've not done it elsewhere except banks, either, so I 
> don't know the whole story of authentication.

Banks don't use NNTP. If you find a bank that will allow you access
through Outlook Express change banks.

> Heiwa
> 
> Waldo
0
3Phase
11/23/2004 5:18:00 AM
"Ed Metcalfe" <edmetcalfe@hotmail.com> wrote in message
news:cnthag$7c4$1@news.grc.com...

> I don't think it's necessary. If the website explains the requirements,
and
> the error messages are clear enough that ought to be sufficient for anyone
> wanting to post to a newsgroup of this nature.....

Especially if the error message tells where to find the necessary
information...

Brian
0
Brian
11/23/2004 6:50:00 AM
On Tue, 23 Nov 2004 03:21:02 +0000, Jim Crowther wrote:

> On Mon, 22 Nov 2004 21:24:43, Dutch wrote:
> 
>>My regular Usenet service also requires a user-id and password, so I
>>don't see Steve's requirement for the same as being a burden.
> 
> That is what was in the back of my mind.  There must be many here who 
> use news.individual.net.  Was authentication there a problem?  No.  I am 
> bemused why there is so much trouble with grc, or are the 
> readers/potential posters here UseNet virgins?

I read, and view images (nekkid railroad locos, if anyone wondered) on
UseNet. But I never found anyone there I'd want to talk to. So I never had
to learn about authentication.
When I played with the CECIL doodah in the past, I now realise that I was
getting my nyms, names, usernames, passwords, secure logons, and even my
etcetera, in a complete state of confusion.
And the instructions were so easy and straightforward they couldn't
possibly be accurate .......
-- 
Bruce Henderson
'...and hold our large heads high...'
0
Bruce
11/23/2004 10:36:00 AM
I was wandering aimlessly around grc.news.feedback, when I heard
"3Phase" yell above the crowd:

> I suppose I'm unusual as I don't use a killfile to censor news,
> I use it to sort news.

It's no different then "soft killing" in Xnews...
Which is what I do in http://www.dragonfur.ca/nowhere/score.ini.txt

You'd have to score at least a -9999 or lower to truly be ignored with 
"Hard Kill" turned on...  (Killin' whats the Hamster for)

> I ignore any article/thread I don't want to read and go to the
> next article.  It just doesn't bother me.

So?

Some of us prefer to "automate" the task rather the wading though the 
junk.  That's the primary reason for scoring, to raise the posts you 
want to read above the flotsam found in most public news groups.

> I suppose it bothers me that it bothers other people enough that
> they actually set up killfiles to censor their news instead of
> using it to sort their news.

Different preferences for different people�

Do you really want to see 3 "click my virus" link posts, 12 "want sex" 
spamage, and 37 "America Sucks" post PER WEKK?!  How about the flood of 
"Dip slime" that's hit news.admin.net-abuse.email recently?  Just how 
are you going to find the real posts from the forged ones without a 
filter?

> Appending a mandatory cryptographic signature to every article
> goes way beyond killfiling.  If that's what Steve wants to do,
> fine, but I'm still going to speak up. 

It's one stinking header...  I'm sure you'll be fine...  };8)

-- 
The Tech Zero, Maxx Pollare - Traveling without moving...
0
Tech
11/23/2004 10:47:00 AM
I was wandering aimlessly around grc.news.feedback, when I heard
"Mark V" yell above the crowd:

> I did run into another Xnews behavior not directly related (thanks
> Kevin) wherein Xnews does check the *currently* configured Posting
> Name and e-mail address with that of the header information in a
> post to be Canceled.  No match = Error (in Xnews).
 

Actually it checks the message to be canceled against the "default" ID 
that's set for that newsgroup...

I've run it this before...

Since you can automatically IDs on ether the server OR group level in 
Xnews it's quite easy to "mess things up".  };8)

-- 
The Tech Zero, Maxx Pollare - Traveling without moving...
0
Tech
11/23/2004 10:59:00 AM
Steve Gibson wrote:

> One question ...
> 
> Do you guys think that we need that "grc.test.noauth" group to
> specifically allow non-authenticated posting? ... or could I
> simply do as Jim Crowther suggested and allow non-auth postings
> into grc.test?

Steve,

I think having grc.test behave as similarly as possible to the other groups
is best. It is supposed to be a testing ground for what would work in other
groups, afterall, not a test of what would work were anti-spam measures
relaxed. For instance, I would see no point in disabling the QED filter in
grc.test.

Maybe a happy medium would be to redirect unauthenticated posts in grc.test
to grc.test.noauth (If such a thing is possible with the mechanisms at
hand) and issue an error indicating that the message has been redirected.
Anyone following grc.test.noauth could reply to the redirected post and
cross-post with follow-ups to either group to make sure that the OP sees
the reply.

Regards,
Sam
-- 
 02:58:08 up 3 days,  2:17,  3 users,  load average: 0.07, 0.33, 0.28
0
Sam
11/23/2004 11:01:00 AM
Kuifmans wrote:
> Ok, it will block spambots spewing junk out to random news servers, but
> their IP can be so easily blocked. Is that what this is all about? It
> would take any person 5 minutes per day to delete the spam (or it could be
> done automatically by forwarding suspicious messages to some kind of
> "abuse" address for review and delete).

The problem with this is that the entire burden for blocking the spammers is
placed on GRC. The servers are already expensive enough without adding the
time expense of researching IP ranges to block and posts to cancel. This is
essentially self-defeating given that these NNTP spams could well originate
with compromised DSL/cable machines anyways. 

I think the idea is to find a solution whereby the community here can take
up the burden of ensuring valid posts can still be made.

Regards,
Sam
-- 
 03:05:00 up 3 days,  2:24,  3 users,  load average: 0.06, 0.33, 0.31
0
Sam
11/23/2004 11:08:00 AM
3Phase wrote:
> Appending a mandatory
> cryptographic signature to every article goes way beyond killfiling. If
> that's what Steve wants to do, fine, but I'm still going to speak up.

The above makes 'a mandatory cryptographic signature' somehow relates to
identity or privacy, but the cryptographic signature has nothing to do with
any non-user controllable data. It should be trivial to make a script to
change your login credentials for every connection if you are concerned
about it.

Regards,
Sam
-- 
 03:14:36 up 3 days,  2:33,  3 users,  load average: 0.19, 0.33, 0.35
0
Sam
11/23/2004 11:16:00 AM
3Phase wrote:
> That's a very good argument against mandatory CECIL IDs. It won't stop
> trolls but it will put another step in front of people that don't know or
> care about the difference between a news server and a web server.

3Phase,

Making Cecil-id mandatory isn't intended to stop trolls. It is intended to
stop spammers. I'm certainly not prepared to condemn Steve to spending time
filtering all of the server's spam in order to maintain a level of
convenience for those of us taking advantage of a free service he provides.

If spammers begin authenticating with the server (and who knows, an
intelligent spam-bot may react 'correctly' to the NNTP login response) a
better solution may become appropriate. Until then, this is a quick and
simple fix with minimal maintenance burden for Steve.

Regards,
Sam
-- 
 03:17:56 up 3 days,  2:37,  3 users,  load average: 0.14, 0.29, 0.33
0
Sam
11/23/2004 11:21:00 AM
In article <jglg68kpx7zh.rkn8if1pdwpw.dlg@40tude.net>, 
bhhms@mindless.com says...
> On Mon, 22 Nov 2004 12:04:37 -0800, Steve Gibson wrote:
> 
> > One question ...
> > 
> > Do you guys think that we need that "grc.test.noauth" group to 
> > specifically allow non-authenticated posting? ... or could I 
> > simply do as Jim Crowther suggested and allow non-auth postings 
> > into grc.test?
> > 
> > The issue is: does ANYONE's newsreader wait until a postings
> > FAILS to present the authentication request? ... or are the
> > pop-up dialogs always presented upon initial connection?
> 
> The only 'non-preset' newsreader I use is Thunderbird. With the 'Always
> request authentication' option preselected, I always get the 'Username' and
> 'Password' prompts at the  news.grc.com level, even when going to grc.test.
> OE and Dialog are preset, so I don't ever get asked. And, until
> authentication is fully in place all over (or in a temporary test group?)
> 'tis hard to test against what ain't there yet...
> 
T'bird has the option to save your Username and Password in the Password 
manager. Once they're in there, you are not prompted each time.

When you first get the prompt for Username, select the checkbox to have 
PM handle it, than again when you get the prompt for the Password. If 
you select not to have PM handle it, but not the 'Never" option, you 
will be prmpted again the next time, and again provided the option to 
let PM handle it.

PM will ask twice, once for the Username and once for the Password. Once 
you have selected the 'Never for this site" PM option, you will always 
be prmted for the Username or Password (or both if you declined the 
option for each) unless you reset the PM setting for this site.

To reset the PM setting for the site, go to T'bird's Tools-Options-
Advanced and hit the little + next the Saved Passwords, then 'View Saved 
Passwords'. Delete the entries for news://news.grc.com (one each for 
Username and Password), then repeat the login.

-R
0
MrRee
11/23/2004 11:27:00 AM
Steve Gibson said in:<news:cntfch$5i8$1@news.grc.com>:
> [...]
> Please see Milly's web page as a starting point ...
> 
> http://www.imilly.com/noregrets.htm#cancel
>
> Then PLEASE post any questions you may have about your specific 
> situation to our "grc.test" newsgroup.  I am sure any questions 
> will be answered quickly there. (To minimize confusion, the 
> forthcoming "grc.test.noauth" group has not been created yet.)

Some more handy links :-

http://client.grc.com/news.exe?cmd=article&group=grc.news&item=551

http://www.imilly.com/noregrets.htm#logon_required

http://www.imilly.com/noregrets.htm#Outlook_Express

http://www.imilly.com/noregrets.htm#Mozilla+Netscape+Thunderbird

http://www.imilly.com/noregrets.htm#Forte_Agent

http://www.imilly.com/noregrets.htm#headers

http://www.imilly.com/noregrets.htm#ip
-- 

Milly
0
Milly
11/23/2004 11:45:00 AM
On Tue, 23 Nov 2004 03:08:45 -0800, Sam Schinke wrote:

> 
> I think the idea is to find a solution whereby the community here can take
> up the burden of ensuring valid posts can still be made.
> 
> Regards,
> Sam

From what I have seen over the past few days, the number of hitherto
non-CECIL-enabled visitors has taken everyone by surprise. But at least the
new news server is getting tested.....
-- 
Bruce Henderson
'...and hold our large heads high...'
0
Bruce
11/23/2004 1:05:00 PM
In grc.news.feedback Milly wrote:

> Steve Gibson said in:<news:cntfch$5i8$1@news.grc.com>:
>> [...]
>> Please see Milly's web page as a starting point ...
>> 
>> http://www.imilly.com/noregrets.htm#cancel
>>
>> Then PLEASE post any questions you may have about your specific 
>> situation to our "grc.test" newsgroup.  I am sure any questions 
>> will be answered quickly there. (To minimize confusion, the 
>> forthcoming "grc.test.noauth" group has not been created yet.)
> 
> Some more handy links :-
> 
> http://client.grc.com/news.exe?cmd=article&group=grc.news&item=551
> 
> http://www.imilly.com/noregrets.htm#logon_required
> 
> http://www.imilly.com/noregrets.htm#Outlook_Express
> 
> http://www.imilly.com/noregrets.htm#Mozilla+Netscape+Thunderbird

Ah ha.  So T-bird must not choke on the "+" I presume. <G>
 
> http://www.imilly.com/noregrets.htm#Forte_Agent
> 
> http://www.imilly.com/noregrets.htm#headers
> 
> http://www.imilly.com/noregrets.htm#ip

Just a note of *appreciation*!  
And not just for the most useful GRC information alone BTW.  :)

 http://www.imilly.com/
0
Mark
11/23/2004 2:11:00 PM
In grc.news.feedback 3Phase wrote:

> On Tue, 23 Nov 2004 03:21:02 +0000, Jim Crowther
> <Don't_bother@blackhole.do-not-spam.me.uk> wrote:
>> On Mon, 22 Nov 2004 21:24:43, Dutch wrote:
>> 
>> >My regular Usenet service also requires a user-id and password,
>> >so I don't see Steve's requirement for the same as being a
 
>> That is what was in the back of my mind.  There must be many here
>> who use news.individual.net.  Was authentication there a problem?
>>  No.  I am bemused why there is so much trouble with grc, or are
>> the readers/potential posters here UseNet virgins?
 
> Most Internet users have never even heard of a news reader or the
> USENET so, yes, there are a lot of virgins out there. My ISP has
> free news servers with my dialup account; I don't need a username
> or password to access them. 

Just as a point of comparison, my ISP (USA) requires
 UserID (account name and password)
 Access from *only* inside their network space.
And that's for Posting *or* just Reading

I have no problems at all with the CECIL requirement for posting.  
Recall that this is only a requirement for posting and not one for just 
reading.  Further, it is not even a server-account based "logon", nor 
one that requires advanced enrollment (with who knows what required 
personal data).  I too though am amazed by the number of difficulties 
we have seen by various users and news clients.
0
Mark
11/23/2004 2:47:00 PM
"Kevin A." <klex49@blackhole.2kevin.net> wrote in message
news:vu5s$zCqNnoBFAYw@blackhole.2kevin.net...
> In message <cntoii$es2$1@news.grc.com>, Robert  Wycoff
> <rwycoff@[127.0.0.1]> writes
> >... Which is true for everything else on your computer, including your
> >email userid and password, which are much more important than a
> >CID.  I will be more than happy to tell you what my passphrase is, if
> >you are the least bit interested.  But using my passphrase will not
> >allow you to cancel my posts, because my posts are made with my
> >newsreader settings.
>
> Au Contraire, it _would_ allow someone to cancel your posts. It happens
> that I just tested that. Posted from OE with one ID [1]. Canceled it
> from Turnpike with a different ID and totally different information
> except for the Cecil. And of course the MID to cancel. I then tried the
> same thing on someone else's post and was told [as expected] that the
> Cecil's didn't match and the cancel was rejected.
>
>         [1] By ID in this case I mean the name, email address, MID
>         domain and more. The Cecil IDs were the same.

I guess I misremember.  I once had a problem with canceling one of my posts
from another machine and I thought I didn't have the client set up exactly
the same way as the first one was.  But since I was using OE, I couldn't do
the kinds of things you did. :-)

-- 
Robert
GRC Newsgroups/Guidelines/No Regrets
http://news.grc.com/news.exe?cmd=article&group=grc.techtalk&item=116183
0
Robert
11/23/2004 4:08:00 PM
"3Phase" <Phase3@worldnet.att.net> wrote in message
news:l2g5q01ps4g68bh43tsabvdmpe81v2mf6o@4ax.com...
> On Tue, 23 Nov 2004 03:21:02 +0000, Jim Crowther
> <Don't_bother@blackhole.do-not-spam.me.uk> wrote:
> > On Mon, 22 Nov 2004 21:24:43, Dutch wrote:
> >
> > >My regular Usenet service also requires a user-id and password, so I
> > >don't see Steve's requirement for the same as being a burden.
> >
> > That is what was in the back of my mind.  There must be many here who
> > use news.individual.net.  Was authentication there a problem?  No.  I am
> > bemused why there is so much trouble with grc, or are the
> > readers/potential posters here UseNet virgins?
>
> Jim,
>
> Most Internet users have never even heard of a news reader or the USENET
> so, yes, there are a lot of virgins out there. My ISP has free news
servers
> with my dialup account; I don't need a username or password to access
them.

I was surprised to see how many web-based forums require sign-in.  I would
think that a lot of newbies who have never used Usenet would be familiar
with a requirement to sign in.  msnews.microsoft.com is a good example of
someplace that _doesn't_ require signin.  I guess my point is that I think
the people who frequent forums are used to having to sign in.  wilders is an
example, and it covers a lot of what news.grc.com covers.  And Zonelabs has
a sign in.

http://www.wilderssecurity.com/
http://forum.zonelabs.org/zonelabs

-- 
Robert
GRC Newsgroups/Guidelines/No Regrets
http://news.grc.com/news.exe?cmd=article&group=grc.techtalk&item=116183


-- 
Robert
GRC Newsgroups/Guidelines/No Regrets
http://news.grc.com/news.exe?cmd=article&group=grc.techtalk&item=116183
0
Robert
11/23/2004 4:18:00 PM
Robert  Wycoff wrote:
> I was surprised to see how many web-based forums require sign-in.  I would
> think that a lot of newbies who have never used Usenet would be familiar
> with a requirement to sign in.  msnews.microsoft.com is a good example of
> someplace that _doesn't_ require signin.  I guess my point is that I think
> the people who frequent forums are used to having to sign in.  wilders is
> an
> example, and it covers a lot of what news.grc.com covers.  And Zonelabs
> has a sign in.

Part of the problem is that Steve has no control over the UI used to sign
in. As seen in this thread, many news agents have significant difficulties
with their configurability in this regard.

Regards,
Sam
-- 
 10:31:27 up 3 days,  9:50,  1 user,  load average: 0.34, 0.53, 0.57
0
Sam
11/23/2004 6:32:00 PM
On Tue, 23 Nov 2004 03:21:07 -0800, Sam Schinke <sschinke@myrealbox.com>
wrote:

> 3Phase wrote:
> > That's a very good argument against mandatory CECIL IDs. It won't stop
> > trolls but it will put another step in front of people that don't know or
> > care about the difference between a news server and a web server.
> 
> 3Phase,
> 
> Making Cecil-id mandatory isn't intended to stop trolls. It is intended to
> stop spammers. I'm certainly not prepared to condemn Steve to spending time
> filtering all of the server's spam in order to maintain a level of
> convenience for those of us taking advantage of a free service he provides.

I'm not condemning Steve, Sam. I just don't believe it'll work and
it *feels* wrong; the spam on this server is from a troll. GRC isn't
part of the USENET so someone had to set up an account and spam it.
 
> If spammers begin authenticating with the server (and who knows, an
> intelligent spam-bot may react 'correctly' to the NNTP login response) a
> better solution may become appropriate. Until then, this is a quick and
> simple fix with minimal maintenance burden for Steve.

I'm 99.9% certain the spam on GRC isn't from a 'bot. Some troll spammed
GRC just to watch everyone freak out and to make Steve do something.
There's a nice thread further up this group discussing automated cancels
and such with scripts and batch files. A mandatory CECIL ID would just add
another step in a script or batch file for a troll without providing any
real benefit for everyone else.

Regards,

Scott
0
3Phase
11/23/2004 6:45:00 PM
On Tue, 23 Nov 2004 14:47:26 +0000 (UTC), Mark V <notvalid@nul.invalid>
wrote:

> In grc.news.feedback 3Phase wrote:
> > On Tue, 23 Nov 2004 03:21:02 +0000, Jim Crowther
> > <Don't_bother@blackhole.do-not-spam.me.uk> wrote:
> >> On Mon, 22 Nov 2004 21:24:43, Dutch wrote:
> >> 
> >> >My regular Usenet service also requires a user-id and password,
> >> >so I don't see Steve's requirement for the same as being a
>  
> >> That is what was in the back of my mind.  There must be many here
> >> who use news.individual.net.  Was authentication there a problem?
> >>  No.  I am bemused why there is so much trouble with grc, or are
> >> the readers/potential posters here UseNet virgins?
>  
> > Most Internet users have never even heard of a news reader or the
> > USENET so, yes, there are a lot of virgins out there. My ISP has
> > free news servers with my dialup account; I don't need a username
> > or password to access them. 
> 
> Just as a point of comparison, my ISP (USA) requires
>  UserID (account name and password)
>  Access from *only* inside their network space.
> And that's for Posting *or* just Reading

Same with my ISP; I just have to connect and that's it. Of course my ISP
knows who and where I am. If they opened up their servers and set up a CECIL
ID to use their servers someone or several someones around the world would
promptly hammer them the same way they hammer the spam filters.
 
> I have no problems at all with the CECIL requirement for posting.  
> Recall that this is only a requirement for posting and not one for just 
> reading.  Further, it is not even a server-account based "logon", nor 
> one that requires advanced enrollment (with who knows what required 
> personal data).  I too though am amazed by the number of difficulties 
> we have seen by various users and news clients.

It's the wrong way to go about it, Mark. It won't stop trolls and it just
*feels* wrong to me. It's up to Steve, but I think he's going to have
administration headaches; or not. No one will hear from anyone that doesn't
understand what a CECIL posting error message means except someone elses'
tech support.

