Introduction
PAN is a newsreader that has been around for ages. It allows you to sift through the massive clutter that Usenet has become through its really fast interface loaded with tons of features!
It’s development died off way back in 2012, but recently it’s development has picked right back up again. Not only is this product feature rich and open source, but it’s written purely in C++ which makes it incredibly light weight (thus very, very fast). Some of the subtle product enhancements this product has seen in the past few months make it worthy to be in the spot light again.
So What Can It Do?
- Header Caching: Tell it the group(s) you want and how much of it you want to see and it will download the headers it retrieves to a local cache file. This is awesome because now you can sift through this content offline.
Cache Headers - Header Scoring: You can flag key aspects of articles with a score. By default every header retrieved has a score of zero (0) unless you start dabbling in this area.
Anything that scores less than (or equal to) -9999 can be configured to not list itself at all. Some well set scores can greatly clean up your ability to locate content in groups.
You can score content higher and/or lower based on the posts author, subject, size, age, etc. You can even apply scoring through regular expressions too!
Scoring is very powerful when used properly! I’ll talk about it again a bit later in this blog once you’ve gotten set up. But if we were to apply scoring to the previous screenshot (above), it might look like this (all garbage cleaned up and content prioritized with color coding too):
Header Scoring - Multiple Server Support: Got a block account? No problem, you can add it as a secondary server and only pull from it if the Primary one is unavailable.
- NZB-File Support: The treasure maps of Usenet can be loaded into Pan too and downloaded through it. True automation of these come through systems like NZBGet and SABnzbd, but it’s still worth knowing that not only is this a newsreader, but it can pass as a downloader as well!
- Concurrent Connections: Like any great browser/downloader of any system; files are retrieve concurrently. This means that you can just keep browsing and tagging content of interest seamlessly without interruptions.
- Header Compression Support: One of the new enhancements surfaced with the new development of this project. This makes a world of difference when retrieving hundreds of thousands of headers from a Usenet group. Enabling this feature along (if your Usenet provider supports it) will greatly reduce wait times!
Pan’s Disabled Features
The features page on PANs website explains about a parent company (called ChimPanXi) that tries to sell this free product with added functionality. I guess the deal they have with the developers is to just disable a few features so that they can be re-enabled them the paid version (purely speculation)?
But since the (Pan) code is open source, the options are right there in front of us but just disabled. Quite honestly… of all this disabled functionality, only one is truly worth pointing out: Pan restricts you to just 4 allowable concurrent connections to your Usenet provider at a time. Here is a small patch I created which increases this number to 99. The build I provide in this blog already has this patch applied. Here are the rest of the missing features (with some of my comments as well); maybe some might see value in the others?
The Goods
For those hooked up to my repository are already set, just type the following:
# install the new version of Pan yum install pan --enablerepo=nuxref
You can also reference this table too for direct links:
| Package | Download | Description |
|---|---|---|
| pan | el7.rpm, fc22.rpm, fc23.rpm, fc24.rpm, fc25.rpm | The Newsreader: This is the program that this blog focuses on. |
Note: The source rpm can be obtained here which builds everything you see in the table above. It’s not required for the application to run, but might be useful for developers or those who want to inspect how I put the package together.
It’s also worth noting (again) that this build includes a small patch to increase the maximum allowable number of concurrent connections from 4 to 99.
Securing Your Connection
There is very little security built into Pan from a connection point of view. What little security is (normally) in place is built using GnuTLS. GnuTLS has a history of not keeping up with the security exploits and vulnerabilities that surface with encryption libraries. It doesn’t make it unsafe; it just doesn’t make it as reliable as it’s competition (OpenSSL and Crypto). For this reason the packages I provide are intentionally not built against it (GnuTLS).
It’s really not a problem at the end of the day because there are other ways of securing this connection (properly). The way I use (and recommend) is through Stunnel.
Stunnel allows you to take an unencrypted input (from Pan) and connect it to a secure connected one (at your Usenet provider). The best thing about stunnel is that it links to your (OpenSSL) shared system libraries libssl.so and libcrypto.so which are actively maintained and patched! Basically what I’m saying is by attaching Pan to Stunnel: you get the feature rich usage of Pan and the ongoing (reliable) security of OpenSSL.
