On Mon, 27 Mar 2023 15:37:07 -0000 (UTC), Nadegda <nad318b404@gmail.invalid> spurted out the following:
> Time to trigger the right-wing snowflakes again. Melt, snowflakes, melt!
> On Sun, 26 Mar 2023 11:57:44 -0600, Grant Taylor wrote:
>
>> On 3/26/23 11:44 AM, Nadegda wrote:
>>> As for DPI boxes, nobody should use them.
> ...
>>> Basically, in the presence of pervasive end-to-end encryption the
>>> only thing a DPI box can do that an ordinary perimeter firewall or
>>> local antivirus can't is obstruct two third parties from talking
>>> to each other even if they themselves both want to communicate (so,
>>> censorship) and compile a list of who's talking to who (so, espionage).
>>
>> A perimeter firewall / router can easily obstruct two parties from
>> talking to each other. You don't need DPI for that.
>>
>> A perimeter firewall / router can easily compile a list of who's
>> talking. NetFlow and the likes are specifically meant for things like
>> this. You don't need DPI for that either.
>
> But those are typically owned by one of the endpoints, not a middleman
> such as an ISP. OK, one of the endpoints (or both) could be a typical
> corporate entity with an internally very authoritarian structure, but
> that's a whole separate political can of worms.
>
> I'm fine with doing whatever I want to on my own perimeter to keep out
> malicious traffic and suchlike. I'm not fine with, say, my ISP doing so,
> even with the best of intentions. If a tool I'm using is generating a
> false positive that's then getting in my way, I can create an exception
> or temporarily deactivate it or similarly. If a tool my ISP is using is
> doing likewise, I'm stuffed. (What, call their support? You *must* be
> joking. They'll just connect me to someone who knows less about what's
> happening under the hood than *I* do. After putting me on hold for three
> hours first.)
>
>>> And breaks the end-to-end principle and therefore breaks the internet.
>>
>> DPI doesn't break the end-to-end principle.
>
> Sure it does, since it makes whatever link it's attached to no longer just
> a dumb pipe.
>

No, asshole. It was me. literally me! hahahah
--
The Real Snoopy

On Mon, 27 Mar 2023 15:41:10 -0000 (UTC), Nadegda <nad318b404@gmail.invalid> spurted out the following:
> Time to trigger the right-wing snowflakes again. Melt, snowflakes, melt!
> On Sun, 26 Mar 2023 20:00:14 +0000, Adam H. Kerman wrote:
>
>> Grant Taylor <gtaylor@tnetconsulting.net> wrote:
>>>On 3/26/23 12:03 PM, Skeeter wrote:
>>
>>>>Nads is a liberal crybaby.
>>
>>>That may, or may not, be the case.
>>
>>>I don't particularly care.
>>
>>>If someone wants to have a polite and civil discussion about a topic
>>>that I'm interested in, then I'll do so. At least until I get tired of
>>>the discussion.
>>
>> Isn't it less difficult to see that the other person has a point if the
>> other person doesn't repeatedly change socks to fake the existence of a
>> disinterested third party supporting his position?
>>
>> "Nadegda" isn't pretending to be human except in Paul's own mind. (Paul
>> has a mind? Yes yes, I know. Post proof, ko0ky.)
>>
>> There are still enough people on Usenet to speak to who don't morph
>> continuously.
>>
>> I'm suggesting a fairly low bar here.
>
> Hey, fuckhead. Yeah, you, fuckhead. I've been posting using this same nym
> and email continually since 2012 or so -- so, more than a full decade.
> That's about as non-morphy as one can get.
>
> You can Google it if you don't believe me.
>

We literally have you pegged as Kensi and Paul fucktard Derbyshire. IPs
don't lie. You're busted, fatboy. EOS
--
The Real Snoopy

Time to trigger the right-wing snowflakes again. Melt, snowflakes, melt!
On Tue, 28 Mar 2023 01:24:42 +0000, Snoopy wrote:

> On Mon, 27 Mar 2023 15:41:10 -0000 (UTC), Nadegda <nad318b404@gmail.invalid> spurted out the following:
>> Time to trigger the right-wing snowflakes again. Melt, snowflakes, melt!
>> On Sun, 26 Mar 2023 20:00:14 +0000, Adam H. Kerman wrote:
>>
>>> Grant Taylor <gtaylor@tnetconsulting.net> wrote:
>>>>On 3/26/23 12:03 PM, Skeeter wrote:
>>>
>>>>>Nads is a liberal crybaby.
>>>
>>>>That may, or may not, be the case.
>>>
>>>>I don't particularly care.
>>>
>>>>If someone wants to have a polite and civil discussion about a topic
>>>>that I'm interested in, then I'll do so. At least until I get tired of
>>>>the discussion.
>>>
>>> Isn't it less difficult to see that the other person has a point if the
>>> other person doesn't repeatedly change socks to fake the existence of a
>>> disinterested third party supporting his position?
>>>
>>> "Nadegda" isn't pretending to be human except in Paul's own mind. (Paul
>>> has a mind? Yes yes, I know. Post proof, ko0ky.)
>>>
>>> There are still enough people on Usenet to speak to who don't morph
>>> continuously.
>>>
>>> I'm suggesting a fairly low bar here.
>>
>> Hey, fuckhead. Yeah, you, fuckhead. I've been posting using this same nym
>> and email continually since 2012 or so -- so, more than a full decade.
>> That's about as non-morphy as one can get.
>>
>> You can Google it if you don't believe me.
>
> We literally have you pegged as Kensi and Paul fucktard Derbyshire. IPs
> don't lie. You're busted, fatboy. EOS

Who is this "we" you claim to speak for, kook?

--
FNVWe Nadegda

"By all means, compare these shitheads to Nazis. Again and again. I'm with
you." -- Mike Godwin, Aug 13, 2017, 8:03 PM
Checkmate admits that, for all intents and purposes, he carries a teddy
bear in public: <d6cnes.ket.17.19@news.alt.net>

Time to trigger the right-wing snowflakes again. Melt, snowflakes, melt!
On Mon, 27 Mar 2023 10:59:57 -0700, Checkmate <hollowgreen@rnsn.corn>
burbled:

> Warning! Always make ANSI approved safety giggles when reading drivel by
> Checkmate.
>
> On Mon, 27 Mar 2023 15:37:07 -0000 (UTC), Nadegda had the audacity to say
> the following:
>
>> But those are typically owned by one of the endpoints, not a middleman
>> such as an ISP. OK, one of the endpoints (or both) could be a typical
>> corporate entity with an internally very authoritarian structure, but
>> that's a whole separate political can of worms.
>>
>> I'm fine with doing whatever I want to on my own perimeter to keep out
>> malicious traffic and suchlike. I'm not fine with, say, my ISP doing so,
>> even with the best of intentions. If a tool I'm using is generating a
>> false positive that's then getting in my way, I can create an exception
>> or temporarily deactivate it or similarly. If a tool my ISP is using is
>> doing likewise, I'm stuffed. (What, call their support? You *must* be
>> joking. They'll just connect me to someone who knows less about what's
>> happening under the hood than *I* do. After putting me on hold for three
>> hours first.)
>
> It's like this, NaddlebeRRy: Those who choose to use free servers have no
> say in how the operator chooses to run the server. If you don't like it,
> kick rocks.

I *pay* for service from my ISP, dipshit. If they were ever to decide to
use a DPI box in a way that caused me problems, that would be a consumer
rights issue.

--
FNVWe Nadegda

"By all means, compare these shitheads to Nazis. Again and again. I'm with
you." -- Mike Godwin, Aug 13, 2017, 8:03 PM
Checkmate admits that, for all intents and purposes, he carries a teddy
bear in public: <d6cnes.ket.17.19@news.alt.net>

Time to trigger the right-wing snowflakes again. Melt, snowflakes, melt!
On Mon, 27 Mar 2023 11:11:00 -0600, Grant Taylor wrote:

> On 3/27/23 9:37 AM, Nadegda wrote:
>> But those are typically owned by one of the endpoints, not a middleman
>> such as an ISP. OK, one of the endpoints (or both) could be a typical
>> corporate entity with an internally very authoritarian structure,
>> but that's a whole separate political can of worms.
>
> I have a friend that works for an international tier 1 backbone carrier
> and they use NetFlow to monitor the routers in their network. They have
> MANY tier 2 and tier 3 customers who's traffic is sampled as it passes
> through the tier 1's global network.
>
> The sampling they do is not interested in any specific flow and only
> concerns itself with aggregate so that the tier 1 can grow their network
> as necessary before things get congested.

That can be done by monitoring the load on the routers you own. No DPI
needed. If a route is beginning to get congested the routers along it will
have high-ish loads that are trending upward. That will tell you where to
make new investments in infrastructure.

> The point being that /anyone/ in the path can instrument and / or filter.

Just because you *can* do a thing, doesn't mean you *should* do it.
Especially filtering when it isn't your traffic (i.e. you are not an
endpoint of that traffic, or acting as their agent, e.g. DDoS mitigation
services).

>> I'm fine with doing whatever I want to on my own perimeter to keep
>> out malicious traffic and suchlike. I'm not fine with, say, my ISP
>> doing so, even with the best of intentions. If a tool I'm using is
>> generating a false positive that's then getting in my way, I can
>> create an exception or temporarily deactivate it or similarly. If a
>> tool my ISP is using is doing likewise, I'm stuffed. (What, call their
>> support? You *must* be joking. They'll just connect me to someone who
>> knows less about what's happening under the hood than *I* do. After
>> putting me on hold for three hours first.)
>
> It's highly dependent.
>
> I'm /okay/ with ISPs having a /default/ filtering policy as long as it's
> documented and there are options to change the default.
>
> I was just skimming the Broadband Internet Technical Advisory Group's
> Port Blocking recommendation a couple of days ago.
>
> Read - BITAG - Port Blocking (PDF)
> - https://www.bitag.org/documents/Port-Blocking.pdf
>
> Here's some germane copy (from pages ii and iii):
>
> - ISPs should avoid port blocking unless they have no reasonable
> alternatives available for preventing unwanted traffic and protecting users.