Regards,

Scott
0
3Phase
11/23/2004 6:45:00 PM
On Tue, 23 Nov 2004 03:16:21 -0800, Sam Schinke <sschinke@myrealbox.com>
wrote:

> 3Phase wrote:
> > Appending a mandatory
> > cryptographic signature to every article goes way beyond killfiling. If
> > that's what Steve wants to do, fine, but I'm still going to speak up.
 
> The above makes 'a mandatory cryptographic signature' somehow relates to
> identity or privacy, but the cryptographic signature has nothing to do with
> any non-user controllable data. It should be trivial to make a script to
> change your login credentials for every connection if you are concerned
> about it.

I agree. :(

So what's the point in making everyone create and show a fake ID before
posting because someone trolled GRC? We can't filter or score on CECILs
but people do use CECIL to semi--sort-of-authenticate posters.

Regards,

Scott
0
3Phase
11/23/2004 6:45:00 PM
On Tue, 23 Nov 2004 10:18:47 -0600, "Robert  Wycoff" <rwycoff@[127.0.0.1]>
wrote:
> "3Phase" <Phase3@worldnet.att.net> wrote in message
> news:l2g5q01ps4g68bh43tsabvdmpe81v2mf6o@4ax.com...
> > On Tue, 23 Nov 2004 03:21:02 +0000, Jim Crowther
> > <Don't_bother@blackhole.do-not-spam.me.uk> wrote:
> > > On Mon, 22 Nov 2004 21:24:43, Dutch wrote:
> > >
> > > >My regular Usenet service also requires a user-id and password, so I
> > > >don't see Steve's requirement for the same as being a burden.
> > >
> > > That is what was in the back of my mind.  There must be many here who
> > > use news.individual.net.  Was authentication there a problem?  No.  I am
> > > bemused why there is so much trouble with grc, or are the
> > > readers/potential posters here UseNet virgins?
> >
> > Jim,
> >
> > Most Internet users have never even heard of a news reader or the
> > USENET so, yes, there are a lot of virgins out there. My ISP has free
> > news servers with my dialup account; I don't need a username or
> > password to access them.
> 
> I was surprised to see how many web-based forums require sign-in.

That's different. You don't have to sign in to read GRC or post, just to
cancel your own posts. Web forms have nice little messages on them
telling you that you can't post without signing up; news readers do not.

> I would think that a lot of newbies who have never used Usenet would be
> familiar with a requirement to sign in.  msnews.microsoft.com is a good
> example of someplace that _doesn't_ require signin.  I guess my point is
> that I think the people who frequent forums are used to having to sign in.
>  wilders is an example, and it covers a lot of what news.grc.com covers.
>  And Zonelabs has a sign in.
> 
> http://www.wilderssecurity.com/
> http://forum.zonelabs.org/zonelabs

I feel like I'm at Fernando's Hideaway. ;)

Right now you don't have to sign up before reading news at GRC, just set up
an account on your machine and dive on in! If CECIL becomes mandatory you
can't post and will receive an obscure error message if you don't have a
CECIL ID. If you want a private server that's only for newless cluebies
instead of clueless newbies that's fine; you'll never hear from them because
they won't understand how to ask a question.

Regards,

Scott
0
3Phase
11/23/2004 6:45:00 PM
On Tue, 23 Nov 2004 10:47:23 +0000 (UTC), Tech Zero
<nov-lospam@dragonfur.ca> wrote:

> I was wandering aimlessly around grc.news.feedback, when I heard
> "3Phase" yell above the crowd:
> 
> > I suppose I'm unusual as I don't use a killfile to censor news,
> > I use it to sort news.
> 
> It's no different then "soft killing" in Xnews...
> Which is what I do in http://www.dragonfur.ca/nowhere/score.ini.txt

Yep.
 
> You'd have to score at least a -9999 or lower to truly be ignored with 
> "Hard Kill" turned on...  (Killin' whats the Hamster for)

But that's done on your end and it's not looking at CECIL IDs anyway.
 
> > I ignore any article/thread I don't want to read and go to the
> > next article.  It just doesn't bother me.
> 
> So?
> 
> Some of us prefer to "automate" the task rather the wading though the 
> junk.  That's the primary reason for scoring, to raise the posts you 
> want to read above the flotsam found in most public news groups.

Whatever floats your boat. I have the worlds finest spam/troll filter right
between my ears and it has been 100% effective. There is nothing  about
CECIL that identifies a post for userland killfiling or scoring. Maybe Steve
can search the headers on his server to kill all messages from a set of
CECILs, but I can't.

> > I suppose it bothers me that it bothers other people enough that
> > they actually set up killfiles to censor their news instead of
> > using it to sort their news.
> 
> Different preferences for different people...
> 
> Do you really want to see 3 "click my virus" link posts, 12 "want sex" 
> spamage, and 37 "America Sucks" post PER WEKK?!  How about the flood of 
> "Dip slime" that's hit news.admin.net-abuse.email recently?  Just how 
> are you going to find the real posts from the forged ones without a 
> filter?

No, I don't want to see that stuff but I'm not going to use something that
won't work or inconveniences me just to get rid of it. A mandatory CECIL
won't keep trolls from spamming a private news server.
 
> > Appending a mandatory cryptographic signature to every article
> > goes way beyond killfiling.  If that's what Steve wants to do,
> > fine, but I'm still going to speak up. 
> 
> It's one stinking header...  I'm sure you'll be fine...  };8)

I've had a CECIL ID for yonks. It was a courtesy extended to me and everyone
else at GRC from Steve. When it goes from a courtesy to mandatory and won't
actually do what everyone seems to think it will do it's wrong.

Make a log-in and password mandatory before reading GRC, but don't allow
folks to read but not post and throw an obscure error message at them.

If I were a new user I'd be on the horn to my ISP complaining about
connection problems or calling Microsoft to yank Bill's chain. Neither of
them is likely to know about setting up a CECIL ID before posting at GRC
but it would probably clear up any spyware issues because they'd both wind
up walking me through a complete re-install of my operating system before
throwing up their hands and giving up. ;)

Regards,

Scott
0
3Phase
11/23/2004 6:45:00 PM
3Phase wrote:
> On Tue, 23 Nov 2004 03:16:21 -0800, Sam Schinke <sschinke@myrealbox.com>
> wrote:
>> The above makes 'a mandatory cryptographic signature' somehow relates to
>> identity or privacy, but the cryptographic signature has nothing to do
>> with any non-user controllable data. It should be trivial to make a
>> script to change your login credentials for every connection if you are
>> concerned about it.
> 
> I agree. :(
> 
> So what's the point in making everyone create and show a fake ID before
> posting because someone trolled GRC? We can't filter or score on CECILs
> but people do use CECIL to semi--sort-of-authenticate posters.

The goal here is preventing spammers from posting. Once their spam-bots
learn to authenticate with GRC, then we can worry about preventing them
further (and possibly re-opening non-authenticated posting). This is NOT
about trolling.

Regards,
Sam
-- 
 10:48:02 up 3 days, 10:07,  1 user,  load average: 0.79, 0.73, 0.62
0
Sam
11/23/2004 6:49:00 PM
Robert Wycoff wrote:

>I guess my point is that I think
> the people who frequent forums are used to having to sign in.  wilders is an
> example, and it covers a lot of what news.grc.com covers.  And Zonelabs has
> a sign in.
> http://www.wilderssecurity.com/
> http://forum.zonelabs.org/zonelabs
> 

I find Wilders clumsy and I hope Steve's
web interface works much better than Wilders does.
eg, about 1/3 of time, I login, it shows I'm logged in,
I go to post and it tells me I have to login (?)
and I get crazy redirects.  I have learned to
save my text before I push the submit button there.
0
poo_gimmal
11/23/2004 6:51:00 PM
3Phase wrote:
> On Tue, 23 Nov 2004 03:21:07 -0800, Sam Schinke <sschinke@myrealbox.com>
> wrote:
>> Making Cecil-id mandatory isn't intended to stop trolls. It is intended
>> to stop spammers. I'm certainly not prepared to condemn Steve to spending
>> time filtering all of the server's spam in order to maintain a level of
>> convenience for those of us taking advantage of a free service he
>> provides.
> 
> I'm not condemning Steve, Sam. I just don't believe it'll work and
> it *feels* wrong; the spam on this server is from a troll. GRC isn't
> part of the USENET so someone had to set up an account and spam it.

Some other private NNTP servers where I read experienced identical spam. I
think there might be a spammer out there trying to branch out to NNTP
servers (they already try to spam mailing-lists to get to a wider
readership, and through filters), or possibly a compromised machine whose
new 'owner' decided to send things out to every account on the machine.

>> If spammers begin authenticating with the server (and who knows, an
>> intelligent spam-bot may react 'correctly' to the NNTP login response) a
>> better solution may become appropriate. Until then, this is a quick and
>> simple fix with minimal maintenance burden for Steve.
> 
> I'm 99.9% certain the spam on GRC isn't from a 'bot. Some troll spammed
> GRC just to watch everyone freak out and to make Steve do something.
> There's a nice thread further up this group discussing automated cancels
> and such with scripts and batch files. A mandatory CECIL ID would just add
> another step in a script or batch file for a troll without providing any
> real benefit for everyone else.

If authenticated spam begins to be a problem, this can all be revisted. In
the meantime, the base assumption that a bulk tool is being used isn't an
unreasonable one.

Regards,
Sam
-- 
 10:49:41 up 3 days, 10:08,  1 user,  load average: 0.57, 0.72, 0.62
0
Sam
11/23/2004 6:52:00 PM
In grc.news.feedback 3Phase wrote:

> On Tue, 23 Nov 2004 14:47:26 +0000 (UTC), Mark V
> <notvalid@nul.invalid> wrote:
> 
>> In grc.news.feedback 3Phase wrote:
>> > On Tue, 23 Nov 2004 03:21:02 +0000, Jim Crowther
>> > <Don't_bother@blackhole.do-not-spam.me.uk> wrote:
>> >> On Mon, 22 Nov 2004 21:24:43, Dutch wrote:
>> >> 
>> >> >My regular Usenet service also requires a user-id and
>> >> >password, so I don't see Steve's requirement for the same as
>> >> >being a 
   
[ ]
>> > Most Internet users have never even heard of a news reader or
>> > the USENET so, yes, there are a lot of virgins out there. My
>> > ISP has free news servers with my dialup account; I don't need
>> > a username or password to access them. 
>> 
>> Just as a point of comparison, my ISP (USA) requires
>>  UserID (account name and password)
>>  Access from *only* inside their network space.
>> And that's for Posting *or* just Reading
> 
> Same with my ISP; I just have to connect and that's it. Of course

Actually, I have not only to make a login (on service connection) but 
also provide UserId + Password for each NTTP session as well.

> my ISP knows who and where I am. If they opened up their servers
> and set up a CECIL ID to use their servers someone or several
> someones around the world would promptly hammer them the same way
> they hammer the spam filters. 
   
>> I have no problems at all with the CECIL requirement for posting.
>>  Recall that this is only a requirement for posting and not one
>> for just reading.  Further, it is not even a server-account based
>> "logon", nor one that requires advanced enrollment (with who
[ ]

> It's the wrong way to go about it, Mark. It won't stop trolls and

Trolls are shot on sight already. <G>  This new CECIL-to-post as I 
understand it is primarily anti-spammer/anti-spambot (in part) and 
not anti-troll.

> it just *feels* wrong to me. It's up to Steve, but I think he's
> going to have administration headaches; or not. No one will hear
> from anyone that doesn't understand what a CECIL posting error
> message means except someone elses' tech support.

I certainly respect you opinion Scott, but hope that this "small 
hurdle" to automated spambots (most especially via the upcoming HTTP 
interface) will succeed.  Any other proposed scheme would require 
much more work at Steve's end and be more intrusive for the "casual" 
and regular user as I see it. 

Have you followed the Web-interface-to-grc-news project here from the 
outset?  (just curious)  Because if given some of Steve's own 
internal requirements and if the CECIL-to-post system does fail or is 
an administration nightmare, then a really major re-think and 
overhaul at GRC would be (I believe) required.  Of course we are 
waiting for Steve to again stick his head up from work and make some 
comments to address your posts and many other as yet unanswered 
questions.
0
Mark
11/23/2004 7:21:00 PM
Wandering aimlessly about grc.news.feedback, I heard 3Phase say:

> I'm 99.9% certain the spam on GRC isn't from a 'bot. Some troll spammed
> GRC just to watch everyone freak out and to make Steve do something.
> There's a nice thread further up this group discussing automated cancels
> and such with scripts and batch files. A mandatory CECIL ID would just add
> another step in a script or batch file for a troll without providing any
> real benefit for everyone else.

Just to give you an idea of how easy it is to create a 'bot to spam
non-Usenet NNTP servers, here's a site that simply uses a 'bot to
*find* open NNTP servers. It's not much of a leap to see how that
could be used to automate spamming them as well...

http://echoes.free.fr/nntpbot/nntpbot.php3

-- 
Dutch

GRC Newsgroups/Guidelines/No Regrets
http://www.imilly.com/noregrets.htm
0
Dutch
11/23/2004 7:39:00 PM
On Mon, 22 Nov 2004 15:38:31 -0600, hermital <hermital@cox-internet.com>
wrote:

>If you 'control/cancel' a post off the GRC news server, you must close
>the newsreader(s) presently online.  The next time you connect to the
>GRC news server your newsreader will not see the canceled post in your
>HDD storage.

 "you must close the newsreader(s) presently online" is incorrect, at
least for Forte Agent.  Too broad of a statement, as I don't have to
close my newsreader to check cancels.  :o)
 Here's how:
 -I make a post.
 -I post a cancel for it.
 -I highlight the message I cancelled in the message list.
 -I delete the message body ONLY.
 -I download "selected message bodies". [Since the cancelled message is
the only one highlighted/selected this is the only message body it
attempts to download.]
 If the cancel was successful you'll get the "not available from server"
icon (a small page outline with a red "X" in it), instead of the "text
document" icon (a small page outline with "lines of text" in it) and the
message body, of course.
 The "unsubscribe, close, open & resubscribe" or just "close & open"
newsreader actions are not required to check cancellation successes in
all newsreaders, at least not in Forte Agent.

-- 
 dak
0
dak
11/23/2004 8:02:00 PM
[for the unabridged version, see Brian's post above]

> > I don't think it's necessary. If the website explains the
> > requirements, and the error messages are clear enough that
> > ought to be sufficient for anyone wanting to post to a
> > newsgroup of this nature.....
> 
> Especially if the error message tells where to find the necessary
> information...

Right.  And it certainly will provide everything they need.

Also, more casual posters *will* be able to post through the 
forthcoming web interface, which may be where we'll be seeing
the bulk of future participation growth.

-- 
_________________________________________________________________
Steve.
0
Steve
11/23/2004 8:14:00 PM
[for the unabridged version, see sparky's post above]

> Perhaps, it might be an idea from Steve to added a line to the
> *body* of all messages posted to grc.test saying whether the
> poster has cecil or not.  That way new users won't have to
> search around in the preferences of their news readers looking
> for the options to show message headers.

That's a very good point sparky.  I had forgotten that displaying 
all headers is not the default for typical configurations.  But 
I'm heading away from the idea of a separate "grc.test.noauth" 
newsgroup.  I'm afraid that it will just become too confusing and 
even redundant.  If someone reads the instructions for their 
newsreader they'll know how to set it up for authentication.

But reading instructions (and really focusing upon them) would 
also be required for anyone to understand about the existence of 
and the distinctions between "grc.test" and "grc.test.noauth".
It all makes sense to us from our standpoint and perspective ... 
but I can't imagine someone without all this background making
any sense of it.

So I'm going to invest in making the newsreader setup instructions 
clear and complete ... and all newbies will always have the 
fallback position of posting through the web interface.

-- 
_________________________________________________________________
Steve.
0
Steve
11/23/2004 8:24:00 PM
[for the unabridged version, see Kuifmans's post above]

> This may be off topic, but I frequently get messages from OE
> saying "server has dropped the connection" after reading a
> long posting or pausing for a coffee or potty break or such.
> OE will reconnect, no problem... but the timeout seems fairly
> short (5 mins or so?).

It is the case that stagnant connections will be dropped.  I have 
my Gravity client set to send keep-alive activity every minute.
I just sends a "no-op" command to which the server replies.
So if you're able to configure your client to send some sort
of "keep alive" that ought to do the trick.

-- 
_________________________________________________________________
Steve.
0
Steve
11/23/2004 8:30:00 PM
[for the unabridged version, see Temporary Q. Placeholder's post 
above]

Thanks for the clear explanation.

-- 
_________________________________________________________________
Steve.
0
Steve
11/23/2004 8:32:00 PM
[for the unabridged version, see Sam Schinke's post above]

> Steve,
> 
> I think having grc.test behave as similarly as possible to the
> other groups is best.

Yes.  That's the same position I've come to after giving it some 
more think time.


> It is supposed to be a testing ground for what would work in
> other groups, afterall, not a test of what would work were
> anti-spam measures relaxed.


Right.

> For instance, I would see no point in disabling the QED filter
> in grc.test.
> 
> Maybe a happy medium would be to redirect unauthenticated posts
> in grc.test to grc.test.noauth (If such a thing is possible with
> the mechanisms at hand) and issue an error indicating that the
> message has been redirected. Anyone following grc.test.noauth
> could reply to the redirected post and cross-post with follow-ups
> to either group to make sure that the OP sees the reply.

That's a very clever idea Sam, and it's something that I do have 
the technology in place to easily accomplish.  But the trouble is 
(as I replied also at some length above to sparky's posting) all 
of this fanciness is complicating things quite a bit and it 
requires a LOT of understanding on the part of the new user.  If 
they're going to have so much understanding ... they ought to 
simply apply that to setting up their newsreader correctly.  :)

And they'll always (eventually) be able to fall back to the web-
based system to post (hopefully in grc.test) with questions about 
how to configure their regular NNTP reader.

-- 
_________________________________________________________________
Steve.
0
Steve
11/23/2004 8:36:00 PM
[for the unabridged version, see Paul Nofs's post above]

> Hello Steve,
> 
> EVERYONE except our newer or quieter friends need *not* be
> concerned until they wish to voice a question or an opinion.
> 
> Correct?

Absolutely right Paul.

I was thinking that using an authenticated logon might also be 
useful for reading only ... which would have the added benefit
of thwarting those occasional leakages we have where someone is 
pulling bulk news from our server without our consent.  But it's 
also far more likely that such a person might configure their
news 'sucker' to logon in whatever way is required.

So, especially given the difficulties some folks here have 
experienced, I think it's clear that NO authentication should be 
required for read-only access.  (And our "X-Original-Reader" 
header will now allow us to track and locate any reading-leakage 
that we ever find.)

-- 
_________________________________________________________________
Steve.
0
Steve
11/23/2004 8:40:00 PM
[for the unabridged version, see Sam Schinke's post above]

> I think the idea is to find a solution whereby the community
> here can take up the burden of ensuring valid posts can still
> be made.

Well said Sam.  Once the dust settles from this change I think 
we'll be in much better shape to defeat spammers with this simple 
safeguard.

-- 
_________________________________________________________________
Steve.
0
Steve
11/23/2004 8:42:00 PM
[for the unabridged version, see Bruce Henderson's post above]

> From what I have seen over the past few days, the number of
> hitherto non-CECIL-enabled visitors has taken everyone by
> surprise.

Indeed.  I hope that the lurkers understood that this was all
ONLY required for posting, not simple read-access to the server.
I didn't mean to flush everyone out.  :)

However, when I have occasionally looked at the number of people 
always connected to the new server, I've always been surprised.  
And this was the main reason for migrating the newsgroups outside 
of our bandwidth-constrained T1 trunks ... to free up the T1's for 
ShieldsUP and eCommerce, etc. ... and give the newsgroups some 
more growing room.

-- 
_________________________________________________________________
Steve.
0
Steve
11/23/2004 8:49:00 PM
[for the unabridged version, see kayodeok's post above]

> >>> This note is being "spammed" across every group on the
> >>> server 
> >>>
> >> 
> >> Ha! I did not see your article as crosspost to 4+ groups
> >> are killed. 
> > 
> > LOL  Me too.  I had to go to the <gasp> web interface to
> > see it!  (or change settings locally).  It just *resembled*
> > a spammer.  :) 
> > 
> 
> I wondered why I wasn't seeing the messages too.
> 
> XNews kills crossposts to more that five groups here but I must 
> admit that this is the first time I have seen it in use.

