Path: senator-bedfellow.mit.edu!bloom-beacon.mit.edu!newsfeed.stanford.edu!nntp.cs.ubc.ca!news.killfile.org!not-for-mail From: tskirvin@killfile.org (Tim Skirvin) Newsgroups: news.admin.net-abuse.bulletins,news.admin.net-abuse.usenet,news.admin.net-abuse.sightings,news.admin.net-abuse.misc,news.answers Subject: Cancel Messages: Frequently Asked Questions, Part 4/4 (v1.75) Supersedes: Followup-To: news.admin.net-abuse.usenet Date: Sat, 15 May 2004 00:00:02 -0500 Organization: Killfiles, Unlimited Lines: 319 Approved: news-answers-request@mit.edu Expires: Sat, 26 Jun 2004 05:00:02 GMT Message-ID: Reply-To: tskirvin@killfile.org X-Trace: victor.killfile.org 1084597205 26755 216.43.25.138 (15 May 2004 05:00:05 GMT) X-Complaints-To: usenet@killfile.org Summary: This is a list of Frequently Asked Question about cancel messages on Usenet. It mainly discusses how cancels work, who issues them, their history, and what to do about them. It is more of a general purpose FAQ than anything else; it's not required reading anywhere, just more of a reference. X-Auth: PGPMoose V1.1 PGP news.admin.net-abuse.sightings iD8DBQFApaPSv1i8LqUfqQURAkgyAJ0YGFmbfsf+ZlUP91mps3S+FnaSsACfWhTf 1/ooS8t6d800IoQkqoicLvk= =FNvN Xref: senator-bedfellow.mit.edu news.admin.net-abuse.bulletins:34806 news.admin.net-abuse.usenet:610097 news.admin.net-abuse.sightings:1406498 news.admin.net-abuse.misc:222753 news.answers:271284 Archive-name: usenet/cancel-faq/appendix Posting-Frequency: monthly Last-modified: 1999/09/30 Version: 1.75 URL: Cancel Messages Frequently Asked Questions Part 4/4 This document contains information about cancel messages on Usenet, such as who is allowed to use them, how they operate, what to do if your message is cancelled, and the like. It does not contain detailed instructions on how to cancel a third party's posts. It is not intended to be a fully technical document; its audience is the average Usenet user, up to a mid-level administrator. This document is not meant to be a comprehensive explanation of Usenet protocols, or of Usenet itself, but a basic knowledge of these concepts is assumed. Please refer to news.announce.newusers, RFC1036, and/or RFC1036bis if you wish to learn them. Disclaimers: The information contained within is potentially hazardous; applying it without the permission of your news administrator may cause the revocation of your account, civil action against you, and even the possibility of criminal lawsuits. The author of this document is in no way liable for misuse of the information contained within, nor is he in any way responsible for damages related to the use or accuracy of the information. Proceed at your own risk. Table of Contents > = In other parts of the FAQ ================= * = Changed since last update >I. What are cancel messages? >II. How do cancels work? >III. So your post was cancelled... >IV. What does it take to cancel messages? >V. That idiot forge-cancelled my posts! >VI. What moral issues are involved with cancel messages? >VII. What's going to happen to cancels in the future? >VIII. What about these other things? >IX. What are the current cancel issues? >Changes >To Do >Contributors >Pointers Appendix A: Dave the Resurrector 1. What is Dave the Resurrector? 2. Why is Dave necessary? 3. What cancels are authorized? 4. What messages are reposted? 5. What is the format of the reposts? 6. So how do I cancel my own posts when Dave is around? 7. What about other Resurrector bots? Appendix B: Retromoderation 1. What is retromoderation? 2. Why is retromoderation so popular? 3. What's wrong with retromoderation? 4. When is retromoderation alright? Appendix A: Dave the Resurrector ================================ 1. What is Dave the Resurrector? Dave the Resurrector is a program written and run by Chris Lewis (clewis@ferret.ocunix.on.ca) that reports on and reposts messages cancelled in the news.admin.net-abuse.* hierarchy. Dave's code was written after a particularly obnoxious run of cancels in news.admin.net-abuse.misc sent by Kevin Lipsitz (since charged with fraud and other offenses); the name was suggested by Tim Skirvin, and Chris accepted the name in honor of Dave Hayes, of news.admin.* fame. Dave's reposting activities are occasionally extended to include the rest of news.* and other hierarchies, to resurrect messages removed by large-scale rogue cancellers. From time to time Dave's presence has also been requested in other newsgroups. 2. Why is Dave necessary? The news.admin.* hierarchy has always been the target of massive forged cancel attacks, (see section V.D. for details). Dave neutralizes these attacks, though at the cost of allowing people to cancel their own posts effectively. 