Charles Lindsey | 1 Oct 16:14 1998
Picon
Picon

Re: Body Conventions

In <1dg1jp0.137gjfz17egxocM <at> roxboro0-062.dyn.interpath.net> phenix <at> interpath.com (John Moreno) writes:

>Should this be addressed in section 4.4.2?

>4.4.2. Body Conventions

>          It is a common practice for followup agents to enable the
>          incorporation of the followed-up article (the "precursor")
>          as a quotation. This SHOULD be done by prefacing each line
>          of the quoted text (even if it is empty) with the character
>          ">" (or preferably with "> "). This will result in multiple
>          levels of ">" when quoted content itself contains quoted
>          content. The followup agent SHOULD also precede the quoted
>          content by an "attribution line" incorporating at least the
>          name of the precursor's poster.

>Maybe:

>          It is a common practice for followup agents to enable the
>          incorporation of the followed-up article (the "precursor")
>          as a quotation, with new text either following or interspersed
>          in a "conversational" style.

Yes, I could live with that sort of wording. It would be even better to
say "incorporation of selected parts of the followed-up article".

And to whoever it was who said that such thoughts should go in a separate
"best practices" document, I disagree. I think we should not shrink from
pointing out sensible usages of the tools that we provide in our standard.
If a tool is provided for an intended purpose, then one should say so.
(Continue reading)

Charles Lindsey | 1 Oct 15:34 1998
Picon
Picon

Re: Permanent Articles - second DRAFT

In <199809261529.IAA16879 <at> soprano.clari.net> Buddha Buck <bmbuck <at> acsu.buffalo.edu> writes:

>Charles Lindsey said:
>> In <199809241407.HAA20962 <at> soprano.clari.net> Buddha Buck <bmbuck <at> acsu.buffalo.edu> writes:
>> 
>For some things, there should be only one.  For right now, I see that 
>more as the exception than the rule anyway.  The most common use of 
>named/permanant/tagged/clustered articles that I see right now are as a 
>different way of managing the current periodic postings.  Certain 
>policy documents, machine-readable keys, and charters are the main 
>things right now that should be limited to one.

Absolutely so. Now if you could only persuade Brad to believe that ...

>I do feel that for any document to be only one "official" version, it 
>needs some sort of tag as official that makes it easy to retrieve.  I 
>also feel that there should be a pre-defined set of "official" 
>documents, since if it is important enough to make unique, it should be 
>important enough to code into reading agents to pull up upon demand.

No, I don't think you can have a pre-defined set. We cannot foresee now
what applications people will find for this new feature. The most we can
do is provide an initial list (FAQ, Charter, Welcome, ...) of ones that
seem to be needed _now_.

>One side effect of the use of the "permanant ID" is that it provides us 
>with a way of ensuring uniqueness and accessibility.  We can easily say 
>"The permanant ID charter <at> <newsgroup> is reserved for the official 
>charter of the newsgroup <newsgroup>, if there is one", and similarly 
>list all the other "official"/unique permanant articles.
(Continue reading)

Charles Lindsey | 1 Oct 16:06 1998
Picon
Picon

Re: Identification of moderators via challenge/response

In <ylr9wwyjhv.fsf <at> windlord.stanford.edu> Russ Allbery <rra <at> stanford.edu> writes:

>Cancel locks are designed to determine if the author of a second message
>is the same as the author of a first message, yes?  So suppose a newsgroup
>moderator posted a message with something that was equivalent to a cancel
>lock, probably as a named article, and then in every subsequent message to
>the group included a header that contained the equivalent of the cancel
>key for that lock.

What you are proposing (ignoring the fact that is has now been shown to be
flawed) is really no different from having the moderator post his public
key (perhaps in a named article as you say) and then signing all his
articles with it.

The flaw is that it is like a flip flop. There are two stable states. In
one, the true moderator gets in first and posts his public key (and
servers detect it and store it, presumably), and then he signs his
articles with it (and also future copies of his public key when he
repoosts it) and thus the world sees a consistent view of the group.

The other state is where the Bad Guy gets in first with his bogus public
key, which he reinforces by signing large numbers of articles with it (and
being the Bad Guy, he is allowed to generate zillions of nonsense articles
if that improves his rating).

The real question is whether that Bad Guy, arriving late in the group, can
somehow trigger the flip flop into the opposite state. That question needs
careful looking at. Remember, again, that the Bad Guy is in a position to
flood the group with bogus articles and public keys, in a manner than no
honest guy could ever get away with.
(Continue reading)

Charles Lindsey | 1 Oct 13:28 1998
Picon
Picon

Re: Permanent Articles - second DRAFT

In <19980925170854.29980 <at> main.templetons.com> Brad Templeton <brad <at> templetons.com> writes:

>On Fri, Sep 25, 1998 at 01:17:38PM +0000, Charles Lindsey wrote:

>> >You are supposing scanning the entire overview just to get an article?
>> >Most were proposing at least a special overview only of the named articles,
>> >but that's a server change.
>> 
>> You are deliberately misrepresenting what has been proposed. It has been
>> explained several time to you that this is not so.