Thanks Guys.  As you'll know by now I picked up on that and
re-posted a solitary note.  :)

-- 
_________________________________________________________________
Steve.
0
Steve
11/23/2004 8:50:00 PM
[for the unabridged version, see Guy's post above]

> Whatever on the "Expires and Supersedes" issue...

I thought that was a closed issue Guy.  The server has them set 
the way I want and providing consistent and expected behavior for 
everyone.  Supercedes (however it's spelled) is deliberately 
blocked to prevent any posted-article hanky panky.  So doing what 
you have been doing -- cancelling and reposting -- is the best 
solution here.

> I just script a Cancel to post when there is a new notification.
> (not the right protocol as articles are indeed Superseded)

I understand.

-- 
_________________________________________________________________
Steve.
0
Steve
11/23/2004 8:52:00 PM
[for the unabridged version, see 3Phase's post above]

> Steve, I think this is wrong.
> 
> Is spamming and trolling really such a problem that requiring
> people to provide some kind of identification before they can
> ask a question really the right way to go? l remember the first
> time I went on-line decades ago.

I think that perhaps you're misunderstanding what this is.  It's 
not ANY sort of "identification" scheme ... just a simple means 
for separating out those who are truly participating here from 
spammers who are not.


> But if you're new or you have questions... is there no other way?

Yes!!  And that's a BIG part of this too.  I'm moving rapidly and 
directly (in the background) toward an entirely new home-grown 
web-based interface which will allow everyone to EASILY read *and* 
POST articles with a great deal of ease -- for those without a 
configured newsreader.

> Regards,
> 
> Scott

Nice to hear from you.

-- 
_________________________________________________________________
Steve.
0
Steve
11/23/2004 8:56:00 PM
Jim Crowther wrote:

> That is what was in the back of my mind.  There must be many here who 
> use news.individual.net.  Was authentication there a problem?  No.  I am 
> bemused why there is so much trouble with grc, or are the 
> readers/potential posters here UseNet virgins?

I'm with you, Jim.  What's the big deal here?  So people need to type 
in a user name/password.  Once.  A hundred years from now it won't 
make the slightest bit of difference (as my grandfather used to tell 
me when I'd get upset over something.)  :)  Why the huge fuss over 
this trivial issue?  If it helps Steve, then it's good.  If it 
doesn't, then it will be re-thought.  Either way, it isn't a huge deal 
from my perspective.  Move along.. these aren't the droids you're 
looking for.  ;)

-- 
Bob Trevithick
0
Bob
11/23/2004 10:53:00 PM
On Tue, 23 Nov 2004 12:56:32 -0800, Steve Gibson <support@grc.com> wrote:

> [for the unabridged version, see 3Phase's post above]
> 
> > Steve, I think this is wrong.
> > 
> > Is spamming and trolling really such a problem that requiring
> > people to provide some kind of identification before they can
> > ask a question really the right way to go? l remember the first
> > time I went on-line decades ago.
> 
> I think that perhaps you're misunderstanding what this is.  It's 
> not ANY sort of "identification" scheme ... just a simple means 
> for separating out those who are truly participating here from 
> spammers who are not.

Is robospam from the 'net really that much trouble when there are
people complaining about on-topic posts in the appropriate groups?
If you're worried about robospam you might as well just bite the bullet
and require a secure log-in with a valid username and password and
send everyone to their rooms.
 
> > But if you're new or you have questions... is there no other way?
> 
> Yes!!  And that's a BIG part of this too.  I'm moving rapidly and 
> directly (in the background) toward an entirely new home-grown 
> web-based interface which will allow everyone to EASILY read *and* 
> POST articles with a great deal of ease -- for those without a 
> configured newsreader.

I've been following the discussion but I don't know much about web
interfaces, I only know that they usually aggravate me enough that
I wish I could just use my news reader. :)

> Nice to hear from you.

Thank you, and thank you for listening!

Regards,

Scott
0
3Phase
11/23/2004 11:14:00 PM
In article <7f47q0dq4lrg9mk767jtv410sjefnro5fl@4ax.com> dak wrote:
> On Mon, 22 Nov 2004 15:38:31 -0600, hermital <hermital@cox-internet.com>
> wrote:
> 
> >If you 'control/cancel' a post off the GRC news server, you must close
> >the newsreader(s) presently online.  The next time you connect to the
> >GRC news server your newsreader will not see the canceled post in your
> >HDD storage.
> 
>  "you must close the newsreader(s) presently online" is incorrect, at
> least for Forte Agent.  Too broad of a statement, as I don't have to
> close my newsreader to check cancels.  :o)

Yep.  You're right, of course.  Paul had confused 'delete' and
'control/cancel'.  I became confused in my answer and went overboard. 
Mark it down to a 'Senior Moment'.  Others sorted it out farther down
in the thread and no harm was done. :)

>  Here's how:
>  -I make a post.
>  -I post a cancel for it.
>  -I highlight the message I cancelled in the message list.
>  -I delete the message body ONLY.
>  -I download "selected message bodies". [Since the cancelled message is
> the only one highlighted/selected this is the only message body it
> attempts to download.]
>  If the cancel was successful you'll get the "not available from server"
> icon (a small page outline with a red "X" in it), instead of the "text
> document" icon (a small page outline with "lines of text" in it) and the
> message body, of course.
>  The "unsubscribe, close, open & resubscribe" or just "close & open"
> newsreader actions are not required to check cancellation successes in
> all newsreaders, at least not in Forte Agent.
> 
> --
>  dak


-- 
Alan
The universal principle of energy:
Energy has an objective, independent physical existence and exists 
in the absence of matter, but matter is entirely dependent upon
energy and cannot exist in the absence of energy.  - A.T. Williams
< http://www.cox-internet.com/hermital/book/holoprt2-1.htm >
0
hermital
11/23/2004 11:30:00 PM
[for the unabridged version, see 3Phase's post above]

> I've been following the discussion but I don't know much about web
> interfaces, I only know that they usually aggravate me enough that
> I wish I could just use my news reader. :)

Well ... subject to a few easily complied with restrictions which 
serve to make things easier for us, you're certainly welcome to.  
:)

-- 
_________________________________________________________________
Steve.
0
Steve
11/23/2004 11:49:00 PM
On Tue, 23 Nov 2004 15:14:12, 3Phase wrote:

[web forums]
>I only know that they usually aggravate me enough that
>I wish I could just use my news reader. :)

My goodness I am with you there.

I heavily use one web-forum, and it is a RRPITA.  RSI-inducing 
irritation and so *slow*!

<http://x9.ipbhost.com/>

-- 
Jim Crowther                  "It's MY computer" (tm SMG)

Always learning.
0
Jim
11/24/2004 1:58:00 AM
[for the unabridged version, see Jim Crowther's post above]

> I heavily use one web-forum, and it is a RRPITA.
> RSI-inducing irritation and so *slow*!

Well ... you gotta know that MINE won't be slow!  <g>

-- 
_________________________________________________________________
Steve.
0
Steve
11/24/2004 4:21:00 AM
3Phase wrote:
> On Tue, 23 Nov 2004 12:56:32 -0800, Steve Gibson <support@grc.com> wrote:
> 
>>[for the unabridged version, see 3Phase's post above]
>>
> I've been following the discussion but I don't know much about web
> interfaces, I only know that they usually aggravate me enough that
> I wish I could just use my news reader. :)
> 

I share your opinion of web interfaces...
0
poo_gimmal
11/24/2004 5:17:00 AM
[for the unabridged version, see poo_gimmal's post above]

> I share your opinion of web interfaces...

We'll see how you feel about the new one.  :)

-- 
_________________________________________________________________
Steve.
0
Steve
11/24/2004 6:36:00 AM
Mark V said in:<news:Xns95AA5CA323BA2z9zzaQ2btw@news.grc.com>:
> In grc.news.feedback Milly wrote:
>> Steve Gibson said in:<news:cntfch$5i8$1@news.grc.com>:
>>> [...]
>>> Please see Milly's web page as a starting point ...
>>> 
>>> http://www.imilly.com/noregrets.htm#cancel
>>>
>>> Then PLEASE post any questions you may have about your specific 
>>> situation to our "grc.test" newsgroup.  I am sure any questions 
>>> will be answered quickly there. (To minimize confusion, the 
>>> forthcoming "grc.test.noauth" group has not been created yet.)
>> 
>> Some more handy links :-
>> 
>> http://client.grc.com/news.exe?cmd=article&group=grc.news&item=551
>> 
>> http://www.imilly.com/noregrets.htm#logon_required
>> 
>> http://www.imilly.com/noregrets.htm#Outlook_Express
>> 
>> http://www.imilly.com/noregrets.htm#Mozilla+Netscape+Thunderbird
> 
> Ah ha.  So T-bird must not choke on the "+" I presume. <G>

Nope, as Dennis has kindly confirmed (thanks Dennis, and others).

>> http://www.imilly.com/noregrets.htm#Forte_Agent
>> 
>> http://www.imilly.com/noregrets.htm#headers
>> 
>> http://www.imilly.com/noregrets.htm#ip
> 
> Just a note of *appreciation*!  
> And not just for the most useful GRC information alone BTW.  :)
> 
>  http://www.imilly.com/

Thanks :) In turn, the whole site is really an appreciation of GRC
and GRCers.
-- 

Milly
0
Milly
11/24/2004 11:13:00 AM
Bob Trevithick said in:<news:co0f9i$2a1t$1@news.grc.com>:
> Jim Crowther wrote:
> 
>> That is what was in the back of my mind.  There must be many here who 
>> use news.individual.net.  Was authentication there a problem?  No.  I am 
>> bemused why there is so much trouble with grc, or are the 
>> readers/potential posters here UseNet virgins?
> 
> I'm with you, Jim.  What's the big deal here?  So people need to type 
> in a user name/password.  Once.  

Unless you have Netscape 4.7 ... ;)

> A hundred years from now it won't 
> make the slightest bit of difference (as my grandfather used to tell 
> me when I'd get upset over something.)  :)  Why the huge fuss over 
> this trivial issue?  If it helps Steve, then it's good.  If it 
> doesn't, then it will be re-thought.  Either way, it isn't a huge deal 
> from my perspective.  Move along.. these aren't the droids you're 
> looking for.  ;)

What huge fuss or deal? Even the steadfast opposition has been
polite, respectful and impressively well-reasoned, in my view.
-- 

Milly
0
Milly
11/24/2004 11:13:00 AM
Steve Gibson said in:<news:co06ue$126g$13@news.grc.com>:
> [for the unabridged version, see Kuifmans's post above]
> 
>> This may be off topic, but I frequently get messages from OE
>> saying "server has dropped the connection" after reading a
>> long posting or pausing for a coffee or potty break or such.
>> OE will reconnect, no problem... but the timeout seems fairly
>> short (5 mins or so?).
> 
> It is the case that stagnant connections will be dropped.  I have 
> my Gravity client set to send keep-alive activity every minute.
> I just sends a "no-op" command to which the server replies.
> So if you're able to configure your client to send some sort
> of "keep alive" that ought to do the trick.

I'm not sure that's entirely it, Steve. I have two-minute
keep-alives, but have been having frequent and regular disconnection
problems since you switched servers. 

Is the server's drop-connection setting different than it was? Is
there any need for it anyway?
-- 

Milly
0
Milly
11/24/2004 11:14:00 AM
On Wed, 24 Nov 2004 11:13:44 +0000, Milly wrote:

> Bob Trevithick said in:<news:co0f9i$2a1t$1@news.grc.com>:

>> A hundred years from now it won't 
>> make the slightest bit of difference (as my grandfather used to tell 
>> me when I'd get upset over something.)  :)  Why the huge fuss over 
>> this trivial issue?  If it helps Steve, then it's good.  If it 
>> doesn't, then it will be re-thought.  Either way, it isn't a huge deal 
>> from my perspective.  Move along.. these aren't the droids you're 
>> looking for.  ;)
> 
> What huge fuss or deal? Even the steadfast opposition has been
> polite, respectful and impressively well-reasoned, in my view.

And not apparent in great numbers, either. For my part, I have learned a
lot these past few days, including how to spell 'supercedes'. It's an
education, here at GRC newsgroups. Well worth a password......
-- 
Bruce Henderson
'...a splendid time is guaranteed for all...'
0
Bruce
11/24/2004 1:17:00 PM
On Tue, 23 Nov 2004 20:21:46, Steve Gibson wrote:

>[for the unabridged version, see Jim Crowther's post above]
>
>> I heavily use one web-forum, and it is a RRPITA.
>> RSI-inducing irritation and so *slow*!
>
>Well ... you gotta know that MINE won't be slow!  <g>

I'd be very surprised if it was! :)

My main gripe with web-thingies is the need to keep swapping between 
mouse and keyboard.

If yours can have some 'standard' shortcuts included, such as using the 
spacebar to open a message, page down it, close it, open the next in the 
thread, page down, etc, and at end-of-thread back to the view of 
threads, that would be much appreciated here.

However, I don't know if that is something that would be 
browser-specific, or your web-code specific, or a mixture of both.

-- 
Jim Crowther                  "It's MY computer" (tm SMG)

Always learning.
0
Jim
11/24/2004 1:20:00 PM
In grc.news.feedback Milly wrote:

> Steve Gibson said in:<news:co06ue$126g$13@news.grc.com>:
>> [for the unabridged version, see Kuifmans's post above]
>> 
>>> This may be off topic, but I frequently get messages from OE
>>> saying "server has dropped the connection" after reading a
[ ]
>> It is the case that stagnant connections will be dropped.  I have 
>> my Gravity client set to send keep-alive activity every minute.
>> I just sends a "no-op" command to which the server replies.
>> So if you're able to configure your client to send some sort
>> of "keep alive" that ought to do the trick.
  
> I'm not sure that's entirely it, Steve. I have two-minute
> keep-alives, but have been having frequent and regular
> disconnection problems since you switched servers. 

As has been reported previously, but Steve said everything was the 
same (news server config).  Well, the ISP is different, their pipe to 
the Internet is different, and my routing to them from here is 
different and I too suffer from it.  But what can be done?  
Apparently nothing.  The DNS changes did help BTW.  "4 min." here, as 
I have used for years.
 
> Is the server's drop-connection setting different than it was? Is
> there any need for it anyway?
0
Mark
11/24/2004 1:23:00 PM
In article <165jjf8edhka8$.dlg@0O.0O> Milly wrote:
> Bob Trevithick said in:<news:co0f9i$2a1t$1@news.grc.com>:
> > Jim Crowther wrote:
> >
> >> That is what was in the back of my mind.  There must be many here who
> >> use news.individual.net.  Was authentication there a problem?  No.  I am
> >> bemused why there is so much trouble with grc, or are the
> >> readers/potential posters here UseNet virgins?
> >
> > I'm with you, Jim.  What's the big deal here?  So people need to type
> > in a user name/password.  Once.
> 
> Unless you have Netscape 4.7 ... ;)
> 
Steady now!  Let's have a little respect for geriatrics in people
*and* software, please. ;)

-- 
Alan
The universal principle of energy:
Energy has an objective, independent physical existence and exists 
in the absence of matter, but matter is entirely dependent upon
energy and cannot exist in the absence of energy.  - A.T. Williams
< http://www.cox-internet.com/hermital/book/holoprt2-1.htm >
0
hermital
11/24/2004 2:14:00 PM
Mark V wrote:
> In grc.news.feedback Milly wrote:
> 
>>I'm not sure that's entirely it, Steve. I have two-minute
>>keep-alives, but have been having frequent and regular
>>disconnection problems since you switched servers. 
> 
> As has been reported previously, but Steve said everything was the 
> same (news server config).  and I too suffer from it. 
>  

glad it was not my imagination.  it was very noticeable
when I was not saving CECIL in TB and had to manually
(semi_manually) reenter it with each disconnect, but
now CECIL is saved pw, and ... well so far I have not
noticed any disconnects, or if they happen, TB just
reconnects seamlessly.  or it has not disconnected yet
since I did this(?)
0
poo0gimmal
11/24/2004 3:44:00 PM
Jim Crowther wrote:
> 
> My main gripe with web-thingies is the need to keep swapping between 
> mouse and keyboard.
> 
> If yours can have some 'standard' shortcuts included, such as using the 
> spacebar to open a message, page down it, close it, open the next in the 
> thread, page down, etc, and at end-of-thread back to the view of 
> threads, that would be much appreciated here.
> 
> However, I don't know if that is something that would be 
> browser-specific, or your web-code specific, or a mixture of both.
> 

Well, yes I think it could be done by using .... Javascript .... ok, 
I'll go and wash my mouth out now .... ;)
0
sparky
11/24/2004 4:55:00 PM
[For the unexcerpted original, see above]
Milly <@.....> wrote ...

> Steve Gibson said in:<news:co06ue$126g$13@news.grc.com>:
> > [for the unabridged version, see Kuifmans's post above]
> > 
> >> This may be off topic, but I frequently get messages from OE
> >> saying "server has dropped the connection" after reading a
> >> long posting or pausing for a coffee or potty break or such.
> >> OE will reconnect, no problem... but the timeout seems fairly
> >> short (5 mins or so?).
> > 
> > It is the case that stagnant connections will be dropped.  I have 
> > my Gravity client set to send keep-alive activity every minute.
> > I just sends a "no-op" command to which the server replies.
> > So if you're able to configure your client to send some sort
> > of "keep alive" that ought to do the trick.
> 
> I'm not sure that's entirely it, Steve. I have two-minute
> keep-alives, but have been having frequent and regular disconnection
> problems since you switched servers. 

FWIW ... I changed my (Gravity 2.5) "keep alive" setting from 15 to 2 
minutes, and it hasn't dropped a connection since.  On the old server, 
15 minutes was enough to stay connected.

-- 

Terry Webb ///
0
Terry
11/24/2004 5:00:00 PM
[for the unabridged version, see Milly <@.....>'s post above]

> I'm not sure that's entirely it, Steve. I have two-minute
> keep-alives, but have been having frequent and regular
> disconnection problems since you switched servers.
> 
> Is the server's drop-connection setting different than
> it was? Is there any need for it anyway?

If you can set your keep-alives down to 1 minute, give that a try.

I have Gravity set to 1 minute and I go for days -- many days -- 
without dropping any connections ... and with long periods of 
inactivity.

-- 
_________________________________________________________________
Steve.
0
Steve
11/24/2004 5:17:00 PM
[for the unabridged version, see sparky's post above]

> Well, yes I think it could be done by using .... Javascript
> .... ok, I'll go and wash my mouth out now .... ;)

<<shudder>>

-- 
_________________________________________________________________
Steve.
0
Steve
11/24/2004 5:18:00 PM
Jim Crowther wrote:

> My main gripe with web-thingies is the need to keep swapping between 
> mouse and keyboard.

Two thoughts, Jim.  One is that I just noticed that GMail pages down 
with the space bar, and I haven't even turned on the optional keyboard 
shortcuts stuff yet.

The other thought is the possibility of a tiny client-side piece of 
this.  Perhaps even with the notification system built in to it (the 
one that will replace the mailing list.)

Is there some ground midway between a web-based system and a 
client-side system that we might want to explore a bit?  Probably a 
dump idea, though, because then we'd need to consider Linux, Macs, and 
so on.  But how much work could be off-loaded from the news server 
even if only the Windows users ran something on the client?  And how 
many cool features might be possible that wouldn't otherwise?

-- 
Bob Trevithick
0
Bob
11/24/2004 10:37:00 PM
Supersedes: <592aq0t3v7p2e0aas526h6ijqo78cj4pas@4ax.com>
Followup-To: grc.elba_II

On Tue, 23 Nov 2004 22:36:34 -0800, Steve Gibson <support@grc.com> wrote:
> 
> We'll see how you feel about the new one.  :)

Steve,

I've sort of caught up in the thinktank group; only 187 unread
messages to go.

I apologize.

You and the folks were discussing CECIL and many other issues
and I hadn't read far enough into the threads in thinktank.

Thank you everyone that's contributed in this sub-thread; it still feels
wrong. 

Open mouth, insert foot, echo internationally. :)


Regards,

Scott
0
3Phase
11/25/2004 1:40:00 AM
In article <nvg5q0pkkhivp6vs55akehnhckdgeugprr@4ax.com>, Phase3
@worldnet.att.net says...
> 
> Banks don't use NNTP. If you find a bank that will allow you access
> through Outlook Express change banks.

Never really gave any thought to the protocol end of it. But you're 
probably right in this case. 

