Subject:
|
Re: Forum shift
|
Newsgroups:
|
lugnet.admin.general
|
Date:
|
Wed, 3 Nov 2010 09:34:38 GMT
|
Viewed:
|
8040 times
|
| |
|
|
Hi all,
I have taken a bit of time to follow the discussion as this is about a subject
that René and I have been talking over on some occasions but without any final
decisions yet.
In lugnet.admin.general, Jacob Sparre Andersen wrote:
> In lugnet.general, David Eaton wrote:
>
> > As I recall, the NNTP engine for LUGNET wasn't something that Todd custom-wrote
> > (like the web interface), but was a build of some already-existing
> > implementation, which could be why it's a little less accessible. I remember
> > hunting around for the NNTP code to little avail.
>
> I would expect that any old NNTP server can be plugged in instead, if the one
> Todd originally selected doesn't support access by username and password.
Actually, the NNTP server in use is a fairly old but very to-the-standard
implementation (CNEWS) - it may not be perfect by all means, but it has shown
some reliability over time.
What concerns me more (in terms of being the one who is keeping the underlying
services and servers afloat) is the potential security issue with any kind of
NNTP implementation (which I think can be mitigated) and the relatively slow
response time of the entire setup, in part but not completely due to the
multiple means of access / posting provided.
I have been monitoring the use of the NNTP interface for the last 12 months
(longer actually, but the logs had to be reset at some point due to a filesystem
issue). It appears that use of the NNTP service is declining but not showing
sings of eventually phasing out completely. This is what makes a decision
somewhat difficult.
> > However, once that connection has been established, it ought to be possible to
> > use your member ID/password to log in, so long as the email address provided in
> > the NNTP posting matches the one on file that's attached to your member ID.
>
> Why should that be necessary? Shouldn't it be enough to hook the password
> checker of the NNTP server up to the database containing IDs and passwords (if
> necessary both the posting and the member database).
To be honest, I am having a bit of difficulty with the login method of NNTP -
with the current setup, anyone connecting through NNTP can post but will have to
authorize his posts later on. With a username/password setup, I figure posting
without such authorization may become more complex or impossible to begin with.
It appears that posting through the web and email interfaces are by far more
popular, and especially email posting is a feature that is - well, probably not
unique, but quite an outstanding feature of LUGNET.
> > It's messy and kludgy (because LUGNET doesn't really maintain a proper
> > correlation between valid emails and members), but in theory it's possible.
>
> I can't see any need to connect member IDs with emails. We just need to make
> sure that anybody with posting privileges has (or can get) a username and a
> password for posting through the NNTP server.
That touches another point of mine - the question if and for how long we
actually want to support NNTP access. The number of internet users never even
having heard of such a thing as "Usenet" is increasing by orders of magnitude,
and while those have other limitations, the general move is for "point&click"
web-based forums. There are some forum platforms out there that offer some kind
of post-by-email and NNTP interfaces, but this would take some evaluation, too.
> > I wouldn't mind taking a look, although I think I'd probably need my SSH key
> > re-enabled since I think it's been disabled for a while. And of course if
> > Rene/Jerry want to take a look at it themselves, I'm all for that!
>
> It sounds like you know much more about the architecture than I do, so that
> would be good.
I very much appreciate that offer - please do get in touch, I have not deleted
any of the old SSH keys but needed to limit the IP address level access due to
an increasing number of hacking attempts (You would not believe from what
countries people try to break into servers).
On another note, I am only just preparing a brand-new machine to take over
LUGNET as the current software setup is fairly old and a non-disruptive update
seems unlikely. When testing is done, the switch will be fairly zero-downtime
instead and the performance should improve significantly (or so I hope at
least). Still, that does not mean I would want to leave everything else
untouched. It's just a matter of what current and potential future users really
want.
Also, we certainly must not risk losing any of the old posts and related
information should we come to the conclusion that moving away from NNTP is a
good idea after all these years. In that regard, however, the current code base
would perfectly guarantee a continued web access even if we pull the plug on the
news service.
Finally, I should also mention that for the post-by-email interface, we
currently have a spam level of well over 99% every day. For statistics, only in
the last 12 hours we recorded 48,000 rejected spam connections, 1800 more
blocked due to blacklistings, and 1200 spam assassin positives out of a total of
2200 accepted email messages. Compare that to the posts finally receiving
authorization (as per "Traffic" page, and the automatically generated statistics
posts do not even count) and you will know what I am talking about.
I do hope we will find a way to improve the experience of LUGNET.
Have fun,
Jerry
|
|
Message has 1 Reply:
 | | Re: Forum shift
|
| (...) Good to know. (Personally I only have experience with running INN.) (...) How many security holes have been found in CNEWS (or INN for that matter) over the last 10 years? I don't believe it is a likely point of entry for hackers. (...) Should (...) (14 years ago, 3-Nov-10, to lugnet.admin.general)
|
Message is in Reply To:
| | Re: Forum shift
|
| (...) I would expect that any old NNTP server can be plugged in instead, if the one Todd originally selected doesn't support access by username and password. (...) Why should that be necessary? Shouldn't it be enough to hook the password checker of (...) (14 years ago, 3-Nov-10, to lugnet.admin.general)
|
52 Messages in This Thread:
 
- Entire Thread on One Page:
- Nested:
All | Brief | Compact | Dots
Linear:
All | Brief | Compact
This Message and its Replies on One Page:
- Nested:
All | Brief | Compact | Dots
Linear:
All | Brief | Compact
|
|
|
|
