From Newsgroup: alt.free.newsservers

For almost two years I've been relatively unresponsive via e-mail, but
life circumstances have changed, and wanted to post an update and invite
for new users.

Since Usenet's inception there have been requests for archives [1]. Many
know the story of DejaNews and GoogleGroups. Archival efforts from that
point forward have been focused on providing web-based archives. While
these have some advantages, in my humble opinion, nothing compares to
using a newsreader.

My Usenet server's purpose is to be a repository for as much Usenet
content as I can pull together and share with the world. No authentication
is required to read, and everyone is invited to use it, copy it, share it, etc.

If you're interested in researching how the Internet came to be and how we keep repeating history, the net.* hierarchy from before "The Great
Renaming" is not only deeply insightful, but also quite amusing.

The current state of the archive is not well organized and there are many
gaps to be filled [2]. Most hierarchies still in use today have articles
going back to at least the early 2000s, but you'll find a good deal of the
Big 8 go back to the 1990s, and some since "The Great Renaming" in 1987.
Over time these gaps will be filled.

To access the archive, configure a newsreader to use news.blueworldhosting.com. It is available on port 119 or port 563 (encrypted). No authentication is required for reading. If you want to
post using my server, please send an e-mail to have an account created.
Over the last year I was very bad about doing this, but believe I have
gotten through the backlog. If you're still waiting for my reply, please
send a new e-mail.

[1] See Message-IDs <bnews.osu-dbs.159> and <bnews.ecn-pb.121> on news.blueworldhosting.com for one such request dated November 1982.
[2] Article numbering is not chronological. To see the full range of a newsgroup it is necessary to download all headers. I will update https:// usenet.blueworldhosting.com with further status information soon.
--- Synchronet 3.21a-Linux NewsLink 1.2

From Newsgroup: alt.free.newsservers

On Mon, 1 Sep 2025 03:59:35 -0000 (UTC), Jesse Rehmer wrote :

I will update https://
usenet.blueworldhosting.com with further status information soon.

What would be fantastic, if it exists, is to replicate the ability for
anyone, without an nntp engine, to search & copy a link to articles found.

Google did it, but as you know, it's now no longer updated after Feb 2024.
<https://groups.google.com/forum/#!forum/alt.free.newsservers
<https://groups.google.com/g/alt.free.newsservers>

This replicated that engine, but it's broken more often than not.
<https://alt.free.newsservers.narkive.com/>

This was kindly added by retro guy, as I recall, in the summer of 2024.
<https://www.novabbs.com/tech/thread.php?group=alt.free.newsservers>

And, at some point, this was added, but I'm not sure if it's working.
<https://newsgrouper.org/alt.free.newsservers>

Obviously, what is truly needed is what Google did, which is:
a. An obvious link that is easy to remember
b. That does a search on common text newsgroups
c. Which spits out a single URI to a single article or thread

Something like this URI for a search engine would be perfect...
<https:// usenet.blueworldhosting.com/g/alt.free.newsservers>
--- Synchronet 3.21a-Linux NewsLink 1.2

From Newsgroup: alt.free.newsservers

On Mon, 1 Sep 2025 16:13:58 -0000 (UTC), Marion wrote:

On Mon, 1 Sep 2025 03:59:35 -0000 (UTC), Jesse Rehmer wrote :

I will update https://
usenet.blueworldhosting.com with further status information soon.

What would be fantastic, if it exists, is to replicate the ability for anyone, without an nntp engine, to search & copy a link to articles
found.

Google did it, but as you know, it's now no longer updated after Feb
2024.
<https://groups.google.com/forum/#!forum/alt.free.newsservers
<https://groups.google.com/g/alt.free.newsservers>

This replicated that engine, but it's broken more often than not.
<https://alt.free.newsservers.narkive.com/>

This was kindly added by retro guy, as I recall, in the summer of 2024.
<https://www.novabbs.com/tech/thread.php?group=alt.free.newsservers>

And, at some point, this was added, but I'm not sure if it's working.
<https://newsgrouper.org/alt.free.newsservers>

Obviously, what is truly needed is what Google did, which is:
a. An obvious link that is easy to remember b. That does a search on
common text newsgroups c. Which spits out a single URI to a single
article or thread

Something like this URI for a search engine would be perfect...
<https:// usenet.blueworldhosting.com/g/alt.free.newsservers>

There are have been a number of attempts at making something to replace
Google Groups. You've pointed out a few and another:

https://i2pn2.pugleaf.net/groups/alt.free.newsservers

I'm not a developer, nor am I particularly interested in making the
archive available via the web. Others have done or are doing that.