3. What cancels are authorized? In the context of Dave, an "unauthorized cancel" is a cancel by someone other than the originator, the originator's system administration, the moderator of the group, or an accepted spam canceller. Of necessity, given the ease in which cancels can be forged, Dave cannot determine the authenticity of cancels per-se, so will resurrect all cancelled articles except those which: o are cancelled by an accepted spam canceller, or o contain a "X-No-Repost: yes" header, or o are deemed by Dave to be unsafe to resurrect - where "unsafe" is determined at the discretion of Dave's operator. Dave's operator routinely scans Dave's normal haunts, and will manually recancel articles that appear to have been resurrected in error. Other spam cancellers who've been introduced to Dave can do this as well. When Dave is armed to cope with a rogue canceller cancelling in other groups, a best-effort attempt will be made to avoid reposting spam and other postings that are undesirable to resurrect. 4. What messages are reposted? According to the news.admin.net-abuse.* charters, "All messages removed by unauthorized cancels in the hierarchy will be automatically reposted by Dave the Resurrector or a similar program, at the discretion of the group moderator or, for the unmoderated groups, the operator of the resurrector program." Every cancel message in the news.admin.* hierarchy prompts Dave to create a repost of the original message; however, not every repost is injected into the news system. Before Dave submits an article to be reposted, the bot runs a few extra checks: o If there have been more than n reposts this "run" (the amount of time since Dave was started, which is usually several days), do not submit the repost. As of the the time this section was written, "n" was 30; this number is, of course, subject to change. o If the original is more than n days old, do not submit the repost. "n" was 4 as of the time this section was written, and is again subject to change. o If the cancel was from an authorized spam canceller, as determined by Dave's operator, do not submit the repost. o If the article is unsafe to resurrect (for technical or other reasons), do not submit the repost. If the circumstances warrant it, some or all of these heuristics may be turned off - for instance, the maximum reposts per run section may be taken out to stop a massive forged-cancel bomb. Also, all articles not submitted by Dave are still subject to later perusal (and possible posting) by Dave's operator, as he sees fit. 5. What is the format of the reposts? In the past, Dave modified the body and headers of the message to allow for easy notice of rogue cancels. It was eventually pointed out, however, that this policy broke PGP signatures (VII.E.) and the pseudo- headers used by FAQ maintainers; to solve this, Dave's policy has been changed to 'least-disturbance'. As such, reposts of cancelled messages are as similar to the original message as possible: o The original Path and Message-ID are renamed to X-Path and X- Message-ID (respectively). o A series of X-Comment headers, including 'X-Comment: DtR repost:" are added, to explain that the message is a repost. o The Message-ID of the repost consists of the original Message-ID with a prepended "REPOST.". It should be noted that this change, while necessary, does break PGP-signed control messages and is not compatible with PGPMoose. o The Path of the article is set to 'ferret.ocunix.on.ca!resurrector' (at injection). The Path may also include the site responsible for the cancel, which helps break cancel-repost loops if a rogue canceller tries to cancel the reposts and allows other sites to alias out the cancelling site and ignore the reposts if they wish. o At present, 'REPOST: ' is prepended to the Subject line of all reposted articles; this is likely to change in the near future. o The Newsgroups header is trimmed to only include news.admin.* groups, so as to prevent cancel-repost wars with policy-enforcement bots in other groups (ie groups such as foo.general will be removed from the Newsgroups: header, even if it was present in the original article). This has the side benefit of stopping people from using Dave to "protect" their cross-posted flamewars by including a news. admin.* group. o The body is posted intact, with the cancel message that trigged Dave appended at the end of the message. o All other headers are left intact. 6. So how do I cancel my own posts when Dave is around? If it were possible, Dave would let you cancel any article that you wrote without a repost; however, due to the practical problem of cancels being trivially easy to forge, this can't happen without removing Dave's use. As such, Dave errs on the side of caution, and reposts most articles it sees cancels for. However, there are ways around Dave, if you really want to cancel your posts. o The presence of an 'X-No-Archive: yes' header will prevent Dave from reposting your article (excepting attacks by targeted rogue cancellers); see your newsreader's manual for instructions on how to automatically add this header to your messages. o If you cancel or supersede your article soon enough after the original posting, you _may_ be able to remove the message before a copy is saved by Dave. Of course, it should be noted that cancel messare are rarely going to be fast enough to keep anybody from reading the message anyway. Mail to Dave's operator is not encouraged when a cancel is required; even in the case of forgeries in your name, a post to the proper news.admin.