Forgot your password?
typodupeerror
The Internet

IRC in the Dog House? 94

Posted by Cliff
from the falling-out-of-favor dept.
Emperor Tiberius asks: "It seems more and more dedicated server companies are turning tail to the idea of hosting IRC machines. Hosts like Rackshack are adding 'no-IRC' rules to their AUPs at the risk of having one's server unplugged. Why is IRC (the once applauded chat medium) being thrown to the dogs? Some might say the horrendous botnets written for the protocol are a part of the problem. However, if we were to shut down the IRC protocol. Isn't it theoretically possible the botnet authors would just migrate to a different protocols like Oscar/AIM, ICQ, ICB, Jabber, just to name a few? If so, how would we manage the problem? Would we shutdown all ICB servers, and cut-off the ICQ network? Are we trying to kill off the problem in the wrong way, or is there a compromise to keep IRC alive, and keep botnets away?"
This discussion has been archived. No new comments can be posted.

IRC in the Dog House?

Comments Filter:
  • I remember.... (Score:3, Interesting)

    by Anonymous Coward on Monday October 06, 2003 @09:01PM (#7149715)
    I remember IRC back when the main system, efnet, only had about 700 users on it. Even then, it was a constant storm of splits, lag, and maneovers and assassinations by swarms of killer 'bots.

    Last time I checked in, the bots had gotten more powerful, and things had taken a nasty turn where nicknames were commandeered and others who dared to use them got punished.

    You want Skynet? Terminator: Rise of the Machines? Just witness how bot evolution calcified IRC.
    • Re:I remember.... (Score:2, Interesting)

      by magores (208594)
      IRC was my first intro to being online...

      1) Cute ChanOP that I met. (I actually met her, and she WAS cute.)
      2) Being nuked by some other guy that decided he loved her.
      3) War scripts (defense only, of course)

      Damn, those days were fun.

  • Real reason (Score:5, Insightful)

    by bobthemonkey13 (215219) <keeganNO@SPAMxor67.org> on Monday October 06, 2003 @09:01PM (#7149717) Homepage Journal
    It's not because of the botnets directly, but rather beacuse IRC servers tend to attract massive amounts of abuse (DDoS attacks, etc) that can be a huge pain for hosting companies.
    • Re:Real reason (Score:5, Insightful)

      by damu (575189) on Monday October 06, 2003 @09:09PM (#7149777) Journal
      It is not that the IRC server are being singeled out, if the IRC servers are gone, then tomorrow is going to be the freenet nodes, or the DC networks, etc, etc. The problem is not removing the targets, but getting rid of the shooters. dam
      • Re:Real reason (Score:3, Informative)

        by RevAaron (125240)
        Indeed. If/when a responsible IRC network like Freenode goes away, I imagine it will be because of better means of communication or a lack of interest. When you run your IRC server in a way that people can exploit it for their evil doings (ok, over simplification!) it's no surprise people will avoid it.
      • It is not that the IRC server are being singeled out, if the IRC servers are gone, then tomorrow is going to be the freenet nodes, or the DC networks, etc, etc.

        Probably not. An IRC server gets targeted because it happens to have a user connected to it that has done something to piss off a 12 year old h4x0r with a few thousand DDoS zombies under his control.

    • Re:Real reason (Score:5, Informative)

      by Omega Hacker (6676) <omega.omegacs@net> on Monday October 06, 2003 @09:53PM (#7150031)

      Indeed, I'm co-owner of PDXcolo.net [pdxcolo.net], using User-Mode Linux to do virtual hosting where you actually get root on the box. One of our customers has purchased the largest such system we offer, and proceeded to use it to run a chatnet.org site. Within days we were hit by 50+Mbps DDoS attacks, which actually took out our upstream provider's router at one point. He's still a customer, and we still have problems every once in a while, but we've been told by our upstream ISP that if something like this happens again, *we* are responsible for it. That's going to mean we get either disconnected (BAD) or fined (we can handle that), but it definitely means we won't be allowing that customer to run an IRC server anymore.

      That said, other comments to the effect that if it isn't IRC it will be something else are entirely true. I've heard of DNS providers being DDoS'd out of existence because some pathetic 9 year old script kiddie decided to DDoS the *domain* of a site he doesn't like.

      Personally, I wish backbone providers had a little more, um, backbone, when it comes to tracking bandwidth spikes through the net to actually catch the attackers. But no, they get paid for the bandwidth whether it's legitimate or not, so they couldn't care less.

      • Re:Real reason (Score:1, Informative)

        by Anonymous Coward
        Dynamic DNS providers seem to be another target for DDoS attacks simply because they piss off the same sort of "users": Most DDNS providers have a policy which prohibits use of their service for illegal purposes, like warez servers. I'm not sure how script kiddies expect to change this by taking out the DDNS provider, but kicking warez-domains off DDNS is apparently a direct way to load-test your infrastructure.
    • It's not even because of IRC, I wish people would make the distinction, IRC is simply the tool that is used by botnet authors to COORDINATE the attacks. What's to stop botnet authors from using a different communication method to synchronize their bots?