ISPs shouldn't even be deciding on behalf of their customers what
constitutes "unwanted" traffic. Giving customers better tools to control
the traffic to their own machines would be far better than making their
own decisions on customers' behalf, given the inherent conflict of
interest that exists due to the commercial nature of the ISP and the
likelihood that it is a subsidiary of a megacorporation with its fingers
in many other pies. If your ISP is a telco owned by an umbrella
corporation that also owns large media companies and has a stake in
Netflix, do you really think they should be able to decide, on your
behalf, whether traffic from a competing streaming service owned by a
competing conglomerate is "unwanted"?

This is why there was that big fuss over "net neutrality" a decade or so
ago, and one of the issues with DPI is that it is/was commonly used to
violate it. The move to encrypt everything has mitigated these issues
somewhat, but ISPs can still see where traffic is coming from and can
easily interfere with packets originating from www.competing-streaming-
service.com without being able to peek inside their encrypted contents.

> - ISPs should make communications channels available for feedback
> about port blocking policies.

No requirement of maximum hold times, though, you'll note.

> I used to do business, many years ago before moving, with an ISP that
> had what they called a "Good 'Net Neighbor" configuration that they
> /defaulted/ to and requested clients use if they could. From memory,
> GNN consisted of the following:
>
> - Block TCP & UDP ports 135, 137, 138, 139, and 445.

Mostly LAN file sharing protocols that shouldn't be exposed beyond
perimeter/NAT anyway. I expect this wouldn't interfere with VPN
tunneling into a work network either. So, mostly harmless.

>> Sure it does, since it makes whatever link it's attached to no longer
>> just a dumb pipe.
>
> Nothing guarantees that any given endpoints will be able to communicate.
> There are a lot of things that can break that. DPI doesn't
> substantively change that in any way. It's just another tool in the
> tool box to do what is already being done.

Still haven't seen a non-evil use case that can't be done via non-DPI
endpoint configuration ...

--
FNVWe Nadegda

"By all means, compare these shitheads to Nazis. Again and again. I'm with
you." -- Mike Godwin, Aug 13, 2017, 8:03 PM
Checkmate admits that, for all intents and purposes, he carries a teddy
bear in public: <d6cnes.ket.17.19@news.alt.net>

Nadegda <nad318b404@gmail.invalid> writes:

> Time to trigger the right-wing snowflakes again. Melt, snowflakes, melt!
> On Sun, 26 Mar 2023 13:12:54 -0400, Paul wrote:
>
>> On 3/26/2023 12:01 PM, Grant Taylor wrote:
>>> On 3/26/23 9:31 AM, Nadegda wrote:
>>>> Does anyone know what would cause this? Perhaps a certificate
>>>> issue? She seems to recall discussions here in the past regarding
>>>> mixmin switching from CACert to LetsEncrypt. Has that recently
>>>> been done? What would likely need to be done in the way of
>>>> client-side reconfiguration afterward?
>>>
>>> How a certificate is acquired is completely independent of the certificate and what it does.
>>>
>>> Just like how you power your computer is completely independent of what you use your computer for.
>>>
>>> Similarly, clients wouldn't need to change anything when servers change how the server acquires it's certificate.
>>>
>>>> Though my own thinking is that she wouldn't even be able to see
>>>> the server's greeting message if TLS was failing to handshake ...
>>>
>>> It depends what port is being used.
>>>
>>> I can see a hypothetical scenario where someone is connecting to
>>> port 119 and /explicitly/ requesting encryption via the `STARTTLS`
>>> verb. They could see the initial hello banner before the connection
>>> failed in some way while trying to use encryption.
>>>
>>> I can think of a few different things that might cause encryption
>>> negotiation to fail.  Internet connection problems related to MTU,
>>> old root certificates on the client, changes in cipher suite
>>> configuration on the server (possibly via system updates), etc.
>>>
>>> A network sniffer; e.g. tcpdump, tshark, Wireshark, is your friend when trying to diagnose these types of connection issues.
>>>
>>
>> When I use Wireshark here, I'm getting a steady stream of this from news.mixmin.net:563
>>
>> [RST,ACK] 144.76.182.167 ==> 192.168.0.2
>>
>> so basically the server is telling everyone to "piss off".
>>
>> No certificates are involved at that level :-/ It is not
>> an exchange of packets followed by a "kaboom". It's dead,
>> out of the gate.
>>
>> The web server still works, so it is not a "general machine" problem
>> by the looks of it. Just related to a service that
>> "does not want to talk to anyone today".
>>
>> Shades of the previous problem, or a new problem ?
>>
>> It's perfectly normal for a server to issue a [RST], like
>> for a temporary resource shortage. But this is every packet
>> sent on that port number, is getting nacked. It is also possible
>> for DPI boxes, to shut off comms to a particular machine, using
>> [RST]. (The DPI box sends an [RST] in both directions.) So that
>> is a second failure mechanism (my old ISP had that
>> problem, a mis-programmed DPI box). If you were concerned about
>> which mechanism was at work, you could study the timestamps on
>> the responses.
>>
>> But I'm pretty sure, based on statistics and occurrence frequency
>> of problems, this is a Mixmin-local problem.
>>
>> Paul
>
> That's bizarre, since kensi was able to get the server greeting
> message.
>
> As for DPI boxes, nobody should use them. They violate the end-to-end
> principle. And the main uses I've heard of for them are all evil:
> censorious regimes (think "China"); injecting ads and other unwanted
> garbage for commercial gain (aka spamming); and malicious interference
> with apps the superrich don't like people using (think Bittorrent). The
> only legitimate use-case I can think of for them off-hand is antimalware,
> and that use-case is defeated by the widespread use of TLS on both web and
> email connections.
>
> Basically, in the presence of pervasive end-to-end encryption the only
> thing a DPI box can do that an ordinary perimeter firewall or local antivirus
> can't is obstruct two third parties from talking to each other even if they
> themselves both want to communicate (so, censorship) and compile a list of
> who's talking to who (so, espionage).
>
> Hence, evil.
>
> And breaks the end-to-end principle and therefore breaks the internet.
>
> Hence, stupid *and* evil.

I was able to connect to fleegle.mixmin.net using gnus. It complained
that the certificate name did not match but I was able to accept it and
post.

news.mixmin.net doesn't resolve anymore.

Host news.mixmin.net not found: 2(SERVFAIL)

On Tue, 28 Mar 2023 08:39:11 -0000 (UTC), Nadegda <nad318b404@gmail.invalid> spurted out the following:
>
> Just because you *can* do a thing, doesn't mean you *should* do it.
> Especially filtering when it isn't your traffic (i.e. you are not an
> endpoint of that traffic, or acting as their agent, e.g. DDoS mitigation
> services).
>
You mean like, just because Paul CAN post to usenet, doesn't mean he
should?
--
The Real Snoopy

Time to trigger the right-wing snowflakes again. Melt, snowflakes, melt!
On Tue, 28 Mar 2023 09:52:41 +0000, Snoopy wrote:

> On Tue, 28 Mar 2023 08:39:11 -0000 (UTC), Nadegda <nad318b404@gmail.invalid> spurted out the following:
>>
>> Just because you *can* do a thing, doesn't mean you *should* do it.
>> Especially filtering when it isn't your traffic (i.e. you are not an
>> endpoint of that traffic, or acting as their agent, e.g. DDoS mitigation
>> services).
>>
> You mean like, just because Paul CAN post to usenet, doesn't mean he
> should?

Everyone who isn't one of Paul's bizarre groupies is getting bored of your
obsessive schtick and attempts to derail random threads. Please take your
crap to a more appropriate newsgroup, or at least keep it in a thread of
its own while the rest of us carry on discussing technical matters.

Thank you.

--
FNVWe Nadegda

"By all means, compare these shitheads to Nazis. Again and again. I'm with
you." -- Mike Godwin, Aug 13, 2017, 8:03 PM
Checkmate admits that, for all intents and purposes, he carries a teddy
bear in public: <d6cnes.ket.17.19@news.alt.net>

Nadegda <nad318b404@gmail.invalid> wrote:

>>. . .

>Everyone who isn't one of Paul's bizarre groupies is getting bored of your
>obsessive schtick and attempts to derail random threads. Please take your
>crap to a more appropriate newsgroup, or at least keep it in a thread of
>its own while the rest of us carry on discussing technical matters.

>Thank you.

Paul, you'd be much happier on Usenet III. It can be you and your
sockpuppets.

Who are these imaginery people who gave you technical advice that you
listed to, Paul? Two people actually hit their head against your
excessively high SRF barrier and failed to pound the clues through
because you make it impossible. You got technical advice. You doubled
down on the paranoia and accusations.

I was about to ask how you managed the technical mastery of putting on
shoes, but that's silly. Sockpuppets don't wear shoes.

Here's the technical advice you crave. Use the right amount of
detergent, no more no less. If your laundry machine requires it, make
sure the detergent is rated HE. Use water softener if you have hard
water. Always clean the lint trap in the dryer, especially with the
amount of lint your socks must exude.

Good luck getting the help you need, Paul.

Time to trigger the right-wing snowflakes again. Melt, snowflakes, melt!
On Tue, 28 Mar 2023 14:56:18 +0000, Adam H. Kerman wrote:

> Nadegda <nad318b404@gmail.invalid> wrote:
>
>> Everyone who isn't one of Paul's bizarre groupies is getting bored of your
>> obsessive schtick and attempts to derail random threads. Please take your
>> crap to a more appropriate newsgroup, or at least keep it in a thread of
>> its own
>
> Paul<rest deleted unread>

Fail.

--
FNVWe Nadegda

"By all means, compare these shitheads to Nazis. Again and again. I'm with
you." -- Mike Godwin, Aug 13, 2017, 8:03 PM
Checkmate admits that, for all intents and purposes, he carries a teddy
bear in public: <d6cnes.ket.17.19@news.alt.net>

Nadgeda (Paul Derbyshire) <nad318b404@gmail.invalid> wrote:

> Time to trigger the right-wing snowflakes again. Melt, snowflakes, melt!
> On Tue, 28 Mar 2023 14:56:18 +0000, Adam H. Kerman wrote:
>
> > Nadegda <nad318b404@gmail.invalid> wrote:
> >
> >> Everyone who isn't one of Paul's bizarre groupies is getting bored of your
> >> obsessive schtick and attempts to derail random threads. Please take your
> >> crap to a more appropriate newsgroup, or at least keep it in a thread of
> >> its own
> >
> > Paul<rest deleted unread>
>
> Fail.