>You are suggesting that to fetch a named article, I read the *whole*
>group overview?  I have DSL, and that still takes 10 to 20 seconds on
>many newsgroups!   I think it is a must, if one is to use the overview,
>that one be able to get the overview of only the named articles.

You never learn! I said you were deliberately misrepresenting what I had
proposed, and all you can do is to repeat the libel. Why not go and read
it instead, and come back when you understand it.

I DO NOT PROPOSE THAT YOU SHOULD READ THE WHOLE OVERVIEW.

If you want to find out about all the named artuicle in the group, you ask
for 'OVER PERM'. That gives you maybe a couple of dozen entries. If you
want to see just the "Welcome" message for the group, then you ask for
'OVER PERM Welcome' and it gives you one line. If you want something in
between, you specify it with a wildmat. In no case is the complete
overview file downloaded.

If you are worried about the time taken in the _Server_ to scan the
(Continue reading)

Charles Lindsey | 1 Oct 15:56 1998
Picon
Picon

Re: So what do you want to use named articles for?

In <19980925102327.16708 <at> main.templetons.com> Brad Templeton <brad <at> templetons.com> writes:

>Would those who disagree that the most useful attributes of named
>articles would be their ability to be out of band, and storable, updatable
>and fetchable by name, please put forward the expected common uses
>they think named articles would be commonly put, and how they might
>want to implement around them?

Well that is a loaded question if ever I saw one.

You are continuing to assume, in spite of all the people telling you to
the contrary, that named articles should be out of band. I reject that
idea totally.

There are innumerable things that could be done with "named" articles
(except that the term "named" is itself a misnomer). Charters, Welcome
messages, FAQs, other regular postings (Tale's newgroup creation
guidelines, all the things in news.announce.newusers), policies, digital
certificates. Some of these things are associated with individual
newsgroups, some with whole hierarchies (and some in between). Some of
them will be "one-off" per group, or per hierarchy. Some will be many-off.
Some will be restriced to posting by specially authorized individuals.
Some will be generable by anybody. All of them will be readable by
existing software in the same way as present FAQs (but hopefully we can
arrange that they do not need to be posted so frequently).

>Whether you agree with me or not, I'm the one who proposed these things
>and what might be done with them, 

Yes, it was you who proposed an interesting idea, and it is you who are
(Continue reading)

Brad Templeton | 1 Oct 21:01 1998
Picon

Re: Identification of moderators via challenge/response

On Thu, Oct 01, 1998 at 02:06:59PM +0000, Charles Lindsey wrote:
> In <ylr9wwyjhv.fsf <at> windlord.stanford.edu> Russ Allbery <rra <at> stanford.edu> writes:
> 
> >Cancel locks are designed to determine if the author of a second message
> >is the same as the author of a first message, yes?  So suppose a newsgroup
> >moderator posted a message with something that was equivalent to a cancel
> >lock, probably as a named article, and then in every subsequent message to
> >the group included a header that contained the equivalent of the cancel
> >key for that lock.

I forgot to mention the other major problem in this system.  It is subject
to man-in-the-middle attacks.

Once the moderator makes a posting using one of the keys the previously
published, they in effect reveal that key.   This allows a man-in-the-middle
to discard the article the moderator posted, and replace it with soemthing
else, now that they know the unlocking key.

As noted, on USENET, a "man in the middle" can be somebody with a program
running on the moderator's ISP or other close site, who then quickly
logs into other ISPs and injects their own artice once they find out the
key.  They don't have to be a site owner.

The cancel lock is of course "subject" to this attack in that posting the
cancel reveals the key.  But there is no harm, because all you can do with
the key is cancel the article, and the author wanted that in the first
place.

Brad Templeton | 1 Oct 20:58 1998
Picon

Re: Permanent Articles - second DRAFT

On Thu, Oct 01, 1998 at 01:34:52PM +0000, Charles Lindsey wrote:
> In <199809261529.IAA16879 <at> soprano.clari.net> Buddha Buck <bmbuck <at> acsu.buffalo.edu> writes:
> 
> >Charles Lindsey said:
> >For some things, there should be only one.  For right now, I see that 
> >more as the exception than the rule anyway.  The most common use of 
> >named/permanant/tagged/clustered articles that I see right now are as a 
> >different way of managing the current periodic postings.  Certain 
> >policy documents, machine-readable keys, and charters are the main 
> >things right now that should be limited to one.
> 
> Absolutely so. Now if you could only persuade Brad to believe that ...