Web application software, regardless of the underlying language, is
typically buggy and full of vulnerabilities. I foresee headaches and
potential risk/harm to Usenet with web-based software that has not
undergone robust vulnerability review, and is not developed by a
community.

Most of the efforts in this area seem like a one-person show. That's not sustainable, but should a community come together to develop and take ownership of a tool that's useful and is regularly updated/patched, I'd be interested in it.
--- Synchronet 3.21a-Linux NewsLink 1.2

From Newsgroup: alt.free.newsservers

On Mon, 1 Sep 2025 16:52:37 -0000 (UTC), Jesse Rehmer wrote :

There are have been a number of attempts at making something to replace Google Groups. You've pointed out a few and another:

https://i2pn2.pugleaf.net/groups/alt.free.newsservers

I'm not a developer, nor am I particularly interested in making the
archive available via the web. Others have done or are doing that.

Thanks for your kind-hearted & helpful response, which I appreciate.
The replication of a web-searchable engine is the nirvana of Usenet.

Let's keep this list as the current "best of" that we know of.
<https://i2pn2.pugleaf.net/groups/alt.free.newsservers>
<https://alt.free.newsservers.narkive.com/>

I'm not sure the status of these.
<https://newsgrouper.org/alt.free.newsservers>
<https://www.novabbs.com/tech/thread.php?group=alt.free.newsservers>

These are great, but they are no longer updated as of February 22, 2024.
<https://groups.google.com/forum/#!forum/alt.free.newsservers
<https://groups.google.com/g/alt.free.newsservers>

Obviously, what is truly needed is what Google did, which is:
a. An obvious easy-to-remember link to common text newsgroup searches
b. Such as https:// nntp.domain/g/name.of.newsgroup

If there are others, it would be great for folks to post them here.
--
f'up noted & respected.
--- Synchronet 3.21a-Linux NewsLink 1.2

From Newsgroup: alt.free.newsservers

Marion <marion@facts.com> posted:

And, at some point, this was added, but I'm not sure if it's working.
<https://newsgrouper.org/alt.free.newsservers>

That's my site and it is working, except for UK users who our government's over-the-top Online Safety Act has forced me to block.

If you click "Search" at the top-right of the group page you get a
page where you can search for posts of that group by substrings of
subject and/or author and/or maximum date.

When you click into one of the posts found, there is a "Permalink" link
at the bottom which gives a direct link to that post in the form:
https://newsgrouper.org/<message-id>

I'm afraid it's not practical for me to support full-text search of posts,
or searching more than one group at a time.
--
Colin Macleod ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ https://cmacleod.me.uk

FEED FEED FEED FEED FEED FEED FEED FEED
GAZA GAZA GAZA GAZA GAZA GAZA GAZA GAZA
NOW! NOW! NOW! NOW! NOW! NOW! NOW! NOW!
--- Synchronet 3.21a-Linux NewsLink 1.2

From Newsgroup: alt.free.newsservers

Jesse Rehmer <jesse.rehmer@blueworldhosting.com> posted:

Web application software, regardless of the underlying language, is typically buggy and full of vulnerabilities. I foresee headaches and potential risk/harm to Usenet with web-based software that has not
undergone robust vulnerability review, and is not developed by a
community.

My software for newsgrouper.org is online at https://chiselapp.com/user/cmacleod/repository/newsgrouper/home .
I would be delighted if anyone was to review it and point out any vulnerabilities, but I'm not holding my breath...

Most of the efforts in this area seem like a one-person show. That's not sustainable,

Indeed, and if that one person becomes unavailable it all collapses.

but should a community come together to develop and take
ownership of a tool that's useful and is regularly updated/patched, I'd be interested in it.