      Why not attack the root of the problem, dumbass people leaving unsecured, easy to root machines lying around, connected to the Internet?
      • Why not attack the root of the problem, dumbass people leaving unsecured, easy to root machines lying around, connected to the Internet?
        I have to agree. You need to pass a test before you can drive a car on the public highway. We need a secure internet with only licensed users with trustworthy hardware.

        Any ideas?

    • Nah! There is the real reason:

      Somebody discover that "Tania, 21 yo, bisexual and horny" was in fact a man...

      They were so sad, they shut off all the servers...
  • Warez (Score:3, Insightful)

    by Safrax (697056) on Monday October 06, 2003 @09:09PM (#7149774) Journal
    IRC also tends to be a very easy way to access all kinds of illegal stuff. As well as bait for DDoS and other annoying attacks.
    • Re:Warez (Score:4, Insightful)

      by BrookHarty (9119) on Monday October 06, 2003 @11:00PM (#7150367) Homepage Journal
      IRC also tends to be a very easy way to access all kinds of illegal stuff. As well as bait for DDoS and other annoying attacks.

      And hardware stores allow people to make bombs, and weapons. Get off the illegal excuse. Anything can be abused.

      And DDoS applications now use websites to load commands, and IRC network scan for large bot type networks. Its pretty easy for the police to track people on IRC, if your worried about illegal stuff, dont worry, the feds sit on irc and pretend to be 14 yo girls. Last count, there are over 75 cyber cops sitting on networks just looking for pedophiles. Imagine how many are looking for movies and other warez?

      But on the good side, IRC can be encrypted, a place to chat with other people with same interests, get questions answered, user groups, etc. IRC isnt going away, just look at how many networks there are, gamesnet.net, slashnet, opensource servers, support servers for companies, DJ groups, etc. There are thousands of small servers out there, other than the big ones, Efnet, Undernet, etc.

      IRC is a tool, when a better tool comes along, you trade up. Until then, go get irssi and have fun.
      • Re:Warez (Score:1, Interesting)

        by Anonymous Coward
        Last count, there are over 75 cyber cops sitting on networks just looking for pedophiles. Imagine how many are looking for movies and other warez?

        I assume you meant that there are even more people trying to enforce copyrights on IRC. If you did not mean this, then please pardon me while I use that assumption to make a point.

        Isn't it a fucked up society we live in, where keeping an eye out for children's safety from child molestors is secondary to protecting the profits of the latest pop music regurgitati
        • >Isn't it a fucked up society we live in, where keeping an eye out for children's safety from child molestors is secondary to protecting the profits of the latest pop music regurgitation?

          There's a *lot* more people violating copyright than molesting children.

          If your shop were broken into 365 times a year, wouldn't you consider your case more important than even, say, catching a drunk driver?

          While I think the methods of enforcement of copyright are crude and harsh, that doesn't mean real police (not RI
          • While I think the methods of enforcement of copyright are crude and harsh, that doesn't mean real police (not RIAA goons) shouldn't investigate cases. Copyright does exist for good reasons.
            That reason being, "to promote the progress of science and useful arts," don't forget. Is "pop music regurgitation" a useful art?
            • Yes it is useful.

              People like it and it entertains/makes them happy.

              It takes some time/effort to make. A persona must be created someone needs to write the crap and someone needs to package it.

              People who put money into creating something should be able to try and recoup that money.

              Hopefully people will keep buying the shit music and it will continu to support the other acts that don't make as much money.
              • Well, I feel that "useful" means that the work somehow advances the sophistication of the field it's in, or introduces new ideas, which I don't think pop blah really does. OTOH, neither does much of the music I do like, and I would still prefer those artists had some protection. So I would be happy with the laws that used to be in place for copyrights, although I think automatic copyright protection without having to register is still a good thing.
          • Well, given that "the real police" are already having trouble tracking down traders of kiddie pr0n online, why would I want to dilute their efforts ten -thousand-fold by having them inviestigate and arrest, say, a ten-year-old girl who copies a CD in her parent's new-fangled boombox?
  • by Anonymous Coward on Monday October 06, 2003 @09:10PM (#7149789)
    The various distrobuted denial of service attacts that were aimed at some of the more high profile networks... few providers want to deal with that sort of thing.

    Combine that with the public image of IRC being used for illegal file distrobution and "hackers", IRC's in low reguard.

  • by Chester K (145560) on Monday October 06, 2003 @09:11PM (#7149797) Homepage
    Hosts like Rackshack are adding 'no-IRC' rules to their AUPs at the risk of having one's server unplugged.

