Subject:
|
Re: Forum shift
|
Newsgroups:
|
lugnet.admin.general
|
Date:
|
Wed, 3 Nov 2010 11:31:22 GMT
|
Viewed:
|
8417 times
|
| |
|
|
Gereon Stein wrote:
> Jacob Sparre Andersen wrote:
> Actually, the NNTP server in use is a fairly old but very to-the-standard
> implementation (CNEWS) - it may not be perfect by all means, but it has shown
> some reliability over time.
Good to know. (Personally I only have experience with running INN.)
> What concerns me more (in terms of being the one who is keeping the underlying
> services and servers afloat) is the potential security issue with any kind of
> NNTP implementation (which I think can be mitigated) and the relatively slow
> response time of the entire setup, in part but not completely due to the
> multiple means of access / posting provided.
How many security holes have been found in CNEWS (or INN for that matter) over
the last 10 years? I don't believe it is a likely point of entry for hackers.
> I have been monitoring the use of the NNTP interface for the last 12 months
> (longer actually, but the logs had to be reset at some point due to a filesystem
> issue). It appears that use of the NNTP service is declining but not showing
> sings of eventually phasing out completely. This is what makes a decision
> somewhat difficult.
Should make it easy. People are still interested in NNTP access. If you made
the NNTP access user friendly, you might actually see an increase in NNTP use,
and thus a reduced load on the server.
> To be honest, I am having a bit of difficulty with the login method of NNTP -
> with the current setup,
It is also a horrible construction.
> With a username/password setup, I figure posting
> without such authorization may become more complex or impossible to begin with.
With a username/password setup for NNTP, you are authorised when you connect to
the server. There is no need to spend time sending out a separate authorisation
e-mail for each post, since the user already is authorised. It will make
posting much simpler, and probably reduce the volume of code needed for handling
NNTP posting. The only code besides CNEWS will be the one that gives CNEWS
access to check usernames and passwords.
> It appears that posting through the web and email interfaces are by far more
> popular, and especially email posting is a feature that is - well, probably not
> unique, but quite an outstanding feature of LUGNET.
I would say that the quality of the web interface is what is unique. E-mail
based posting is (almost) trivial to set up for a NNTP server. Considering that
those who post through the web interface don't have to (auto)reply to an
authorisation e-mail, it is obvious that the web interface will be more popular
than SMTP or NNTP.
> > I can't see any need to connect member IDs with emails. We just need to make
> > sure that anybody with posting privileges has (or can get) a username and a
> > password for posting through the NNTP server.
>
> That touches another point of mine - the question if and for how long we
> actually want to support NNTP access. The number of internet users never even
> having heard of such a thing as "Usenet" is increasing by orders of magnitude,
> and while those have other limitations, the general move is for "point&click"
> web-based forums. There are some forum platforms out there that offer some kind
> of post-by-email and NNTP interfaces, but this would take some evaluation, too.
I hope you are not seriously considering to drop NNTP access to Lugnet. Without
NNTP access, Lugnet will be almost as bad as any other LEGO discussion forum.
Play well,
Jacob
|
|
Message has 1 Reply:
 | | Re: Forum shift
|
| (...) I took a look at the archives of the debian-security-announce mailing-list from 2001 up to today. I couldn't find a single security report on CNEWS (and only one 2001 local vulnerability in INN). Play well, Jacob (13 years ago, 27-Jun-11, to lugnet.admin.general)
|
Message is in Reply To:
| | Re: Forum shift
|
| Hi all, I have taken a bit of time to follow the discussion as this is about a subject that René and I have been talking over on some occasions but without any final decisions yet. (...) Actually, the NNTP server in use is a fairly old but very (...) (14 years ago, 3-Nov-10, to lugnet.admin.general)
|
52 Messages in This Thread:
 
- Entire Thread on One Page:
- Nested:
All | Brief | Compact | Dots
Linear:
All | Brief | Compact
This Message and its Replies on One Page:
- Nested:
All | Brief | Compact | Dots
Linear:
All | Brief | Compact
|
|
|
|