I'm not sure there are enough people involved in the usenet field to form
such a community. There's also the problem that those people who do get involved can be quite opinionated about their tools and methods. E.g. I
develop in a language that works well for me, but that few other people
are interested in working with.
--
Colin Macleod ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ https://cmacleod.me.uk

FEED FEED FEED FEED FEED FEED FEED FEED
GAZA GAZA GAZA GAZA GAZA GAZA GAZA GAZA
NOW! NOW! NOW! NOW! NOW! NOW! NOW! NOW!
--- Synchronet 3.21a-Linux NewsLink 1.2

From Newsgroup: alt.free.newsservers

Marion <marion@facts.com> posted:

This was kindly added by retro guy, as I recall, in the summer of 2024.
<https://www.novabbs.com/tech/thread.php?group=alt.free.newsservers>

Very sadly, Thom Miller (Retro Guy) died a few months ago. Without his
care and attention his site died a few weeks later.
--
Colin Macleod ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ https://cmacleod.me.uk

FEED FEED FEED FEED FEED FEED FEED FEED
GAZA GAZA GAZA GAZA GAZA GAZA GAZA GAZA
NOW! NOW! NOW! NOW! NOW! NOW! NOW! NOW!
--- Synchronet 3.21a-Linux NewsLink 1.2

From Newsgroup: alt.free.newsservers

On 01.09.25 19:50, Colin Macleod wrote:

Jesse Rehmer <jesse.rehmer@blueworldhosting.com> posted:

Web application software, regardless of the underlying language, is
typically buggy and full of vulnerabilities. I foresee headaches and
potential risk/harm to Usenet with web-based software that has not
undergone robust vulnerability review, and is not developed by a
community.

Maybe if you use PHP: but there are other typesafe languages out there.

like Go ;) go-pugleaf has been written with security in mind.

Queries are parameterized, output is sanitized.

https://github.com/go-while/go-pugleaf

My software for newsgrouper.org is online at https://chiselapp.com/user/cmacleod/repository/newsgrouper/home .
I would be delighted if anyone was to review it and point out any vulnerabilities, but I'm not holding my breath...
...
E.g. I develop in a language that works well for me, but that few other people
are interested in working with.

Yes that's a problem writing TCL code in 2025 :D
Not many can read or write anymore...

I see a single file of news_code.tcl with 85 KB
respect x 1000 ... you can handle that?!

I opened it ... trying to get warm with tcl but ocd triggers :D
mixed indentation with space and tabs.
What code editor do you use?
Do you have important code changes not online but in dev-branch locally?

I uploaded newsgrouper to github
https://github.com/go-while/newsgrouper
and will run AI agents to review code for logical issues, vulns, ...
create instructions, add more help/readme/howtos,
automate build process workflows and deployment in docker.

copilot is already working:
https://github.com/go-while/newsgrouper/pull/2

and found first issue:

- **User Authentication**: SQLite-based with MD5 password hashing (MD5
is cryptographically insecure and vulnerable to rainbow table attacks; migration to a secure password hashing algorithm such as bcrypt, scrypt,
or Argon2 is strongly recommended).

There will be significant updates. Are you ready? :D
If you have a github account I'll add you as collab.

fossil commands look similar to git but I prefer github desktop
... tired of cli to commit and switch branches ...
--
.......
Billy G. (go-while)
https://pugleaf.net
@Newsgroup: rocksolid.nodes.help
irc.pugleaf.net:6697 (SSL) #lounge
discord: https://discord.gg/rECSbHHFzp
--- Synchronet 3.21a-Linux NewsLink 1.2

From Newsgroup: alt.free.newsservers

"Billy G." <no-reply@no.spam> posted:

On 02.09.25 10:34, Colin Macleod wrote:

I saw there is now a report there with lots of points which
will take time to go through.
I did see that the first "critical logic issue" listed is bogus:

That's our part to filter false positives and what's really a bug
or hallucination / missed context.

Ok, I've now gone through this. A lot of the complaints are bogus but
a few are genuine, generally related to not guarding enough against maliciously-crafted input. Overall the report is quite impressive.

Would it make sense to update the todo.md file with my response to
each point?

