OT Looking for SF Bob (And Peter too.)

Bob,

On another group you wondered if the forged approval message that had been
posted to this group ( rec.crafts.jewelry ) actually made it to the group.
You also had kind things to say about Peter. Perhaps Peter will either add
to this post or reply in a follow up post about the fact that totally off
topic posts, not approved by the moderator, do show up here on a
semi-regular basis. There are people out there who delight in forging
headers and causing problems in the "safe, moderated, groups" and will do so
every time they figure out a "new" way to do it. Most of the time they are
not very persistent but in the past there was a certain poster who spammed
all of Usenet for quite a while before he was shut down.

--
Don Thompson

Stolen from Dan: "Just thinking, besides, I watched 2 dogs mating once,
and that makes me an expert. "

There is nothing more frightening than active ignorance.
~Goethe

It is a worthy thing to fight for one's freedom;
it is another sight finer to fight for another man's.
~Mark Twain

On Fri, 28 Dec 2007 11:52:20 -0800, in rec.crafts.jewelry "Don T"
wrote:

Bob,

On another group you wondered if the forged approval message that had been
posted to this group ( rec.crafts.jewelry ) actually made it to the group.
You also had kind things to say about Peter. Perhaps Peter will either add
to this post or reply in a follow up post about the fact that totally off
topic posts, not approved by the moderator, do show up here on a
semi-regular basis. There are people out there who delight in forging
headers and causing problems in the "safe, moderated, groups" and will do so
every time they figure out a "new" way to do it. Most of the time they are
not very persistent but in the past there was a certain poster who spammed
all of Usenet for quite a while before he was shut down.

Don,
that pretty much sums it up. The moderation scheme devised by those who first
set up the moderation option on usenet dates way back to when the whole net
community was a lot smaller, and usenet was mostly a discussion forum found
around university or company computer systems, so it's based more on trusting
people to follow the rules, than anything seriously enforcable. It's not hard
for people with a desire to break the rules, to do so, and post messages with
forged approval headers. And when they do, those posts do indeed make it to the
groups, since they then completely bypass the moderator and the moderation
mechanism. Moderators who notice the posts can issue cancel commands that
remove those posts from those news servers that honor such commands, but often
it's just not worth the effort. Most moderated groups are moderated in the
first place, because the users of those groups desire it that way, which means
that people who are posting forged messages are sending their trash to a hostile
audience. As with most spam on the net, the most common motivator for people
to post spam or any sort, is the hope of selling something and making money.
Advertising to an audience that is going to get angry at your ads, and sometimes
will take active measures to combat your efforts, is just not cost effective
advertising, and generates little in the way of sales or benefits to the poster,
so in the end, it's not all that common. The crazy ones, those bent on smearing
some political or other such message around the net, well, mostly those are easy
to ignore.

For my part, when I see a forged post, I generally issue a cancel command to
remove the post from the news servers. But as I said, it's not fully effective.
Some ISPs automatically detect the spams anyway, since such posts are often
copied to many groups, triggering filters.

The other, and perhaps most effective weapon against such forgeries is simply
that ISPs don't like it when people abuse their systems. Some spamming or
advertising is in a grey area that people can sometimes try to defend, or which
ISPs don't rigorously go after. But forging approvals to moderated groups is
clearly a violation of the terms of service of pretty much all ISPs, and so far,
I've found good responses from ISPs, when advised that a customer of theirs is
breaking that rule. Those who repeat the offense can quickly find their
internet access, or at least their news server access, cut off completely. This
of course is also not a perfect solution, since the really aggressive violators
know all this, and take steps to hide their tracks and identity. It's harder to
do than most people realize, since although one can hide one's identity from the
public, hiding it from the ISPs is quite difficult. Posts can be traced, if an
ISP wishes to do so, back to the sending computer or network. So in those cases,
disciplinary action can be taken, and usually is. But as I said, the really
aggressive posters figure out ways around this, including finding open WIFI
routers out there which people forget to secure, or sending posts via foreign
news servers, etc.

Fortunately, it's just not a common problem. And the best solution, usually,
is just to ignore the junk. Usually, it's not worth more effort than that
needed to hit your delete key.

Peter

On Dec 28, 12:06=A0pm, "Peter W.. Rowe,"
wrote:
On Fri, 28 Dec 2007 11:52:20 -0800, in rec.crafts.jewelry "Don T"

wrote:
Bob,

=A0On another group you wondered if the forged approval message that ha=
d been
posted to this group ( rec.crafts.jewelry ) actually made it to the grou=
p.
You also had kind things to say about Peter. Perhaps Peter will either a=
dd
to this post or reply in a follow up post about the fact that totally of=
f
topic posts, not approved by the moderator, do show up here on a
semi-regular basis. There are people out there who delight in forging
headers and causing problems in the "safe, moderated, groups" and will d=
o so
every time they figure out a "new" way to do it. Most of the time they a=
re
not very persistent but in the past there was a certain poster who spamm=
ed
all of Usenet for quite a while before he was shut down.