Outlook and Outlook express were the first things I got rid of back in 
'97 on my first purchased instead of scratch-built box. It was a Gateway 
box. Just before they sold out to the yonquis. I didn't like the 
journalling, and logging phone calls made by the kids, etc. And, it was 
also, every so often, changing defaults I'd set. <G>

Heiwa

Waldo 
0
Waldo
11/25/2004 4:35:00 AM
On Wed, 24 Nov 2004 20:35:12 -0800, Waldo Hamilton <waldo-no@spam-mei.ws>
wrote:
> In article <nvg5q0pkkhivp6vs55akehnhckdgeugprr@4ax.com>, Phase3
> @worldnet.att.net says...
> > 
> > Banks don't use NNTP. If you find a bank that will allow you access
> > through Outlook Express change banks.
> 
> Never really gave any thought to the protocol end of it. But you're 
> probably right in this case. 

Well, OE does other interesting stuff, but that's another rant. ;)
 
> Outlook and Outlook express were the first things I got rid of back in 
> '97 on my first purchased instead of scratch-built box. It was a Gateway 
> box. Just before they sold out to the yonquis. I didn't like the 
> journalling, and logging phone calls made by the kids, etc. And, it was 
> also, every so often, changing defaults I'd set. <G>

I never had a problem with OE losing settings but my bank and credit card
companies sure had a lot of trouble keeping my account details straight.
It's a good thing I filled out all the e-mail they sent me because it wasn't
until I got the new mail reader that showed the full URLs that I was able to
see they'd all moved their headquarters to somewhere in Africa. It must have
been a really difficult time for them what with the move and all.

Regards,

Scott
0
3Phase
11/25/2004 6:13:00 AM
sparky wrote:
> Well, yes I think it could be done by using .... Javascript .... ok,
> I'll go and wash my mouth out now .... ;)

http://www.cs.tut.fi/~jkorpela/forms/accesskey.html

Regards,
Sam
-- 
 22:37:36 up 4 days, 21:56,  2 users,  load average: 1.64, 1.71, 1.26
0
Sam
11/25/2004 6:41:00 AM
Sam Schinke wrote:
> sparky wrote:
> 
>>Well, yes I think it could be done by using .... Javascript .... ok,
>>I'll go and wash my mouth out now .... ;)
> 
> 
> http://www.cs.tut.fi/~jkorpela/forms/accesskey.html
> 
> Regards,
> Sam

Hmmmmmm, well as that article says support for ACCESSKEY is patchy and 
is implemented differently on IE from other browsers (of course), but 
there is no harm in adding ACCESSKEY support (and it's not a script ;) 
).  Possibly ALT-N for Next unread article and ALT-P for previous 
article.  Not as slick as just pressing space bar to both scroll down 
the current message and move to the next one (in the manor that most 
newsreaders do), but it does satisfy the "no need for mouse" issue.
0
sparky
11/25/2004 3:10:00 PM
I know this is a strange question here?  However what is authenticated logon
posting???

I've seen this done with regular email, however never heard of this being
done with news groups??


Helen...

"Steve Gibson" <support@grc.com> wrote in message
news:cntfch$5i8$1@news.grc.com...
> Everyone,
>
> This note is being "spammed" across every group on the server to
> make certain that it is seen by everyone reading the articles
> here. If you have not already subscribed to the very low traffic
> "grc.news" group, into which only I am able to post for the
> distribution of this sort of news, please consider subscribing
> so you won't miss future announcements.
>
<snip>
0
helen
11/25/2004 4:47:00 PM
helen sautner attbi wrote:
> I know this is a strange question here?  However what is authenticated logon
> posting???
> 
> I've seen this done with regular email, however never heard of this being
> done with news groups??
> 
> 
> Helen...
> 

It means that to gain access to a news server (or certain functions of 
the server like posting) you need to provide a user name and password. 
Up until now the GRC news server has not needed authentication, although 
there is a system in place where you can provide a "pass phrase" and 
enter this as both the user name AND password.  This is called CECIL and 
it allows users to cancel posts that they have submitted.  Shortly Steve 
plans to make a CECIL-ID mandatory if you which to post, so that it 
raises a slight bar against "drive by" spammers, who will in all 
probability give up if they can't post anonymously.
0
sparky
11/25/2004 7:50:00 PM
sparky wrote:
> helen sautner attbi wrote:
> 
>> I know this is a strange question here?  However what is authenticated 
>> logon
>> posting???
>>
>> I've seen this done with regular email, however never heard of this being
>> done with news groups??
>>
> 
> It means that to gain access to a news server (or certain functions of 
> the server like posting) you need to provide a user name and password. 


And from your point of view, Helen, you also gain the means to cancel 
posts.  As Steve says:

<quote>

One of our regular contributors here, "Milly", has kindly (and
is probably still kindly) assembling and maintaining a page
containing notes and instructions for specific news readers:

http://www.imilly.com/noregrets.htm#cancel

</quote>

I believe she's added to it.  The page is worth a visit.

-- 
Michael
0
Mad
11/25/2004 9:31:00 PM
Thanks for the nice explaination here..
Appriciate this allot...
Take Care.....

Helen...

"sparky" <NOSPAMPaulByford@hotmail.com> wrote in message
news:co5dck$fkd$1@news.grc.com...
> helen sautner attbi wrote:
> > I know this is a strange question here?  However what is authenticated
logon
> > posting???
> >
> > I've seen this done with regular email, however never heard of this
being
> > done with news groups??
> >
> >
> > Helen...
> >
>
> It means that to gain access to a news server (or certain functions of
> the server like posting) you need to provide a user name and password.
> Up until now the GRC news server has not needed authentication, although
> there is a system in place where you can provide a "pass phrase" and
> enter this as both the user name AND password.  This is called CECIL and
> it allows users to cancel posts that they have submitted.  Shortly Steve
> plans to make a CECIL-ID mandatory if you which to post, so that it
> raises a slight bar against "drive by" spammers, who will in all
> probability give up if they can't post anonymously.
>
0
helen
11/26/2004 4:17:00 AM
In grc.news.feedback Sam Schinke wrote:

> sparky wrote:
>> Well, yes I think it could be done by using .... Javascript .... ok,
[ ]
> 
> http://www.cs.tut.fi/~jkorpela/forms/accesskey.html

Ah ha.  I finally found this Access Keys post.  Whew, can't wait for 
full text searching.  :)

Knowing little about it I did some (rather superficial) digging.
Here is a more up to date listing of browser support
 http://www.alanwood.net/pesticides/accessibility.html#keys
and some general information.  No need to note that this page supports 
a site regarding pesticides.  That's not the point. :)  

I have to suspect that if implemented (for GRC News HTTP), very few 
users would avail themselves of it.  Is it worth it?  
  
0
Mark
11/26/2004 6:10:00 PM
Mark V wrote:
> Ah ha.  I finally found this Access Keys post.  Whew, can't wait for 
> full text searching.  :)
> 
> Knowing little about it I did some (rather superficial) digging.
> Here is a more up to date listing of browser support
>  http://www.alanwood.net/pesticides/accessibility.html#keys
> and some general information.  No need to note that this page supports 
> a site regarding pesticides.  That's not the point. :)  
> 
> I have to suspect that if implemented (for GRC News HTTP), very few 
> users would avail themselves of it.  Is it worth it?  
>   

For the sake of adding a few tags? Yes, it's worth it just for those 
very few people that would use then, because they are not keen mouse users.
0
sparky
11/26/2004 6:12:00 PM
In article <Xns95AD854618B7Bz9zzaQ2btw@news.grc.com> Mark V wrote:
> In grc.news.feedback Sam Schinke wrote:
> > sparky wrote:
> >> Well, yes I think it could be done by using .... Javascript .... ok,
> [ ]
> >
> > http://www.cs.tut.fi/~jkorpela/forms/accesskey.html
> 
> Ah ha.  I finally found this Access Keys post.  Whew, can't wait for
> full text searching.  :)
> 
> Knowing little about it I did some (rather superficial) digging.
> Here is a more up to date listing of browser support
>  http://www.alanwood.net/pesticides/accessibility.html#keys
> and some general information.  No need to note that this page supports
> a site regarding pesticides.  That's not the point. :)
> 
Alan Wood's web site has many things to offer.  For example,
http://www.alanwood.net/unicode/

> I have to suspect that if implemented (for GRC News HTTP), very few
> users would avail themselves of it.  Is it worth it?
> 
To put it in the mildest form, Steve doesn't like Javascript so it's
*very* doubtful it will ever be implemented in his GRC code. :)

-- 
Alan
The universal principle of energy:
Energy has an objective, independent physical existence and exists 
in the absence of matter, but matter is entirely dependent upon
energy and cannot exist in the absence of energy.  - A.T. Williams
< http://www.cox-internet.com/hermital/book/holoprt2-1.htm >
0
hermital
11/26/2004 7:09:00 PM
hermital wrote:
> To put it in the mildest form, Steve doesn't like Javascript so it's
> *very* doubtful it will ever be implemented in his GRC code. :)

The page I posted was intended to indicate that javascript isn't neccessary
for basic accesskey functionality.

Regards,
Sam
-- 
 11:23:54 up 11:35,  4 users,  load average: 1.64, 1.02, 0.76
0
Sam
11/26/2004 7:24:00 PM
In grc.news.feedback sparky wrote:

> Mark V wrote:
>> Ah ha.  I finally found this Access Keys post.  Whew, can't wait
>> for full text searching.  :)
>> 
>> Knowing little about it I did some (rather superficial) digging.
>> Here is a more up to date listing of browser support
>>  http://www.alanwood.net/pesticides/accessibility.html#keys
[ ]

>> I have to suspect that if implemented (for GRC News HTTP), very
>> few users would avail themselves of it.  Is it worth it?  
 
> For the sake of adding a few tags? Yes, it's worth it just for
> those very few people that would use then, because they are not
> keen mouse users. 

Having now looked at the page source, it does seem to be piece-ofcake 
addition.   FWIW I vote yes.


 in other post hermital wrote:
>  Alan Wood's web site has many things to offer.

So I see.  Now that you mentioned it.  :)
Bookmarked.  
0
Mark
11/26/2004 7:36:00 PM
Sam Schinke wrote:
> hermital wrote:
> 
>>To put it in the mildest form, Steve doesn't like Javascript so it's
>>*very* doubtful it will ever be implemented in his GRC code. :)
> 
> 
> The page I posted was intended to indicate that javascript isn't neccessary
> for basic accesskey functionality.
> 

Yes, but it is very basic and not implemented in a uniform manor across 
browsers.  It *is* better than nothing though.
0
sparky
11/26/2004 8:17:00 PM
"Steve Gibson" <support@grc.com> wrote in message
news:cntfch$5i8$1@news.grc.com...
: Everyone,

"Please reduce your quoting of the previous post."

Just testing the new authentication process. God, is that message annoying! Even
after I edited it down to the relevent points.
0
J
11/27/2004 3:43:00 PM
J Lee wrote:
> "Steve Gibson" <support@grc.com> wrote in message
> news:cntfch$5i8$1@news.grc.com...
> : Everyone,

> "Please reduce your quoting of the previous post."

> Just testing the new authentication process. God, is that message annoying! Even
> after I edited it down to the relevent points.

One thing to keep in mind is that you can eliminate the quote 
characters between line (e.g., above) and just leave blank lines. 
This will cause QED to loosen it's testing a bit.

OTOH, I've gotten that message maybe three times since Steve 
implemented the system, so perhaps you really do quote too much?  ;-)

-- 
Bob Trevithick
0
Bob
11/27/2004 3:48:00 PM
>"Please reduce your quoting of the previous post."

Space out your quotes.

>Just testing the new authentication process. God, is that message annoying! Even

like this

>after I edited it down to the relevent points.

It should work up to 20 lines.
0
Greg
11/27/2004 8:00:00 PM
[for the unabridged version, see Bob Trevithick's post above]

> > My main gripe with web-thingies is the need to keep swapping
> > between mouse and keyboard.
> 
> Two thoughts, Jim.  One is that I just noticed that GMail
> pages down with the space bar, and I haven't even turned
> on the optional keyboard shortcuts stuff yet.
> 
> The other thought is the possibility of a tiny client-side
> piece of this.  Perhaps even with the notification system
> built in to it (the one that will replace the mailing list.)
> 
> Is there some ground midway between a web-based system and a 
> client-side system that we might want to explore a bit?
> Probably a dump idea, though, because then we'd need to consider
> Linux, Macs, and so on.  But how much work could be off-loaded
> from the news server even if only the Windows users ran something
> on the client?  And how many cool features might be possible
> that wouldn't otherwise?

I have thought about the idea of a "GRC News Reader" a lot in the 
past, since a client-side solution can do SUCH a better job.  The 
opening of the Gravity source code would allow me to easily take 
it and turn it into a zero-configuration app that any Windows user 
could download and run without any configuration confusion.

But the instant that we ask the user to download anything I think 
we cross a line.  And, as you note, we immediately become platform 
specific.

I think that the web interface appeals to people because many 
people -- certainly myself among them -- are becoming less happy 
with the idea of installing "one more thing" into our already 
over-burdened and flaky machines.  It's one thing if it's a 
lightweight gizmo that I'm going to use a lot.  But "installing" 
something that I might not wind up using very much is a losing 
proposition.

So the web interface lets people poke around the edges of our 
groups and get a feeling for what's here while making ZERO 
commitment to any future participation or modification of their 
machines.

Therefore, tempting as the idea always is to me, I think that any 
sort of "halfway measure" falls into a no-man's land in between a 
zero-commitment web interface and a 'full-commitment' NNTP reader.

-- 
_________________________________________________________________
Steve.
0
Steve
11/28/2004 4:07:00 PM
[for the unabridged version, see sparky's post above]

> > I have to suspect that if implemented (for GRC News HTTP),
> > very few users would avail themselves of it.  Is it worth it?  
> 
> For the sake of adding a few tags? Yes, it's worth it just for
> those very few people that would use then, because they are not
> keen mouse users.

Well, we can certainly experiment with it.  I agree with the 
general notion that investing a low amount of effort to add some 
features that only a few people might use makes sense.  But my 
only hesitation might be visually cluttering up the UI with 
keyboard shortcut designations.  We'll see how it goes.  :)

-- 
_________________________________________________________________
Steve.
0
Steve
11/28/2004 4:50:00 PM
[for the unabridged version, see Sam Schinke's post above]

> The page I posted was intended to indicate that javascript
> isn't neccessary for basic accesskey functionality.

Right.  And I was totally unaware of that, so I'm VERY glad to 
know it's there.  :)

-- 
_________________________________________________________________
Steve.
0
Steve
11/28/2004 4:51:00 PM
[for the unabridged version, see sparky's post above]

> Yes, but it is very basic and not implemented in a uniform
> manor across browsers.  It *is* better than nothing though.

Probably so.

-- 
_________________________________________________________________
Steve.
0
Steve
11/28/2004 4:51:00 PM
[for the unabridged version, see hermital's post above]

> To put it in the mildest form, Steve doesn't like Javascript
> so it's *very* doubtful it will ever be implemented in his
> GRC code. :)

Actually, it's not that I don't like it.  In truth I *LOVE* it.  
The "theoretical" idea of transparently downloading code into the 
user's browser is totally cool.  Unfortunately the security 
ramifications are significantly less than cool.

So, while I love the concept, I can't live with developing 
technologies that *depend* upon it.

-- 
_________________________________________________________________
Steve.
0
Steve
11/28/2004 4:54:00 PM
Steve Gibson wrote:
>>For the sake of adding a few tags? Yes, it's worth it just for
>>those very few people that would use then, because they are not
>>keen mouse users.
> 
> 
> Well, we can certainly experiment with it.  I agree with the 
> general notion that investing a low amount of effort to add some 
> features that only a few people might use makes sense.  But my 
> only hesitation might be visually cluttering up the UI with 
> keyboard shortcut designations.  We'll see how it goes.  :)
> 

How about a single always available "help" button in the corner of the 
window that when pressed pops up a separate window with all the help 
information that you can think of including keyboard short cuts and 
their limitations?  If users don't wish to read the help then they won't 
learn of the short cuts, but I'm sure that long term users will read it 
and learn any useful tit bits that they might find there.  Not knowing 
what the short cuts are doesn't stop a user navigating with a mouse.
0
sparky
11/28/2004 5:43:00 PM
[for the unabridged version, see sparky's post above]

> How about a single always available "help" button in the corner
> of the window that when pressed pops up a separate window with
> all the help information that you can think of including keyboard
> short cuts and their limitations?  If users don't wish to read
> the help then they won't learn of the short cuts, but I'm sure
> that long term users will read it and learn any useful tit bits
> that they might find there.  Not knowing what the short cuts are
> doesn't stop a user navigating with a mouse.

As an avid keyboard shortcut user myself, ... 

Holy Crap!  I just had an AMAZING IDEA!

I'm going to post a global message about it and open a new 
discussion.  <g>

--------------=> WOW!  (maybe!)

-- 
_________________________________________________________________
Steve.
0
Steve
11/28/2004 6:28:00 PM
This is a vote for web-based interface systems.  I think it is an excellent 
idea.  Perhaps http://forums.grc.com/?

The benefits of current popular web-based forums include:
- send and link to threads easily (increases likelyhood of others joining)
- recieve email notification of replies (makes me more active and 
productive)
- delete posts easily (eliminates the 'embarrassing posting' fears which 
holds so many newcomers back)

There are many things that will come naturally to current web-based forum 
users like myself.  I am simply more comfortable and more accustomed to 
using web-based forums than newsgroups, so I am much more inclined to use 
web-based forums.  I am sure others fall into this same group.

Another benefit is that web-based forums result in Google searches for 
topics that are not widely published on the Internet.

---------
Matthew Doucette
http://www.matthewdoucette.com/
http://www.sawtoothdistortion.com/

"Steve Gibson" <support@grc.com> wrote in message 
news:cntfch$5i8$1@news.grc.com...

> And finally ... for people whose newsreaders simply refuse to
> cooperate, our forthcoming web interface system will allow posting
> after performing a simple eMail verification loop. 
0
Matthew
11/29/2004 4:24:00 PM
Steve Gibson said in:<news:co2fvl$2dke$22@news.grc.com>:
> [for the unabridged version, see Milly <@.....>'s post above]
> 
>> I'm not sure that's entirely it, Steve. I have two-minute
>> keep-alives, but have been having frequent and regular
>> disconnection problems since you switched servers.
>> 
>> Is the server's drop-connection setting different than
>> it was? Is there any need for it anyway?
> 
> If you can set your keep-alives down to 1 minute, give that a try.
> 
> I have Gravity set to 1 minute and I go for days -- many days -- 
> without dropping any connections ... and with long periods of 
> inactivity.

That didn't seem to help, nor increasing or decreasing the number of
concurrent connections. 

Maybe it's the type of keep-alive message? I'm just using a pull of
headers, because Dialog doesn't seem to have a specific keep-alive
setting.

Anyway, if (as this thread indicates) it's not a widespread issue,
then it's probably not worth you worrying about. I'll make a pain of
myself if it gets worse ;)
-- 

Milly
0
Milly
11/29/2004 5:17:00 PM
Matthew Doucette said in:<news:cofiok$7te$1@news.grc.com>:
> "Steve Gibson" <support@grc.com> wrote in message 
> news:cntfch$5i8$1@news.grc.com...
> 
>> And finally ... for people whose newsreaders simply refuse to
>> cooperate, our forthcoming web interface system will allow posting
>> after performing a simple eMail verification loop.
>
> This is a vote for web-based interface systems.  I think it is an excellent 
> idea.  Perhaps http://forums.grc.com/?
> 
> The benefits of current popular web-based forums include:
> - send and link to threads easily (increases likelyhood of others joining)

Already possible, but more easily would be the case.

> - recieve email notification of replies (makes me more active and 
> productive)

I doubt Steve's desire to limit server-side information, and his
existing spam issues (re maintaining a 500,000+ mailing list) make
that possibility much above zero.

> - delete posts easily (eliminates the 'embarrassing posting' fears which 
> holds so many newcomers back)

Also already possible, but easier is better, I'm sure. 

> There are many things that will come naturally to current web-based forum 
> users like myself.  I am simply more comfortable and more accustomed to 
> using web-based forums than newsgroups, so I am much more inclined to use 
> web-based forums.  I am sure others fall into this same group.

I'm sure you're right (though the opposite is true for me).
 
> Another benefit is that web-based forums result in Google searches for 
> topics that are not widely published on the Internet.

