Alue status report

In May, I posted about the discussion forum software I am writing, Alue. Since then –

What works:

  • The NNTP interface is essentially complete.
  • There is a rudimentary reading and posting HTTPS interface .
  • Users are able to self-register, manage their own accounts and reset lost passwords using an email challenge system.

What is broken:

  • NNTP control messages.
  • MIME message display in HTTPS (including character set conversions)
  • Web design. Although – all HTML is template-generated, so it’s more a problem with the test installation than with the actual software.

What is missing:

  • HTTPS-based administration
  • Moderation
  • Spam control
  • Email distribution of messages
  • Posting by email
  • Packaging (including proper installation and upgrade procedures)

And it would probably use a proper security review of the code.

If you are interested, go check out the test installation. The code and the test installation templates are available through Git. If you are really brave (and are a skilled system administrator), you might try creating your own installation – if you do, let me know.

This is Alue

I have made a couple of references in my blog to the new software suite I am writing, which I am calling Alue. It is time to explain what it is all about.

Alue will be a discussion forum system providing a web-based forum interface, a NNTP (Netnews) interface and an email interface, all with equal status. What will be unusual compared to most of the competition is that all these interfaces will be coequal views to the same abstract discussion, instead of being primarily one of these things and providing the others as bolted-on gateways. (I am aware of at least one other such system, but it is proprietary and thus not useful to my needs. Besides, I get to learn all kinds of fun things while doing this.)

I have, over several years, come across many times the need for such systems and never found a good, free implementation. I am now building this software for the use of one new discussion site that is being formed (which is graciously willing to serve as my guinea pig), but I hope it will eventually be of use to many other places as well.

I now have the first increment ready for beta testing. Note that this is not even close to being what I described above; it is merely a start. It currently provides a fully functional NNTP interface to a rudimentary (unreliable and unscalable) discussion database.

The NNTP server implements most of RFC 3977 (the base NNTP spec – IHAVE, MODE-READER, NEWNEWS and HDR are missing), all of RFC 4642 (STARTTLS) and a part of RFC 4643 (AUTHINFO USER – the SASL part is missing). The article database is intended to support – with certain deliberate omissions – the upcoming Netnews standards (USEFOR and USEPRO), but currently omits most of the mandatory checks.

There is a test installation at verbosify.org (port 119), which allows anonymous reading but requires identification and authentication for posting. I am currently handing out accounts only by invitation.

Code can be browsed in a Gitweb; git clone requests should be directed to git://git.verbosify.org/git/alue.git/.

There are some tweaks to be done to the NNTP frontend, but after that I expect to be rewriting the message filing system to be at least reliable if not scalable. After that, it is time for a web interface.

Anecdote Nr 1 of implementing a NNTP (reading) server

The first version of my work-in-progress NNTP server I tested with a real newsreader had enough code to handle connections, give the greeting and reject every command except QUIT (whose implementation was fully RFC 3977 conforming).

Here’s an excerpt from my server log when giving tin the Treatment:

2009-05-02T01:05:49 nntpd for 127.0.0.1:55432 terminating
2009-05-02T15:24:31 nntpd listening at 0.0.0.0:5555
2009-05-02T15:24:46 nntpd for 127.0.0.1:34844 starts
2009-05-02T15:24:46 nntpd for 127.0.0.1:34844 ==> 200 posting allowed
2009-05-02T15:24:46 nntpd for 127.0.0.1:34844 <== CAPABILITIES
2009-05-02T15:24:46 nntpd for 127.0.0.1:34844 ==> 500 unrecognized command
2009-05-02T15:24:46 nntpd for 127.0.0.1:34844 <== MODE READER
2009-05-02T15:24:46 nntpd for 127.0.0.1:34844 ==> 500 unrecognized command
2009-05-02T15:24:46 nntpd for 127.0.0.1:34844 <== CAPABILITIES
2009-05-02T15:24:46 nntpd for 127.0.0.1:34844 ==> 500 unrecognized command
2009-05-02T15:24:46 nntpd for 127.0.0.1:34844 <== MODE READER
2009-05-02T15:24:46 nntpd for 127.0.0.1:34844 ==> 500 unrecognized command

