Newsgroups: news.software.readers,comp.sys.mac.comm,news.admin.misc From: email@example.com (Tim Pierce) Subject: GNKS/A: NewsWatcher 2.0b24 Message-ID: <D5Jwot.CrJ@midway.uchicago.edu> Organization: University of Chicago -- Academic Information Technologies Date: Thu, 16 Mar 1995 20:53:17 GMT Enclosed is my Good Net-Keeping Seal of Approval evaluation of NewsWatcher 2.0b24. The Good Net-Keeping Seal of Approval attempts to establish a standard for newsreader behavior on Usenet. For more information on the aims and requirements of the Good Net-Keeping Seal of Approval, see <URL:http://www.media.mit.edu/people/rnewman/Good_Netkeeping_Seal> SUMMARY Overall, I found NewsWatcher to be lacking in only two respects: the amount of information it displays about an article when reading messages, and -- more importantly -- its lack of security when prompting the user for their e-mail address. NewsWatcher 2.0b24 does not perform any sort of authenticity check by default to determine whether the account named belongs to the person, or even whether it is a syntactically valid e-mail address. Apart from these problems, I was quite pleasantly surprised by NewsWatcher's structure and strengths. The user interface is quite pleasing to the eye, and takes good advantage of the Macintosh toolkit. Furthermore, the application seems robust and capable of handling gracefully all sorts of unusual or unexpected inputs. However, its handling of security issues leads me to conclude that it is not suitable for newcomers to Usenet unless used in conjunction with an NNTP server which requires authentication. Recent Good Net-Keeping evaluations have used a "checklist" format that I find disorienting and difficult to follow, so I have written up my evaluation in a less formal style. For the benefit of those who prefer the checklists, however, I have included such a list at the end of this document. The "Notes" field of this checklist contains an asterisk for each item which is mentioned in the written review. ------------------------------ PROBLEMATIC AREAS: NewsWatcher was found to be problematic in the following areas: 1. Displaying essential header information. * By default, NewsWatcher displays only the From, Organization, Date, Newsgroups and Subject headers of an article. The Newsgroups header is typically truncated to one or two groups, and the Subject header is displayed in the title bar of a MacOS window, and will often be truncated at 50 or 60 characters. The Good Net-Keeping Seal of Approval requires that by default, an article being viewed must display the From, Subject (at least 70 characters) Newsgroups, Followup-To, and Reply-To headers (only if present and different from the Newsgroups and From headers). 3. Crossposting. * NewsWatcher fully implements crossposting, but it is instructive to note that "How do I cross-post?" is listed as question number 36 in the FAQ at the end of the documentation, on page 137. Mr. Norstad may wish to give consideration to making the solution more obvious. See also Item 4, below. 11. Providing valid From header. * NewsWatcher does not attempt to determine whether the e-mail address specified by the user actually belongs to them. It permits the user to enable NNTP-based authentication, optionally, but does not go further than that. Nor, so far as I have been able to determine, does it perform any syntax check whatsoever. In particular, it permitted me to post a message with an "e-mail address" that did not even include an "@". I consider this to be NewsWatcher's fatal flaw. 12. Providing accurate and safe "cancel" mechanism. * Owing to the problems with Item 11 (above), the Preferences menu makes it trivial for a moderately intelligent user to forge a cancel message: merely change your e-mail address and personal name to those of the user whose message you wish to cancel, and it will be done. 14. Preventing obvious user errors. * NewsWatcher does not issue a warning when the user posts an empty article or one that consists exclusively of quoted text. AREAS OF INTEREST: NewsWatcher's behavior was found to be unusual, notable or advantageous in the following areas: 2. Providing standard commands. * NewsWatcher does not, technically, use "separate commands" for following up to an article and replying to e-mail. There is only a single pull-down menu option for the "Reply" command, which covers both public and private replies. However, once the Reply command has been selected, the user may choose between public and private responses by clicking either on a newspaper icon (for "news" responses) or on a snailmail icon (for "mail" responses), or both. Since the distinction seems quite apparent, I consider NewsWatcher to have satisfied this requirement, even though it might not be regarded as providing "separate" commands for the two kinds of responses. 4. Changing essential headers during message composition. * In its treatment of Newsgroups and Followup-To headers, NewsWatcher actually outdoes most newsreaders I have known. If you enter the names of more than five newsgroups on a Newsgroups header, NewsWatcher issues a warning, and it imposes an absolute maximum of fifty newsgroups. * By default NewsWatcher does not provide many header fields to edit. In the Edit window, however, pressing Command-H expands the window to include fill-in-the-blank fields for Followup-To, Reply-To, and other standard fields, as well as a space to enter additional headers (such as Summary). 13. Respecting line length. * By default, NewsWatcher breaks lines at 75 characters. The user may resize the editing window at will, but new text will still be wrapped to 75 characters when the post is actually made. Excellent touch. Unfortunately, quoted text is not handled quite so deftly, but nevertheless this feature alone makes NewsWatcher quite notable. ------------------------------ CHECKLIST: Req Itm Sub- Item rd? ## Description item OK? OK? Notes Y 1 Display all essential header info NO * Y default is to display YES Y a) display author YES Y b) display subject NO * Y c) display newsgroups list NO * Y d) display Followup-To list NO Y e) display Reply-To if /= From: NO Y 2 Provide standard commands YES Y clear YES * Y separate NO * Y a) post a new article YES Y b) post a followup article YES Y c) reply by email YES N use standard terminology YES Y 3 Implement cross-posting YES * Y allow user specification YES Y cross-post (not multi-post) YES Y 4 Change essential headers YES Y change headers while editing body YES Y change Subject YES Y allow at least 70 chars in subject YES Y change Newsgroups YES Y change Followup-To YES * Y allow followup-to: poster YES * Y change Reply-To YES * Y 5 Correct Subject headers in flwup/rply YES Y a) prepend "Re: " (exactly!) YES Y b) preserve entire Subject YES Y even subjects > 80 chars long YES Y 6 Respect Followup-To YES Y use to initialize Newsgroups: in flwup YES Y recognize and act on 'poster' YES Y 7 Followups contain References YES Y contains message-id of original YES Y never truncate individual message-id YES N contains three Refs from original YES N contains entire Refs of original YES N contains any id mentioned in body YES Y 8 Direct email reply to Reply-To YES Y 9 Quotation and attribution YES Y provide method YES Y set off by prepend YES Y attribution line YES Y identifies author YES N gives message-id YES Y 10 Subject is mandatory YES Y do not post empty or provide <none> YES Y allow change while editing body YES Y 11 Must provide valid From: header NO * Y syntactically valid NO N belongs to the user NO Y 12 Must provide cancel NO Y of own articles YES Y *prevent* cancelling others NO * N 13 Respect line length, and post WYSIWYG YES N line brks shown are present when posted NO * N do *not* post paragraph w/o line brks YES N warn if body has lines > 80 chars NO * N external editor conforms N/A N 14 Prevent obvious errors NO * N prevent posting empty article NO N prevent posting only quoted text NO -- Unsolicited commercial electronic mail sent to this address will be proofread at a cost of $200/hour (one half-hour minimum).