All well, that's a hot potato of a different colour ;)

I doubt Steve had in mind to let Google roam freely.
-- 

Milly
0
Milly
11/29/2004 5:21:00 PM
In grc.news.feedback Milly wrote:

> Steve Gibson said in:<news:co2fvl$2dke$22@news.grc.com>:
>> [for the unabridged version, see Milly <@.....>'s post above]
  
>>> I'm not sure that's entirely it, Steve. I have two-minute
>>> keep-alives, but have been having frequent and regular
>>> disconnection problems since you switched servers.
>>> 
>>> Is the server's drop-connection setting different than
>>> it was? Is there any need for it anyway?
  
>> If you can set your keep-alives down to 1 minute, give that a try.
>> 
>> I have Gravity set to 1 minute and I go for days -- many days -- 
>> without dropping any connections ... and with long periods of 
>> inactivity.
> 
> That didn't seem to help, nor increasing or decreasing the number
> of concurrent connections. 
> 
> Maybe it's the type of keep-alive message? I'm just using a pull of
> headers, because Dialog doesn't seem to have a specific keep-alive
> setting.

Xnews also has "Update message counts" and no specific Keep-Alive 
function.  Observationally there is something different now than in 
the past.  Steve said that his server is the same, which leaves the 
new ISP (or it's location (net-route-wise)) as the most likely 
culprit for the degraded connectivity IMO.
 
> Anyway, if (as this thread indicates) it's not a widespread issue,
> then it's probably not worth you worrying about. I'll make a pain
> of myself if it gets worse ;)

It's painful having lower performance levels than before no matter 
how it happens. <G>

From here, I am beginning to get the impression that general network 
congestion levels may be involved as "problems" are less evident at 
times when the routes between here and there might be expected to be 
more lightly loaded.  And the converse.  Do you see that correlation 
there?

I gather that some now have superior access to news.grc.com at all 
times.  That some have about the same at all times.  And that some of 
us have a variable quality with the "low end" being worse than 
before.  Are you interested in a .techtalk thread where we try to map 
routes and routers?


-- 
GRC Newsgroups/Guides:  http://www.imilly.com/noregrets.htm#contents
http://www.grc.com/discussions.htm
0
Mark
11/29/2004 5:50:00 PM
[for the unabridged version, see Matthew Doucette's post above]

Hi Matt.

> This is a vote for web-based interface systems.  I think
> it is an excellent idea.  Perhaps http://forums.grc.com/?

The result of a nice Sunday afternoon's collective brainstorming 
and general hashing out was that ALL future work ought to be web-
based for one reason or another.  So I very much agree with you in 
general.

It's also interesting to watch that Google's platform-neutral and 
entirely web-based JavaScript Gmail service is slowly but steadily 
winning over converts ... Even among those who are surprised to be 
admitting how much they like it.  :)

-- 
_________________________________________________________________
Steve.
0
Steve
11/29/2004 6:03:00 PM
Mark V said in:<news:Xns95B081BEC6FE9z9zzaQ2btw@news.grc.com>:
> In grc.news.feedback Milly wrote:
>> Steve Gibson said in:<news:co2fvl$2dke$22@news.grc.com>:
>>> [for the unabridged version, see Milly <@.....>'s post above]
>  [...]
>> Maybe it's the type of keep-alive message? I'm just using a pull of
>> headers, because Dialog doesn't seem to have a specific keep-alive
>> setting.
> 
> Xnews also has "Update message counts" and no specific Keep-Alive 
> function.  Observationally there is something different now than in 
> the past.  Steve said that his server is the same, which leaves the 
> new ISP (or it's location (net-route-wise)) as the most likely 
> culprit for the degraded connectivity IMO.

IMO2

>> Anyway, if (as this thread indicates) it's not a widespread issue,
>> then it's probably not worth you worrying about. I'll make a pain
>> of myself if it gets worse ;)
> 
> It's painful having lower performance levels than before no matter 
> how it happens. <G>

The irritating thing is when the bump happens upon a message being 
posted - I then have to fish it out of the Outbox, make sure I get 
reconnected using a header pull, then post it again. I've had to do 
that a lot.[1]

> From here, I am beginning to get the impression that general network 
> congestion levels may be involved as "problems" are less evident at 
> times when the routes between here and there might be expected to be 
> more lightly loaded.  And the converse.  Do you see that correlation 
> there?

I'm not currently 'here' enough to see any such correlation, I'm 
afraid.
 
> I gather that some now have superior access to news.grc.com at all 
> times.  That some have about the same at all times.  And that some of 
> us have a variable quality with the "low end" being worse than 
> before.  Are you interested in a .techtalk thread where we try to map 
> routes and routers?

Pulling headers and bodies is noticeably much faster for me - so I 
seem to have better throughput whilst connected, but far patchier 
connection status. I'm not quite sure what you mean by such mapping, 
but if you start I'll try to join in accordingly :)

[1] Rats, this one too. "Posting article failed: Socket Error #
    10054; Connection reset by peer".
-- 

Milly
0
Milly
11/29/2004 6:06:00 PM
"Steve Gibson" <support@grc.com> wrote in message
news:cofoii$1ucl$2@news.grc.com...

> It's also interesting to watch that Google's platform-neutral and
> entirely web-based JavaScript Gmail service is slowly but steadily
> winning over converts ... Even among those who are surprised to be
> admitting how much they like it.  :)

Steve,

I think some of us have the same problem I have; I'm not able to run _any_
client software on my computer at work, including something like
shieldsup.exe, that you have mentioned before.  Web-based access is allowed
at work.  But they only allow programs that are on an "approved list" to run
on their computers.  We can only run the browsers that are on the approved
list, for instance.

Shieldsup.exe probably isn't an issue for me because I wouldn't want to use
it on my company's computer.  If you plan to implement any kind of
client-side NetFilter, that wouldn't be allowed.  We can't install BHO's.

-- 
Robert
GRC Newsgroups/Guidelines/No Regrets
http://news.grc.com/news.exe?cmd=article&group=grc.techtalk&item=116183
0
Robert
11/29/2004 6:27:00 PM
In grc.news.feedback Milly wrote:

> Mark V said in:<news:Xns95B081BEC6FE9z9zzaQ2btw@news.grc.com>:
>> In grc.news.feedback Milly wrote:
>>> Steve Gibson said in:<news:co2fvl$2dke$22@news.grc.com>:
>>>> [for the unabridged version, see Milly <@.....>'s post above]
>>  [...]

[ big snip.  reference earlier posts ]
> 
> Pulling headers and bodies is noticeably much faster for me - so I
> seem to have better throughput whilst connected, but far patchier 
> connection status. 

That mirrors my observations as well.  I only pull headers so any 
speed increase _while_connection_established is barely noticeable.

> I'm not quite sure what you mean by such
> mapping, but if you start I'll try to join in accordingly :)

Let's see what else develops.  Attempting to find some routers common 
to various (few?) users that could conceivably be a problem may not 
be easy.  And that may not be the real reason for the apparent lost 
connections or other anomalies seen lately by some.

> 
> [1] Rats, this one too. "Posting article failed: Socket Error #
>     10054; Connection reset by peer".

That may be useful...

BTW anyone know off-hand how to get Xnews to log errors and auto-
reconnects?
0
Mark
11/29/2004 6:33:00 PM
"Milly" <@.....> wrote in message news:1mbksrbc6805y$.dlg@0O.0O...
> Mark V said in:<news:Xns95B081BEC6FE9z9zzaQ2btw@news.grc.com>:
>> In grc.news.feedback Milly wrote:
[]
>>  [...]
>>> Maybe it's the type of keep-alive message? I'm just using a pull of
>>> headers, because Dialog doesn't seem to have a specific keep-alive
>>> setting.
[]
>> It's painful having lower performance levels than before no matter
>> how it happens. <G>

That may be me pulling down hundreds of thousands of headers at a time when 
I had to delete OE's "folders" file because of incessant corruption. In 
truth, I'm not sure how frequently that happens overall and I have no idea 
how it affects the server. I wonder, though, if archiving by year or 
half-year so that subscriptions could be made to specific time periods would 
help in general. To be sure, I think it would make my pain less.

For instance, in grc.techtalk I keep only the last 16000 or so posts because 
of performance problems with OE. By doing that, though, I lose out on 
earlier history. Maybe Steve's web search will take much of the hurt out 
that of course. I can also do my own archiving. The fact remains, though, 
that when something goes wrong I've got a lot of serious downloading to 
redo.

[]
>> I gather that some now have superior access to news.grc.com at all
>> times.  That some have about the same at all times.  And that some of
>> us have a variable quality with the "low end" being worse than
>> before.  Are you interested in a .techtalk thread where we try to map
>> routes and routers?
>
> Pulling headers and bodies is noticeably much faster for me - so I
> seem to have better throughput whilst connected, but far patchier
> connection status. I'm not quite sure what you mean by such mapping,
> but if you start I'll try to join in accordingly :)

I find pulling headers much faster than before but I can't say the same for 
bodies. Bodies seem much slower to me. I just presumed that Steve throttled 
that kind of activity and thought no more of it.
[]
0
Mike
11/29/2004 6:38:00 PM
In article <1mbksrbc6805y$.dlg@0O.0O> Milly wrote:
> 
> The irritating thing is when the bump happens upon a message being
> posted - I then have to fish it out of the Outbox, make sure I get
> reconnected using a header pull, then post it again. I've had to do
> that a lot.[1]
> 
[...]

> Pulling headers and bodies is noticeably much faster for me - so I
> seem to have better throughput whilst connected, but far patchier
> connection status. I'm not quite sure what you mean by such mapping,
> but if you start I'll try to join in accordingly :)
> 
> [1] Rats, this one too. "Posting article failed: Socket Error #
>     10054; Connection reset by peer".
> 
In my limited experience, "Connection reset by peer" means the ISP has
more traffic than it can handle so it disconnects a few users to
lighten the load.  YMMV

-- 
Alan
The universal principle of energy:
Energy has an objective, independent physical existence and exists 
in the absence of matter, but matter is entirely dependent upon
energy and cannot exist in the absence of energy.  - A.T. Williams
< http://www.cox-internet.com/hermital/book/holoprt2-1.htm >
0
hermital
11/29/2004 9:20:00 PM
I tried an older version xnews.  It has or had some problems staying
connected to the news server.


Greg R
0
Greg
11/29/2004 10:51:00 PM
Greg  R wrote in grc.news.feedback:

> I tried an older version xnews.  It has or had some
> problems staying connected to the news server.
> 

I have kept quiet about the problems with XNews with this new 
server because Mark V seems to be doing a good job mentioning it 
to Steve.

-- 
Kayode Okeyode
http://del.icio.us/kayodeok
http://www.kayodeok.co.uk/weblog/
0
kayodeok
11/29/2004 11:02:00 PM
In grc.news.feedback kayodeok wrote:

> Greg  R wrote in grc.news.feedback:
> 
>> I tried an older version xnews.  It has or had some
>> problems staying connected to the news server.
>> 
> 
> I have kept quiet about the problems with XNews with this new 
> server because Mark V seems to be doing a good job mentioning it 
> to Steve.

Sure, leave me standing alone... <VBG>

Seriously, if you see similar, please say so.  If in fact my news 
client (XNews 06.08.25) is at fault:
 Why only with the new server/ISP/routes?
 I will work-around the problem (not certain how just yet) or replace 
XNews.
 

Is there commonality between certain news client software and various 
current connection issues with news.grc.com?
0
Mark
11/29/2004 11:35:00 PM
Mark V said in:<news:Xns95B0BC3C69D93z9zzaQ2btw@news.grc.com>:
> In grc.news.feedback kayodeok wrote:
>> Greg  R wrote in grc.news.feedback:
>>> I tried an older version xnews.  It has or had some
>>> problems staying connected to the news server.
>> 
>> I have kept quiet about the problems with XNews with this new 
>> server because Mark V seems to be doing a good job mentioning it 
>> to Steve.
> 
> Sure, leave me standing alone... <VBG>
> 
> Seriously, if you see similar, please say so.  If in fact my news 
> client (XNews 06.08.25) is at fault:
>  Why only with the new server/ISP/routes?
>  I will work-around the problem (not certain how just yet) or replace 
> XNews.
>  
> Is there commonality between certain news client software and various 
> current connection issues with news.grc.com?

I dunno. I get the errors on sending almost all posts. Very
annoying. Any other Dialog users having trouble?
-- 

Milly
0
Milly
11/30/2004 10:21:00 AM
Wandering aimlessly about grc.news.feedback, I heard Milly say:

> Mark V said in:<news:Xns95B0BC3C69D93z9zzaQ2btw@news.grc.com>:
>[...]
>> Is there commonality between certain news client software and various 
>> current connection issues with news.grc.com?
> 
> I dunno. I get the errors on sending almost all posts. Very
> annoying. Any other Dialog users having trouble?

No problem here with Dialog or Gravity, Milly, on either cable or T-1.
I have Xnews installed for testing, but I haven't seen any problem
there as yet either...

-- 
Dutch

GRC Newsgroups/Guidelines/No Regrets
http://www.imilly.com/noregrets.htm
0
Dutch
11/30/2004 12:27:00 PM
"Dutch" <me2@privacy.net> wrote in message
news:mxq4r1ixhvto$.xyz@news.12078.net...
> Wandering aimlessly about grc.news.feedback, I heard Milly say:
>
> > Mark V said in:<news:Xns95B0BC3C69D93z9zzaQ2btw@news.grc.com>:
> >[...]
> >> Is there commonality between certain news client software and various
> >> current connection issues with news.grc.com?
> >
> > I dunno. I get the errors on sending almost all posts. Very
> > annoying. Any other Dialog users having trouble?
>
> No problem here with Dialog or Gravity, Milly, on either cable or T-1.
> I have Xnews installed for testing, but I haven't seen any problem
> there as yet either...

Interesting.  Milly is using dial-up.

-- 
Robert
GRC Newsgroups/Guidelines/No Regrets
http://news.grc.com/news.exe?cmd=article&group=grc.techtalk&item=116183
0
Robert
11/30/2004 2:05:00 PM
Wandering aimlessly about grc.news.feedback, I heard Robert  Wycoff
say:

> "Dutch" <me2@privacy.net> wrote in message
> news:mxq4r1ixhvto$.xyz@news.12078.net...
>> Wandering aimlessly about grc.news.feedback, I heard Milly say:
>>> Mark V said in:<news:Xns95B0BC3C69D93z9zzaQ2btw@news.grc.com>:
>>>[...]
>>>> Is there commonality between certain news client software and various
>>>> current connection issues with news.grc.com?
>>>
>>> I dunno. I get the errors on sending almost all posts. Very
>>> annoying. Any other Dialog users having trouble?
>>
>> No problem here with Dialog or Gravity, Milly, on either cable or T-1.
>> I have Xnews installed for testing, but I haven't seen any problem
>> there as yet either...
> 
> Interesting.  Milly is using dial-up.

Yep, that did occur to me, Robert. I'll try to do some dial-up testing
too...

-- 
Dutch

GRC Newsgroups/Guidelines/No Regrets
http://www.imilly.com/noregrets.htm
0
Dutch
11/30/2004 2:14:00 PM
hermital wrote:
> In my limited experience, "Connection reset by peer" means the ISP has
> more traffic than it can handle so it disconnects a few users to
> lighten the load.  YMMV

Connection reset by peer simply means (afaik) that the other end of the
"connection" sent a RST packet. This can occur if the other end forgot
about the connection (eg, 'lost state') but didn't send a FIN packet to
inform your end that the connection has been closed.

From there, if your system sends any packets relating to this now (remotely)
non-existent connection, the far end will send a RST. This is SOP for
unsolicited packets received on unfiltered/unfirewalled ports, I believe
(BICBW).

Regards,
Sam
-- 
 08:16:52 up 2 days,  2:47,  2 users,  load average: 1.03, 0.83, 0.80
0
Sam
11/30/2004 4:18:00 PM
I would of like to use xnews.  By the way.  I should of added xnews
has problems staying conneteced to any news server not just grc.

It also had problems remembering the groups and postings.  

It crashes alot

At least it did,  when I used.  



I use Free Agent now
0
Greg
11/30/2004 4:40:00 PM
In grc.news.feedback Dutch wrote:

> Wandering aimlessly about grc.news.feedback, I heard Milly say:
> 
>> Mark V said in:<news:Xns95B0BC3C69D93z9zzaQ2btw@news.grc.com>:
>>[...]
>>> Is there commonality between certain news client software and
>>> various current connection issues with news.grc.com?
>> 
>> I dunno. I get the errors on sending almost all posts. Very
>> annoying. Any other Dialog users having trouble?
> 
> No problem here with Dialog or Gravity, Milly, on either cable or
> T-1. I have Xnews installed for testing, but I haven't seen any
> problem there as yet either...

I am tempted to look at routes.  Not that that there is anything Steve 
can do if that is the case...
0
Mark
11/30/2004 4:44:00 PM
In grc.news.feedback Greg  R wrote:

> I would of like to use xnews.  By the way.  I should of added xnews
> has problems staying conneteced to any news server not just grc.
> 
> It also had problems remembering the groups and postings.  
> 
> It crashes alot
> 
> At least it did,  when I used.  

Is this the same "older version" that has been mentioned before?
Just curious because I have no such issues as mentioned above here with 
06.08.25 on W2K with ADSL.

> I use Free Agent now
0
Mark
11/30/2004 5:24:00 PM
>Is this the same "older version" that has been mentioned before?
>Just curious because I have no such issues as mentioned above here with 
>06.08.25 on W2K with ADSL.
>
I have no idea what version I tried to use,  Sorry.  

Greg 
0
Greg
11/30/2004 5:37:00 PM
Sam Schinke said in:<news:coi6qg$2o6t$1@news.grc.com>:
> hermital wrote:
>> In my limited experience, "Connection reset by peer" means the ISP has
>> more traffic than it can handle so it disconnects a few users to
>> lighten the load.  YMMV
> 
> Connection reset by peer simply means (afaik) that the other end of the
> "connection" sent a RST packet. This can occur if the other end forgot
> about the connection (eg, 'lost state') but didn't send a FIN packet to
> inform your end that the connection has been closed.
> 
> From there, if your system sends any packets relating to this now (remotely)
> non-existent connection, the far end will send a RST. This is SOP for
> unsolicited packets received on unfiltered/unfirewalled ports, I believe
> (BICBW).

Hmm, could it be something about my firewall settings which is
annoying Steve's server, perhaps?

I (continue to) give Dialog a free hand on outgoing TCP port 119.
Maybe the I'm somehow stymieing the handshake which tells the GRC
server to maintain my connections?

I say vaguely ...
-- 

Milly
0
Milly
11/30/2004 6:05:00 PM
Mark V said in:<news:Xns95B1769802FC2z9zzaQ2btw@news.grc.com>:
> In grc.news.feedback Dutch wrote:
> 
>> Wandering aimlessly about grc.news.feedback, I heard Milly say:
>> 
>>> Mark V said in:<news:Xns95B0BC3C69D93z9zzaQ2btw@news.grc.com>:
>>>[...]
>>>> Is there commonality between certain news client software and
>>>> various current connection issues with news.grc.com?
>>> 
>>> I dunno. I get the errors on sending almost all posts. Very
>>> annoying. Any other Dialog users having trouble?
>> 
>> No problem here with Dialog or Gravity, Milly, on either cable or
>> T-1. I have Xnews installed for testing, but I haven't seen any
>> problem there as yet either...
> 
> I am tempted to look at routes.  Not that that there is anything Steve 
> can do if that is the case...

Indeed. Though trouble every time, which is what I get, seems
unlikely.
-- 

Milly
0
Milly
11/30/2004 6:07:00 PM
Dutch said in:<news:s7i1s4hv7a3p$.xyz@news.12078.net>:
> Wandering aimlessly about grc.news.feedback, I heard Robert  Wycoff
>> "Dutch" <me2@privacy.net> wrote in message
>> news:mxq4r1ixhvto$.xyz@news.12078.net...
>>> Wandering aimlessly about grc.news.feedback, I heard Milly say:
>>>> Mark V said in:<news:Xns95B0BC3C69D93z9zzaQ2btw@news.grc.com>:
>>>>[...]
>>>>> Is there commonality between certain news client software and various
>>>>> current connection issues with news.grc.com?
>>>>
>>>> I dunno. I get the errors on sending almost all posts. Very
>>>> annoying. Any other Dialog users having trouble?
>>>
>>> No problem here with Dialog or Gravity, Milly, on either cable or T-1.
>>> I have Xnews installed for testing, but I haven't seen any problem
>>> there as yet either...
>> 
>> Interesting.  Milly is using dial-up.
> 
> Yep, that did occur to me, Robert. I'll try to do some dial-up testing
> too...