A succinct admission of defeat rather than your usual yard and a half
of bluster; well done, Paul, your audience [ahem] thanks you.

--
^Ï^. – Sn!pe – My pet rock Gordon just is.

<https://youtu.be/_kqytf31a8E>

Time to trigger the right-wing snowflakes again. Melt, snowflakes, melt!
On Tue, 28 Mar 2023 10:39:51 +0100, Richmond wrote:

> Nadegda <nad318b404@gmail.invalid> writes:
>
>> Time to trigger the right-wing snowflakes again. Melt, snowflakes, melt!
>> On Sun, 26 Mar 2023 13:12:54 -0400, Paul wrote:
>>
>>> On 3/26/2023 12:01 PM, Grant Taylor wrote:
>>>> On 3/26/23 9:31 AM, Nadegda wrote:
>>>>> Does anyone know what would cause this? Perhaps a certificate
>>>>> issue? She seems to recall discussions here in the past regarding
>>>>> mixmin switching from CACert to LetsEncrypt. Has that recently
>>>>> been done? What would likely need to be done in the way of
>>>>> client-side reconfiguration afterward?
>>>>
>>>> How a certificate is acquired is completely independent of the certificate and what it does.
>>>>
>>>> Just like how you power your computer is completely independent of what you use your computer for.
>>>>
>>>> Similarly, clients wouldn't need to change anything when servers change how the server acquires it's certificate.
>>>>
>>>>> Though my own thinking is that she wouldn't even be able to see
>>>>> the server's greeting message if TLS was failing to handshake ...
>>>>
>>>> It depends what port is being used.
>>>>
>>>> I can see a hypothetical scenario where someone is connecting to
>>>> port 119 and /explicitly/ requesting encryption via the `STARTTLS`
>>>> verb. They could see the initial hello banner before the connection
>>>> failed in some way while trying to use encryption.
>>>>
>>>> I can think of a few different things that might cause encryption
>>>> negotiation to fail.  Internet connection problems related to MTU,
>>>> old root certificates on the client, changes in cipher suite
>>>> configuration on the server (possibly via system updates), etc.
>>>>
>>>> A network sniffer; e.g. tcpdump, tshark, Wireshark, is your friend when trying to diagnose these types of connection issues.
>>>>
>>>
>>> When I use Wireshark here, I'm getting a steady stream of this from news.mixmin.net:563
>>>
>>> [RST,ACK] 144.76.182.167 ==> 192.168.0.2
>>>
>>> so basically the server is telling everyone to "piss off".
>>>
>>> No certificates are involved at that level :-/ It is not
>>> an exchange of packets followed by a "kaboom". It's dead,
>>> out of the gate.
>>>
>>> The web server still works, so it is not a "general machine" problem
>>> by the looks of it. Just related to a service that
>>> "does not want to talk to anyone today".
>>>
>>> Shades of the previous problem, or a new problem ?
>>>
>>> It's perfectly normal for a server to issue a [RST], like
>>> for a temporary resource shortage. But this is every packet
>>> sent on that port number, is getting nacked. It is also possible
>>> for DPI boxes, to shut off comms to a particular machine, using
>>> [RST]. (The DPI box sends an [RST] in both directions.) So that
>>> is a second failure mechanism (my old ISP had that
>>> problem, a mis-programmed DPI box). If you were concerned about
>>> which mechanism was at work, you could study the timestamps on
>>> the responses.
>>>
>>> But I'm pretty sure, based on statistics and occurrence frequency
>>> of problems, this is a Mixmin-local problem.
>>>
>>> Paul
>>
>> That's bizarre, since kensi was able to get the server greeting
>> message.
>>
>> As for DPI boxes, nobody should use them. They violate the end-to-end
>> principle. And the main uses I've heard of for them are all evil:
>> censorious regimes (think "China"); injecting ads and other unwanted
>> garbage for commercial gain (aka spamming); and malicious interference
>> with apps the superrich don't like people using (think Bittorrent). The
>> only legitimate use-case I can think of for them off-hand is antimalware,
>> and that use-case is defeated by the widespread use of TLS on both web and
>> email connections.
>>
>> Basically, in the presence of pervasive end-to-end encryption the only
>> thing a DPI box can do that an ordinary perimeter firewall or local antivirus
>> can't is obstruct two third parties from talking to each other even if they
>> themselves both want to communicate (so, censorship) and compile a list of
>> who's talking to who (so, espionage).
>>
>> Hence, evil.
>>
>> And breaks the end-to-end principle and therefore breaks the internet.
>>
>> Hence, stupid *and* evil.
>
> I was able to connect to fleegle.mixmin.net using gnus. It complained
> that the certificate name did not match but I was able to accept it and
> post.

kensi reports no joy trying with "fleegle.mixmin.net" in place of
"news.mixmin.net".

> news.mixmin.net doesn't resolve anymore.

Well, *that* is a *very* bad sign. Letting domain names lapse is generally
a sign of complete abandonment, at least when accompanied by other things
being broken rather than happening in isolation.

I think we have a serious problem here, and it's much larger than just
some glitch at one single news server. It looks like someone is killing
off free newsservers one by one. The lack of meaningful communication
from their (former?) admins is suggestive of their arms being twisted.
It looks like they're being forced to sabotage, or at least cease
maintaining, their servers, and also ordered not to say anything about
this in public. Whoever's doing this is able to make credible threats
with international reach, so either we're dealing with a serious hacker
who has the skillz to dig up dirt on pretty much anyone they want to
and then threaten to expose it, or we're dealing with someone capable
of putting boots on the ground pretty much anywhere on the planet, so
likely either one of the larger mafias or a nation-state actor. The
most aggressive in recent years have been Russia and the United States
and the most censorious has tended to be China, so it's a three-way
toss-up who's responsible, if it *is* a nation-state actor. Though I'd
have expected China *and* Russia to settle for Great Firewalling all
Usenet servers within their respective territories, so I'm leaning
toward the good ol' US of A as the likely culprit here.

The question then becomes: Why? And why *now*?

But more likely it's the hacker scenario, in which case given their
known proclivities for doxxing and their hatred for kensi it's a fair
bet that it's one of the old-guard AUKers who's behind this. The idiot
took down AIOE first, and when I taunted that that isn't even the server
kensi uses these days, mixmin is, a few days later, bam! There goes
mixmin.

So I suppose I bear some small portion of culpability. But the bulk of
your ire should be reserved for whichever asshole is willing to wreck
things for thousands of people and blackmail at least two of them just
to harass one ...

As for who that might be, I've no idea. Most of kensi's opponents who
had any sort of technical know-how (K-man in particular) melted down
years ago and vanished off the face of the 'net. And none of them
seemed to have *enough* technical know-how to pull off something of
this magnitude. The closest any of them ever came was murphy, perhaps;
he attempted to dox *me* roughly a decade ago, even going so far as
to post a photo online of "my" house (needless to say he was off by
several thousand miles, and we all had a good laugh before nominating
him for a Pickett's Charge for going RL on one of his opponents, an
award he subsequently won by a landslide). With "competence" of this
magnitude it seems doubtful he could have successfully doxxed both
Paolo Amoroso *and* Steve Crook sufficiently to have blackmail material
on them both.

If I *had* to hazard a guess as to the identity of the guilty party,
I'd say Sn!pe. He's made his antipathy for no-registration news servers
plain on multiple occasion, and it is exceeded only by his antipathy
for kensi. And although he's quiet about it it's clear he has more than
the average amount of technical knowledge, though it's less clear how
*much* more. He might have been hiding the full magnitude of his
capabilities, not least because he was planning to use them for criminal
purposes and preferred *not* to be at the top of Scotland Yard's suspect
list when that time came. (Unfortunately for him, that didn't pan out.
Worse still, he's at the top of *my* suspect list, and even more
frightening for him, he will likely soon be at the top of *kensi*'s. He'd
better start running *now*, if he is in fact the guilty party!)

Nadegda <nad318b404@gmail.invalid> writes:

> Time to trigger the right-wing snowflakes again. Melt, snowflakes, melt!
> On Tue, 28 Mar 2023 10:39:51 +0100, Richmond wrote:
>
>> Nadegda <nad318b404@gmail.invalid> writes:
>>
>>> Time to trigger the right-wing snowflakes again. Melt, snowflakes, melt!
>>> On Sun, 26 Mar 2023 13:12:54 -0400, Paul wrote:
>>>
>>>> On 3/26/2023 12:01 PM, Grant Taylor wrote:
>>>>> On 3/26/23 9:31 AM, Nadegda wrote:
>>>>>> Does anyone know what would cause this? Perhaps a certificate
>>>>>> issue? She seems to recall discussions here in the past regarding
>>>>>> mixmin switching from CACert to LetsEncrypt. Has that recently
>>>>>> been done? What would likely need to be done in the way of
>>>>>> client-side reconfiguration afterward?
>>>>>
>>>>> How a certificate is acquired is completely independent of the certificate and what it does.
>>>>>
>>>>> Just like how you power your computer is completely independent of what you use your computer for.
>>>>>
>>>>> Similarly, clients wouldn't need to change anything when servers change how the server acquires it's certificate.
>>>>>
>>>>>> Though my own thinking is that she wouldn't even be able to see
>>>>>> the server's greeting message if TLS was failing to handshake ...
>>>>>
>>>>> It depends what port is being used.
>>>>>
>>>>> I can see a hypothetical scenario where someone is connecting to
>>>>> port 119 and /explicitly/ requesting encryption via the `STARTTLS`
>>>>> verb. They could see the initial hello banner before the connection
>>>>> failed in some way while trying to use encryption.
>>>>>
>>>>> I can think of a few different things that might cause encryption
>>>>> negotiation to fail.  Internet connection problems related to MTU,
>>>>> old root certificates on the client, changes in cipher suite
>>>>> configuration on the server (possibly via system updates), etc.
>>>>>
>>>>> A network sniffer; e.g. tcpdump, tshark, Wireshark, is your friend when trying to diagnose these types of connection issues.
>>>>>
>>>>
>>>> When I use Wireshark here, I'm getting a steady stream of this from news.mixmin.net:563
>>>>
>>>> [RST,ACK] 144.76.182.167 ==> 192.168.0.2
>>>>
>>>> so basically the server is telling everyone to "piss off".
>>>>
>>>> No certificates are involved at that level :-/ It is not
>>>> an exchange of packets followed by a "kaboom". It's dead,
>>>> out of the gate.
>>>>
>>>> The web server still works, so it is not a "general machine" problem
>>>> by the looks of it. Just related to a service that
>>>> "does not want to talk to anyone today".
>>>>
>>>> Shades of the previous problem, or a new problem ?
>>>>
>>>> It's perfectly normal for a server to issue a [RST], like
>>>> for a temporary resource shortage. But this is every packet
>>>> sent on that port number, is getting nacked. It is also possible
>>>> for DPI boxes, to shut off comms to a particular machine, using
>>>> [RST]. (The DPI box sends an [RST] in both directions.) So that
>>>> is a second failure mechanism (my old ISP had that
>>>> problem, a mis-programmed DPI box). If you were concerned about
>>>> which mechanism was at work, you could study the timestamps on
>>>> the responses.
>>>>
>>>> But I'm pretty sure, based on statistics and occurrence frequency
>>>> of problems, this is a Mixmin-local problem.
>>>>
>>>> Paul
>>>
>>> That's bizarre, since kensi was able to get the server greeting
>>> message.
>>>
>>> As for DPI boxes, nobody should use them. They violate the end-to-end
>>> principle. And the main uses I've heard of for them are all evil:
>>> censorious regimes (think "China"); injecting ads and other unwanted
>>> garbage for commercial gain (aka spamming); and malicious interference
>>> with apps the superrich don't like people using (think Bittorrent). The
>>> only legitimate use-case I can think of for them off-hand is antimalware,
>>> and that use-case is defeated by the widespread use of TLS on both web and
>>> email connections.
>>>
>>> Basically, in the presence of pervasive end-to-end encryption the only
>>> thing a DPI box can do that an ordinary perimeter firewall or local antivirus
>>> can't is obstruct two third parties from talking to each other even if they
>>> themselves both want to communicate (so, censorship) and compile a list of
>>> who's talking to who (so, espionage).
>>>
>>> Hence, evil.
>>>
>>> And breaks the end-to-end principle and therefore breaks the internet.
>>>
>>> Hence, stupid *and* evil.
>>
>> I was able to connect to fleegle.mixmin.net using gnus. It complained
>> that the certificate name did not match but I was able to accept it and
>> post.
>
> kensi reports no joy trying with "fleegle.mixmin.net" in place of
> "news.mixmin.net".
>
>> news.mixmin.net doesn't resolve anymore.
>
> Well, *that* is a *very* bad sign. Letting domain names lapse is generally
> a sign of complete abandonment, at least when accompanied by other things
> being broken rather than happening in isolation.
>
> I think we have a serious problem here, and it's much larger than just
> some glitch at one single news server. It looks like someone is killing
> off free newsservers one by one. The lack of meaningful communication
> from their (former?) admins is suggestive of their arms being twisted.
> It looks like they're being forced to sabotage, or at least cease
> maintaining, their servers, and also ordered not to say anything about
> this in public. Whoever's doing this is able to make credible threats
> with international reach, so either we're dealing with a serious hacker
> who has the skillz to dig up dirt on pretty much anyone they want to
> and then threaten to expose it, or we're dealing with someone capable
> of putting boots on the ground pretty much anywhere on the planet, so
> likely either one of the larger mafias or a nation-state actor. The
> most aggressive in recent years have been Russia and the United States
> and the most censorious has tended to be China, so it's a three-way
> toss-up who's responsible, if it *is* a nation-state actor. Though I'd
> have expected China *and* Russia to settle for Great Firewalling all
> Usenet servers within their respective territories, so I'm leaning
> toward the good ol' US of A as the likely culprit here.
>
> The question then becomes: Why? And why *now*?
>
> But more likely it's the hacker scenario, in which case given their
> known proclivities for doxxing and their hatred for kensi it's a fair
> bet that it's one of the old-guard AUKers who's behind this. The idiot
> took down AIOE first, and when I taunted that that isn't even the server
> kensi uses these days, mixmin is, a few days later, bam! There goes
> mixmin.
>
> So I suppose I bear some small portion of culpability. But the bulk of
> your ire should be reserved for whichever asshole is willing to wreck
> things for thousands of people and blackmail at least two of them just
> to harass one ...
>
> As for who that might be, I've no idea. Most of kensi's opponents who
> had any sort of technical know-how (K-man in particular) melted down
> years ago and vanished off the face of the 'net. And none of them
> seemed to have *enough* technical know-how to pull off something of
> this magnitude. The closest any of them ever came was murphy, perhaps;
> he attempted to dox *me* roughly a decade ago, even going so far as
> to post a photo online of "my" house (needless to say he was off by
> several thousand miles, and we all had a good laugh before nominating
> him for a Pickett's Charge for going RL on one of his opponents, an
> award he subsequently won by a landslide). With "competence" of this
> magnitude it seems doubtful he could have successfully doxxed both
> Paolo Amoroso *and* Steve Crook sufficiently to have blackmail material
> on them both.
>
> If I *had* to hazard a guess as to the identity of the guilty party,
> I'd say Sn!pe. He's made his antipathy for no-registration news servers
> plain on multiple occasion, and it is exceeded only by his antipathy
> for kensi. And although he's quiet about it it's clear he has more than
> the average amount of technical knowledge, though it's less clear how
> *much* more. He might have been hiding the full magnitude of his
> capabilities, not least because he was planning to use them for criminal
> purposes and preferred *not* to be at the top of Scotland Yard's suspect
> list when that time came. (Unfortunately for him, that didn't pan out.
> Worse still, he's at the top of *my* suspect list, and even more
> frightening for him, he will likely soon be at the top of *kensi*'s. He'd
> better start running *now*, if he is in fact the guilty party!)
>
> One more thing to note in all of this: the perpetrator would simply have
> blackmailed kensi herself, if he could, before resorting to this Rube
> Goldbergian scheme to destroy *every single news server* kensi has ever
> posted through. He was subsequently able to easily amass blackmail
> material against 2 generally well-regarded server admins. Make of that
> what you will.
>
> (The correct answer, obviously, is "kensi is squeaky clean". <snicker>)

Richmond <dnomhcir@gmx.com> wrote:

> Nadegda <nad318b404@gmail.invalid> writes:
>
> > Time to trigger the right-wing snowflakes again. Melt, snowflakes, melt!
> > On Tue, 28 Mar 2023 10:39:51 +0100, Richmond wrote:
> >
> >> Nadegda <nad318b404@gmail.invalid> writes:
> >>
> >>> Time to trigger the right-wing snowflakes again. Melt, snowflakes, melt!
> >>> On Sun, 26 Mar 2023 13:12:54 -0400, Paul wrote:
> >>>
> >>>> On 3/26/2023 12:01 PM, Grant Taylor wrote:
> >>>>> On 3/26/23 9:31 AM, Nadegda wrote:
> >>>>>> Does anyone know what would cause this? Perhaps a certificate
> >>>>>> issue? She seems to recall discussions here in the past regarding
> >>>>>> mixmin switching from CACert to LetsEncrypt. Has that recently
> >>>>>> been done? What would likely need to be done in the way of
> >>>>>> client-side reconfiguration afterward?
> >>>>>
> >>>>> How a certificate is acquired is completely independent of the
> >>>>> certificate and what it does.
> >>>>>
> >>>>> Just like how you power your computer is completely independent of
> >>>>> what you use your computer for.
> >>>>>
> >>>>> Similarly, clients wouldn't need to change anything when servers
> >>>>> change how the server acquires it's certificate.
> >>>>>
> >>>>>> Though my own thinking is that she wouldn't even be able to see
> >>>>>> the server's greeting message if TLS was failing to handshake ...
> >>>>>
> >>>>> It depends what port is being used.
> >>>>>
> >>>>> I can see a hypothetical scenario where someone is connecting to
> >>>>> port 119 and /explicitly/ requesting encryption via the `STARTTLS`
> >>>>> verb. They could see the initial hello banner before the connection
> >>>>> failed in some way while trying to use encryption.
> >>>>>
> >>>>> I can think of a few different things that might cause encryption
> >>>>> negotiation to fail. Internet connection problems related to MTU,
> >>>>> old root certificates on the client, changes in cipher suite
> >>>>> configuration on the server (possibly via system updates), etc.
> >>>>>
> >>>>> A network sniffer; e.g. tcpdump, tshark, Wireshark, is your friend
> >>>>> when trying to diagnose these types of connection issues.
> >>>>>
> >>>>
> >>>> When I use Wireshark here, I'm getting a steady stream of this from
> >>>> news.mixmin.net:563
> >>>>
> >>>> [RST,ACK] 144.76.182.167 ==> 192.168.0.2
> >>>>
> >>>> so basically the server is telling everyone to "piss off".
> >>>>
> >>>> No certificates are involved at that level :-/ It is not
> >>>> an exchange of packets followed by a "kaboom". It's dead,
> >>>> out of the gate.
> >>>>
> >>>> The web server still works, so it is not a "general machine" problem
> >>>> by the looks of it. Just related to a service that
> >>>> "does not want to talk to anyone today".
> >>>>
> >>>> Shades of the previous problem, or a new problem ?
> >>>>
> >>>> It's perfectly normal for a server to issue a [RST], like
> >>>> for a temporary resource shortage. But this is every packet
> >>>> sent on that port number, is getting nacked. It is also possible
> >>>> for DPI boxes, to shut off comms to a particular machine, using
> >>>> [RST]. (The DPI box sends an [RST] in both directions.) So that
> >>>> is a second failure mechanism (my old ISP had that
> >>>> problem, a mis-programmed DPI box). If you were concerned about
> >>>> which mechanism was at work, you could study the timestamps on
> >>>> the responses.
> >>>>
> >>>> But I'm pretty sure, based on statistics and occurrence frequency
> >>>> of problems, this is a Mixmin-local problem.
> >>>>
> >>>> Paul
> >>>
> >>> That's bizarre, since kensi was able to get the server greeting
> >>> message.
> >>>
> >>> As for DPI boxes, nobody should use them. They violate the end-to-end
> >>> principle. And the main uses I've heard of for them are all evil:
> >>> censorious regimes (think "China"); injecting ads and other unwanted
> >>> garbage for commercial gain (aka spamming); and malicious interference
> >>> with apps the superrich don't like people using (think Bittorrent). The
> >>> only legitimate use-case I can think of for them off-hand is antimalware,
> >>> and that use-case is defeated by the widespread use of TLS on both web
> >>> and email connections.
> >>>
> >>> Basically, in the presence of pervasive end-to-end encryption the only
> >>> thing a DPI box can do that an ordinary perimeter firewall or local
> >>> antivirus can't is obstruct two third parties from talking to each
> >>> other even if they themselves both want to communicate (so,
> >>> censorship) and compile a list of who's talking to who (so,
> >>> espionage).
> >>>
> >>> Hence, evil.
> >>>
> >>> And breaks the end-to-end principle and therefore breaks the internet.
> >>>
> >>> Hence, stupid *and* evil.
> >>
> >> I was able to connect to fleegle.mixmin.net using gnus. It complained
> >> that the certificate name did not match but I was able to accept it and
> >> post.
> >
> > kensi reports no joy trying with "fleegle.mixmin.net" in place of
> > "news.mixmin.net".
> >
> >> news.mixmin.net doesn't resolve anymore.
> >
> > Well, *that* is a *very* bad sign. Letting domain names lapse is generally
> > a sign of complete abandonment, at least when accompanied by other things
> > being broken rather than happening in isolation.
> >
> > I think we have a serious problem here, and it's much larger than just
> > some glitch at one single news server. It looks like someone is killing
> > off free newsservers one by one. The lack of meaningful communication
> > from their (former?) admins is suggestive of their arms being twisted.
> > It looks like they're being forced to sabotage, or at least cease
> > maintaining, their servers, and also ordered not to say anything about
> > this in public. Whoever's doing this is able to make credible threats
> > with international reach, so either we're dealing with a serious hacker
> > who has the skillz to dig up dirt on pretty much anyone they want to
> > and then threaten to expose it, or we're dealing with someone capable
> > of putting boots on the ground pretty much anywhere on the planet, so
> > likely either one of the larger mafias or a nation-state actor. The
> > most aggressive in recent years have been Russia and the United States
> > and the most censorious has tended to be China, so it's a three-way
> > toss-up who's responsible, if it *is* a nation-state actor. Though I'd
> > have expected China *and* Russia to settle for Great Firewalling all
> > Usenet servers within their respective territories, so I'm leaning
> > toward the good ol' US of A as the likely culprit here.
> >
> > The question then becomes: Why? And why *now*?
> >
> > But more likely it's the hacker scenario, in which case given their
> > known proclivities for doxxing and their hatred for kensi it's a fair
> > bet that it's one of the old-guard AUKers who's behind this. The idiot
> > took down AIOE first, and when I taunted that that isn't even the server
> > kensi uses these days, mixmin is, a few days later, bam! There goes
> > mixmin.
> >
> > So I suppose I bear some small portion of culpability. But the bulk of
> > your ire should be reserved for whichever asshole is willing to wreck
> > things for thousands of people and blackmail at least two of them just
> > to harass one ...
> >
> > As for who that might be, I've no idea. Most of kensi's opponents who
> > had any sort of technical know-how (K-man in particular) melted down
> > years ago and vanished off the face of the 'net. And none of them
> > seemed to have *enough* technical know-how to pull off something of
> > this magnitude. The closest any of them ever came was murphy, perhaps;
> > he attempted to dox *me* roughly a decade ago, even going so far as
> > to post a photo online of "my" house (needless to say he was off by
> > several thousand miles, and we all had a good laugh before nominating
> > him for a Pickett's Charge for going RL on one of his opponents, an
> > award he subsequently won by a landslide). With "competence" of this
> > magnitude it seems doubtful he could have successfully doxxed both
> > Paolo Amoroso *and* Steve Crook sufficiently to have blackmail material
> > on them both.
> >
> > If I *had* to hazard a guess as to the identity of the guilty party,
> > I'd say Sn!pe.
> >

On 3/28/23 2:39 AM, Nadegda wrote:
> That can be done by monitoring the load on the routers you own.

Simple load on the routers isn't sufficient for many things.

> No DPI needed.

NetFlow et al. is not DPI. It (they) is (are) concerned with metadata;
source and destination IP pairs.

> If a route is beginning to get congested the routers along it will
> have high-ish loads that are trending upward. That will tell you
> where to make new investments in infrastructure.

That's not sufficient when you are dealing with parallel routes.
Especially many parallel routes.

> Just because you *can* do a thing, doesn't mean you *should* do it.

Jurassic Park comes to mind.

> Especially filtering when it isn't your traffic (i.e. you are not
> an endpoint of that traffic, or acting as their agent, e.g. DDoS
> mitigation services).

What constitutes "your traffic"?

Many ISPs filter traffic to destination port 25 from end user ranges all
the while the ISP is neither the source (the end user) nor the
destination (receiving system somewhere on the Internet). Yet this type
of filtering is considered best practice by many.

> ISPs shouldn't even be deciding on behalf of their customers what
> constitutes "unwanted" traffic. Giving customers better tools to
> control the traffic to their own machines would be far better than
> making their own decisions on customers' behalf,

I agree that having customers actively control their traffic is better.

But given that customers have demonstrated time and time again that they
won't / can't / don't care to do so, the ISP industry has sort of had
their hand forced.

This is where /default/ blocks, which should be able to be disabled,
come into play.

> given the inherent conflict of interest ...

Thankfully I've not experienced that first hand.

The news that I've read about it have resulted in ISPs doing this having
hefty fines / lawsuits levied against them.

N.B. that the filtering that I'm talking about is applied equally to all
parties. There is no favoritism.

> This is why there was that big fuss over "net neutrality" a decade
> or so ago, and one of the issues with DPI is that it is/was commonly
> used to violate it.

Just because something can be used for something doesn't mean that's all
it's used for.

> The move to encrypt everything has mitigated these issues somewhat,
> but ISPs can still see where traffic is coming from and can easily
> interfere with packets originating from www.competing-streaming-
> service.com without being able to peek inside their encrypted contents.

And open themselves up to lawsuits and fines in doing so.

> No requirement of maximum hold times, though, you'll note.

If you read the document, that's discussed specifically. The tone
laments the fact that some restrictions, e.g. filtering for viruses /
malware will likely be long term because it never really goes away. The
document also talks about some things being very acute and temporary.

> Mostly LAN file sharing protocols that shouldn't be exposed beyond
> perimeter/NAT anyway.

So you agree that some filtering in some locations is warranted.

Also, what defines the perimeter?

There are perfectly legitimate use cases for using LAN file sharing
protocols between multiple offices around the world. It's even possible
to allow such without allowing the rest of the world.

There's that pesky some filtering in some locations is warranted thing
again.

> I expect this wouldn't interfere with VPN tunneling into a work
> network either. So, mostly harmless.

It depends what definition you're using for VPN, there are many. It
depends what protocols and ports are being used.

It sounds like you don't object to this filtering. But you do object to
other filtering.

So is it filtering as a tool or where and how that tool is applied that
you're really objecting to?

> Still haven't seen a non-evil use case that can't be done via non-DPI
> endpoint configuration ...

It old you a use case early in this thread. Someone is trying, and
failing, to abuse my DNS servers in an attempt to perpetuate an
amplification attack by querying for a very specific name and record
type. I'm using DPI to filter the name that they are querying.
Filtering based on size of the query would have too many false positive
matches. Allowing the query to hit my DNS servers creates too many log
entries. DPI matching the name and query type is the least negative option.

--
Grant. . . .
unix || die

On 3/28/23 2:24 AM, Nadegda wrote:
> I*pay* for service from my ISP

Quite often, Internet Service Provider != News Service Provider

--
Grant. . . .
unix || die

On 3/27/23 11:59 AM, Checkmate <hollowgreen@rnsn.corn> wrote:
> Those who choose to use free servers have no say in how the operator
> chooses to run the server.

End users can always make a request. The server administrator may or
may not change something.

This applies equally true to both free and for pay service.