    The submitter misread Rackshack's AUP (as I did when I was signing up for service through them, on this specific topic incidentally -- so I emailed them for clarification). Many of the items in their AUP apply to their virtual servers only -- where many customers share one physical machine. IRC servers aren't permitted on those machines because of the load they put on the machine.

    If you've got your own Rackshack server, you can run IRC on it all you want.
    • Rackshack doesn't allow linking your ircd to any public networks (although I doubt any network will accept a Rackshack server anyway :p). They won't mind if you run a private ircd on their servers, but I guess if it ever gets dos'ed/packetted you'll have to pay for the transfer used...
    • by Anonymous Coward
      Quoth the Rackshack AUP:

      IRC networks: It is absolutely forbidden to host an IRC server that is part of or connected to another IRC network or server. Servers found to be connecting to or part of these networks will be immediately removed from our network without notice. The server will not be reconnected to the network until such time that you agree to completely remove any and all traces of the irc server, and agree to let us have access to your server to confirm that the content has been completely remo

      • Quoth your Quoth...

        It is absolutely forbidden to host an IRC server that is part of or connected to another IRC network or server

        The way I read that, it says that as long as your IRC server isn't connected to another server/network, and is a network of itself, you are fine. Then again, maybe its just me.

  • by jeaton (44965) on Monday October 06, 2003 @09:17PM (#7149835)
    I don't think that hosting companies necessarily care about the IRC protocol itself, but more with the problems that come along with hosting a service known for attracting the worst kind of attention while sucking up tremendous amounts of bandwidth.

    The
    technical requirements [undernet.org] for running an Undernet.org server explain it pretty clearly. 5 Mbps of legit traffic, plus becoming a target for massive DDOS attacks? Why would a hosting company want that kind of service in their netblock?

    Yea, sure, other IRC networks aren't nearly as high-profile, but this is the reputation that IRC has gotten, along with being a haven for copyright violation.

    If you want to run an IRC server, then get your own dedicated net connection from a backbone provider and you can host whatever (legal) service you want.
  • The amount of warez traded on IRC is immense and exceeds ftp warez traffic by a significant margin. The kiddies can do their Google search for warez, but the real underground is in IRC.

    Hosting an IRC server in this day and age is like running an illegal music swapping site in the open. At some point the powers that be (the RIAA or the BSA, for example) will act, so why tempt them in the first place?
    • by iCEBaLM (34905) <icebalm@NOSPaM.icebalm.com> on Monday October 06, 2003 @09:26PM (#7149879)
      Except that there is no content stored on the servers, and all the swapping is done via DCC (Direct Client Connection) and not through the server.

      Hosting an IRC server is not like running an illegal music swapping site in the open. Now, running and serving content in one of said IRC servers channels... that's a different story.

      -- iCEBaLM
      • Hosting an IRC server is not like running an illegal music swapping site in the open.

        No, it's exactly like running a service like the old Napster that uses central servers for searching, but transfers files peer-to-peer. It's not like that saved Napster. In fact, look at Direct Connect -- it's a deliberate combination of IRC and peer-to-peer filesharing.

        • Nothing in the irc protocol facilitates or encourages the sharing and finding of copyrighted material. Hosting an IRC BOT (HUUUUUUGE difference) can draw you ire. KC Geek runs their own irc server, and has done so without incident. If you build a text based protocol on top of irc, as mIRC and other scriptings do, you are not providing a centralized search database, nor are you providing any content.

          Think about what you're saying; if your logic was sound, then the existance of AIMster would mean that AIM wa
        • DCC is NOT supported by IRC servers. It was never defined in RFC, and there is not a single feature in any major IRCd that was designed specifically to help users file-share.

          DCC was introduced on the Client-side as a method of sending pictures. It has remained client-side. Too bad it evolved into what it is considered today...

          Think of it this way: Let's say that ICQ doesn't support file-sharing. Eventually someone figures out a way to file-share over the ICQ network by using just messages and codes it
        • Part of the reason Napster lost out was because the software did not provide "signficant non-infringment uses", as would be required by historical cases (VCRs). I think most legitimate IRC servers could argue this point and win.
      • >Except that there is no content stored on the servers, and all the swapping is done via DCC (Direct Client Connection) and not through the server.
        • Unlike napster however, file sharing is NOT part of the IRC RFC Protocol, the server itself does NOT facilitate searching for or downloading files and IRCs primary function is NOT file sharing, it's chatting.
  • by Anonymous Coward on Monday October 06, 2003 @09:29PM (#7149905)
    I'm an oper on a major irc network, so I'm aware of a lot of what goes into running a server. The problem is that when a kiddie gets upset (at other users, a channel or some perceived slight by an oper/the network), they DDoS the server. This uses bandwidth, and bandwidth is money. IRC servers use a good chunk of bandwidth just for regular user behavior, and this blows that away. The bandwidth providers aren't getting much out of this other than a little brand recognition (if that much), so their charity isn't limitless. Hosting providers restrict IRC for this reason, too. They don't want to up the risk of being attacked. Running an IRC server is, unfortunately, a high risk activity these days.
    • The problem is that when a kiddie gets upset (at other users, a channel or some perceived slight by an oper/the network), they DDoS the server.