I have not made predictions about what are posted, I have made predictions
about what gets used.  For example, the one-line newsgroup description,
which is currently fetched with a custom NNTP command for presentation
to the user, is fetched far more frequently than any periodic posting.
There are newsreaders that fetch it with every entry to the group, and
certainly with every posting.  The newsgroup type is fetched with every
read as well.  These are small bits of data.   I have proposed a newsgroup
specific databse of information which includes many things, including
possibly the regular postings to the group.

And I predict that among the types of information in this body, the most
commonly *fetched* -- NOT the most commonly posted -- will be the ones
referred to by name, of which there will commonly be only one.

However, I have never disputed there will be both.  The overview will of
course exist and should be made efficient.  I don't suggest denying you
any feature you think is useful.
(Continue reading)

Brad Templeton | 1 Oct 21:04 1998
Picon

Re: Permanent Articles - second DRAFT

On Thu, Oct 01, 1998 at 11:28:43AM +0000, Charles Lindsey wrote:
> In <19980925170854.29980 <at> main.templetons.com> Brad Templeton <brad <at> templetons.com> writes:
> 
> >On Fri, Sep 25, 1998 at 01:17:38PM +0000, Charles Lindsey wrote:
> 
> >> >You are supposing scanning the entire overview just to get an article?
> >> >Most were proposing at least a special overview only of the named articles,
	^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
> >> >but that's a server change.
> >> 
> >> You are deliberately misrepresenting what has been proposed. It has been
> >> explained several time to you that this is not so.
> 
> >You are suggesting that to fetch a named article, I read the *whole*
> >group overview?  I have DSL, and that still takes 10 to 20 seconds on
> >many newsgroups!   I think it is a must, if one is to use the overview,
> >that one be able to get the overview of only the named articles.
> 
> You never learn! I said you were deliberately misrepresenting what I had
> proposed, and all you can do is to repeat the libel. Why not go and read
> it instead, and come back when you understand it.
> 
> I DO NOT PROPOSE THAT YOU SHOULD READ THE WHOLE OVERVIEW.

As you can see from the very text of mine you included in your article, I
am fully aware of what you then take some time to re-explain.   If you are
going to make these sorts of comments, please at least read the text of
mine you are including before claiming that I have not learned.

You told me that it was not so that there be a special overview of the
(Continue reading)

Brad Templeton | 1 Oct 21:11 1998
Picon

Re: So what do you want to use named articles for?

On Thu, Oct 01, 1998 at 01:56:09PM +0000, Charles Lindsey wrote:
> In <19980925102327.16708 <at> main.templetons.com> Brad Templeton <brad <at> templetons.com> writes:
> You are continuing to assume, in spite of all the people telling you to
> the contrary, that named articles should be out of band. I reject that
> idea totally.

You say they should not be out of band.  I say there need to be facilities
to have them both in-band and out of band -- for all users.   I say
allow it both ways, you are set on only the way you prefer.

I do not think there is wide disagreement with allowing both to be possible,
at the choice of the poster.   (While readers who wish to notice updates can
still do so if they have software that does this.)

If there is wide disagreement with that, then let those who feel it come
forward.

> Yes, it was you who proposed an interesting idea, and it is you who are
> resisting all attempts to expand it into something truly useful.

Tell me one feature of your proposal that is not implementable with the
much simpler system I have outlined?   Other than forbidding authors who
wish to post updates without them being visible to users of old readers,
which I hardly consider a feature.

Tell me ONE feature.

> 
> Your proposed uses are of value (though some of them are oversold). But
> they are not the only uses, nor even the main ones as it is turning out.
(Continue reading)

Dave Barr | 1 Oct 22:55 1998
Picon

Re: Permanent Articles - second DRAFT

No, he doesn't have to apologize.  You did the same thing to me several
times.

You keep saying, and I quote below -- vvvvvvvv

(I won't trim anything from your article just to prove your point.)

Brad Templeton wrote:
> 
> On Thu, Oct 01, 1998 at 11:28:43AM +0000, Charles Lindsey wrote:
> > In <19980925170854.29980 <at> main.templetons.com> Brad Templeton <brad <at> templetons.com> writes:
> >
> > >On Fri, Sep 25, 1998 at 01:17:38PM +0000, Charles Lindsey wrote:
> >
> > >> >You are supposing scanning the entire overview just to get an article?
> > >> >Most were proposing at least a special overview only of the named articles,
>         ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
> > >> >but that's a server change.
> > >>
> > >> You are deliberately misrepresenting what has been proposed. It has been
> > >> explained several time to you that this is not so.
> >
> > >You are suggesting that to fetch a named article, I read the *whole*
                                                      
^^^^^^^^^^^^^^^^^^
> > >group overview?  I have DSL, and that still takes 10 to 20 seconds on
     ^^^^^^^^^^^^^^

You keep maintaining that you need to download the entire overview.

(Continue reading)


Gmane