This went on and on and on for five seconds, until tin crashed (which I believe is a bug – a NNTP client ought to either give up after getting 500 to CAPABILITIES, or ignore the 500 from MODE READER – I’m sure there are functional NNTP servers predating CAPABILITIES that do not implement MODE READER either). My server promptly crashed as well – my logic for handling socket errors was faulty (fixed).

Next victim was slrn. It was much better behaved:

2009-05-02T15:37:07 nntpd for 127.0.0.1:40000 starts
2009-05-02T15:37:07 nntpd for 127.0.0.1:40000 ==> 200 posting allowed
2009-05-02T15:37:07 nntpd for 127.0.0.1:40000 <== MODE READER
2009-05-02T15:37:07 nntpd for 127.0.0.1:40000 ==> 500 unrecognized command
2009-05-02T15:37:07 nntpd for 127.0.0.1:40000 <== XOVER
2009-05-02T15:37:07 nntpd for 127.0.0.1:40000 ==> 500 unrecognized command
2009-05-02T15:37:07 nntpd for 127.0.0.1:40000 <== XHDR Path
2009-05-02T15:37:07 nntpd for 127.0.0.1:40000 ==> 500 unrecognized command
2009-05-02T15:37:07 nntpd for 127.0.0.1:40000 <== NEWGROUPS 071115 214035 GMT
2009-05-02T15:37:07 nntpd for 127.0.0.1:40000 ==> 500 unrecognized command
2009-05-02T15:37:07 nntpd for 127.0.0.1:40000 <== GROUP gmane.comp.shells.dash
2009-05-02T15:37:07 nntpd for 127.0.0.1:40000 ==> 500 unrecognized command
2009-05-02T15:37:07 nntpd for 127.0.0.1:40000 <== GROUP gmane.comp.version-control.packaging
2009-05-02T15:37:07 nntpd for 127.0.0.1:40000 ==> 500 unrecognized command
2009-05-02T15:37:07 nntpd for 127.0.0.1:40000 <== GROUP gmane.linux.drivers.ath5k.user
2009-05-02T15:37:07 nntpd for 127.0.0.1:40000 ==> 500 unrecognized command
2009-05-02T15:37:07 nntpd for 127.0.0.1:40000 <== GROUP gmane.linux.kernel
2009-05-02T15:37:07 nntpd for 127.0.0.1:40000 ==> 500 unrecognized command
2009-05-02T15:37:07 nntpd for 127.0.0.1:40000 <== GROUP gmane.linux.kernel.announce
2009-05-02T15:37:07 nntpd for 127.0.0.1:40000 ==> 500 unrecognized command
2009-05-02T15:37:07 nntpd for 127.0.0.1:40000 <== GROUP gmane.comp.compilers.cyclone.general
2009-05-02T15:37:07 nntpd for 127.0.0.1:40000 ==> 500 unrecognized command
2009-05-02T15:37:07 nntpd for 127.0.0.1:40000 <== GROUP gmane.comp.version-control.git
2009-05-02T15:37:07 nntpd for 127.0.0.1:40000 ==> 500 unrecognized command
2009-05-02T15:37:07 nntpd for 127.0.0.1:40000 <== GROUP gmane.comp.compilers.pcc
2009-05-02T15:37:07 nntpd for 127.0.0.1:40000 ==> 500 unrecognized command
2009-05-02T15:37:21 nntpd for 127.0.0.1:40000 <== QUIT
2009-05-02T15:37:21 nntpd for 127.0.0.1:40000 ==> 205 bye
2009-05-02T15:37:21 nntpd for 127.0.0.1:40000 terminating

Unfortunately, slrn went and deleted my subscriptions to those groups. The bastard. :)