Path: utzoo!attcan!uunet!epiwrl!epimass!jbuck
From: jbuck@epimass.EPI.COM (Joe Buck)
Newsgroups: news.admin
Subject: Re: sendsys
Message-ID: <2239@epimass.EPI.COM>
Date: 24 Jun 88 22:53:52 GMT
References: <3071@rpp386.UUCP> <710@vsi1.UUCP> <107@carpet.WLK.COM> <57793@sun.uucp>
Reply-To: jbuck@epimass.EPI.COM (Joe Buck)
Distribution: na
Organization: Entropic Processing, Inc., Cupertino, CA
Lines: 41

In article <57793@sun.uucp> chuq@sun.UUCP (Chuq Von Rospach) writes:
>The four messages went to four different sites (ucbvax, agate, ames and
>husc6) -- the only thing they have in common is that they're all NNTP sites.
>The messages were all posted at 20:20.

If Chuq is right about this, it will be trivial to determine the
forger's site, since NNTP logs all connections by time.  The sys
admins in question can just check their logs and see what site
connected to them at that time.  (Erik Fair pointed this out, along
with a few other suggestions: all NNTP admins should occasionally
check their logs for connects from sites that don't usually do so).

>o Someone did it to Webber. Why? because Webber's a pain in the neck. 
>  I'm sure someone out there could rationalizing vandalizing the network
>  just to "get" Webber. Or perhaps they thought it was cute and didn't
>  realize the implications. 

Almost certainly.  The hostility expressed against Bob Webber at
Usenix, even by people who were unaware of the sendsys messages, was
pretty intense.  I did like the T-shirts saying

	Bob Webber -- Just Say "n"

>Guerilla tactics on USENET. What a concept. 
>
>If folks really want to track this down, I suggest the following:
>o rutgers: was Webber logged on at the time? 

He doesn't have an account on Rutgers, according to Mel Pleasant.

I disagree with Chuq about getting rid of sendsys.  Without it, we
never would have been able to clean up all the botches in people's
sys files after the Great Renaming and 2.11 installation.  People
sending out sendsys with distribution "ba" and checking for problems
performed an invaluable service.

So tell me, Chuq, why so radical these days?  You seem to have a new
major change to propose at the drop of a hat (drop all nontechnical
groups because AT&T changed their MAIL policy; drop all mailback
control messages because of one abuser, etc).  Seems to me there
should be a little thought before we go making radical changes.