30 March 2017

Writing style on Usenet

This article is based on material authored by members of the news.newusers.questions Moderation Board and nnq-workers mailing list.

If your posts are hard to decipher, some people just won't even attempt to read them &ndash which means nobody will write back &ndash so try these helpful hints!

PLEASE DO NOT SHOUT

Ahem… please do not ‘shout’. No need to use ALL CAPS, as it is hard to read.

Do not use all lowercase, either. Try to use correct grammar and punctuation.

Quote judiciously

When posting a reply to someone else’s message, carefully checking the ‘attributes’ of any quoted text that your posting includes is wise. In other words, be sure that what your posting says that what someone else said actually is what that person, not someone else, said in a previous posting.

Please keep your lines less than 70 or 75 characters wide

If you do not, they tend to wrap around poorly and are hard to read. In case you are unsure how much space 70 characters take up, it is about six inches:

1--------10--------20--------30--------40--------50--------60-------70
  • If your program allows it, set your line wrap for every 70 characters. This will allow your text to ‘hit return’ for itself every 70 characters or so, so you do not have to do it.
  • If your program allows it, use a monospaced font like Courier or System. With these fonts, spaces and W’s and i’s and l’s all take up one unit of space. When every line of 70 characters takes up the same amount of space, it is a lot easier to figure out when you have reached 70 characters.
  • You might have to do it the old-fashioned way: hit return at the end of each line. It’s a pain, but it makes your posts a lot easier to read.

Please remember that many people do not speak the same languages you do

They also may not speak your language as well as you do. So please try to write your questions so that they are clear and easy to read. Moreover, please do not use foul language. People of all ages and all backgrounds read newsgroups. You will get a much better response if you speak politely than if you are rude to others.

29 March 2017

How websites can find out which other sites you visit

When a web browser renders a page that includes hyperlinks to other pages, one of two different colours is normally used for each link, depending on whether you already have visited the page to which the link points. To make this feature work, the browser needs a history file, in other words a list of all websites you have visited within a certain period. Browsers usually save this file on the local hard disk drive.

The history file can be a privacy threat to you. You probably know that other persons, such as co-workers or family members, could use your web history to gain information on which sites you have visited. However, it is often also possible for web servers to determine whether you have visited a particular page, for example that of a competitor.

This can be done by using CSS styles that e.g. apply a background image to visited links; when the browser displays such a link, it downloads the background image, and this download creates an entry in the server log, from which the web site operator can then retrieve the results. Also, note that if you allow your browser to run scripts (JavaScript, actually ECMAScript), you provide additional options to websites wanting to detect your browsing history.

The method described above does not actually read your history file, but rather asks e.g. "Is www.blogger.com out there? What about www.google.com and www.facebook.com?" and so on. Still, it can be quite effective. The best solution is probably to disable and delete the history file.

28 March 2017

Where to post your very first message

This article is based on material authored by members of the news.newusers.questions Moderation Board and nnq-workers mailing list.

Eventually, every newcomer to the Internet gets tired of just reading news, and wants to post something. Since news.newusers.questions often seems to be part of default subscription lists, a lot of these first postings end up there, whether they’re really appropriate or not.

Herewith, some tips on where to post your first message, depending on what kind of message it is:

If you just want to practice the mechanics of posting (which are sometimes not trivial)

...and verify that your messages really do go out to the rest of the world, you should post to misc.test or alt.test.

A site might monitor these newsgroups and automatically send email responses to all messages that appear in them. (Greetings from beautiful Contra Costa County, California!) These groups are also nice for practicing how to write messages with your text editor, because you do not have to worry about real people seeing your typing mistakes and formatting blunders.

If you want to exchange messages with people

...but do not have anything in particular to talk about ("Hi, I'm Wally in Podunk, Iowa. Please send me mail!"), try the newsgroup soc.penpals, which is intended specifically for this sort of thing.

If you actually want to ask a question

...then news.newusers.questions may be the right place. Strictly speaking, this newsgroup is for questions about Usenet in general, but most of us do not mind questions about other network services. If your question is rather specialized, though, be prepared to be referred to another newsgroup where real experts hang out.

Exception: If you have a question of the form ‘Is there a newsgroup about xxx?’

You should post it in news.groups.questions, which was created specifically for this purpose.

Finally, before you post a question in news.newusers.questions

Please scan through all the message titles in this newsgroup first. Certain questions get asked (and answered) repeatedly. There is a chance that your answer may already be sitting in your news server. Remember to check the ‘previously-read’ messages, too (how you do this depends on the software you are using).

If you can’t see what you’re looking for, and you are not in a life-or-death hurry, you might consider waiting and watching for a few days, especially if you suspect that your question might be an FAQ (Frequently Asked Question). – Examples:

  • ‘How do I view the pictures that are posted in some groups?’
  • ‘Where can I get a complete list of newsgroups?’
  • ‘How do I make a signature file?’
  • ‘How do I set up a home page?’
  • ‘How can I create a new newsgroup?’
  • ‘Why does my message disappear right after I post it?’
  • ‘How do I chat in real time with other people on the net?’
  • ‘Don't these people who answer questions have a real life?’ ☺

27 March 2017

Improve your online privacy by trimming the headers your browser sends

The EFF runs a very useful web-based service that estimates the uniqueness of the HTTP header lines that your browser sends to every web server from which you request a page or other content.

