Hold on to your news servers


The only messages this server will emit will be cancels, and it will emit
them only to those who DELIBERATELY peer with it.

Okay for the $20,000 question, is anyone peering with it now who
doesn't know that they are? In other words are you planning
on migrating an existing system for this purpose or are
you planning to provide a *new* service in which people
could peer with?

I neither own or control ANY *CURRENT* news servers.

This is a NEW service, operating on hardware which will be purchased
specifically for this purpose by a non-profit organization set up
explicitly to do this and other public-interest Internet-related things.

This is a NEW service, operating on hardware which will be purchased
specifically for this purpose by a non-profit organization set up
explicitly to do this and other public-interest Internet-related things.

How is making you the Lord High Executioner of Errant Binary Posts in the
public interest?

It is in the public interest to get both the copyright violations and the
kiddie porn off Usenet.

True but acting unilaterally is unacceptable and your mechanism for
solving the problem is too easily defeated.

So in YOUR opinion, it is in the public interest to enforce American laws -
or your interpretation of them - in countries that could give a damn about
our copyright issues and such? And you're going to do that by violating the
very fundamental tenet of the first amendment - by making you register
before you speak (or in this case post).

What you're saying is that if two people in country X (X being some
nameless country who either cares nothing about copyright laws, of which
there are many, or cares nothing about child pornography laws, of which
there are very few) are sending binaries back and forth to each other, then
if the news server they're on happens to be indirectly connected through
however many hops to YOUR news server, you're going to tell them they can't
do what their country's laws allow?

And yes, this is where you mention that "the ONLY people who see the cancel
messages are those who explicitly ask for them, yada yada yada" and this is
where, given that statement, I offer to sell you a moderately sized bridge
in the NYC area, because leaks happen. Leaks in Usenet are like the
dinosaurs in Jurassic Park - they happen, despite all your best efforts not

Just make sure to remind anyone who peers with you who is either a
government entity or recieves government funds, that if they peer with you
they can kiss their federal money goodbye the day the ACLU gets wind of it.
The first amendment doesn't stop you from muzzling whoever you want, but
people who get government money CAN'T be engaged in that sort of thing. :slight_smile:
(Prior restraint and such).

This is my last post on the topic, I'm officially giving up on you taking a
ride on the Clue Bus. You have a god-given right to be a moron if you
choose, please feel free to exercise it. Maybe we can all derive a
collective chuckle from watching you fall on your face.

Still trying to develop the Personal RBL,

I cannot act unilaterally.

Only in concert with those who believe as I do will these cancels propagate

If I did not already have people who wanted this feed, there would be no
purpose in setting it up.

You do not have the right to determine for others what is and is not
acceptable - nor do you have the right to tell others they cannot obtain
and process such a cancel feed.

Hello Karl,

I'll say up front that this is off-topic for NANOG, in so far as UseNet
content is concerned. However it is seriously on-topic as far as UseNet
connectivity is concerned, IMHO. Most of this is our opinion only. We do
not preach it, nor do we expect converts. Please direct flames to /dev/null.

At MHSC, the suits instituted a UseNet ban, as policy, about four years
ago. This is because some InterNet terrorists nearly caused us some serious
business loss (cjames@cec-service.com and others) at a critical time for
MHSC. In addition, CoS cancel wars were beating our servers to death. I
submit that the major problems wrt UseNet are NOT kiddie porn and copyright
violations. In fact, I submit that the major problems are the cancel
messages themselves and spammers (it is valuable to note that within 1 year
of dropping out of UseNet our spammed rate also dropped to very low
levels). The other problem can not be remedied with any sort of
cancellation system (abstinance makes the heart grow fonder <grin>).

Over the years UseNet has devolved from anarchy into chaos. IMHO, it can
not evolve back. Your service, although laudable in intent, is doomed
because of this. But, YMMV. In fact, it is our belief that you may only
help to accelerate the demise of UseNet as a usable medium. To us, it
doesn't matter because we feel UseNet is already heading there on its own.
It's a train-wreck in-process. Those currently on the UseNet train do not
yet know that the locomotive has already jumped the tracks, IMHO.