For the points which I think need attention I will implement fixes
and check them in to Fossil.
--
Colin Macleod ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ https://cmacleod.me.uk

FEED FEED FEED FEED FEED FEED FEED FEED
GAZA GAZA GAZA GAZA GAZA GAZA GAZA GAZA
NOW! NOW! NOW! NOW! NOW! NOW! NOW! NOW!
--- Synchronet 3.21a-Linux NewsLink 1.2

From Newsgroup: alt.free.newsservers

On 02.09.25 18:07, Colin Macleod wrote:

Ok, I've now gone through this. A lot of the complaints are bogus but
a few are genuine, generally related to not guarding enough against maliciously-crafted input. Overall the report is quite impressive.

Would it make sense to update the todo.md file with my response to
each point?

For the points which I think need attention I will implement fixes
and check them in to Fossil.

AI can provide fixes too but I'm gathering some data first
and compare with claude in agent mode.

Try if you can talk to copilot in the pull request like I did.
Not sure if you have access or how this works because I have pro+ subscription, but start with @copilot and your request and
we'll see if 'it' does anything. tellem whats bogus :D
If it works your comment should get the "eyes" icon instantly.
--
.......
Billy G. (go-while)
https://pugleaf.net
@Newsgroup: rocksolid.nodes.help
irc.pugleaf.net:6697 (SSL) #lounge
discord: https://discord.gg/rECSbHHFzp
--- Synchronet 3.21a-Linux NewsLink 1.2

From Newsgroup: alt.free.newsservers

On 02.09.25 10:34, Colin Macleod wrote:

Interesting but I'm not sure this is genuinely serious.
I took a look at
https://en.wikipedia.org/wiki/Rainbow_table .
- For an attacker to use this method they need to have got a copy of

> the user database first, which should not be possible.

yes you're using salt but never say never :D
If anything can be hardened, it should be hardened.

I do have a github account: cgmacleod

added

I saw there is now a report there with lots of points which
will take time to go through.
I did see that the first "critical logic issue" listed is bogus:

That's our part to filter false positives and what's really a bug
or hallucination / missed context.
--
.......
Billy G. (go-while)
https://pugleaf.net
@Newsgroup: rocksolid.nodes.help
irc.pugleaf.net:6697 (SSL) #lounge
discord: https://discord.gg/rECSbHHFzp
--- Synchronet 3.21a-Linux NewsLink 1.2

From Newsgroup: alt.free.newsservers

"Billy G." <no-reply@no.spam> posted:

On 02.09.25 18:07, Colin Macleod wrote:

For the points which I think need attention I will implement fixes
and check them in to Fossil.

AI can provide fixes too but I'm gathering some data first
and compare with claude in agent mode.

Sorry, I'm an old codger who likes hand-crafted organic artisan code.
I've now checked in fixes for the genuine issues raised: https://chiselapp.com/user/cmacleod/repository/newsgrouper/info/6124df6290e93e6d

I added a comment about the AI-generated fixes at https://github.com/go-while/newsgrouper/commit/7cf35fd88828351c4425581b0e50bec34dae6a84#commitcomment-165076306

The other points raised are bogus, except for the one about "magic numbers" which I will address in time, but that's just bad style, not a bug or vulnerability.

E.g.
- Sanitizing /../ from paths is not needed because tclhttpd already does that.
- The suggested concurrency bug in the nntp code is not possible under Tcl's concurrency model.
- The suggestion to implement a file extension whitelist is already done by
the switch statement in serve_static_file.
...etc...
--
Colin Macleod ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ https://cmacleod.me.uk

FEED FEED FEED FEED FEED FEED FEED FEED
GAZA GAZA GAZA GAZA GAZA GAZA GAZA GAZA
NOW! NOW! NOW! NOW! NOW! NOW! NOW! NOW!
--- Synchronet 3.21a-Linux NewsLink 1.2

From Newsgroup: alt.free.newsservers

Colin Macleod <user7@newsgrouper.org.invalid> posted:

The other points raised are bogus, except for the one about "magic numbers" which I will address in time, but that's just bad style, not a bug or vulnerability.