Maybe, but even a dialup should handle such sparse traffic without
difficulty, I'd have thought.
-- 

Milly
0
Milly
11/30/2004 6:08:00 PM
On Tue, 30 Nov 2004 10:21:27 +0000
in <news:jpmdb581gbnd.dlg@0O.0O>
Milly (Milly <@.....>) wrote :

> I dunno. I get the errors on sending almost all posts. Very
> annoying. Any other Dialog users having trouble?

<quick test>
No problem here on dialup with Dialog.

-- 
Downsizing saves money like computers reduce paperwork.
0
PnG
11/30/2004 6:24:00 PM
Wandering aimlessly around grc.news.feedback, I heard Milly mention:

> Dutch said in:<news:s7i1s4hv7a3p$.xyz@news.12078.net>:
>> Wandering aimlessly about grc.news.feedback, I heard Robert  Wycoff
[...]
>>> Interesting.  Milly is using dial-up.
>> 
>> Yep, that did occur to me, Robert. I'll try to do some dial-up testing
>> too...
> 
> Maybe, but even a dialup should handle such sparse traffic without
> difficulty, I'd have thought.

I'd think so too, Milly, and if this posts without error, I'd say it
certainly can. I'm using a dial-up throttled to 19.2k...

-- 
Dutch

GRC Newsgroups/Guidelines/No Regrets
http://www.imilly.com/noregrets.htm
0
Dutch
11/30/2004 6:26:00 PM
PnG said in:<news:coie60$302i$1@news.grc.com>:
> On Tue, 30 Nov 2004 10:21:27 +0000
> in <news:jpmdb581gbnd.dlg@0O.0O>
> Milly (Milly <@.....>) wrote :
> 
>> I dunno. I get the errors on sending almost all posts. Very
>> annoying. Any other Dialog users having trouble?
> 
> <quick test>
> No problem here on dialup with Dialog.

Thanks PnG. Maybe I've just overstayed my welcome ;)
-- 

Milly
0
Milly
11/30/2004 6:27:00 PM
Wandering aimlessly around grc.news.feedback, I heard Dutch mention:

Posted without errors of any kind, and immediately available to read
on refresh. Well, *nearly* immediate. The download does drag a bit
compared to cable or a T-1... :-)

-- 
Dutch

GRC Newsgroups/Guidelines/No Regrets
http://www.imilly.com/noregrets.htm
0
Dutch
11/30/2004 6:28:00 PM
Dutch said in:<news:rbrofs0qu2dk.xyz@news.12078.net>:
> Wandering aimlessly around grc.news.feedback, I heard Dutch mention:
> 
> Posted without errors of any kind, and immediately available to read
> on refresh. Well, *nearly* immediate. The download does drag a bit
> compared to cable or a T-1... :-)

Oh thanks, rub it in two different ways ;)
-- 

Milly
0
Milly
11/30/2004 6:35:00 PM
In grc.news.feedback Milly wrote:

> Sam Schinke said in:<news:coi6qg$2o6t$1@news.grc.com>:
>> hermital wrote:
>>> In my limited experience, "Connection reset by peer" means the
>>> ISP has more traffic than it can handle so it disconnects a few
>>> users to lighten the load.  YMMV
  
>> Connection reset by peer simply means (afaik) that the other end
>> of the "connection" sent a RST packet. This can occur if the
>> other end forgot about the connection (eg, 'lost state') but
>> didn't send a FIN packet to inform your end that the connection
>> has been closed. 
[ ]

> Hmm, could it be something about my firewall settings which is
> annoying Steve's server, perhaps?

In my case the NAT/SPI router is set to 4 minutes for dropping state 
info for inactive connections, but the news reader is refreshing at 2 
minute intervals...  FWIW
 
> I (continue to) give Dialog a free hand on outgoing TCP port 119.
> Maybe the I'm somehow stymieing the handshake which tells the GRC
> server to maintain my connections?
0
Mark
11/30/2004 6:45:00 PM
Wandering aimlessly around grc.news.feedback, I heard Milly mention:

> Dutch said in:<news:rbrofs0qu2dk.xyz@news.12078.net>:
>> Wandering aimlessly around grc.news.feedback, I heard Dutch mention:
>> 
>> Posted without errors of any kind, and immediately available to read
>> on refresh. Well, *nearly* immediate. The download does drag a bit
>> compared to cable or a T-1... :-)
> 
> Oh thanks, rub it in two different ways ;)

Sheeesh! I *was* only connected at 19.2k... :-))

-- 
Dutch

GRC Newsgroups/Guidelines/No Regrets
http://www.imilly.com/noregrets.htm
0
Dutch
11/30/2004 6:57:00 PM
On Tue, 30 Nov 2004 18:07:16, Milly wrote:

>Mark V said in:<news:Xns95B1769802FC2z9zzaQ2btw@news.grc.com>:
>> In grc.news.feedback Dutch wrote:
>>
>>> Wandering aimlessly about grc.news.feedback, I heard Milly say:
>>>
>>>> Mark V said in:<news:Xns95B0BC3C69D93z9zzaQ2btw@news.grc.com>:
>>>>[...]
>>>>> Is there commonality between certain news client software and
>>>>> various current connection issues with news.grc.com?
>>>>
>>>> I dunno. I get the errors on sending almost all posts. Very
>>>> annoying. Any other Dialog users having trouble?
>>>
>>> No problem here with Dialog or Gravity, Milly, on either cable or
>>> T-1. I have Xnews installed for testing, but I haven't seen any
>>> problem there as yet either...
>>
>> I am tempted to look at routes.  Not that that there is anything Steve
>> can do if that is the case...
>
>Indeed. Though trouble every time, which is what I get, seems
>unlikely.

Milly, are you using Dialog on or off-line?  If off-line, then just 
connecting every 20 mins or so, plus forcing a connection when you want 
a post to go *now*, used to work for me.  Still does, thinking about it, 
though the timing is now 16 mins for this server.

I am assuming Dialog can work off-line while you're on-line, so to 
speak.

-- 
Jim Crowther                  "It's MY computer" (tm SMG)

Always learning.
0
Jim
11/30/2004 6:59:00 PM
Jim Crowther said
in:<news:1XLUd+VYMMrBFwhC@nospam.at.my.choice.of.UID>:
> On Tue, 30 Nov 2004 18:07:16, Milly wrote:
>>Mark V said in:<news:Xns95B1769802FC2z9zzaQ2btw@news.grc.com>:
>>> In grc.news.feedback Dutch wrote:
>>>> Wandering aimlessly about grc.news.feedback, I heard Milly say:
>>Indeed. Though trouble every time, which is what I get, seems
>>unlikely.
> 
> Milly, are you using Dialog on or off-line?  If off-line, then just 
> connecting every 20 mins or so, plus forcing a connection when you want 
> a post to go *now*, used to work for me.  Still does, thinking about it, 
> though the timing is now 16 mins for this server.
> 
> I am assuming Dialog can work off-line while you're on-line, so to 
> speak.

It can, but I generally don't. Yes, thanks, that would be one
workaround, assuming that the server didn't barf *during* the
connect/pull/post cycle, which it certainly often does[1] during the
[already connected]/pull/post cycle I currently use.

But it would be an unhappy workaround, for my preferences.

[1] Did, maybe. So far, opening a hole in my firewall seems to be
    doing the trick. Shh, don't jinx it.
-- 

Milly
0
Milly
11/30/2004 7:08:00 PM
In article <coi6qg$2o6t$1@news.grc.com> Sam Schinke wrote:
> hermital wrote:
> > In my limited experience, "Connection reset by peer" means the ISP has
> > more traffic than it can handle so it disconnects a few users to
> > lighten the load.  YMMV
> 
> Connection reset by peer simply means (afaik) that the other end of the
> "connection" sent a RST packet. This can occur if the other end forgot
> about the connection (eg, 'lost state') but didn't send a FIN packet to
> inform your end that the connection has been closed.
> 
> From there, if your system sends any packets relating to this now (remotely)
> non-existent connection, the far end will send a RST. This is SOP for
> unsolicited packets received on unfiltered/unfirewalled ports, I believe
> (BICBW).
> 
Ah, so!  Thanks, Sam.  This end-user appreciates your techie reply. :)

-- 
Alan
The universal principle of energy:
Energy has an objective, independent physical existence and exists 
in the absence of matter, but matter is entirely dependent upon
energy and cannot exist in the absence of energy.  - A.T. Williams
< http://www.cox-internet.com/hermital/book/holoprt2-1.htm >
0
hermital
11/30/2004 8:40:00 PM
Milly wrote:
> Hmm, could it be something about my firewall settings which is
> annoying Steve's server, perhaps?

It seems more likely that Steve's anti-DDOS technology is timing-out
connections.

The only way your firewall could induce the _specific_ scenario I described
would be by blocking a FIN packet. I don't see why a decent firewall would
do this.
 
> I (continue to) give Dialog a free hand on outgoing TCP port 119.
> Maybe the I'm somehow stymieing the handshake which tells the GRC
> server to maintain my connections?

TCP connections aren't really supposed to 'expire'. Once connected, no
special action should need to be taken. NNTP connections, OTOH, do have
some sort of specified idle timeout, but this shouldn't produce an
'unexpected reset' -- the server should cleanly close the connection.

Regards,
Sam
-- 
 15:19:15 up 2 days,  9:49,  2 users,  load average: 0.80, 0.59, 0.41
0
Sam
11/30/2004 11:22:00 PM
In message <1xcpwevpix4x8$.dlg@0O.0O>, Milly <?@?.?.invalid> writes
>Sam Schinke said in:<news:coi6qg$2o6t$1@news.grc.com>:
>> hermital wrote:
>>> In my limited experience, "Connection reset by peer" means the ISP has
>>> more traffic than it can handle so it disconnects a few users to
>>> lighten the load.  YMMV
>>
>> Connection reset by peer simply means (afaik) that the other end of the
>> "connection" sent a RST packet. This can occur if the other end forgot
>> about the connection (eg, 'lost state') but didn't send a FIN packet to
>> inform your end that the connection has been closed.
>>
>> From there, if your system sends any packets relating to this now (remotely)
>> non-existent connection, the far end will send a RST. This is SOP for
>> unsolicited packets received on unfiltered/unfirewalled ports, I believe
>> (BICBW).
>
>Hmm, could it be something about my firewall settings which is
>annoying Steve's server, perhaps?

Very likely. I ran into that with IE which I hardly ever use. It needed 
UDP access to resolve addresses, otherwise it would take a minute or 
two. None of my other browsers require that.

>I (continue to) give Dialog a free hand on outgoing TCP port 119.
>Maybe the I'm somehow stymieing the handshake which tells the GRC
>server to maintain my connections?

Try allowing Dialog anything and everything for a bit. [It should be 
fairly trustworthy. :-)] If that resolves it, you could try to narrow it 
down. Or not. <g>

>I say vaguely ...

:-)
-- 
GRC Newsgroups/Guidelines/No Regrets:
http://www.imilly.com/noregrets.htm
 From invalid, Reply To works.
Kevin A.
0
Kevin
12/1/2004 12:40:00 AM
On Tue, 30 Nov 2004 15:22:32 -0800, Sam Schinke <sschinke@myrealbox.com>
wrote:

>Milly wrote:
>> Hmm, could it be something about my firewall settings which is
>> annoying Steve's server, perhaps?
>
>It seems more likely that Steve's anti-DDOS technology is timing-out
>connections.

For what it's worth,,
I'm using agent for a newsreader and have it set to send a keep-alive
ever 60 sec.. Not specifically for this server, another, long ago, and
just never changed it. So I doubt Steve's anti-DDOS technology is
timing-out connections. At least I'm not seeing it.

I haven't had any drops or timeouts. I have noticed a very short pause
on initial connection ( but not always),  but that's all since the
change over.
I'm also using a firewall (outpost pro) behind a linksys.

>
>The only way your firewall could induce the _specific_ scenario I described
>would be by blocking a FIN packet. I don't see why a decent firewall would
>do this.
> 
>> I (continue to) give Dialog a free hand on outgoing TCP port 119.
>> Maybe the I'm somehow stymieing the handshake which tells the GRC
>> server to maintain my connections?
>
>TCP connections aren't really supposed to 'expire'. Once connected, no
>special action should need to be taken. NNTP connections, OTOH, do have
>some sort of specified idle timeout, but this shouldn't produce an
>'unexpected reset' -- the server should cleanly close the connection.
>
>Regards,
>Sam

-- 
 Buzz
0
Buzz
12/1/2004 1:49:00 AM
Sam Schinke <sschinke@myrealbox.com> wrote in
<news:coivkr$hkv$1@news.grc.com>:

> TCP connections aren't really supposed to 'expire'. Once
> connected, no special action should need to be taken. NNTP
> connections, OTOH, do have some sort of specified idle timeout,
> but this shouldn't produce an 'unexpected reset' -- the server
> should cleanly close the connection.

I don't think that's right.  An NNTP session is cleanly closed is if
the client sends the QUIT command, which should get a 205 (connection
closing) response from the server.  AFAICT, there's no message a server
is supposed to send the client if the server times out the connection.

-- 
�Q�
0
Temprary
12/1/2004 1:57:00 AM
On Tue, 30 Nov 2004 19:49:46, Buzz Walradt wrote:

>For what it's worth,,
>I'm using agent for a newsreader and have it set to send a keep-alive
>ever 60 sec.

I'm still uncertain about the meaning of this 'keep-alive'.

Why?  What does it achieve apart from congestion at the server?

Why not nip in, nip out?

-- 
Jim Crowther                  "It's MY computer" (tm SMG)

Always learning.               (even though I'm a G.O.M.)
0
Jim
12/1/2004 2:12:00 AM
On Wed, 1 Dec 2004 02:12:23 +0000, Jim Crowther
<Don't_bother@blackhole.do-not-spam.me.uk> wrote:

>On Tue, 30 Nov 2004 19:49:46, Buzz Walradt wrote:
>
>>For what it's worth,,
>>I'm using agent for a newsreader and have it set to send a keep-alive
>>ever 60 sec.
>
>I'm still uncertain about the meaning of this 'keep-alive'.
>
>Why?  What does it achieve apart from congestion at the server?
>
>Why not nip in, nip out?

For me, it was because my isp at the time would disconnect a usr after
so many minutes of inactivity (15 I think) news, mail, or surfing. Like
I said,, a long time ago.

Do I need it now? I don't know about grc.  But I read and post on line.
I'm not an offline reader. So I might. I have not tried in quite a
while.
But even at work, when employees are accessing their mail from home, we
disconnect them after a period of inactivity. It is not, I believe
unusual.

-- 
 Buzz
0
Buzz
12/1/2004 2:38:00 AM
Temprary Q. Placeholder wrote:

> Sam Schinke <sschinke@myrealbox.com> wrote in
> <news:coivkr$hkv$1@news.grc.com>:
> 
>> TCP connections aren't really supposed to 'expire'. Once
>> connected, no special action should need to be taken. NNTP
>> connections, OTOH, do have some sort of specified idle timeout,
>> but this shouldn't produce an 'unexpected reset' -- the server
>> should cleanly close the connection.
> 
> I don't think that's right.  An NNTP session is cleanly closed is if
> the client sends the QUIT command, which should get a 205 (connection
> closing) response from the server.  AFAICT, there's no message a server
> is supposed to send the client if the server times out the connection.

There may or may not be a message, but I would expect a TCP FIN packet to be
sent provided the NNTP server instructs the TCP stack to "close" the
connection.

Regards,
Sam
-- 
 19:09:41 up 2 days, 13:40,  2 users,  load average: 0.39, 0.30, 0.21
0
Sam
12/1/2004 3:10:00 AM
On Tue, 30 Nov 2004 20:38:14, Buzz Walradt wrote:

>For me, it was because my isp at the time would disconnect a usr after
>so many minutes of inactivity (15 I think) news, mail, or surfing. Like
>I said,, a long time ago.

Quite right, why occupy a 'node' when you aren't using it.  I am rather 
surprised at the assumption of some that they should stay connected to a 
server when not exchanging data.  Seems bloody selfish to me.  I'm even 
more surprised it wasn't two minutes.


-- 
Jim Crowther                  "It's MY computer" (tm SMG)

Always learning.               (even though I'm a G.O.M.)
0
Jim
12/1/2004 3:29:00 AM
On Wed, 1 Dec 2004 03:29:41 +0000, Jim Crowther
<Don't_bother@blackhole.do-not-spam.me.uk> wrote:

>On Tue, 30 Nov 2004 20:38:14, Buzz Walradt wrote:
>
>>For me, it was because my isp at the time would disconnect a usr after
>>so many minutes of inactivity (15 I think) news, mail, or surfing. Like
>>I said,, a long time ago.
>
>Quite right, why occupy a 'node' when you aren't using it.  I am rather 
>surprised at the assumption of some that they should stay connected to a 
>server when not exchanging data.  Seems bloody selfish to me.  I'm even 
>more surprised it wasn't two minutes.


When the first grc  group was first created, also a while back, There
were many times that I got disconnected while retrieving headers. The
keep-alive solved that issue.

You think I'm selfish because I don't read offline, fine, I'm thru with
this one.

When sending one udp packet every minute or so for a 10 +/-  minute
session becomes a problem for this server, I will gladly remove it.

-- 
 Buzz
0
Buzz
12/1/2004 3:57:00 AM
Sam Schinke <sschinke@myrealbox.com> wrote in
<news:cojcvs$u9a$1@news.grc.com>:

>>> TCP connections aren't really supposed to 'expire'. Once
>>> connected, no special action should need to be taken. NNTP
>>> connections, OTOH, do have some sort of specified idle timeout,
>>> but this shouldn't produce an 'unexpected reset' -- the server
>>> should cleanly close the connection.
>>
>> I don't think that's right.  An NNTP session is cleanly closed is
>> if the client sends the QUIT command, which should get a 205
>> (connection closing) response from the server.  AFAICT, there's
>> no message a server is supposed to send the client if the server
>> times out the connection.
>
> There may or may not be a message, but I would expect a TCP FIN
> packet to be sent provided the NNTP server instructs the TCP stack
> to "close" the connection.

Oh, I see.  Maybe this is not happening when the new grc server
times out, though.

I opened a telnet session with news.grc.com, read a couple of
groups, then let the session sit idle for maybe an hour.  The telnet
terminal didn't seem to get any indication from the server that the
connection was being dropped;  it just sat there waiting for my next
command.  When I eventually entered a command, telnet tried to send
it on the same old connection and eventually told me that the
connection had been lost.

-- 
�Q�
0
Temporary
12/1/2004 12:37:00 PM
Kevin A. said in:<news:dkZxcoEyLRrBFAnO@blackhole.2kevin.net>:
> In message <1xcpwevpix4x8$.dlg@0O.0O>, Milly <?@?.?.invalid> writes
>>Sam Schinke said in:<news:coi6qg$2o6t$1@news.grc.com>:
>>> hermital wrote:
>>Hmm, could it be something about my firewall settings which is
>>annoying Steve's server, perhaps?
> 
> Very likely. I ran into that with IE which I hardly ever use. It needed 
> UDP access to resolve addresses, otherwise it would take a minute or 
> two. None of my other browsers require that.

I'd switched to the IP for the server anyway, to try to rule out any
DNS from the equation.

>>I (continue to) give Dialog a free hand on outgoing TCP port 119.
>>Maybe the I'm somehow stymieing the handshake which tells the GRC
>>server to maintain my connections?
> 
> Try allowing Dialog anything and everything for a bit. [It should be 
> fairly trustworthy. :-)] If that resolves it, you could try to narrow it 
> down. Or not. <g>

That's what I was trying yesterday, and it seemed to be working. But
then I tried a bit later and it wasn't. Today I started with
unrestricted firewall access, and got a few errors (but not many).
Then I went back to my old firewall settings, and haven't had any
more errors. (All with me closing connections between testing
'modes'). So I think the firewall is a red herring, but the results
are too variable to be sure.

