You know, the ultimate irony of all this PGP trolling, impersonation, etc
crap that has been coming across this newsgroup lately is that the actions
of those who oppose PGP have actually convinced me of the merits of using
PGP. Now, if only I could figure out how to set up it up on my uni's
system (can't do it from home as the home ISP stopped providing newsgroup
feeds over a year ago, and just said "oh well" when I complained about
it).

Anyways, it gives me a giggle to think of the irony.

Cichlidiot <fishlover@nospam.invalid> wrote:

> You know, the ultimate irony of all this PGP trolling,
> impersonation, etc crap that has been coming across this
> newsgroup lately is that the actions of those who oppose PGP have
> actually convinced me of the merits of using PGP. Now, if only I
> could figure out how to set up it up on my uni's system (can't do
> it from home as the home ISP stopped providing newsgroup feeds
> over a year ago, and just said "oh well" when I complained about
> it).

There are free nntp servers that you can use if your isp does not
carry a newserver. There is a big one in Germany. All you have to
do is google for free nntp server or free newserver and you'll find
it. Then you can set the NNTPSERVER environment variable or the
/etc/nntpserver file to the name of the server and away you go.

With respect to using pgp, keep in mind that it is essentially
meaningless. Anybody can impersonate you and even include a pgp
signature using their own key. You would likely never know the
difference. It is a waste of time in a non-critical application
like posting to this newsgroup. The people who use it are the kind
of anal-retentives who like gadgets. They are the kind of people
who put lights around their car license plates, pick their stereo
by the number of switches it has, and routinely add up their
grocery receipt looking for errors when they get home.

We simply hate people like that. They make life shitty for
free-spirited people. If we could invent a smart bomb that would
instantly kill all the fucking anals we would launch it in glee
without a second thought.

cordially, as always,

rm

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Realto Margarino <boogie@eewwww.org> writes:
> Cichlidiot <fishlover@nospam.invalid> wrote:
>> it from home as the home ISP stopped providing newsgroup feeds over a
>> year ago, and just said "oh well" when I complained about it).
>
> There are free nntp servers that you can use if your isp does not
> carry a newserver. There is a big one in Germany. All you have to

Indeed - that's

news.individual.net


Really good service ;-)

Glyn
- --
RTFM http://www.tldp.org/index.html
GAFC http://slackbook.yoshiwara.org.uk/
STFW http://groups.google.com/groups?hl=e...inux.slackware
GAFL http://www.xemacs.org http://www.gnus.org/
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.3 (GNU/Linux)
Comment: Processed by Mailcrypt 3.5.8 <http://mailcrypt.sourceforge.net/>

iD8DBQFAeOBkkRpsH2aPlY4RAr1TAJ4jQ8uctwgste7v328RjS cu59Fp4wCfcHJv
wkHyw9JHNi3dd7WZUaXnQhw=
=GZ3E
-----END PGP SIGNATURE-----

On Sun, 11 Apr 2004 05:11:16 GMT, Realto Margarino <boogie@eewwww.org> wrote:
> With respect to using pgp, keep in mind that it is essentially
> meaningless. Anybody can impersonate you and even include a pgp
> signature using their own key. You would likely never know the
> difference.

Maybe I'm wrong, but what you are saying is just not true. If I sign a
message with my pgp key, this signature can be verified, because of the web
of trust. Get my PGP key and check the signatures and you will know, that
every message signed with my key is send by me. Of course if you don't check
the signature, I can fake the email header telling I'm someone else, but
this has nothing to do with your argument.

So don't start a flame war. Just respect the personal freedom of everybody.
If someone wants to sign his posts, he can do it. You can allways hide the
part in a good newsclient. And don't say a PGP signature adds bytes to the
postings, this may has been a problem 20 years ago, but today it doesn't
count.

Sebastian
--
PGP-ID: 0x9695F25F
Fingerprint: D5DA A954 D16B 09E2 005A A065 AB10 3028 9695 F25F
Public Key: http://www.hpfsc.de/download/steinchen.asc
Keyserver: wwwkeys.pgp.net oder gpg.dtype.org

Sebastian Stein <seb_stein@gmx.de> wrote:
> On Sun, 11 Apr 2004 05:11:16 GMT, Realto Margarino <boogie@eewwww.org> wrote:
> > With respect to using pgp, keep in mind that it is essentially
> > meaningless. Anybody can impersonate you and even include a pgp
> > signature using their own key. You would likely never know the
> > difference.

> Maybe I'm wrong, but what you are saying is just not true. If I
> sign a message with my pgp key, this signature can be verified,
> because of the web of trust. Get my PGP key and check the
> signatures and you will know, that every message signed with my
> key is send by me. Of course if you don't check the signature, I
> can fake the email header telling I'm someone else, but this has
> nothing to do with your argument.

Rubbish. I can setup a key for Sebastian Stein at some other email
address, make that key publicly available and nobody would know
which Sebastian Stein you are. In any case there is no _reason_ to
do it.

> So don't start a flame war. Just respect the personal freedom of
> everybody. If someone wants to sign his posts, he can do it.

Not if I have anything to say about it. It's butt ugly, makes
postings hard to read, and violates usenet .sig limits.

