We’re spending some days with friends in Sardinia and late at night I start talking to @phf and @wandererbill about Usenet, net news, alternatives to Discord, mailing lists, newsletters, the fediverse…
I decided to install a mall net news server for Campaign Wiki. That’s the site I use to host all sorts of role-playing related stuff.
I installed sn because I already knew that I couldn’t get INN to work.
sn is a small news system for small sites – sn
Oops, now I get an error! 2022-02-06 Struggling with INN
2022-02-06 Struggling with INN
In any case, sn was up and running in no time.
I created a new, local group:
snnewgroup campaignwiki.talk
I connected using tin:
tin -g campaignwiki.org
I added a remote group:
snnewgroup cosmic.general cosmic.voyage
And to manually sync it up instead of waiting for the daily cron job:
sudo snget
Note that you cannot post to this group because admin @tomasino only allows posting by authenticated users.
We couldn’t post until I made the following change:
root@sibirocobombus:/usr/sbin# diff SNPOST~ SNPOST 82c82 < cat --- > /bin/cat
As it turns out, this change is already in the repo. There, it says:
Imported Debian patch 0.3.8-3 Hilko Bengen committed 14 years ago
I don’t understand what this means. Hilko committed this change 14 years ago, it was part of Debian 0.3.8-3 … and I’m using 0.3.8-12 and I still need to do this? How strange!
I realized that there was absolutely no security whatsoever. I set up my firewall to block access to port 119 except for my own machine and for SDF EU.
ipset create nntplist hash:ip hashsize 4096 ipset add nntplist 178.209.50.237 ipset add nntplist 178.63.35.128-178.63.35.255 iptables --append INPUT --protocol tcp --dport 119 --match set --match-set nn tplist --jump ACCEPT iptables --append INPUT --protocol tcp --dport 119 --jump DROP
I don’t think I like this, though. What about people on the move?
After a reboot these firewall rules were gone and I didn’t reinstate them.
As an alternative, I’m now simple authentication – with passwords sent across the Internet in the clear! 😬
Here’s what I did: inet needs to call a wrapper shell script that handles authentication. There’s an example script in the repository, so here I’m downloading the example, fixing ownership and permissions:
cd /usr/local/sbin wget https://salsa.debian.org/debian/sn/-/raw/master/contrib/simple_authentication/nntp.sh?inline=false -O nntp.sh chown news.news /usr/local/sbin/nntp.sh chmod 700 /usr/local/sbin/nntp.sh
Time to make some changes:
Next, change “/etc/inetd.conf”:
So now, inet calls the wrapper script for every connection on port 119, the wrapper script requires authentication, and if a username and password combo is found, the actual program is called.
First, run this in a terminal to tunnel port 1919 locally to port 119 on the remote where the news server is running.
ssh -L 1919:127.0.0.1:119 -N sibirocobombus
Sibirocobombus is an entry in my “~/.ssh/config” file. “-N” means to run no command. You could add “-f” which puts it in the background but I think I prefer it this way.
Now I can run tin locally, connecting to port 1919.
tin -g localhost -p 1919
Tin complains about terminal stuff if I try to run it directly. For a moment, that sounded great!
ssh sibirocobombus tin
In the end, I stopped using this. What I liked even better was running a second sn on my laptop!
When posting, I’m “alex@localhost.localdomain”. I have no idea where this is from. Locally, I have “/etc/mailname” set.
Right now, I’m not seeing it any more. Phew! 😅
I mentioned installing sn on the laptop, too. With that, I can connect to localhost without port forwarding, do my news reading and posting, and my local sn installation will connect to the remote sn and handle the posts!
sudo apt install sn sudo sed --in-place=.bak --expression 's/ cat/ \/bin\/cat/' /usr/sbin/SNPOST sudo snnewgroup campaignwiki.talk campaignwiki.org sudo snget
This runs into an error since a username and password are required. The snget man page mentions “/usr/sbin/SNHELLO” and if you read the source code, you can figure out where to store username and password per server: In the files “username” and “password” in the spool directory for the remote server:
sudo su cd /var/spool/sn/.outgoing/campaignwiki.org:119/ echo "alex" > username echo "*secret*" > password chmod 700 username password chown news.news username password exit
With this done, you can now exchange news.
sudo snget
And read news locally, via NNTP:
tin -r
If you want to join in, contact me and I’ll set up a username and password for you.
#Administration #Usenet #News
(Please contact me if you want to remove your comment.)
⁂
I used a local sn instance back in the day (circa 2000) when I’d pull a small selection of newsgroups from my dialup ISP for offline reading. I also sent my mailing list subscriptions there using a mail-to-news program.
WendzelNNTPd looks like another interesting small news server candidate. It is under active development and supports things like authentication and IPv6.
WendzelNNTPd's page on MS GitHub
– teiresias 2023-05-19 07:25:00 UTC
---
It sounds interesting! I like the idea of IPv6 support. That is the future. But if I understand the docs correctly, news doesn’t federate, right?
– Alex 2023-05-19 18:14 UTC
Correct. It doesn’t support federation. But if I understand how you mean federation in a Usenet context, neither does sn. It does support POST, so you could probably use programs like suck to pull groups from other servers, just like I did in my dialup days to pull a “partial” feed from my ISP. I think what I’m getting at is that if you want to have news articles propagate between these sorts of small servers, you’d need to write or obtain extra software to do it.
– teiresias 2023-05-19 19:19 UTC
---
I just managed to “get” a group from another server. On my server, I posted to the group, and I got an error message telling me “Posting failed (480 Posting not allowed)” 😆 so I guess it would have worked? Or maybe not, I’m not sure. I guess I don’t understand how net news propagates.
– Alex 2023-05-19 23:27 UTC
---
I guess this line means that actual peering doesn’t work:
IHAVE is not supported. Use POST instead. – sn
Then again, posting a new article to the foreign group in tin “works” in that it tries to post that article to the remote group the next it synchronizes. So as long as I’m running a “leaf node”, it’s fine.
I’m a bit stressed out by INN2, actually. I’m wondering whether I should give it another try.
– Alex 2023-05-20 08:38 UTC
---
@frotz left a comment elsewhere, saying that the usenet Big-8 management board did a talk at the LibrePlanet 2023 conference about Usenet as the original decentralized social network. Video.
– Alex 2023-06-22 21:53 UTC