--
Grant. . . .
unix || die

Paul Derbyshire 'Nadegda' wrote:
>
> Time to trigger the right-wing snowflakes again. Melt, snowflakes, melt!
> On Tue, 28 Mar 2023 10:39:51 +0100, Richmond wrote:
>
> > Nadegda <nad318b404@gmail.invalid> writes:
> >
> >> Time to trigger the right-wing snowflakes again. Melt, snowflakes, melt!
> >> On Sun, 26 Mar 2023 13:12:54 -0400, Paul wrote:
> >>
> >>> On 3/26/2023 12:01 PM, Grant Taylor wrote:
> >>>> On 3/26/23 9:31 AM, Nadegda wrote:
> >>>>> Does anyone know what would cause this? Perhaps a certificate
> >>>>> issue? She seems to recall discussions here in the past regarding
> >>>>> mixmin switching from CACert to LetsEncrypt. Has that recently
> >>>>> been done? What would likely need to be done in the way of
> >>>>> client-side reconfiguration afterward?
> >>>>
> >>>> How a certificate is acquired is completely independent of the certificate and what it does.
> >>>>
> >>>> Just like how you power your computer is completely independent of what you use your computer for.
> >>>>
> >>>> Similarly, clients wouldn't need to change anything when servers change how the server acquires it's certificate.
> >>>>
> >>>>> Though my own thinking is that she wouldn't even be able to see
> >>>>> the server's greeting message if TLS was failing to handshake ...
> >>>>
> >>>> It depends what port is being used.
> >>>>
> >>>> I can see a hypothetical scenario where someone is connecting to
> >>>> port 119 and /explicitly/ requesting encryption via the `STARTTLS`
> >>>> verb. They could see the initial hello banner before the connection
> >>>> failed in some way while trying to use encryption.
> >>>>
> >>>> I can think of a few different things that might cause encryption
> >>>> negotiation to fail.  Internet connection problems related to MTU,
> >>>> old root certificates on the client, changes in cipher suite
> >>>> configuration on the server (possibly via system updates), etc.
> >>>>
> >>>> A network sniffer; e.g. tcpdump, tshark, Wireshark, is your friend when trying to diagnose these types of connection issues.
> >>>>
> >>>
> >>> When I use Wireshark here, I'm getting a steady stream of this from news.mixmin.net:563
> >>>
> >>> [RST,ACK] 144.76.182.167 ==> 192.168.0.2
> >>>
> >>> so basically the server is telling everyone to "piss off".
> >>>
> >>> No certificates are involved at that level :-/ It is not
> >>> an exchange of packets followed by a "kaboom". It's dead,
> >>> out of the gate.
> >>>
> >>> The web server still works, so it is not a "general machine" problem
> >>> by the looks of it. Just related to a service that
> >>> "does not want to talk to anyone today".
> >>>
> >>> Shades of the previous problem, or a new problem ?
> >>>
> >>> It's perfectly normal for a server to issue a [RST], like
> >>> for a temporary resource shortage. But this is every packet
> >>> sent on that port number, is getting nacked. It is also possible
> >>> for DPI boxes, to shut off comms to a particular machine, using
> >>> [RST]. (The DPI box sends an [RST] in both directions.) So that
> >>> is a second failure mechanism (my old ISP had that
> >>> problem, a mis-programmed DPI box). If you were concerned about
> >>> which mechanism was at work, you could study the timestamps on
> >>> the responses.
> >>>
> >>> But I'm pretty sure, based on statistics and occurrence frequency
> >>> of problems, this is a Mixmin-local problem.
> >>>
> >>> Paul
> >>
> >> That's bizarre, since kensi was able to get the server greeting
> >> message.
> >>
> >> As for DPI boxes, nobody should use them. They violate the end-to-end
> >> principle. And the main uses I've heard of for them are all evil:
> >> censorious regimes (think "China"); injecting ads and other unwanted
> >> garbage for commercial gain (aka spamming); and malicious interference
> >> with apps the superrich don't like people using (think Bittorrent). The
> >> only legitimate use-case I can think of for them off-hand is antimalware,
> >> and that use-case is defeated by the widespread use of TLS on both web and
> >> email connections.
> >>
> >> Basically, in the presence of pervasive end-to-end encryption the only
> >> thing a DPI box can do that an ordinary perimeter firewall or local antivirus
> >> can't is obstruct two third parties from talking to each other even if they
> >> themselves both want to communicate (so, censorship) and compile a list of
> >> who's talking to who (so, espionage).
> >>
> >> Hence, evil.
> >>
> >> And breaks the end-to-end principle and therefore breaks the internet.
> >>
> >> Hence, stupid *and* evil.
> >
> > I was able to connect to fleegle.mixmin.net using gnus. It complained
> > that the certificate name did not match but I was able to accept it and
> > post.
>
> kensi reports no joy trying with "fleegle.mixmin.net" in place of
> "news.mixmin.net".
>
> > news.mixmin.net doesn't resolve anymore.
>
> Well, *that* is a *very* bad sign. Letting domain names lapse is generally
> a sign of complete abandonment, at least when accompanied by other things
> being broken rather than happening in isolation.
>
> I think we have a serious problem here, and it's much larger than just
> some glitch at one single news server. It looks like someone is killing
> off free newsservers one by one. The lack of meaningful communication
> from their (former?) admins is suggestive of their arms being twisted.
> It looks like they're being forced to sabotage, or at least cease
> maintaining, their servers, and also ordered not to say anything about
> this in public. Whoever's doing this is able to make credible threats
> with international reach, so either we're dealing with a serious hacker
> who has the skillz to dig up dirt on pretty much anyone they want to
> and then threaten to expose it, or we're dealing with someone capable
> of putting boots on the ground pretty much anywhere on the planet, so
> likely either one of the larger mafias or a nation-state actor. The
> most aggressive in recent years have been Russia and the United States
> and the most censorious has tended to be China, so it's a three-way
> toss-up who's responsible, if it *is* a nation-state actor. Though I'd
> have expected China *and* Russia to settle for Great Firewalling all
> Usenet servers within their respective territories, so I'm leaning
> toward the good ol' US of A as the likely culprit here.
>
> The question then becomes: Why? And why *now*?
>
> But more likely it's the hacker scenario, in which case given their
> known proclivities for doxxing and their hatred for kensi it's a fair
> bet that it's one of the old-guard AUKers who's behind this. The idiot
> took down AIOE first, and when I taunted that that isn't even the server
> kensi uses these days, mixmin is, a few days later, bam! There goes
> mixmin.
>
> So I suppose I bear some small portion of culpability. But the bulk of
> your ire should be reserved for whichever asshole is willing to wreck
> things for thousands of people and blackmail at least two of them just
> to harass one ...
>
> As for who that might be, I've no idea. Most of kensi's opponents who
> had any sort of technical know-how (K-man in particular) melted down
> years ago and vanished off the face of the 'net. And none of them
> seemed to have *enough* technical know-how to pull off something of
> this magnitude. The closest any of them ever came was murphy, perhaps;
> he attempted to dox *me* roughly a decade ago, even going so far as
> to post a photo online of "my" house (needless to say he was off by
> several thousand miles, and we all had a good laugh before nominating
> him for a Pickett's Charge for going RL on one of his opponents, an
> award he subsequently won by a landslide). With "competence" of this
> magnitude it seems doubtful he could have successfully doxxed both
> Paolo Amoroso *and* Steve Crook sufficiently to have blackmail material
> on them both.
>
> If I *had* to hazard a guess as to the identity of the guilty party,
> I'd say Sn!pe. He's made his antipathy for no-registration news servers
> plain on multiple occasion, and it is exceeded only by his antipathy
> for kensi. And although he's quiet about it it's clear he has more than
> the average amount of technical knowledge, though it's less clear how
> *much* more. He might have been hiding the full magnitude of his
> capabilities, not least because he was planning to use them for criminal
> purposes and preferred *not* to be at the top of Scotland Yard's suspect
> list when that time came. (Unfortunately for him, that didn't pan out.
> Worse still, he's at the top of *my* suspect list, and even more
> frightening for him, he will likely soon be at the top of *kensi*'s. He'd
> better start running *now*, if he is in fact the guilty party!)

Warning! Always wear ANSI approved safety goggles when reading posts by
Checkmate.

On Tue, 28 Mar 2023 08:16:33 -0000 (UTC), Nadegda had the audacity to say
the following:

>
> Time to trigger the right-wing snowflakes again. Melt, snowflakes, melt!
> On Tue, 28 Mar 2023 01:24:42 +0000, Snoopy wrote:
>
> > On Mon, 27 Mar 2023 15:41:10 -0000 (UTC), Nadegda <nad318b404@gmail.invalid> spurted out the following:
> >> Time to trigger the right-wing snowflakes again. Melt, snowflakes, melt!
> >> On Sun, 26 Mar 2023 20:00:14 +0000, Adam H. Kerman wrote:
> >>
> >>> Grant Taylor <gtaylor@tnetconsulting.net> wrote:
> >>>>On 3/26/23 12:03 PM, Skeeter wrote:
> >>>
> >>>>>Nads is a liberal crybaby.
> >>>
> >>>>That may, or may not, be the case.
> >>>
> >>>>I don't particularly care.
> >>>
> >>>>If someone wants to have a polite and civil discussion about a topic
> >>>>that I'm interested in, then I'll do so. At least until I get tired of
> >>>>the discussion.
> >>>
> >>> Isn't it less difficult to see that the other person has a point if the
> >>> other person doesn't repeatedly change socks to fake the existence of a
> >>> disinterested third party supporting his position?
> >>>
> >>> "Nadegda" isn't pretending to be human except in Paul's own mind. (Paul
> >>> has a mind? Yes yes, I know. Post proof, ko0ky.)
> >>>
> >>> There are still enough people on Usenet to speak to who don't morph
> >>> continuously.
> >>>
> >>> I'm suggesting a fairly low bar here.
> >>
> >> Hey, fuckhead. Yeah, you, fuckhead. I've been posting using this same nym
> >> and email continually since 2012 or so -- so, more than a full decade.
> >> That's about as non-morphy as one can get.
> >>
> >> You can Google it if you don't believe me.
> >
> > We literally have you pegged as Kensi and Paul fucktard Derbyshire. IPs
> > don't lie. You're busted, fatboy. EOS
>
> Who is this "we" you claim to speak for, kook?

Over a period of around four years, at least 4 or 5 of us have caught you
with your Pembroke IP hanging out, myself included... Paul. HTH

--
Checkmate ®
Copyright © 2023
all rights reserved

"its usually the lesser intelligent person , that comments
on the more intelligent person's , lack of intelligents
and we all think what we do has major significants"

-David Keeting, in perhaps the most ironic statement
ever made on Usenet.

https://youtu.be/wT-8Dm1VThc

https://youtu.be/NxSj2T2vx7M

Footloose! https://youtu.be/mXfVaXjBFK4

Kensi, "doing a little victory dance"
https://youtu.be/obInNk448nI
***************************************************
"I am the author of nearly as much kook butthurt as
kensi." -Nadegda
Message-ID: <pbg8ne$p9k$21@dont-email.me>
***************************************************

AUK Hammer of Thor award, Feb. 2012 (Pre-Burnore)
Destroyer of the AUK Ko0k Awards (Post-Burnore)
Co-winner Pierre Salinger Hook, Line & Sinker
award May 2001, (Brethern of Beelzebub troll)
Pierre Salinger Hook, Line & Sinker award, Feb 2012

Author, Humorist, Cynic
Philosopher, Humanitarian
Poet, Elektrishun to the Stars
Usenet Shot-Caller

In loving memory of The Battle Kitten
May 2010-February 12, 2017

Warning! Always wear ANSI approved safety goggles when reading posts by
Checkmate.