Intermittent problems: dontcha just love 'em ...
-- 

Milly
0
Milly
12/1/2004 7:48:00 PM
Temporary Q. Placeholder said
in:<news:MrQ95B24378A4B48itsmeitsQ@QsFQDN.dyndns.org>:
> Sam Schinke <sschinke@myrealbox.com> wrote in
> <news:cojcvs$u9a$1@news.grc.com>:
> 
>>>> TCP connections aren't really supposed to 'expire'. Once
>>>> connected, no special action should need to be taken. NNTP
>>>> connections, OTOH, do have some sort of specified idle timeout,
>>>> but this shouldn't produce an 'unexpected reset' -- the server
>>>> should cleanly close the connection.
>>>
>>> I don't think that's right.  An NNTP session is cleanly closed is
>>> if the client sends the QUIT command, which should get a 205
>>> (connection closing) response from the server.  AFAICT, there's
>>> no message a server is supposed to send the client if the server
>>> times out the connection.
 >>
>> There may or may not be a message, but I would expect a TCP FIN
>> packet to be sent provided the NNTP server instructs the TCP stack
>> to "close" the connection.
> 
> Oh, I see.  Maybe this is not happening when the new grc server
> times out, though.
> 
> I opened a telnet session with news.grc.com, read a couple of
> groups, then let the session sit idle for maybe an hour.  The telnet
> terminal didn't seem to get any indication from the server that the
> connection was being dropped;  it just sat there waiting for my next
> command.  When I eventually entered a command, telnet tried to send
> it on the same old connection and eventually told me that the
> connection had been lost.

Thanks >>Q<<, Sam and Buzz. Unless any of you think otherwise, I'm
going to assume that my firewall[1] isn't a likely culprit.

[1] Kerio 2.1.5; Dialog has free reign outgoing on TCP port 119; no
    special FIN rules.
-- 

Milly
0
Milly
12/1/2004 7:52:00 PM
Jim Crowther wrote:
> On Tue, 30 Nov 2004 20:38:14, Buzz Walradt wrote:
> 
>> For me, it was because my isp at the time would disconnect a usr after
>> so many minutes of inactivity (15 I think) news, mail, or surfing. Like
>> I said,, a long time ago.
> 
> 
> Quite right, why occupy a 'node' when you aren't using it.  I am rather 
> surprised at the assumption of some that they should stay connected to a 
> server when not exchanging data.  Seems bloody selfish to me.  I'm even 
> more surprised it wasn't two minutes.
> 
> 

Jim, bear with me as a learner.
I log on to grc.news and download all the headers for the groups to 
which I'm subscribed. I then spend an hour or so browsing through, and 
downloading and reading the messages which I think will be of interest.
Are you saying this is selfish, and that I should d/l all the messages 
and headers, then disconnect and read them offline? Or have I 
mis-understood you?
-- 

Regards,
Tony.P
0
Tony
12/1/2004 8:00:00 PM
In grc.news.feedback Tony.P wrote:

> Jim Crowther wrote:
>> On Tue, 30 Nov 2004 20:38:14, Buzz Walradt wrote:
>> 
>>> For me, it was because my isp at the time would disconnect a usr
>>> after so many minutes of inactivity (15 I think) news, mail, or
[ ]
>> Quite right, why occupy a 'node' when you aren't using it.  I am
>> rather surprised at the assumption of some that they should stay
>> connected to a server when not exchanging data.  Seems bloody
>> selfish to me.  I'm even more surprised it wasn't two minutes.
[ ]

> Jim, bear with me as a learner.
> I log on to grc.news and download all the headers for the groups
> to which I'm subscribed. I then spend an hour or so browsing
> through, and downloading and reading the messages which I think
> will be of interest. Are you saying this is selfish, and that I
> should d/l all the messages and headers, then disconnect and read
> them offline? Or have I mis-understood you?

Not speaking for Jim, but your usage (repeat:  usage) seems normal 
enough to me and not in any way selfish.

Now let's say you crank up you news reader, set it to "keep alive" or 
"Get all message counts" every 60 seconds.  Then you leave it running 
for hours on end while *not* really *using* it.  That is rather a 
waste from some perspectives as I see it.  However this is not like 
the old BBS days where tying up a "node" meant others could not 
access the site due to a very limited number of simultaneous 
connections.  I don't know what GRC's maximum number really is, but 
have never seen a "too busy" returned from INN or news.grc.com.

I think you are fine as is FWIW.
0
Mark
12/1/2004 8:16:00 PM
Jim Crowther said
in:<news:fdk+vNBlqTrBFwVf@nospam.at.my.choice.of.UID>:
> On Tue, 30 Nov 2004 20:38:14, Buzz Walradt wrote:
> 
>>For me, it was because my isp at the time would disconnect a usr after
>>so many minutes of inactivity (15 I think) news, mail, or surfing. Like
>>I said,, a long time ago.
> 
> Quite right, why occupy a 'node' when you aren't using it.  I am rather 
> surprised at the assumption of some that they should stay connected to a 
> server when not exchanging data.  Seems bloody selfish to me.  I'm even 
> more surprised it wasn't two minutes.

Yow, where to start with that? ;)

I want only to stay connected to the server, without error messages
requiring extra steps on my part, while I am exchanging data. I'd
rather not send extra keep-alive data, but since those are at the
invitation of the server owner as a workaround to disconnection
problems, I don't see how they might be selfish.

Of course my pattern of exchanging data reflects the reality and
boon of an unmetered connection, more than the old nip in and out
culture of time-metered connections with which you and I were both
blighted for so long. 

If I'm at the PC, or even sporadically at the PC for a period, I'd
ideally like to see messages in near real-time, at the concomitance
of their arrival and my eyes pointing in their direction. Not at the
concomitance of 20 minute intervals (and/or pressing a button and
waiting) and my eyes pointing in their direction.

Why are 20 minute pulls 'better' than, say 2 minute pulls? Give or
take some insignificant overhead, substantially the same amount of
header/body data gets exchanged. 'Permanently' open connections? A
much smarter person than me once explained that the TCP connection
setup is a 'costly' process, but that maintaining a connection costs
nothing in terms of network traffic[1]. So staying connected (to
allow 2 minute pulls, say) would appear to be 'better' for the
server and network than disconnecting and reconnecting every 20
minutes.

Unless anyone knows better than my limited, second-hand
understanding.

[1] Keep-alives aside, insignificant though they may be.
-- 

Milly
0
Milly
12/1/2004 8:19:00 PM
Mark V wrote:
> In grc.news.feedback Tony.P wrote:
(SNIP)
..
>>I log on to grc.news and download all the headers for the groups
>>to which I'm subscribed. I then spend an hour or so browsing
>>through, and downloading and reading the messages which I think
>>will be of interest. Are you saying this is selfish, and that I
>>should d/l all the messages and headers, then disconnect and read
>>them offline? Or have I mis-understood you?
> 
> 
> Not speaking for Jim, but your usage (repeat:  usage) seems normal 
> enough to me and not in any way selfish.
> 
> Now let's say you crank up you news reader, set it to "keep alive" or 
> "Get all message counts" every 60 seconds.  Then you leave it running 
> for hours on end while *not* really *using* it.  That is rather a 
> waste from some perspectives as I see it.  However this is not like 
> the old BBS days where tying up a "node" meant others could not 
> access the site due to a very limited number of simultaneous 
> connections.  I don't know what GRC's maximum number really is, but 
> have never seen a "too busy" returned from INN or news.grc.com.
> 
> I think you are fine as is FWIW.

> 
Many thanks for that, Mark.
To be honest, I wouldn't have any idea how to "crank up my news 
reader"(Thunderbird) to set it to "keep alive".  :-(
But I'm quite happy as things are...............

-- 
Tony.P
0
Tony
12/1/2004 8:29:00 PM
In grc.news.feedback Milly wrote:

> Kevin A. said in:<news:dkZxcoEyLRrBFAnO@blackhole.2kevin.net>:
>> In message <1xcpwevpix4x8$.dlg@0O.0O>, Milly <?@?.?.invalid>
>> writes 
>>>Sam Schinke said in:<news:coi6qg$2o6t$1@news.grc.com>:
>>>> hermital wrote:
[ large snip ]
>> 
>> Try allowing Dialog anything and everything for a bit. [It should
>> be fairly trustworthy. :-)] If that resolves it, you could try to
>> narrow it down. Or not. <g>
> 
> That's what I was trying yesterday, and it seemed to be working.
> But then I tried a bit later and it wasn't. Today I started with
> unrestricted firewall access, and got a few errors (but not many).
> Then I went back to my old firewall settings, and haven't had any
> more errors. (All with me closing connections between testing
> 'modes'). So I think the firewall is a red herring, but the
> results are too variable to be sure.
> 
> Intermittent problems: dontcha just love 'em ...

Er, not really. <G>

I am attempting to gather more evidence that would point to something 
(anything) in particular, but as you have seen this is an 
intermittent problem.  And my issues pale when compared with yours.

The only things I have found so far by observation:
 The connectivity degradation seems to be related to overall Internet 
traffic loads.  Do you see any such correlation there?
 My routing to news.grc.com (phoenix) is more convoluted that would 
be deemed optimal by me.  I go through 4 Limelight routers (via Los 
Angeles) on the way.  They seem to be on the slow side (perhaps).
 news.grc.com often sends packets that appear here with "CHECKSUM 
INCORRECT" notation (Ethereal).
 I still sometimes see the long delays previously attributed to the 
reverse DNS lookups in spite of Steve having changed that.  It 
appears to be a cache time-out or was flushed at Verio ?   This is 
when (apparently) the connection has been lost and is re-established.

I'll keep trying to learn more.
0
Mark
12/1/2004 8:35:00 PM
[for the unabridged version, see Sam Schinke's post above]

> It seems more likely that Steve's anti-DDOS technology is
> timing-out connections.

I'm sure that's it.  The somewhat kludgy TCP Proxying solution I 
hacked together in some desperation on Halloween day just over two 
years ago, when we were under a very heavy and IP-change tracking 
DDoS attack doesn't give me any facility for managing TCP 
connection expiration.  And it's VERY frustrating ... not only for 
you guys but also for me.  As "-Q-" found with his Telnet session, 
connections will be flatly dropped without notice.

On the other hand, you folks may notice that we've never been 
offline -- not once -- for reason of DDoS attack since that day.  
So annoying though it is, the kludgy solution of mine worked.

The BIGGEST puzzle to me in all this is why ANYTHING would have 
changed with our server migration.  Hmmmmm.

--//--

Okay ... I *MAY* have just fixed the connection dropping problem.

I've just modified the internal TCP kernel parameters (god I LOVE 
FreeBSD) to specify a RADICALLY shorter TCP KeepAlive options.

What was now 2 hours of TCP inactivity before a TCP KeepAlive ACK 
probe packet was sent is now 20 seconds.  And I also dropped the 
reprobing interval from 75 seconds down to just 10.

So now, rather than TPC keepalives essentially never happening, 
they kick in and start up right away on virtually every 
connection.  While this WILL result if a little more overall 
traffic, TCP keepalive probing ACK packets are very small so there 
won't be any burden to speak of.

Already *I* see a HUGE and very convenient improvement from here 
since my open Telnet sessions to the remote server are no longer 
timing out and dying.  So I think it's safe to say this this MAY 
really fix the dropped connections problem completely.  :)

-- 
_________________________________________________________________
Steve.
0
Steve
12/1/2004 8:41:00 PM
[for the unabridged version, see Temprary Q. Placeholder's post 
above]

-Q-,

Since our NNTP clients all seem to have the notion of a some sort 
of NNTP protocol level "keep alive" we can presume that some NNTP 
servers of the past may have dropped connections that had been 
idle -- at the NNTP protocol level -- for too long.

But the trouble we're seeing (hopefully WERE seeing -- I'm pretty 
sure it's history now) was down at the TCP protocol level.

> AFAICT, there's no message a server is supposed to
> send the client if the server times out the connection.

I'm sure you're correct about that.  The NNTP protocol is entirely 
client-side driven.  The client sends a command and the server 
replies.  And there's no provision for that client/server 
master/slave relationship being turned around.

-- 
_________________________________________________________________
Steve.
0
Steve
12/1/2004 8:45:00 PM
[for the unabridged version, see Temporary Q. Placeholder's post 
above]

> Oh, I see.  Maybe this is not happening when the new grc server
> times out, though.
> 
> I opened a telnet session with news.grc.com, read a couple of
> groups, then let the session sit idle for maybe an hour.  The
> telnet terminal didn't seem to get any indication from the server
> that the connection was being dropped;  it just sat there waiting
> for my next command.  When I eventually entered a command, telnet
> tried to send it on the same old connection and eventually told
> me that the connection had been lost.

Yep.  It used to happen much more quickly than that -- after just 
a few minutes.  Now that I've dialed-down the TCP Keepalive ACK 
packet intervals TCP connections are being held open through our 
various levels of DoS proxying defenses.  :)

Oh! ... and I've got an NTP daemon running on the news server now 
as well and the time is being kept synchronized with the rest of 
the world.  Thanks for your previous note about that!

-- 
_________________________________________________________________
Steve.
0
Steve
12/1/2004 8:48:00 PM
[for the unabridged version, see Milly <@.....>'s post above]

> > If you can set your keep-alives down to 1 minute, give that
> > a try.
> > 
> > I have Gravity set to 1 minute and I go for days -- many days
> > -- without dropping any connections ... and with long periods
> > of inactivity.
> 
> That didn't seem to help, nor increasing or decreasing the
> number of concurrent connections.

Let's see whether it's fixed now.  I'm betting that it is since 
I've seen an immediate improvement with my own deliberately idle 
Telnet console sessions ... which used to die in minutes and are 
now staying alive indefinitely!  :)

Yay!!!

-- 
_________________________________________________________________
Steve.
0
Steve
12/1/2004 8:49:00 PM
In grc.news.feedback Steve Gibson wrote:

> [for the unabridged version, see Sam Schinke's post above]
> 
>> It seems more likely that Steve's anti-DDOS technology is
>> timing-out connections.
> 
> I'm sure that's it.  The somewhat kludgy TCP Proxying solution I 
> hacked together in some desperation on Halloween day just over two 
[ ]

> The BIGGEST puzzle to me in all this is why ANYTHING would have 
> changed with our server migration.  Hmmmmm.
> 
> --//--
> 
> Okay ... I *MAY* have just fixed the connection dropping problem.

A few of us will be observing the results.  <G>

> I've just modified the internal TCP kernel parameters (god I LOVE 
> FreeBSD) to specify a RADICALLY shorter TCP KeepAlive options.
> 
> What was now 2 hours of TCP inactivity before a TCP KeepAlive ACK 
> probe packet was sent is now 20 seconds.  And I also dropped the 
> reprobing interval from 75 seconds down to just 10.

Radical.  ;)

[ ]
> Already *I* see a HUGE and very convenient improvement from here 
> since my open Telnet sessions to the remote server are no longer 
> timing out and dying.  So I think it's safe to say this this MAY 
> really fix the dropped connections problem completely.  :)

To be hoped for.  Thanks for investigating it more deeply.
0
Mark
12/1/2004 8:55:00 PM
In article <colam7$2mu9$1@news.grc.com> Steve Gibson wrote:
> [for the unabridged version, see Temporary Q. Placeholder's post
> above]
> >
> > I opened a telnet session with news.grc.com, read a couple of
> > groups, then let the session sit idle for maybe an hour.  The
> > telnet terminal didn't seem to get any indication from the server
> > that the connection was being dropped;  it just sat there waiting
> > for my next command.  When I eventually entered a command, telnet
> > tried to send it on the same old connection and eventually told
> > me that the connection had been lost.
> 
> Yep.  It used to happen much more quickly than that -- after just
> a few minutes.  Now that I've dialed-down the TCP Keepalive ACK
> packet intervals TCP connections are being held open through our
> various levels of DoS proxying defenses.  :)
> 
> Oh! ... and I've got an NTP daemon running on the news server now
> as well and the time is being kept synchronized with the rest of
> the world.  Thanks for your previous note about that!
> 
Yay!  No more 5 minute disparity between being Sent and the GRC Posted
Time stamp, eh? ;)

-- 
Alan
The universal principle of energy:
Energy has an objective, independent physical existence and exists 
in the absence of matter, but matter is entirely dependent upon
energy and cannot exist in the absence of energy.  - A.T. Williams
< http://www.cox-internet.com/hermital/book/holoprt2-1.htm >
0
hermital
12/1/2004 9:32:00 PM
In article <41AE3879.70A4C49A@cox-internet.com> hermital wrote:
> In article <colam7$2mu9$1@news.grc.com> Steve Gibson wrote:
> >
> > Oh! ... and I've got an NTP daemon running on the news server now
> > as well and the time is being kept synchronized with the rest of
> > the world.  Thanks for your previous note about that!
> >
> Yay!  No more 5 minute disparity between being Sent and the GRC Posted
> Time stamp, eh? ;)
> 
Much, *much* better.  My previous msg took only 0.03 seconds to send
and be posted on the server. :)

Thanks, Steve.  Keep on keeping on.

-- 
Alan
The universal principle of energy:
Energy has an objective, independent physical existence and exists 
in the absence of matter, but matter is entirely dependent upon
energy and cannot exist in the absence of energy.  - A.T. Williams
< http://www.cox-internet.com/hermital/book/holoprt2-1.htm >
0
hermital
12/1/2004 9:45:00 PM
Steve Gibson wrote:
> Okay ... I *MAY* have just fixed the connection dropping problem.

Yep, the sometimes sluggish (1 to 3sec between typing "n" (for "next
posting") and the arrival of the posting) and seldom slow (~10sec lag)
connection is as snappy as ever. After a short test, it seems to be
solved. Every posting is coming in in a second space after the request.

Carsten, fingerdrumming banned.
0
Carsten
12/1/2004 9:47:00 PM
Steve Gibson said in:<news:colapb$2mu9$2@news.grc.com>:
> [for the unabridged version, see Milly <@.....>'s post above]
> 
>>> If you can set your keep-alives down to 1 minute, give that
>>> a try.
>>> 
>>> I have Gravity set to 1 minute and I go for days -- many days
>>> -- without dropping any connections ... and with long periods
>>> of inactivity.
>> 
>> That didn't seem to help, nor increasing or decreasing the
>> number of concurrent connections.
> 
> Let's see whether it's fixed now.  I'm betting that it is since 
> I've seen an immediate improvement with my own deliberately idle 
> Telnet console sessions ... which used to die in minutes and are 
> now staying alive indefinitely!  :)

So far so good: not a single error. That short test, plus your
knowledgeable optimism, is good enough for me.

> Yay!!!

It's been bugging me far more than the inconvenience warranted, I
must admit, so I'm really delighted that you've squashed it. Thanks
very much Steve, and I'll raise you another yay: Yay!!! :)))
-- 

Milly
0
Milly
12/1/2004 9:57:00 PM
[for the unabridged version, see hermital's post above]

> Yay!  No more 5 minute disparity between being Sent and
> the GRC Posted Time stamp, eh? ;)

Right ... so long as YOUR clock is also correct!  :)

-- 
_________________________________________________________________
Steve.
0
Steve
12/1/2004 10:12:00 PM
[for the unabridged version, see Carsten Hiller's post above]

> Yep, the sometimes sluggish (1 to 3sec between typing "n"
> (for "next posting") and the arrival of the posting) and
> seldom slow (~10sec lag) connection is as snappy as ever.
> After a short test, it seems to be solved. Every posting
> is coming in in a second space after the request.
> 
> Carsten, fingerdrumming banned.

Ah ... nice! ... so the trouble -- in at least this case --
must have been that the our network was silently dropping 
connections and your client was silent re-connecting ...
and you were experiencing masked re-connection delays!

-- 
_________________________________________________________________
Steve.
0
Steve
12/1/2004 10:14:00 PM
[for the unabridged version, see Milly <@.....>'s post above]

> It's been bugging me far more than the inconvenience warranted,
> I must admit, so I'm really delighted that you've squashed it.
> Thanks very much Steve, and I'll raise you another yay: Yay!!!
> :)))

Well ... it's a HUGE WIN for me as well.  I've now left open both 
a Telnet session and a static NNTP session for a LONG TIME and 
neither have disconnected.

I was really being bothered by the need to manually keep my telnet 
console sessions to the remote server open and being unable to 
leave the telnet console for long without being silently 
disconnected.  So, again, this is a HUGE win for me.

It seems very clear that the outgoing ACKs from the UNIX server 
are now serving to keep the rest of my weird network connected.  

And ... it *may* be that I had configured our previous Linux 
server similarly -- I may well have -- so that also explains why, 
when the only thing that really changed was the underlying server, 
everyone reported a major change in connectivity behavior!

-- 
_________________________________________________________________
Steve.
0
Steve
12/1/2004 10:19:00 PM
In grc.news.feedback Steve Gibson wrote:

> [for the unabridged version, see hermital's post above]
> 
>> Yay!  No more 5 minute disparity between being Sent and
>> the GRC Posted Time stamp, eh? ;)
> 
> Right ... so long as YOUR clock is also correct!  :)

Wait, which clock is calling the wristwatch black? <VBG>

Stratum 2 ?
0
Mark
12/1/2004 10:19:00 PM
Don't most news servers have a connection timeout for a period of
inactivity?