Don,
that pretty much sums it up. =A0The moderation scheme devised by those who=
first
set up the moderation option on usenet dates way back to when the whole ne=
t
community was a lot smaller, and usenet was mostly a discussion forum foun=
d
around university or company computer systems, so it's based more on trust=
ing
people to follow the rules, than anything seriously enforcable. =A0 It's n=
ot hard
for people with a desire to break the rules, to do so, and post messages w=
ith
forged approval headers. =A0And when they do, those posts do indeed make i=
t to the
groups, since they then completely bypass the moderator and the moderation=

mechanism. =A0 Moderators who notice the posts can issue cancel commands t=
hat
remove those posts from those news servers that honor such commands, but o=
ften
it's just not worth the effort. =A0Most moderated groups are moderated in =
the
first place, because the users of those groups desire it that way, which m=
eans
that people who are posting forged messages are sending their trash to a h=
ostile
audience. =A0 As with most spam on the net, the most common motivator for =
people
to post spam or any sort, is the hope of selling something and making mone=
y.
Advertising to an audience that is going to get angry at your ads, and som=
etimes
will take active measures to combat your efforts, is just not cost effecti=
ve
advertising, and generates little in the way of sales or benefits to the p=
oster,
so in the end, it's not all that common. =A0The crazy ones, those bent on =
smearing
some political or other such message around the net, well, mostly those ar=
e easy
to ignore.

For my part, when I see a forged post, I generally issue a cancel command =
to
remove the post from the news servers. =A0But as I said, it's not fully ef=
fective.
Some ISPs automatically detect the spams anyway, since such posts are ofte=
n
copied to many groups, triggering filters. =A0

The other, and perhaps most effective weapon against such forgeries is sim=
ply
that ISPs don't like it when people abuse their systems. =A0Some spamming =
or
advertising is in a grey area that people can sometimes try to defend, or =
which
ISPs don't rigorously go after. =A0But forging approvals to moderated grou=
ps is
clearly a violation of the terms of service of pretty much all ISPs, and s=
o far,
I've found good responses from ISPs, when advised that a customer of their=
s is
breaking that rule. =A0Those who repeat the offense can quickly find their=

internet access, or at least their news server access, cut off completely.=
This
of course is also not a perfect solution, since the really aggressive viol=
ators
know all this, and take steps to hide their tracks and identity. =A0It's h=
arder to
do than most people realize, since although one can hide one's identity fr=
om the
public, hiding it from the ISPs is quite difficult. =A0Posts can be traced=
, if an
ISP wishes to do so, back to the sending computer or network. So in those =
cases,
disciplinary action can be taken, and usually is. =A0But as I said, the re=
ally
aggressive posters figure out ways around this, including finding open WIF=
I
routers out there which people forget to secure, or sending posts via fore=
ign
news servers, etc. =A0 =A0

Fortunately, =A0it's just not a common problem. =A0And the best solution, =
usually,
is just to ignore the junk. =A0Usually, it's not worth more effort than th=
at
needed to hit your delete key.

Peter

Hi, Guys --

OK, I stand *semi* corrected. Peter has acknowledged that some posts
with forged approvals do make it past him into r.c.j -- however, I
still say we haven't seen the heavy pollution from sporge attacks like
some of the other, non-moderated groups.

BTW, in case anyone else is wondering what we are talking abou here,
it is a spill-over from a discussion in rec.pyrotechnics about whether
or not to go moderated, and whether that offers any protection from
the sporgers. There are a few here that read both groups.

Regards,

Bob

On Fri, 28 Dec 2007 11:52:20 -0800, "Don T"
wrote:

Bob,

On another group you wondered if the forged approval message that had been
posted to this group ( rec.crafts.jewelry ) actually made it to the group.
You also had kind things to say about Peter. Perhaps Peter will either add
to this post or reply in a follow up post about the fact that totally off
topic posts, not approved by the moderator, do show up here on a
semi-regular basis. There are people out there who delight in forging
headers and causing problems in the "safe, moderated, groups" and will do so
every time they figure out a "new" way to do it. Most of the time they are
not very persistent but in the past there was a certain poster who spammed
all of Usenet for quite a while before he was shut down.