Our feeling is to let the lusers have UseNet, as a sacrificial ploy, and
carry on real business using mailer-lists, like this one. At least, they
can be managed independently of each other. For many reasons, and they are
all off-topic here, we believe that UseNet architecture has proven it self
to be non-scaleable due to lack of management capability. Yes, we realize
that this is also its chief attraction, for many. MHSC does not have a
solution, other than abstinance.

UseNet needs re-architecting and that will not happen due to the resounding
lack of interest in doing so. FYI, a back-burner project, here at MHSC, is
to build something along the lines of the FidoNet EchoMail back-bone
systems. This was a news/conference system based on mailer-lists. The
intent is to fill the need for UseNet with something a bit more managable.
We may, or maynot, ever complete that project.

Death of Usenet predicted. Film at 11.

I don't see things this way at all. There's one piece missing from Usenet:
accountability. While Karl's proposal addresses this (with binaries only,
unfortunately), it goes too far, and damages the right to privacy that
people expect, as well as presents far too many opportunities for leakage
to those who didn't ask for his cancels. (Karl, while you might think that
cancels are only advisory, they're not for most people; many news admins
simply set up INN out of the box, with cancels enabled, and never change
the defaults. This means that when your cancels leak, and they will,
administrators have to opt-out. Saying this is the fault of their peers is
merely petty buck-passing; it's the fault of -YOUR- peers.)

This is why I don't support Karl's proposal. Not because it is a
fundamentally bad idea or because I have a problem with him personally
(the latter of which has been seen far too much), but because it fails to
address the basic need for personal privacy in a public forum, and because
it fails to operate as a strictly opt-out mechanism. Address that, while
still making it possible for law enforcement (with proper authorization)
to perform an investigation, and you'll have me aboard in a heartbeat.

Aside from the lack of authentication, as a medium, Usenet is alive and
well. The big 8 are managed in a clear, coherent manner (by a well-defined
voting procedure and authenticated mechanism for creation and retirement
of groups). What you seem to have a problem with is "alt", and other
hierarchies without any kind of growth control.

But, so as to avoid the "ok, what's your better idea, then" posts, here's
my suggestion. Instead of Karl's system, which places the burden of
signing on the customer, and eliminates their posting privacy, why not a
system like this:

- The system signs the message going out, not the individual. Thus, we
  know where the message came from (unlike with path headers, which can be
  forged), and it's much easier to get buy-in from server administrators
  than it is from the end-user. Especially when a system like this starts
  reaching critical mass; for a legitimate business providing Usenet
  service, buy-in is a no-brainer.

- Require DH/DSS keys instead of RSA, so that admins can use something
  like GPG instead of PGP so they aren't saddled with the cost of a server
  license on PGP, taking some burden off of the administrator, and makes
  sure that the central authority doesn't ever get nailed with needing
  to purchace the server licence. All modern versions of PGP support
  DH/DSS, so this restriction isn't a problem.

- Sign every local post, not just binaries. Why should we treat one post
  differently than others? Just as a binary post could be child porn, a
  text post could be slander or a copyright infringement.

- Issue batches of NoCeMs instead of cancels (using DH/DSS keys instead of
  RSA). This:
  - gives us a verification mechanism that the sender of the message
    really is the central signature-checking authority, and not someone
    trying to be annoying.
  - makes it possible to process them more efficiently (in batches as
    opposed to individually)
  - ensures that the system really is opt-in, instead of abusing the fact
    that many administrators leave cancels enabled by default, and making
    it a pseudo opt-out system.
  - allows the average person to take part in this, even if their news
    administrator doesn't, by using NoCeM for what it was originally
    designed for (as a personal filter).

With this, law enforcement knows where the message came from. Now, it's up
to the Usenet source to maintain some means of correllating a post to a
physical human being (ala NNTP authentication, or NNTP-Posting-Host with a
timestamp and login record). Any Usenet source with an abuse department
needs this infrastructure in place anyway. If you don't maintain this
correllating data, guess who's liable for the content posted?

I see this as a much better solution; it preserves the customer's privacy,
keeps the legal liability where it belongs (the originating system, and
the poster), and takes the burden off of the end user. To them, this is
completely invisible.

Comments welcome. Feel free to forward this to more appropriate forums if
you like the idea, and think others might.

Ditto that. And really, it CAN'T operate strictly as an opt-out mechanism.
While I'm sure Karl is quite competent enough to be able to configure a server
and a newsfeed, he is only human, and mistakes *do* happen.