Especially if you allow all sites to run JavaScript on your computer, I suggest that you visit EFF’s Panopticlick site and note the results. Chances are that the information on plug-in details, time zone, screen size, colour depth and system fonts that JavaScript (officially ECMAScript) gives away go a significant way towards making your browser fingerprint unique.

In addition to avoiding JavaScript, similar steps you can take to improve your online privacy are to disable cookies and to use only one entry in your Accept-Language header (which enumerates your preferred languages for web content). Accept-Language: en would probably be the safest choice.

Many Panopticlick users have unique headers, even though the service does not pay attention to all information that a browser could provide.

Generally, the less opportunity your browser provides for running active content, the safer you are. Of course, this does not apply only to browser fingerprinting, but also to software vulnerabilities that can be used e.g. for loading so called drive-by malware.

Panopticlick exists at http://panopticlick.eff.org/.

26 March 2017

Public news servers

This article is based on material authored by members of the news.newusers.questions Moderation Board and nnq-workers mailing list.

If your news server does not carry a particular newsgroup that you want to read, you may be able to read that group on a news server that allows access from the public (and not just its own customers).

Free lunches are scarce

Before you set out to find a so-called public news server, you should be aware that many such servers are not intentionally public. Inadvertently configuring a news server so that outsiders can connect to it is a mistake inexperienced administrators often make. Eventually, they will notice their error and shut off outside access. This is especially likely to happen if the server carries any alt.binaries groups.

Most organizations that run news servers do not want usage by outsiders to degrade service to their own employees, students or customers. In addition, most organizations do not appreciate being used as a conduit for unsavoury activities. Therefore, if you do find a ‘public’ news server carrying newsgroups that you want, please:

  • Do not hog that server’s resources by downloading scores of articles, especially large binaries.
  • Do not use that server to disguise your identity and location so that you can post abusive messages, spam newsgroups with advertisements, etc.
  • Do not be surprised when you eventually get the message, ‘sorry, this server can’t talk to you’.

If you want reliable access to a large number of newsgroups, including binaries, then you should look for a commercial service provider that carries what you want, and pay for it.

25 March 2017

Unable to open a winmail.dat attachment?

If you use non-Microsoft software to read your email, chances are you eventually will receive a message that appears to include an attached file named winmail.dat. This occurs when the sender uses a Microsoft email client with settings that are incompatible with those of the recipient’s client software.

The message, including its attachments, can often be read without difficulty when using a Microsoft email client. This is due to Microsoft software being able to decode the message’s TNEF encoding. Non-Microsoft clients typically lack this ability, as TNEF is proprietary to Microsoft. The issue does not indicate a fault with the recipient's email client or with any of the email servers involved.

Potential solutions

First, evaluate whether the issue actually causes loss of relevant information. If, on the other hand, the winmail.dat file constitutes but a cosmetic fault, you might decide simply to ignore it.

If the issue does need to be remedied, the sender may experiment with various settings in his or her email client until a combination is found that results in messages usable to the recipient. As adjusting the most obvious settings may not be enough, this task can daunt even an experienced user.

Microsoft has published knowledge base articles on this phenomenon. The article ‘How e-mail message formats affect Internet e-mail messages in Outlook’ includes technical information that may be useful in troubleshooting the issue. ‘Email received from a sender using Outlook includes a Winmail.dat attachment’ is another, much briefer article; unfortunately, it is also an over-simplification that often does not resolve the problem.

Various third-party software tools promise to decode winmail.dat attachments. Caveat emptor.

Should all else fail, you may decide to use a Microsoft email client (such as Outlook) to read the affected messages.

24 March 2017

Fraudulent email messages

Have you received a suspicious message?

Please make sure the message is genuine before you reply to it or take any other action requested therein. Remember that fraudulent messages may be backed by elaborate arrangements, such as fake websites.

Genuine representatives for an organisation use the organisation’s domain name in email and other communications, while criminals typically solicit replies to free throwaway addresses that Microsoft (Hotmail), Yahoo and their ilk cheerfully provide with no identity check. Even if a legitimate-looking domain name is used, beware of misspellings and fake companies. For example, the address mcgregor_collin@aliance-finance-uk.com may look genuine at first glance, but a Whois lookup reveals that the domain name is registered to a private person in Indiana. The spelling ‘aliance’ is also extremely suspect.

On a similar note: legitimate businesses make and receive payments in accordance with generally accepted business practice, not through MoneyGram, Western Union or other ‘abandon hope all ye who pay here’ services. If you are unsure of whether an offer you have received is genuine, contact your local law enforcement agency or consult a security professional who is familiar with online fraud.

Never reply to a fraudulent message

Online fraud is typically perpetrated by criminal organisations. Once the mobsters have received a reply from a potential victim, they can be very persistent. A number of advance-fee fraud victims who have bitten the bait and agreed to meet the perpetrators, for instance in Nigeria, have even been kidnapped or murdered. In addition, any personal information you provide may be used to steal your identity. Advice on how to report spam is available in the article ‘Composing abuse reports’.

Be on your guard for harmful attachments and websites

Office software such as Adobe Acrobat, Adobe Reader and Microsoft Office often contain vulnerabilities that can allow an attacker to take over your computer. Criminals try to exploit such flaws by enticing spam victims to open harmful PDF, Microsoft Office and other documents. Similarly, visiting a website scammers have set up or hijacked can cause harmful software to be installed on your computer – automatically, without further user interaction; this type of attack is known as ‘drive-by downloading’. Security software can protect against such threats.

Read more about…

advance-fee fraud and other common types of fraud into which victims are recruited by email.