He just did a mild sporge of rec.arts.sf.written on the 26th.
--
Marilee J. Layman
http://mjlayman.livejournal.com

On Fri, 28 Dec 2007 22:22:00 -0800, in rec.crafts.jewelry Bob
wrote:

Hi, Guys --

OK, I stand *semi* corrected. Peter has acknowledged that some posts
with forged approvals do make it past him into r.c.j -- however, I
still say we haven't seen the heavy pollution from sporge attacks like
some of the other, non-moderated groups.

If the risk of spam/sporge/etc attacks in a given group seems high enough, then
moderation offers a couple other modest "work arounds". Although the main
system doesn't offer much protection against spammers, some groups use more than
just a manual moderation scheme. Here in rec.crafts.jewelry, forged posts might
well go unnoticed, and un cancelled, if I don't happen to check for them or
someone else calls them to my attention. Or, if it were a major attack, I might
be simply swamped trying to deal with them, since with my software setup,
sending a cancel command for a posting requires me to alter a bunch of the
settings in my own news software so it thinks I'm the one who sent the original
post, only then will it allow me to send the cancel. That's why I don't
usually bother.

But some moderators, especially in some of the more active or contentious
groups, and especially in those groups more computer oriented, the moderators
set it up with a web based moderation site, or as a perl program running on a
unix shell account. That sort of setup can then be designed so that posts, when
approved, get the addition of a PGP encoded approval header or other addition.
That coded bit added to the post shows that program that a copy of the post that
it may then see added to it's news feed or on it's server already was indeed
properly approved, and any post that it finds that does not have the proper PGP
key, then gets automatically cancelled by the software. This setup is still not
perfect of course, but it's much more than what I do here. The main downside,
at least for me, is that it costs more. I'd have to pay to set up the site to
add that moderation bot to r.c.j., and pay to have it remain up. On my budget,
that's not an attractive option.

But if you're considering moderating a group, it IS possible to set up the
moderation scheme in a way that has better, though not complete, protection from
spamming and other attacks, than does r.c.j. These setups also are good in
that they are usually set up to easily allow moderation tasks to be performed by
a team of people, rather than just one. Again, that would have been an
attractive thing to me, had I ever gotten much response when asking if others in
the group would like to share the moderation tasks. Usually I can find someone
willing to fill in when I take a vacation, but musings about finding someone to
actually take over, or take on the task as a shared regular thing? Not much
more than silence. Which proves that the rest of you readers in this group are
brighter than I was when I volunteered to do this.

Which brings me to the last consideration you should discuss. Remember that
when you set a group up as moderated, it becomes vulnerable to instant death if
the moderator abandons the group or doesn't do his/her job. Messages sent to
the group languish in a moderators email unless he/she or someone else gets them
out, approves them, and properly posts them. The hoops group members need to
jump through to rescue an abandoned group are not so simple, because the system
doesn't want disgruntled group readers, perhaps mad at having their posts
rejected, easily able to steal the moderation task or otherwise change the
setup. If your group becomes moderated, and then after a few years the
moderator gets tired of the task, you'll then have to find another victim. Er,
I mean volunteer. Though you can, if you find and contact the right folks, get
the submission address changed/rescued from a disappeared moderator back to
someone willing to do it, it's much harder to get a group unmoderated if it
doesn't work for you. Same hassle as converting one to moderated status, only
then perhaps having to do it despite lack of cooperation from a moderator who
may not agree... For my part, I never dreamed, and nobody ever warned me or
suggested to me, that when I agreed to moderate this group, it would be a
permanent unchangeable task from which I couldn't easily escape or resign. It's
been ten years now, and fortunately, I still enjoy it. Mostly. It costs me
time and money I can't always afford. And I'm betting that you might not always
be so lucky in your group to both find some poor sap to do the job, or that
he/she will remain willing to continue to do it. Be careful that you and other
group readers really want a moderated group, and are willing to jointly take
responsibility for keeping it running.

Peter

On Dec 28, 10:43=A0pm, "Peter W.. Rowe,"
wrote:
On Fri, 28 Dec 2007 22:22:00 -0800, in rec.crafts.jewelry Bob

wrote:
Hi, Guys --

OK, I stand *semi* corrected. =A0Peter has acknowledged that some posts
with forged approvals do make it past him into r.c.j -- however, I
still say we haven't seen the heavy pollution from sporge attacks like
some of the other, non-moderated groups.

If the risk of spam/sporge/etc attacks in a given group seems high enough,=
then
moderation offers a couple other modest "work arounds". =A0Although the ma=
in
system doesn't offer much protection against spammers, some groups use mor=
e than
just a manual moderation scheme. =A0Here in rec.crafts.jewelry, forged pos=
ts might
well go unnoticed, and un cancelled, if I don't happen to check for them o=
r
someone else calls them to my attention. =A0Or, if it were a major attack,=
I might
be simply swamped trying to deal with them, since with my software setup,
sending a cancel command for a posting requires me to alter a bunch of the=

settings in my own news software so it thinks I'm the one who sent the ori=
ginal
post, only then will it allow me to send =A0the cancel. =A0That's why I do=
n't
usually bother.