Greg R
0
Greg
12/2/2004 1:15:00 AM
On Wed, 1 Dec 2004 20:00:27, Tony.P wrote:

>Jim Crowther wrote:
>> On Tue, 30 Nov 2004 20:38:14, Buzz Walradt wrote:
>>
>>> For me, it was because my isp at the time would disconnect a usr 
>>>after
>>> so many minutes of inactivity (15 I think) news, mail, or surfing. Like
>>> I said,, a long time ago.
>>   Quite right, why occupy a 'node' when you aren't using it.  I am 
>>rather  surprised at the assumption of some that they should stay 
>>connected to a  server when not exchanging data.  Seems bloody selfish 
>>to me.  I'm even  more surprised it wasn't two minutes.
>>
>
>Jim, bear with me as a learner.
>I log on to grc.news and download all the headers for the groups to 
>which I'm subscribed. I then spend an hour or so browsing through, and 
>downloading and reading the messages which I think will be of interest.
>Are you saying this is selfish, and that I should d/l all the messages 
>and headers, then disconnect and read them offline? Or have I 
>mis-understood you?

I'm not saying you should - that depends on many things, not least what 
you can/wish to do your end.

But in the wide view, yes, it is selfish.  Not very selfish, it would 
seem these days, and probably of no consequence - I note Steve himself 
doesn't consider it a problem.

10 years ago, accessing 'the modem in the garage' it would have been. No 
worries, old habits... <g>

-- 
Jim Crowther                  "It's MY computer" (tm SMG)

Always learning.
0
Jim
12/2/2004 1:49:00 AM
On Wed, 1 Dec 2004 20:19:03, Milly wrote:

>Why are 20 minute pulls 'better' than, say 2 minute pulls?

If one uses NewNews, which will sensibly add 10 minutes to the time to 
take account of duff server times (Thanks for the fix Steve!) then any 
less than 10 minutes is a waste of time, *unless* one is expecting some 
particular response.

Many folk read their news once a day, and reply once a day.

Some very weird folk do it every three months, but Gilliver hasn't 
appeared here, AFAICT. :)

-- 
Jim Crowther                  "It's MY computer" (tm SMG)

Always learning.
0
Jim
12/2/2004 1:58:00 AM
Steve Gibson wrote:
> Ah ... nice! ... so the trouble -- in at least this case --
> must have been that the our network was silently dropping
> connections and your client was silent re-connecting ...
> and you were experiencing masked re-connection delays!

Reconnection as well as DNS resolution delays, no doubt, if you are still
resolving rDNS for IP addresses. I was occasionally seeing delays of a few
seconds, which seems astronomically long for a simple TCP handshake.

Are the times you picked 'optimal', though? I guess it depends on the TCP
proxy's expiry mechanism. If it's based on a timer, something close to the
threshold would be ideal, but if the timeout is just the longest-inactive
connection getting dropped when a state table gets close enough to full,
other side effects might be seen.

Regards,
Sam
-- 
 18:05:58 up 17:29,  3 users,  load average: 0.08, 0.38, 0.41
0
Sam
12/2/2004 2:08:00 AM
[for the unabridged version, see Sam Schinke's post above]

> Are the times you picked 'optimal', though? I guess it depends
> on the TCP proxy's expiry mechanism. If it's based on a timer,
> something close to the threshold would be ideal, but if the
> timeout is just the longest-inactive connection getting dropped
> when a state table gets close enough to full, other side effects
> might be seen.

The cost of sending out keepalive ACKs is low.  So I used a 
shorter time since if the ACK repetition time were near to the 
connection-drop interval, one lost keepalive ACK could result in a 
dropped connection.  Since I don't know precisely what FreeBSD's 
logic is for non-replied-to keepalive ACKs, and since their cost 
is so low, and since dropped connections is so annoying for all of 
us, I decided to err on the side of caution and send them every 15 
seconds.  That way, even if one or two are lost, we'll hold our 
connection open.  :)

-- 
_________________________________________________________________
Steve.
0
Steve
12/2/2004 4:53:00 PM
[for the unabridged version, see Greg  R's post above]

> Don't most news servers have a connection timeout for a
> period of inactivity?

Yes.  I have ours set to 3600 seconds -- one hour.  So if someone 
is connected and does NOTHING for one hour, the news server will 
silently drop their connection and recover the resources it was 
using.

But since more newsreaders have their own "keep alive" options, 
they are typically able to maintain permanent connections.  
Gravity, for instance, sends a "help" command periodically to
keep our news server "interested".

Now that we have resolved our connection-level trouble I have 
changed my own Gravity Keep Alive to 20 minutes.  :)

-- 
_________________________________________________________________
Steve.
0
Steve
12/2/2004 5:03:00 PM
Jim Crowther wrote:
> On Wed, 1 Dec 2004 20:00:27, Tony.P wrote:
> 
(SNIP)

>> Jim, bear with me as a learner.
>> I log on to grc.news and download all the headers for the groups to 
>> which I'm subscribed. I then spend an hour or so browsing through, and 
>> downloading and reading the messages which I think will be of interest.
>> Are you saying this is selfish, and that I should d/l all the messages 
>> and headers, then disconnect and read them offline? Or have I 
>> mis-understood you?
> 
> 
> I'm not saying you should - that depends on many things, not least what 
> you can/wish to do your end.
> 
> But in the wide view, yes, it is selfish.  Not very selfish, it would 
> seem these days, and probably of no consequence - I note Steve himself 
> doesn't consider it a problem.
> 
> 10 years ago, accessing 'the modem in the garage' it would have been. No 
> worries, old habits... <g>

Thanks for the reply, Jim.
When I was on dial-up, cost necessitated that I "get in there, get on 
with it and get out"! But with the luxury of BB, I was enjoying 
browsing the Ngs in a leisurely fashion. Just wanted to be sure I wasn't 
being anti-social :-)

-- 
Tony.P
0
Tony
12/2/2004 8:13:00 PM
[for the unabridged version, see Axn...'s post above]

> I've been tripping over three readers for the last few
> weeks, but, since your adjustments I am happy to report
> a noticeable improvement with all 3. :) Thanks!

Yay!!!


> I did make one observation yesterday around 4:40 PM PST
> (GMT-08:00) when I adjusted a Thunderbird setting though.
> That change to "check new" to 1 minute caused that reader
> to re-download all my news.grc.* subscriptions, wiping
> out all my marks, read history, etc., and required me to
> supply my CECIL-ID again! Ugh. Can I blame you for that
> please? <g> Just kidding...

> I'm leery about changing the setting for Gravity now. Did
> your actions replace your marks, read history, etc.? I may
> finally have it all set the way I like it, and I hope nothing
> will change as drastically as it did with the "Bird".

No, none of the above.
NOTHING that I did could have caused what you're seeing.

-- 
_________________________________________________________________
Steve.
0
Steve
12/3/2004 4:43:00 AM
In grc.news.feedback Mark V wrote:

> In grc.news.feedback Steve Gibson wrote:
> 
>> [for the unabridged version, see Sam Schinke's post above]
>> 
[ ]

>> Okay ... I *MAY* have just fixed the connection dropping problem.
> 
> A few of us will be observing the results.  <G>
[ ]

Pleased to report that here after more than a day, 
  It's Fixed!   :)

Only two odd events most likely attributable to ISP or general Internet 
hiccups.  Nothing like before your accelerated TCP keep-alive timings.
Thanks Steve!
0
Mark
12/3/2004 4:52:00 AM
[for the unabridged version, see Mark V's post above]

> >> Okay ... I *MAY* have just fixed the connection dropping
> >> problem.
> > 
> > A few of us will be observing the results.  <G>
> [ ]
> 
> Pleased to report that here after more than a day, 
>   It's Fixed!   :)
> 
> Only two odd events most likely attributable to ISP or general
> Internet hiccups.  Nothing like before your accelerated TCP
> keep-alive timings.
> Thanks Steve!

I'm VERY glad for the additional feedback and confirmation.
I have seen SUCH a complete and total improvement here with my
own static Telnet connections (through DOUBLE LAYERS of my TCP 
proxying system since both my local and remote sites are 
"wrapped") that I *KNEW* that something major had been fixed.

But it's goof to hear that standard news client users are seeing 
that the increased connection trouble after the server was 
relocated has been fixed!  Yay!

-- 
_________________________________________________________________
Steve.
0
Steve
12/3/2004 5:00:00 PM
Whilst cruising grc.news.feedback with Gravity 2.6, I parsed "Steve Gibson" to say:
> [for the unabridged version, see Axn...'s post above]

> > I've been tripping over three readers for the last few
> > weeks, but, since your adjustments I am happy to report
> > a noticeable improvement with all 3. :) Thanks!
> 
> Yay!!!

> > I did make one observation yesterday around 4:40 PM PST
> > (GMT-08:00) when I adjusted a Thunderbird setting though.
> > That change to "check new" to 1 minute caused that reader
> > to re-download all my news.grc.* subscriptions, wiping
> > out all my marks, read history, etc., and required me to
> > supply my CECIL-ID again! Ugh. Can I blame you for that
> > please? <g> Just kidding...

> > I'm leery about changing the setting for Gravity now. Did
> > your actions replace your marks, read history, etc.? I may
> > finally have it all set the way I like it, and I hope nothing
> > will change as drastically as it did with the "Bird".
> 
> No, none of the above.
> NOTHING that I did could have caused what you're seeing.

I will exonerate you Sir! It appears to be a
quirk with Thunderbird .9 and it's CurrentUser.

Everything is much as Mark V reports here too.
I thought I cancelled that message, but you
busted me! <g> Heheh -- perhaps there's a new
issue with CurrentUser and Gravity...
0
Axn
12/3/2004 9:48:00 PM
In article <MPG.1c1a7f12ec4b26c69896ac@news.grc.com>, 
axenator@tld.invalid says...
<snipped>
> I thought I cancelled that message, but you
> busted me! <g> Heheh -- perhaps there's a new
> issue with CurrentUser and Gravity...
> 
You don't say how you tried to cancel the message using Gravity. You 
may have hit the delete key, right-clicked on the message and slected 
Delete, or gone to Article-Delete, any of which will remove the 
highlighted message from your machine.

 In order to fully cancel a message, i.e. to have it deleted from the 
server as well, go to Article and at the bottom of the drop-down menu 
select Cancel Article.

Deleting messages from your own machine will work regardless of CECIL-
ID, but attempting to do a Cancel will get you an error message if your 
current CID doesn't match that of the message.

-R
0
MrRee
12/4/2004 2:57:00 AM
Steve Gibson wrote:

> [for the unabridged version, see Sam Schinke's post above]
> 
>> The page I posted was intended to indicate that javascript
>> isn't neccessary for basic accesskey functionality.
> 
> Right.  And I was totally unaware of that, so I'm VERY glad to
> know it's there.  :)

Here's some more neat stuff. You can display the accesskey in the page
without any scripting in some browsers.

http://devedge.netscape.com/viewsource/2003/reveal-accesskey/

Regards,
Sam
-- 
 16:34:34 up 3 days, 15:58,  1 user,  load average: 0.51, 0.57, 0.35
0
Sam
12/5/2004 12:35:00 AM
Sam Schinke wrote:
> Steve Gibson wrote:
> 
> 
>>[for the unabridged version, see Sam Schinke's post above]
>>
>>
>>>The page I posted was intended to indicate that javascript
>>>isn't neccessary for basic accesskey functionality.
>>
>>Right.  And I was totally unaware of that, so I'm VERY glad to
>>know it's there.  :)
> 
> 
> Here's some more neat stuff. You can display the accesskey in the page
> without any scripting in some browsers.
> 

Sorry, missed the beginning of this one.  It's an interesting area, 
though.  Many of the ones people commonly assign are already "taken", 
which causes unexpected behaviour in people's software, which is a bit 
of a no-no.  There's a nice list from Wats:

http://www.wats.ca/resources/accesskeysandkeystrokes/38

I think numbers are generally safer:

http://www.juicystudio.com/assistivedeviceschart.asp

-- 
Michael
0
Mad
12/6/2004 5:36:00 PM
Reply:

Similar Artilces:

My posts not being posted?
Sorry, had to do a test - I replied to a thread twice but neither of my posts have appeared...... On 12-08-08 1:47 PM, Gordon wrote: > Sorry, had to do a test - I replied to a thread twice but neither of my > posts have appeared...... This group is moderated, so that all posts go through the mailing list and SpamAssassin. SpamAssassin gave your posts a higher than normal spam score, so it held them for moderator approval. -- Chris Ilias <http://ilias.ca> Mailing list/Newsgroup moderator On 09/08/12 04:31, Chris Ilias wrote: > This group is moderated, so t...

Authentication and POST
> Hello, > > I'm trying to write a script that submits form data using POST e.g., > $ua->request (POST $some_url, ['some_variable'=>'some_value']); . > > Each time data is submitted it must be authenticated i.e., a username and > password must be included in the HTTP header. > > I tried using $req = basic_authorization($username,$password), however, this > simply sends a HTTP request with the username and password, but none of the > data specified in the POST. > > How do I include the authentication information...

What is Authentication and What Do I Have to Do to Authenticate?
I have browsed through a lot of articles about form authentication with LDAP coding in ASP.NET, and they all seem having a bunch of codes and doing a lot of checking, for example, check to see if "cn=username", check the groupof property to get the group.  Why do we have to do that?  Isn't it enough to just instantiate a DirectoryEntry by passing the ldapPath and login credential?...

Forms authentication: Accessing posted data after timeout and re-authentication
Last week the Web Content Accessibility Guidelines (WCAG) 2.0 was released and one of the requirements to reach AAA compliancy is 2.2.5: "When an authenticated session expires, the user can continue the activity without loss of data after re-authenticating."I have an application that uses windows forms authentication with a timeout value of 20 minutes. If a user takes a reeeaallly long time to fill out a form he will get logged out in the meantime and when he finally submits the form he will be redirected to the login page for re-authentication. After logging back in he is redirect...

strange post on here!! ? >> Re: Linux Review: SpinRite 6.0 for Linux Users ??????
Re: Linux Review: SpinRite 6.0 for Linux Users When I looked at this article this is what I saw,,,I have never seen this before on grc.news,,,,,is this supposed to do this? Error! newsgroup server responded:Bad article number Perhaps the article has expired <Xns952BE64275276news4kayode@204.1.226.254> (6385) Click here to remove all expired articles Steve Wandering aimlessly around grc.techtalk.linux, I heard airratt mention: > Re: Linux Review: SpinRite 6.0 for Linux Users > > When I looked at this article this is what I saw,,,I have ne...

ntlm authentication for linux?
I'm currently writing this message from IE via crossover on linux. Appearently only the win32 version has ntlm suppport up to mozilla 1.4 .. Does any beta or alpha mozilla version support ntlm? Somewhere in CVS? I couldn't find any hints. iksrazal iksrazal wrote: > I'm currently writing this message from IE via crossover on linux. > Appearently only the win32 version has ntlm suppport up to mozilla 1.4 > . > > Does any beta or alpha mozilla version support ntlm? Somewhere in CVS? > I couldn't find any hints. > > iksrazal the win32 m...

linux authentication to editectory
Hi, I've got eDir 8.7.3 on W2k and a RedHat 7.2 with latest patches and want to authenticate linux users to eDirectory. When a linux user tries to authenticates to edirectory, the eDirectory LDAP server answers "Invalid integer syntax" (see below). It seems to me as the mapping between the linux login name (here: pah) and the his uid (should be 501 from eDirectory) is not working. This functionality is given by /usr/lib/libnss_ldap.so. Any help is appreciated. Thanx Patrick 11:35:39 New cleartext connection 0xaec410 from 192.168.10.154:1041, monitor = 0x95...

linux edir authentication
Forgive me because I know this has been asked before, but I have no experience with edirectory or managing it with consoleone. I'm trying to authenticate a linux client with a ldap backend running on netware 6. Here is the steps I'm following with the problems below. On the Netware server : 1. Get eDir 8.6.2 or later (I didn't get it to work with NDS8)Got that 2. Remove the mappings for uidNumber and gidNumber (Attribute Map) and enable plain text password (General) in the LDAP Group object using ConsoleOneI cant find uidNumber or gidNumber under the attribute map....

authenticating and posting to and page
I've been able to authenticate to an http page using my username and password. Problem #1: I'm attempting to authenticate to a page that doesn't request username or password but an account number, type of account and password. How do I know what the server expects for key value pairs? Problem #2: Once I connect a form appears. How do I get the key value pairs to the fields on the form so that I post the correct information in the right field. Thanks David O'Dell wrote: > I've been able to authenticate to an http page using my username and >...

Linux authentication through Samba
I've been using samba for file and print sharing on my home network for a few years now, and decided to step up my game and make it a PDC so that I wouldn't have to change my password on so many OSes on so many machines any more. I've gotten it set up so that it "works" insofar as I can join my Windows machines to the domain, logon, etc, and even have it set up to change the users linux password when a windows user changes their password. This all makes me happy. But, when I try to set up a SuSE client to use the domain authentication, I get an error "C...

ConsoleOne authentication in linux
(Cross-posted to novell.support.novell-linux-desktop.administration) I just downloaded and successfully installed C1 (1.3.6c, Sun Java JRM 1.4.2_03).  I'm running this on a SuSE 9.1 Pro workstation. Everything looks like it's running OK, but I am unable to authenticate. I have both IPX and IP connection working to connect to my servers, but cannot authenticate from within C1.  I get the following error: "(Error -634) The target server does not have a copy of what the source server is r...

NTLM Authentication on Linux
Does anyone know if there are any active efforts to write NTLM code for the Linux port of Mozilla. I thought I heard something about it being implemented with the help of some samba code. This would be great as I currently have to use Mozilla 1.4 on VMWare inside my corporate network and it would be great if I could just fire it up and use it on my GNOME desktop. Any news would be much appreciated. Regards, matt ...

auto proxy authentication in linux
Hello: Can BM3.8sp4 be configured to allow a linux box to automatically authenticate to the proxy by setting up the proxy settings on the linux box with a valid username and password?? Chris. -- hi Chris, no, that's not possible, but you can configure the BM NOT to ask for authentication when the request comes from that box. -- Cat NSC Volunteer Sysop Caterina Luppi wrote: > hi Chris, > > no, that's not possible, but you can configure the BM NOT to ask for > authentication when the request comes from that box. DO you mean a simple outb...

Web resources about - Authenticated Logon Before Posting - grc.techtalk.linux

Authenticated encryption - Wikipedia, the free encyclopedia
Authenticated Encryption ( AE ) or Authenticated Encryption with Associated Data ( AEAD ) is a block cipher mode of operation which simultaneously ...

Google Spam Report (Authenticated) - Flickr - Photo Sharing!
When you are logged into Google Webmaster Central, you can report any site that is spamming the SERPs through this tool. Post at Does Google ...

Authenticated electricity: Sony power outlets will charge you for charging
Sony is building a new kind of power outlet that raises a not entirely pleasant prospect—in the future, plugging a phone into a public wall socket ...

MLB Authenticated Game-Used Base Bar Stool
Like. From The Green Head: "If you love America's favorite pastime, now you can sit on an actual piece of it. These unique collectible bar stools ...

C-SPAN Moving to Authenticated TV Ch. Streaming
C-SPAN is launching a beta test of its migration of live online feeds of its TV channels—C-SPAN 1,2,3—to an authentication model starting Monday, ...

FDA "Corruption" Letter Authenticated: Lawyers, Start Your Engines!
The FDA's official recognition of the letter means that lawyers who want to use it to demonstrate that the FDA isn't perfect won't have to go ...

Buddy Rich's Authenticated and Complete 1960s Zildjian Cymbal Set Available on eBay for $29,995
Buddy Rich's complete 1960s Zildjian cymbal set is available for purchase on eBay. In the massive world of the Internet, anything is apparently ...

FileVault's authenticated restart has hardware requirements
If you use FileVault and wish to restart remotely, you can do so with the 'fdesetup' command; however, this does have some hardware limitations. ...

BREAKING: Michael Brown Audio Aired By CNN Authenticated
Video messaging service Glide has confirmed to the Washington Post the exact time and date the audio recording with gunshot sounds on it was ...

Sheriff: Brenham vet can't be charged with killing cat unless Facebook photo is authenticated
As a team investigated the image, the clinic where Kristen Lindsey worked said Friday that she'd been fired and condemned her post "in the strongest ...

Resources last updated: 12/7/2015 11:21:28 PM