* group indicating that the messages are forged will do more good. 7. What about other Resurrector bots? As previously noted, DtR can be extended to other newsgroups and hierarchies by request. Astute observes might note that the news.admin.net-abuse.* charters allow for other Resurrector bots if the situation warrants it. This was done on purpose, to allow for a replacement for Dave if necessary. At this time, however, no other Resurrector bots seem to be necessary. Appendix B: Retromoderation =========================== 1. What is retromoderation? Technically, retromoderation is moderation that takes place after the messages are posted. All posts are initially distributed normally, either through standard Usenet channels or through a simple mail-to-news gateway; the moderator later checks the group, and deletes those messages that were inappropriate. 2. Why is retromoderation so popular? In a normally moderated newsgroup, the combination of a simple moderator-bot and retromoderation allows for focused and on-topic discussions and keeps the group (mostly) spam-free, all while not requiring large workloads for a moderator and allowing message distribution to be kept high. In an otherwise unmoderated newsgroup, retromoderation allows for some level of topic and spam control, while not forcing the centralization required by standard moderation and not requiring a formal moderation process. In short, retromoderation is a quick and easy way of accomplishing most of the benefits of standard moderation, and people appreciate this. 3. What's wrong with retromoderation? Though it may be tempting, retromoderation should never be entered into lightly. It is plagued with problems, affecting everything from its effectiveness to the long-term future of Usenet. o Retromoderation does allow for messages deemed inappropriate by the moderator to be displayed for a time. This defeats the purpose of the moderation in many cases, such as high-speed 'announce' news- groups or groups for school-aged children. o Retromoderation is not 100% effective. Not all sites honor cancel messages, and even less honor NoCeMs; as a result, it may not be possible to delete a message after it has been posted. o While all news software recognizes the difference between a moderated and an unmoderated newsgroup, there is no way to tell from software whether a group is retromoderated; as such, there is no official way to indicate whether a group is retromoderated or not, nor to tell who is the moderator or moderators. Similarly, there is no official way to make an otherwise unmoderated newsgroup retromoderated. o Most reasonable people will understand if their messages are never posted; the concept is fairly apparently to most of the population due to past experiences with newspaper and magazine editors and their ilk, and few consider it censorship. This is less true when an article is posted and subsequently deleted. o News administrators rarely want to deal with the specifics of Usenet news, especially in regards to cancel messages. As such, many news admins will delete a retromoderated newsgroup and/or disable cancel messages on their servers, rather than worry about the issues involved with the retromoderation. o Retromoderation in an otherwise unmoderated newsgroup gives credence to those that would like to cancel messages that they merely don't like on Usenet as a whole. 4. When is retromoderation alright? Even though retromoderation has its problems, it is still widely accepted and used in several circumstances. o Retromoderation is not questioned in already moderated newsgroups if performed by the group moderator or those who they designate. Mod- erated Big-8 newsgroups, alt.* groups accepted as moderated by 80%+ of Usenet sites, and private hierarchies may all be retro-moderated by their respective moderators or controllers. o Spam-trap groups, such as alt.sex.cancel, are specifically chartered so that any message crossposted to them is considered fair game for cancellation. This form of retromoderation is considered mostly legitimate, so long as the newsgroup name makes clear that the group is moderated. o As only those sites that explicitly want to follow the moderation will have to do so, any individual can retromoderate any newsgroup that they choose using NoCeM rather than cancel messages. o Although still hotly contested, there is a movement to allow robot keyword retromoderation of alt.* groups, in which any post not containing a key word or phrase, decided upon by the group, is automatically cancelled. Keyword retromod was invented by Dick Depew (red@redpoll.mrfs.oh.us) and is currently being used on several newsgroups, such as alt.sex.cthulhu. This form of retromod is considered radical, and (in the opinion of this author) shouldn't be done; standard moderation is probably a better answer. -- Copyright 1999, Tim Skirvin. All rights reserved.