But some moderators, especially in some of the more active or contentious
groups, and especially in those groups more computer oriented, the moderat=
ors
set it up with a web based moderation site, or as a perl program running o=
n a
unix shell account. =A0That sort of setup can then be designed so that pos=
ts, when
approved, get the addition of a PGP encoded approval header or other addit=
ion.
That coded bit added to the post shows that program that a copy of the pos=
t that
it may then see added to it's news feed or on it's server already was inde=
ed
properly approved, and any post that it finds that does not have the prope=
r PGP
key, then gets automatically cancelled by the software. =A0This setup is s=
till not
perfect of course, but it's much more than what I do here. =A0The main dow=
nside,
at least for me, is that it costs more. =A0I'd have to pay to set up the s=
ite to
add that moderation bot to r.c.j., and pay to have it remain up. =A0On my =
budget,
that's not an attractive option. =A0

But if you're considering moderating a group, it IS possible to set up the=

moderation scheme in a way that has better, though not complete, protectio=
n from
spamming and other attacks, than does r.c.j. =A0 These setups also are goo=
d in
that they are usually set up to easily allow moderation tasks to be perfor=
med by
a team of people, rather than just one. =A0Again, that would have been an
attractive thing to me, had I ever gotten much response when asking if oth=
ers in
the group would like to share the moderation tasks. =A0Usually I can find =
someone
willing to fill in when I take a vacation, but musings about finding someo=
ne to
actually take over, or take on the task as a shared regular thing? =A0Not =
much
more than silence. =A0Which proves that the rest of you readers in this gr=
oup are
brighter than I was when I volunteered to do this.

Which brings me to the last consideration you should discuss. =A0Remember =
that
when you set a group up as moderated, =A0it becomes vulnerable to instant =
death if
the moderator abandons the group or doesn't do his/her job. =A0Messages se=
nt to
the group languish in a moderators email unless he/she or someone else get=
s them
out, approves them, and properly posts them. =A0The hoops group members ne=
ed to
jump through to rescue an abandoned group are not so simple, because the s=
ystem
doesn't want disgruntled group readers, perhaps mad at having their posts
rejected, easily able to steal the moderation task or otherwise change the=

setup. =A0 =A0If your group becomes moderated, and then after a few years =
the
moderator gets tired of the task, you'll then have to find another victim.=
=A0Er,
I mean volunteer. =A0Though you can, if you find and contact the right fol=
ks, get
the submission address changed/rescued from a disappeared moderator back t=
o
someone willing to do it, it's much harder to get a group unmoderated if i=
t
doesn't work for you. =A0Same hassle as converting one to moderated status=
, only
then perhaps having to do it despite lack of cooperation from a moderator =
who
may not agree... =A0 =A0For my part, I never dreamed, and nobody ever warn=
ed me or
suggested to me, that when I agreed to moderate this group, it would be a
permanent unchangeable task from which I couldn't easily escape or resign.=
=A0It's
been ten years now, and fortunately, I still enjoy it. =A0Mostly. =A0 It c=
osts me
time and money I can't always afford. =A0And I'm betting that you might no=
t always
be so lucky in your group to both find some poor sap to do the job, or tha=
t
he/she will remain willing to continue to do it. =A0 Be careful that you a=
nd other
group readers really want a moderated group, and are willing to jointly ta=
ke
responsibility for keeping it running.

Peter =A0

Thanks, Peter -- that's very helpful. I'm only a reader and very
occasional poster over at rec.pyro, so it won't be up to me what
happens, but I'll post your advice over there for consideration.

Regards,

Bob

On Fri, 28 Dec 2007 22:22:09 -0800, "Marilee J. Layman"
wrote:

On Fri, 28 Dec 2007 11:52:20 -0800, "Don T"
wrote:

Bob,

On another group you wondered if the forged approval message that had been
posted to this group ( rec.crafts.jewelry ) actually made it to the group.
You also had kind things to say about Peter. Perhaps Peter will either add
to this post or reply in a follow up post about the fact that totally off
topic posts, not approved by the moderator, do show up here on a
semi-regular basis. There are people out there who delight in forging
headers and causing problems in the "safe, moderated, groups" and will do so
every time they figure out a "new" way to do it. Most of the time they are
not very persistent but in the past there was a certain poster who spammed
all of Usenet for quite a while before he was shut down.

He just did a mild sporge of rec.arts.sf.written on the 26th.

And a somewhat larger one today.
--
Marilee J. Layman
http://mjlayman.livejournal.com