How to make sure sanguinews is checking the certificate?

[rdscorreia74]

I've just tested sanguinews on my computer and I must say that I was very well impressed. Yet I have a couple of questions that I would like to pose: 1 - Are you still working on sanguinews and do you have plans to enhance it?

2 - How can I make sure that sanguinews is properly encrypting my communications? I don't know much about cryptography but to my knowledge, if I encrypt a communication it then has to be decrypted on the other end. Usually that's done with the use of certificates. But I didn't tell sanguinews about my nntp provider certificate. So how does it work? Is it really encrypting communications? Bear in mind that I am only interested in encrypting my nntp username/password. And here just an example of what other people think about ssl clients: http://filesharingtalk.com/threads/452598-Usenet-binary-poster-for-Linux?p=3705618&viewfull=1#post3705618

3 - Is it possible to use sanguinews on a server/client philosophy? Like having sanguinews run as a daemon in the background and having a text-mode/ncurses or even web client that can see what sanguinews is doing? If not, would you consider adding this feature on a to-do list for sanguinews?

Thanks in advance. Cheers

[tdobrovolskij]

Thank you for your feedback. I am glad that you have found sanguinews useful.

1. I won't lie to you, I am not actively developing this project of mine, but I don't mind to come back to it and implement something, if I'll find an interesting and/or cool feature.
2. Sanguinews isn't checking validity of a provider's certificate. It just establishes a SSL connection, when asked, so no plain text data will be sent afterwards. I thought that this is enough even for paranoid users, but I guess that I was wrong. I will check if it is difficult to implement validity checks.
3. It's currently impossible. I always planned sanguinews as a simple command line uploader to to complement rarnpar.

[rdscorreia74]

Thanks mate. Never thought you'd answer so quickly. :o So thanks for such a quick reply :)

1 - Sad that you're not developing it any longer. But maybe it's because you got out of new features to implement. I just hope there are no big bugs in it right now.

2 - Then the user authentication is done after the ssl connection so that no one finds out my nntp login credentials. That's quite enough for me. :) EDIT: just a small remark. It would be great if the ssl connection was established using aes-256 because anything below that these days will only take hours, days or weeks to brute-force decrypt. ;)

3 - Too bad. I guess I can always run it behind screen or tmux so that I can disconnect my remote terminal/ssh session to the server that will be running sanguinews.

4 - Now, please forgive me my ignorance but is it possible to compile a ruby program so that it becomes a standalone binary not needing the ruby package to be installed?

Thanks in advance. Cheers

[tdobrovolskij]

1. If you will encounter a big bug - don't hesitate to write a bug report.
2. Don't forget that cipher selection is two-sided process. You can't use cipher which isn't supported by server. Normally server's preferences are used. I would, of course, gladly force to use ciphers from TLS1.2 set, but it could cause many problem for users, because TLS1.2 isn't widely accepted yet.
3. Yes, this could be a solution. I am normally working in tmux anyway. :)
4. Sorry, this is not really possible. Ruby is an interpreted language. But normally, even on resource poor VPSes, it shouldn't be a problem to install ruby package.

[rdscorreia74]

Thanks for your reply Tad. 1 - Sure, even though I usually don't find bugs in apps. Even alpha/beta stuff usually works for me. I guess I don't push software to the limits. Let's kill this #1 ;) 2 - I see. I wasn't aware of that. Is there any way I can tell which cipher is being used in sanguinews for any given server connection? 3 - Yes, far from the optimum but it is a valid workaround. So let's squash #3 too ;) 4 - Oh, I see. Well from what I can see ruby is not too hungry on disk space either (~6/7MB). I am not going to be using sanguinews on a VPS, it's going to run from my ARM-based plugcomputer. It's a seagate dockstar (1.2GHz and 128MB RAM - http://wiki.openwrt.org/toh/seagate/dockstar#highlights). BTW why do I see so many folks talking about running usenet uploaders from VPSes? Why use a VPS instead of their own desktop/file server? Am I missing something here? Thanks mate :)

[tdobrovolskij]

2 - Quick and dirty solution: open lib/nntp.rb and add following line after the 411th line there:

puts "name: " + ssl.cipher[0] + " bits: " + ssl.cipher[2].to_s

So it should look like:

ssl.connect
          puts "name: " + ssl.cipher[0] + " bits: " + ssl.cipher[2].to_s
          @socket = InternetMessageIO.new(ssl)

4 - Usually - because of connection. You can get a VPS with 1Gbps uplink for few bucks per month. Quite a bargain.

[rdscorreia74]

Hi Tad. Thanks for your reply. 2 - I will look into add this code to the script and see how it goes. I guess we can forget about #2. 4 - I see. A quick look around and I found some really cheap bargains but with very small hdd space. Deals with 1 or 2TB of hdd are still way above my pocket. Could you point me some examples, please? Thanks :)

[tdobrovolskij]

Hi there, I completely forgot about this topic, my bad. Just to close the issue: as far as I know, there are no cheap 1-2TB offers. 100GB is max that you can get cheaply. VPS is normally used as a buffer machine. You download/upload some files and move them to your own as soon as possibly when files aren't needed on VPS anymore.