The following will get you set up with stunnel; you’ll want to be root before running the command below:
# Install stunnel (if it's not installed already) # you'll need to be connected to either EPEL or NuxRef for this # to work: yum install stunnel
You can also reference this table too for direct links:
| Package | Download | Description |
|---|---|---|
| stunnel | el7.rpm, fc22.rpm, fc23.rpm, fc24.rpm, fc25.rpm | Secure Tunnel: for data encryption. Note: This RPM is not required by PAN to run correctly. It does however offer you a safer and more secure method of encrypting your communication to (and from) your NNTP Server. |
# You must have root permissions when setting up # stunnel # Create relay bound to local server only (semi-colons are for # comments): cat << _EOF > /etc/stunnel/stunnel.conf ; Use it for client mode ; This is the pass through mode you need to encrypted ; your NNTP traffic: client = yes [nntp] ; ; --- IN --- ; ; local port to listen on (on this PC) ; You will configure PAN to connect here: accept = 127.0.0.1:119 ; ; --- OUT --- ; ; The Remote Usenet Server's (encrypted) connection to use: ; In this example, I'm just pointing to Astraweb, but you ; can provide any Usenet server you wish here. Just be sure ; to point it to their secure transport point! connect = ssl.astraweb.com:563 _EOF # This line below is useless, but it allows you revisit this blog # entry and continue and copy and paste these instructions at a later # time. The line removes any previous entries set to prevent the # creation of duplicate entries in your startup file at another time # It's harmless to run at any point: sed -i -e '/bin\/stunnel/d' /etc/rc.d/rc.local # Configure stunnel to start after each boot echo "# Start /usr/bin/stunnel on boot each time:" >> /etc/rc.d/rc.local echo "/usr/bin/stunnel" >> /etc/rc.d/rc.local # By default stunnel is configured to read # it's configuration from /etc/stunnel/stunnel.conf # on startup: stunnel
The next step is to update your PAN server configuration to point to your local server (localhost or 127.0.0.1) instead of the remote one you’re accessing. Make sure to set the port to 119 too like so:
You’ll provide the same username and password you would have otherwise provided to your Usenet provider.
The end result is a secure connection between you and your Usenet provider like so:
Scoring
Scoring articles can greatly ease your life when looking through all of the headers in front of you; it’s great for:
- Eliminating SPAM
- Filtering out potential malicious content (such as Trojans and Viruses)
- Increasing the visibility of items of interest
- Locating Authors of interest with ease
All scores can be optionally associated with a time limit too. When the limit expires, so does the score. This is useful when you only want to temporarily filter content. Otherwise the permanent scores will make up most of your configuration. To add a score, simply click Articles > Add a Scoring Rule…
Here is an example of a rule you might add; this one greatly reduces the score of all entries that have potentially dangerous file extensions in the subject line:
Pan’s built in filter field allows you to sift through all of the articles you found with keywords. Pairing this functionality with the scoring one really shows off the power of Pan.
All created scores are kept in ~/.pan2/Scores so don’t worry if you mess one up. You can just as easily open this file and fix it. Any manual changes to this file will however require you to exit out of Pan (if it’s open) and restart it.
Here is just a few entries of what you might have in your Score file:
%BOS
% Greatly reduce score of potentially malicious content
[alt.bin*]
Score:: -9999
Subject: .*\.(exe|bat|vbs|cpl|msi|scr|vb(script)?|ws(f|h))[^A-Za-z0-9].*
%EOS
%BOS
% Moderately increase the score of compressed content
[alt.bin*]
Score:: 2500
Subject: .*\.(z(ip|[0-9]{2})|r(ar|[0-9]{2})|7z|iso)[^A-Za-z0-9]([0-9]{3}[^A-Za-z0-9])?.*
%EOS
%BOS
% Very slightly decrease the content of PAR content
% This allows it to not quite have the same spot light as
% the item it matches up against. If it were a compressed file
% it would already have +2500 from the previous score entry
% identified above. These will just sit at +2400 instead.
[alt.bin*]
Score:: -100
Subject: .*(\.vol[0-9]+\+[0-9]+)?\.(par2|sfv)[^A-Za-z0-9].*
%EOS
%BOS
% Very slightly increase the score of NZB-Files
[alt.bin*]
Score:: 250
Subject: .*\.(nzb)[^A-Za-z0-9].*
%EOS
%BOS
% Mildly drop the score of cross-posted content
[alt.bin*]
Score:: -750
Xref: (.*:){2} % cross-posted to 2 or more groups
%EOS
Wrapping It Up
I’m certainly not asking anyone to change from their existing system if it works for them. What I am pointing out though is that Pan is completely free, it’s open source and the features it offers are comparable (if not better) than all of it’s competition. Although it works great on Linux, it also works on many other platforms as well such as Microsoft and Apple.
It might not have a beautiful interface, but it wasn’t built to fill your systems memory with bloated eye candy. It was built to be fast and effective… and truly, it really is.
The newer versions coming out are really great! If you haven’t given it a try since it’s dated ones, you really should! If you’re interested in seeing how Usenet is structured, than this is also a great tool to learn with. If you run an indexer (such as newznab or the many forks of it) you can practice your regular expressions (regexs) using Pan. For an Indexer Admin, this tool is especially great in debugging your regexs!
Credit
This blog took me a very long time to put together and test! The repository hosting alone accommodates all my blog entries up to this date. All of the custom packaging described here was done by me personally. I took the open source available to me and rebuilt it to make it an easier solution and decided to share it. If you like what you see and wish to copy and paste this HOWTO, please reference back to this blog post at the very least. It’s really all I ask.
Sources
- Regular Expressions: A great location to read up more on regular expressions if you’re not already familiar with them.
- Pan Specific:
- Official PAN Website: The main source
- Windows Users might be interested to know they can run this too.
- Some related blogs I did on Usenet:
- A Usenet Solution For CentOS 6: Talks about both SABnzbd and NZBGet and is still applicable for CentOS 7.x systems.
- SABnzbd Installation for CentOS 7.x: A simple installers guide to SABnzbd
- NZBGet v17 for CentOS 7: Also applicable to newer versions of NZBGet too!