The people who use it in this group do it merely as an affectation.
Especially those using pseudonyms. The notion of using pgp with a
pseudonym is preposterous.

cordially, as always,

rm

On Sun, 11 Apr 2004 04:51:44 +0000, Cichlidiot wrote:
> PGP. Now, if only I could figure out how to set up it up on my uni's
> system (can't do it from home as the home ISP stopped providing newsgroup
> feeds over a year ago, and just said "oh well" when I complained about

The news server I think Roger meant (in Germany) is news.cis.dfn.de.
They're very good for text newsgroups (which happens to be all I would
find of interest.) I can highly recommend them.

But there are other options! You're already using a text-mode client.
Have you considered using it on the school machine via ssh? Oops, I
guess that fails to address the issue of not having GPG there. You can
tunnel any TCP connection through ssh as well. In fact that's how this
reply is posted!

I have a shell account at a friend's machine (who also posts here
sometimes.) I connect like this:
ssh -L 1119:localhost:119 rob0@$REMOTE
Now my localhost:1119 is the news server on $REMOTE! I set that up as a
news server in my GUI client (Pan), and away I go.

Another thing you might like to try is openvpn. That way you can have a
complete TCP/IP link to your home network from school and vice versa. I
use openvpn connections for all my mail and for a great deal of work.
--
/dev/rob0 - preferred_email=i$((28*28+28))@softhome.net
or put "not-spam" or "/dev/rob0" in Subject header to reply

On Sun, 11 Apr 2004 10:37:08 GMT, Realto Margarino <boogie@eewwww.org> wrote:
>> Maybe I'm wrong, but what you are saying is just not true. If I
>> sign a message with my pgp key, this signature can be verified,
>> because of the web of trust. Get my PGP key and check the
>> signatures and you will know, that every message signed with my
>> key is send by me. Of course if you don't check the signature, I
>> can fake the email header telling I'm someone else, but this has
>> nothing to do with your argument.
>
> Rubbish. I can setup a key for Sebastian Stein at some other email
> address, make that key publicly available and nobody would know
> which Sebastian Stein you are. In any case there is no _reason_ to
> do it.

Of course you can do it, but anyone can check the sig and if the key is
signed by many people. In this way you can find out, if the person is really
me or not.

Sebastian
--
http://www.hpfsc.de/ - die Seite rund um:
Assembler, Bundeswehr, TFT LCDs, Halle/Saale, Fahrradtouren, Neuseeland,
Wanderstaat Mauma, Raumschiff USS Nathan, Enemy Room, MLCAD Tutorial

Sebastian Stein <seb_stein@gmx.de> wrote:
> Of course you can do it, but anyone can check the sig and if the key is
> signed by many people. In this way you can find out, if the person is really
> me or not.

Don't bother arguing with Mr. Cordially. He and others like him have an
obvious lack of understanding about basic public key cryptography and a
lack of desire to educate themselves about the subject. They don't
understand the basic premises of a web of trust and all the caveats that
come with that. Instead they harp on certain caveats as if they were fatal
errors. In essence, they are trolls, so don't feed them.

/dev/rob0 <rob0@gmx.co.uk> wrote:
> But there are other options! You're already using a text-mode client.
> Have you considered using it on the school machine via ssh? Oops, I
> guess that fails to address the issue of not having GPG there. You can
> tunnel any TCP connection through ssh as well. In fact that's how this
> reply is posted!
>
> I have a shell account at a friend's machine (who also posts here
> sometimes.) I connect like this:
> ssh -L 1119:localhost:119 rob0@$REMOTE
> Now my localhost:1119 is the news server on $REMOTE! I set that up as a
> news server in my GUI client (Pan), and away I go.

How I normally post is to connect to their student shell machine pool via
SSH and use tin on that machine. I'll have to check into the rules about
tunnelling though. Last I heard, those that were trying tunnelling to
retrieve their campus email at home by means other than plain text POP
(due to a really really idiotic policy of having the email password also
be the Kerberos password, can we say "hello?" here) were having issues. I
suppose I could always try setting up my machine on campus to be a tunnel
if the problem was that they restricted access to campus IPs (which I
believe was the issue, but it's been a while), but I hate to leave that
thing on when I'm not around (seems wasteful). The campus tends to be
rather bad about securely accessing their services from off campus. For a
campus with a comp sci security lab Center of Excellence, there certainly
is a preponderence of plain text entries and logins floating around.

Cichlidiot <fishlover@nospam.invalid> wrote:
> Sebastian Stein <seb_stein@gmx.de> wrote:
> > Of course you can do it, but anyone can check the sig and if the key is
> > signed by many people. In this way you can find out, if the person is really
> > me or not.

> Don't bother arguing with Mr. Cordially. He and others like him
> have an obvious lack of understanding about basic public key
> cryptography and a lack of desire to educate themselves about the
> subject.

Clearly I know more about it than you. But don't let that get in
the way of your feeble flamage.

> They don't understand the basic premises of a web of trust and
> all the caveats that come with that.

Web of trust, eh? That's why everybody has to have secret keys...

Oh, and who is "they?"

> Instead they harp on certain caveats as if they were fatal
> errors. In essence, they are trolls, so don't feed them.

PGP is not necessary for any poster in this group. That is not
meant to be a "fatal error." It is meant to be a self-evident
truth, however. The only reason anybody posting to this ng uses pgp
is because they like it as an affectation. They are gadget men and
they impose their trash on the rest of us when it is wholly
unnecessary.

Now go on and talk about "fatal errors." My purpose is to object
to the unnecessary and annoying use of pgp trash. Your purpose is
to flame me.

Troll.

cordially, as always,

rm