On Tue, 28 Mar 2023 08:24:39 -0000 (UTC), Nadegda had the audacity to say
the following:

>
> Time to trigger the right-wing snowflakes again. Melt, snowflakes, melt!
> On Mon, 27 Mar 2023 10:59:57 -0700, Checkmate <hollowgreen@rnsn.corn>
> burbled:
>
> > Warning! Always make ANSI approved safety giggles when reading drivel by
> > Checkmate.
> >
> > On Mon, 27 Mar 2023 15:37:07 -0000 (UTC), Nadegda had the audacity to say
> > the following:
> >
> >> But those are typically owned by one of the endpoints, not a middleman
> >> such as an ISP. OK, one of the endpoints (or both) could be a typical
> >> corporate entity with an internally very authoritarian structure, but
> >> that's a whole separate political can of worms.
> >>
> >> I'm fine with doing whatever I want to on my own perimeter to keep out
> >> malicious traffic and suchlike. I'm not fine with, say, my ISP doing so,
> >> even with the best of intentions. If a tool I'm using is generating a
> >> false positive that's then getting in my way, I can create an exception
> >> or temporarily deactivate it or similarly. If a tool my ISP is using is
> >> doing likewise, I'm stuffed. (What, call their support? You *must* be
> >> joking. They'll just connect me to someone who knows less about what's
> >> happening under the hood than *I* do. After putting me on hold for three
> >> hours first.)
> >
> > It's like this, NaddlebeRRy: Those who choose to use free servers have no
> > say in how the operator chooses to run the server. If you don't like it,
> > kick rocks.
>
> I *pay* for service from my ISP, dipshit. If they were ever to decide to
> use a DPI box in a way that caused me problems, that would be a consumer
> rights issue.

That would fall under the "Tough Tiddy" clause in their TOS.

--
Checkmate ®
Copyright © 2023
all rights reserved

"its usually the lesser intelligent person , that comments
on the more intelligent person's , lack of intelligents
and we all think what we do has major significants"

-David Keeting, in perhaps the most ironic statement
ever made on Usenet.

https://youtu.be/wT-8Dm1VThc

https://youtu.be/NxSj2T2vx7M

Footloose! https://youtu.be/mXfVaXjBFK4

Kensi, "doing a little victory dance"
https://youtu.be/obInNk448nI
***************************************************
"I am the author of nearly as much kook butthurt as
kensi." -Nadegda
Message-ID: <pbg8ne$p9k$21@dont-email.me>
***************************************************

AUK Hammer of Thor award, Feb. 2012 (Pre-Burnore)
Destroyer of the AUK Ko0k Awards (Post-Burnore)
Co-winner Pierre Salinger Hook, Line & Sinker
award May 2001, (Brethern of Beelzebub troll)
Pierre Salinger Hook, Line & Sinker award, Feb 2012

Author, Humorist, Cynic
Philosopher, Humanitarian
Poet, Elektrishun to the Stars
Usenet Shot-Caller

In loving memory of The Battle Kitten
May 2010-February 12, 2017

Warning! Always wear ANSI approved safety goggles when reading posts by
Checkmate.

On Tue, 28 Mar 2023 08:39:11 -0000 (UTC), Nadegda had the audacity to say
the following:

> ISPs shouldn't even be deciding on behalf of their customers what
> constitutes "unwanted" traffic. Giving customers better tools to control
> the traffic to their own machines would be far better than making their
> own decisions on customers' behalf, given the inherent conflict of
> interest that exists due to the commercial nature of the ISP and the
> likelihood that it is a subsidiary of a megacorporation with its fingers
> in many other pies. If your ISP is a telco owned by an umbrella
> corporation that also owns large media companies and has a stake in
> Netflix, do you really think they should be able to decide, on your
> behalf, whether traffic from a competing streaming service owned by a
> competing conglomerate is "unwanted"?
>

Tell us more about your "finger in the pie" theory...

--
Checkmate ®
Copyright © 2023
all rights reserved

"its usually the lesser intelligent person , that comments
on the more intelligent person's , lack of intelligents
and we all think what we do has major significants"

-David Keeting, in perhaps the most ironic statement
ever made on Usenet.

https://youtu.be/wT-8Dm1VThc

https://youtu.be/NxSj2T2vx7M

Footloose! https://youtu.be/mXfVaXjBFK4

Kensi, "doing a little victory dance"
https://youtu.be/obInNk448nI
***************************************************
"I am the author of nearly as much kook butthurt as
kensi." -Nadegda
Message-ID: <pbg8ne$p9k$21@dont-email.me>
***************************************************

AUK Hammer of Thor award, Feb. 2012 (Pre-Burnore)
Destroyer of the AUK Ko0k Awards (Post-Burnore)
Co-winner Pierre Salinger Hook, Line & Sinker
award May 2001, (Brethern of Beelzebub troll)
Pierre Salinger Hook, Line & Sinker award, Feb 2012

Author, Humorist, Cynic
Philosopher, Humanitarian
Poet, Elektrishun to the Stars
Usenet Shot-Caller

In loving memory of The Battle Kitten
May 2010-February 12, 2017

Warning! Always wear ANSI approved safety goggles when reading posts by
Checkmate.

On Tue, 28 Mar 2023 14:46:37 -0000 (UTC), Nadegda had the audacity to say
the following:

>
> Time to trigger the right-wing snowflakes again. Melt, snowflakes, melt!
> On Tue, 28 Mar 2023 09:52:41 +0000, Snoopy wrote:
>
> > On Tue, 28 Mar 2023 08:39:11 -0000 (UTC), Nadegda <nad318b404@gmail.invalid> spurted out the following:
> >>
> >> Just because you *can* do a thing, doesn't mean you *should* do it.
> >> Especially filtering when it isn't your traffic (i.e. you are not an
> >> endpoint of that traffic, or acting as their agent, e.g. DDoS mitigation
> >> services).
> >>
> > You mean like, just because Paul CAN post to usenet, doesn't mean he
> > should?
>
> Everyone who isn't one of Paul's bizarre groupies is getting bored of your
> obsessive schtick and attempts to derail random threads. Please take your
> crap to a more appropriate newsgroup, or at least keep it in a thread of
> its own while the rest of us carry on discussing technical matters.
>
> Thank you.

How do you know that? Did you take a survey, Miss Bossypantz?

--
Checkmate ®
Copyright © 2023
all rights reserved

"its usually the lesser intelligent person , that comments
on the more intelligent person's , lack of intelligents
and we all think what we do has major significants"

-David Keeting, in perhaps the most ironic statement
ever made on Usenet.

https://youtu.be/wT-8Dm1VThc

https://youtu.be/NxSj2T2vx7M

Footloose! https://youtu.be/mXfVaXjBFK4

Kensi, "doing a little victory dance"
https://youtu.be/obInNk448nI
***************************************************
"I am the author of nearly as much kook butthurt as
kensi." -Nadegda
Message-ID: <pbg8ne$p9k$21@dont-email.me>
***************************************************

AUK Hammer of Thor award, Feb. 2012 (Pre-Burnore)
Destroyer of the AUK Ko0k Awards (Post-Burnore)
Co-winner Pierre Salinger Hook, Line & Sinker
award May 2001, (Brethern of Beelzebub troll)
Pierre Salinger Hook, Line & Sinker award, Feb 2012

Author, Humorist, Cynic
Philosopher, Humanitarian
Poet, Elektrishun to the Stars
Usenet Shot-Caller

In loving memory of The Battle Kitten
May 2010-February 12, 2017

Warning! Always wear ANSI approved safety goggles when reading posts by
Checkmate.

On Tue, 28 Mar 2023 15:51:06 -0000 (UTC), Nadegda had the audacity to say
the following:

>
> Time to trigger the right-wing snowflakes again. Melt, snowflakes, melt!
> On Tue, 28 Mar 2023 14:56:18 +0000, Adam H. Kerman wrote:
>
> > Nadegda <nad318b404@gmail.invalid> wrote:
> >
> >> Everyone who isn't one of Paul's bizarre groupies is getting bored of your
> >> obsessive schtick and attempts to derail random threads. Please take your
> >> crap to a more appropriate newsgroup, or at least keep it in a thread of
> >> its own
> >
> > Paul<rest deleted unread>
>
> Fail.

Pr00f you didn't read it, k00ky?

--
Checkmate ®
Copyright © 2023
all rights reserved

"its usually the lesser intelligent person , that comments
on the more intelligent person's , lack of intelligents
and we all think what we do has major significants"

-David Keeting, in perhaps the most ironic statement
ever made on Usenet.

https://youtu.be/wT-8Dm1VThc

https://youtu.be/NxSj2T2vx7M

Footloose! https://youtu.be/mXfVaXjBFK4

Kensi, "doing a little victory dance"
https://youtu.be/obInNk448nI
***************************************************
"I am the author of nearly as much kook butthurt as
kensi." -Nadegda
Message-ID: <pbg8ne$p9k$21@dont-email.me>
***************************************************

AUK Hammer of Thor award, Feb. 2012 (Pre-Burnore)
Destroyer of the AUK Ko0k Awards (Post-Burnore)
Co-winner Pierre Salinger Hook, Line & Sinker
award May 2001, (Brethern of Beelzebub troll)
Pierre Salinger Hook, Line & Sinker award, Feb 2012

Author, Humorist, Cynic
Philosopher, Humanitarian
Poet, Elektrishun to the Stars
Usenet Shot-Caller

In loving memory of The Battle Kitten
May 2010-February 12, 2017

Warning! Always wear ANSI approved safety goggles when reading posts by
Checkmate.

On Tue, 28 Mar 2023 11:34:15 -0600, Grant Taylor had the audacity to say the
following:

> > Just because you *can* do a thing, doesn't mean you *should* do it.
>
> Jurassic Park comes to mind.
>

"This was no boating accident!"

--
Checkmate ®
Copyright © 2023
all rights reserved

"its usually the lesser intelligent person , that comments
on the more intelligent person's , lack of intelligents
and we all think what we do has major significants"

-David Keeting, in perhaps the most ironic statement
ever made on Usenet.

https://youtu.be/wT-8Dm1VThc

https://youtu.be/NxSj2T2vx7M

Footloose! https://youtu.be/mXfVaXjBFK4

Kensi, "doing a little victory dance"
https://youtu.be/obInNk448nI
***************************************************
"I am the author of nearly as much kook butthurt as
kensi." -Nadegda
Message-ID: <pbg8ne$p9k$21@dont-email.me>
***************************************************

AUK Hammer of Thor award, Feb. 2012 (Pre-Burnore)
Destroyer of the AUK Ko0k Awards (Post-Burnore)
Co-winner Pierre Salinger Hook, Line & Sinker
award May 2001, (Brethern of Beelzebub troll)
Pierre Salinger Hook, Line & Sinker award, Feb 2012

Author, Humorist, Cynic
Philosopher, Humanitarian
Poet, Elektrishun to the Stars
Usenet Shot-Caller

In loving memory of The Battle Kitten
May 2010-February 12, 2017

Warning! Always wear ANSI approved safety goggles when reading posts by
Checkmate.