Actually point 18 of the Code Quality Review is not entirely bogus, though
it's not expressed clearly. For some conditions which are implemented by calling a command, I have:
if [condition] { .... }
and sometimes I have:
if {[condition]} { .... }
As long as condition here is a command that returns a boolean value,
these have the same effect but the second is slightly more efficient.
If condition is something which can return a more complex value, these
can behave differently as the first will undergo an extra round of substitution. I don't believe my code ever does that, but standardising
on the second form would make sense.

Also point 19 (potential memory leaks in use of thread-shared variables)
is theoretically a problem, but this is just for caching Face and X-Face images, which are quite small and so few posters use them that it's not
a real concern.

I want to thank Billy G. for taking the initiative to run my code through github co-pilot, it has been a useful exercise. EfyC
--
Colin Macleod ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ https://cmacleod.me.uk

FEED FEED FEED FEED FEED FEED FEED FEED
GAZA GAZA GAZA GAZA GAZA GAZA GAZA GAZA
NOW! NOW! NOW! NOW! NOW! NOW! NOW! NOW!
--- Synchronet 3.21a-Linux NewsLink 1.2

From Newsgroup: alt.free.newsservers

On 04.09.25 10:17, Colin Macleod wrote:

I want to thank Billy G. for taking the initiative to run my code through github co-pilot, it has been a useful exercise. EfyC

Thank you for linking pugleaf in wikipedia :D
--
.......
Billy G. (go-while)
https://pugleaf.net
@Newsgroup: rocksolid.nodes.help
irc.pugleaf.net:6697 (SSL) #lounge
discord: https://discord.gg/rECSbHHFzp

--- Synchronet 3.21a-Linux NewsLink 1.2

From Newsgroup: alt.free.newsservers

On 04.09.25 19:55, Billy G. wrote:

On 04.09.25 10:17, Colin Macleod wrote:

I want to thank Billy G. for taking the initiative to run my code through
github co-pilot, it has been a useful exercise. EfyC

Thank you for linking pugleaf in wikipedia :D

Line 1352 subst Command Injection Vulnerability Analysis

https://github.com/go-while/newsgrouper/pull/10#issuecomment-3255393367

makes sense, or not. I don't understand tcl :D

I've setup a workspace with claude and it's scanning the codebase too.
--
.......
Billy G. (go-while)
https://pugleaf.net
@Newsgroup: rocksolid.nodes.help
irc.pugleaf.net:6697 (SSL) #lounge
discord: https://discord.gg/rECSbHHFzp
--- Synchronet 3.21a-Linux NewsLink 1.2

From Newsgroup: alt.free.newsservers

"Billy G." <contact-5c2e-000@pugleaf.net> posted:

Line 1352 subst Command Injection Vulnerability Analysis

https://github.com/go-while/newsgrouper/pull/10#issuecomment-3255393367

makes sense, or not. I don't understand tcl :D

I replied by email with details, that's also bogus.
--
Colin Macleod ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ https://cmacleod.me.uk

FEED FEED FEED FEED FEED FEED FEED FEED
GAZA GAZA GAZA GAZA GAZA GAZA GAZA GAZA
NOW! NOW! NOW! NOW! NOW! NOW! NOW! NOW!
--- Synchronet 3.21a-Linux NewsLink 1.2

From Newsgroup: alt.free.newsservers

On Fri, 05 Sep 2025 11:48:21 GMT, Colin Macleod wrote:

"Billy G." <contact-5c2e-000@pugleaf.net> posted:

Line 1352 subst Command Injection Vulnerability Analysis

https://github.com/go-while/newsgrouper/pull/10#issuecomment-3255393367

makes sense, or not. I don't understand tcl :D

I replied by email with details, that's also bogus.

--
Colin Macleod ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ https://cmacleod.me.uk

FEED FEED FEED FEED FEED FEED FEED FEED
GAZA GAZA GAZA GAZA GAZA GAZA GAZA GAZA
NOW! NOW! NOW! NOW! NOW! NOW! NOW! NOW!

You have to kill HAMas first. They steal it.
--
Tom Mix
--- Synchronet 3.21a-Linux NewsLink 1.2