On Tue, 28 Mar 2023 18:01:19 +0100, Sn!pe had the audacity to say the
following:

>
> Richmond <dnomhcir@gmx.com> wrote:
>
> > Nadegda <nad318b404@gmail.invalid> writes:
> >
> > > Time to trigger the right-wing snowflakes again. Melt, snowflakes, melt!
> > > On Tue, 28 Mar 2023 10:39:51 +0100, Richmond wrote:
> > >
> > >> Nadegda <nad318b404@gmail.invalid> writes:
> > >>
> > >>> Time to trigger the right-wing snowflakes again. Melt, snowflakes, melt!
> > >>> On Sun, 26 Mar 2023 13:12:54 -0400, Paul wrote:
> > >>>
> > >>>> On 3/26/2023 12:01 PM, Grant Taylor wrote:
> > >>>>> On 3/26/23 9:31 AM, Nadegda wrote:
> > >>>>>> Does anyone know what would cause this? Perhaps a certificate
> > >>>>>> issue? She seems to recall discussions here in the past regarding
> > >>>>>> mixmin switching from CACert to LetsEncrypt. Has that recently
> > >>>>>> been done? What would likely need to be done in the way of
> > >>>>>> client-side reconfiguration afterward?
> > >>>>>
> > >>>>> How a certificate is acquired is completely independent of the
> > >>>>> certificate and what it does.
> > >>>>>
> > >>>>> Just like how you power your computer is completely independent of
> > >>>>> what you use your computer for.
> > >>>>>
> > >>>>> Similarly, clients wouldn't need to change anything when servers
> > >>>>> change how the server acquires it's certificate.
> > >>>>>
> > >>>>>> Though my own thinking is that she wouldn't even be able to see
> > >>>>>> the server's greeting message if TLS was failing to handshake ...
> > >>>>>
> > >>>>> It depends what port is being used.
> > >>>>>
> > >>>>> I can see a hypothetical scenario where someone is connecting to
> > >>>>> port 119 and /explicitly/ requesting encryption via the `STARTTLS`
> > >>>>> verb. They could see the initial hello banner before the connection
> > >>>>> failed in some way while trying to use encryption.
> > >>>>>
> > >>>>> I can think of a few different things that might cause encryption
> > >>>>> negotiation to fail. Internet connection problems related to MTU,
> > >>>>> old root certificates on the client, changes in cipher suite
> > >>>>> configuration on the server (possibly via system updates), etc.
> > >>>>>
> > >>>>> A network sniffer; e.g. tcpdump, tshark, Wireshark, is your friend
> > >>>>> when trying to diagnose these types of connection issues.
> > >>>>>
> > >>>>
> > >>>> When I use Wireshark here, I'm getting a steady stream of this from
> > >>>> news.mixmin.net:563
> > >>>>
> > >>>> [RST,ACK] 144.76.182.167 ==> 192.168.0.2
> > >>>>
> > >>>> so basically the server is telling everyone to "piss off".
> > >>>>
> > >>>> No certificates are involved at that level :-/ It is not
> > >>>> an exchange of packets followed by a "kaboom". It's dead,
> > >>>> out of the gate.
> > >>>>
> > >>>> The web server still works, so it is not a "general machine" problem
> > >>>> by the looks of it. Just related to a service that
> > >>>> "does not want to talk to anyone today".
> > >>>>
> > >>>> Shades of the previous problem, or a new problem ?
> > >>>>
> > >>>> It's perfectly normal for a server to issue a [RST], like
> > >>>> for a temporary resource shortage. But this is every packet
> > >>>> sent on that port number, is getting nacked. It is also possible
> > >>>> for DPI boxes, to shut off comms to a particular machine, using
> > >>>> [RST]. (The DPI box sends an [RST] in both directions.) So that
> > >>>> is a second failure mechanism (my old ISP had that
> > >>>> problem, a mis-programmed DPI box). If you were concerned about
> > >>>> which mechanism was at work, you could study the timestamps on
> > >>>> the responses.
> > >>>>
> > >>>> But I'm pretty sure, based on statistics and occurrence frequency
> > >>>> of problems, this is a Mixmin-local problem.
> > >>>>
> > >>>> Paul
> > >>>
> > >>> That's bizarre, since kensi was able to get the server greeting
> > >>> message.
> > >>>
> > >>> As for DPI boxes, nobody should use them. They violate the end-to-end
> > >>> principle. And the main uses I've heard of for them are all evil:
> > >>> censorious regimes (think "China"); injecting ads and other unwanted
> > >>> garbage for commercial gain (aka spamming); and malicious interference
> > >>> with apps the superrich don't like people using (think Bittorrent). The
> > >>> only legitimate use-case I can think of for them off-hand is antimalware,
> > >>> and that use-case is defeated by the widespread use of TLS on both web
> > >>> and email connections.
> > >>>
> > >>> Basically, in the presence of pervasive end-to-end encryption the only
> > >>> thing a DPI box can do that an ordinary perimeter firewall or local
> > >>> antivirus can't is obstruct two third parties from talking to each
> > >>> other even if they themselves both want to communicate (so,
> > >>> censorship) and compile a list of who's talking to who (so,
> > >>> espionage).
> > >>>
> > >>> Hence, evil.
> > >>>
> > >>> And breaks the end-to-end principle and therefore breaks the internet.
> > >>>
> > >>> Hence, stupid *and* evil.
> > >>
> > >> I was able to connect to fleegle.mixmin.net using gnus. It complained
> > >> that the certificate name did not match but I was able to accept it and
> > >> post.
> > >
> > > kensi reports no joy trying with "fleegle.mixmin.net" in place of
> > > "news.mixmin.net".
> > >
> > >> news.mixmin.net doesn't resolve anymore.
> > >
> > > Well, *that* is a *very* bad sign. Letting domain names lapse is generally
> > > a sign of complete abandonment, at least when accompanied by other things
> > > being broken rather than happening in isolation.
> > >
> > > I think we have a serious problem here, and it's much larger than just
> > > some glitch at one single news server. It looks like someone is killing
> > > off free newsservers one by one. The lack of meaningful communication
> > > from their (former?) admins is suggestive of their arms being twisted.
> > > It looks like they're being forced to sabotage, or at least cease
> > > maintaining, their servers, and also ordered not to say anything about
> > > this in public. Whoever's doing this is able to make credible threats
> > > with international reach, so either we're dealing with a serious hacker
> > > who has the skillz to dig up dirt on pretty much anyone they want to
> > > and then threaten to expose it, or we're dealing with someone capable
> > > of putting boots on the ground pretty much anywhere on the planet, so
> > > likely either one of the larger mafias or a nation-state actor. The
> > > most aggressive in recent years have been Russia and the United States
> > > and the most censorious has tended to be China, so it's a three-way
> > > toss-up who's responsible, if it *is* a nation-state actor. Though I'd
> > > have expected China *and* Russia to settle for Great Firewalling all
> > > Usenet servers within their respective territories, so I'm leaning
> > > toward the good ol' US of A as the likely culprit here.
> > >
> > > The question then becomes: Why? And why *now*?
> > >
> > > But more likely it's the hacker scenario, in which case given their
> > > known proclivities for doxxing and their hatred for kensi it's a fair
> > > bet that it's one of the old-guard AUKers who's behind this. The idiot
> > > took down AIOE first, and when I taunted that that isn't even the server
> > > kensi uses these days, mixmin is, a few days later, bam! There goes
> > > mixmin.
> > >
> > > So I suppose I bear some small portion of culpability. But the bulk of
> > > your ire should be reserved for whichever asshole is willing to wreck
> > > things for thousands of people and blackmail at least two of them just
> > > to harass one ...
> > >
> > > As for who that might be, I've no idea. Most of kensi's opponents who
> > > had any sort of technical know-how (K-man in particular) melted down
> > > years ago and vanished off the face of the 'net. And none of them
> > > seemed to have *enough* technical know-how to pull off something of
> > > this magnitude. The closest any of them ever came was murphy, perhaps;
> > > he attempted to dox *me* roughly a decade ago, even going so far as
> > > to post a photo online of "my" house (needless to say he was off by
> > > several thousand miles, and we all had a good laugh before nominating
> > > him for a Pickett's Charge for going RL on one of his opponents, an
> > > award he subsequently won by a landslide). With "competence" of this
> > > magnitude it seems doubtful he could have successfully doxxed both
> > > Paolo Amoroso *and* Steve Crook sufficiently to have blackmail material
> > > on them both.
> > >
> > > If I *had* to hazard a guess as to the identity of the guilty party,
> > > I'd say Sn!pe.
> > >
>
>
> OMG! Busted!! I should have known you'd work it out in the end.
>
> Am I a shame-faced wading bird. ?:o(
>
>
> > >
> > > He's made his antipathy for no-registration news servers
> > > plain on multiple occasion, and it is exceeded only by his antipathy
> > > for kensi. And although he's quiet about it it's clear he has more than
> > > the average amount of technical knowledge, though it's less clear how
> > > *much* more. He might have been hiding the full magnitude of his
> > > capabilities, not least because he was planning to use them for criminal
> > > purposes and preferred *not* to be at the top of Scotland Yard's suspect
> > > list when that time came. (Unfortunately for him, that didn't pan out.
> > > Worse still, he's at the top of *my* suspect list, and even more
> > > frightening for him, he will likely soon be at the top of *kensi*'s. He'd
> > > better start running *now*, if he is in fact the guilty party!)
> > >
> > > One more thing to note in all of this: the perpetrator would simply have
> > > blackmailed kensi herself, if he could, before resorting to this Rube
> > > Goldbergian scheme to destroy *every single news server* kensi has ever
> > > posted through. He was subsequently able to easily amass blackmail
> > > material against 2 generally well-regarded server admins. Make of that
> > > what you will.
> > >
> > > (The correct answer, obviously, is "kensi is squeaky clean". <snicker>)
> > >
> >
> > It could be just the price of electricity.
> >
>
> Nah, it was me all along. [twirls moustache, leers]
>
> Oh well, that's me <snookered>...