      Yes, a few years ago every * was chasing users running warscripts (or any script at all, because it's really hard to tell whether a script is a warscript or not) or bots, because they were causing too much net traffic. I guess today there are too many users that would have to be banned. Not that banning an IP is particularly useful...

      I wonder how webchat client
  • Not necessarily... (Score:4, Insightful)

    by szemeredy (672540) on Monday October 06, 2003 @09:34PM (#7149930) Homepage
    Just to debunk a few things here before people get started...

    1) Some trojans already use non-IRC protocol. Some trojans already use more than one protocol.

    2) Almost all of the larger networks run some type of anti-drone and anti-proxy system to prevent the problem from getting out of control. Said programs are widely available in a variety of forms for most IRC daemons.

    Newer worms target smaller networks because of this, since smaller networks generally don't run said software (besides the usual nickname/channel services). Many worms also use private IRC networks, since the botnets can't be tracked and/or shut down as easily on them.

    3) Most IRC servers are not hosted by people who lease servers at small hosting companies. A majority of servers linked to larger networks are either hosted by ISPs or by large entities with large amounts of bandwidth to burn.

    Smaller hosting providers purposely shun IRC servers because they know that they can be a bandwidth burden (not to mention a DDoS target). Larger hosts, which monitor their bandwidth 24/7, usually don't object to hosting servers - all they have to do is blackhole the server's IP when a DDoS attack comes their way and the disruption is minimalized.

    EFnet [efnet.info] may have lost some high-profile servers lately, but the majority of IRC networks are doing well server-wise. QuakeNet [quakenet.org] (the world's largest IRC network) is in the process of starting a campaign to link more North American servers... and not because the network needs more servers (they could easily handle 300000 users in their current state), but because they want to draw in more North American users.
    • Smaller hosting providers purposely shun IRC servers because they know that they can be a bandwidth burden (not to mention a DDoS target).

      Damn right too. As a small hosting provider, I used to have no end of problems with that. Mod Parent up!
  • by Anonymous Coward on Monday October 06, 2003 @10:08PM (#7150108)
    "It seems more and more dedicated server companies are turning tail to the idea of hosting IRC machines."


    At $350 a month, httpd.net [httpd.net] is home for a huge number of IRC servers. With an incredibly advanced and secured network that has been running continuously for over SEVEN YEARS, it has the experience that proves that IRC hosting can be done effectively.

    It's not cheap, but quality never is.

    In those seven years, it has rarely had any substantial downtime due to attacks, mostly thanks to a serious investment by the administrators to ensure uplink filtering.

    Its definitely worth a look when you get serious about a permanent home for an IRC server.
  • by Isomer (48061) on Monday October 06, 2003 @10:44PM (#7150283) Homepage
    First of all, people tend to IRC from where they are, they don't often need to ssh into a machine and IRC from there (although, I must admit, it's not an unreasonable thing to do because of firewalls etc). The people that want to IRC from a shell box are often the ones that want to "hide", and that opens you up to people attacking your machine (via DDoS, exploits, etc), or they want to run a bot which holds a nick. Then the bot gets DDoS'd to get the nick back (and then held by a bot so someone else can have the nick).
    If you're lucky the bot won't be used to host illegal warez using up any bandwidth that is left over from the DDoS, and now you have the RIAA/MPAA knocking on your door too.

    People that want to hide from people are often doing it because they are involved in illegal activities such as CC# trading, and/or DDoS networks. So you are getting paid in illegal money (that people will want back), by someone you can't trace.

    The people that want to use IRC shell accounts tend to "trade" them on IRC so that they can get even more obscure ones to hide even better (or to have backups in case their main one gets attacked). So now the account is used by 20 people, none of which are accountable for their actions, who are drawing attacks against your services.

    In general, letting people IRC from your shell is just asking for trouble. There are plenty of shell providers that capture this niche market with hundreds of "vhosts" so you can choose which "leet" hostname you will appear to come from. They are better set up to weather DDoS, and they are careful about accepting CC#'s.

    One of the reasons that IRC has such a bad rep is that it's very "instantanious" to see the affects that your attacks have on people. You can see someone's real IP, and DDoS them and watch them get disconnected. You could pick some random IP off the internet and DDoS that, but it's not nearly as satisfying as watching someone "Ping timeout" off IRC. Other networks like Jabber, ICQ, MSN etc don't give you the IP address of the remote person without their permission, and you have less of a situation where you can see other people. There are less common resources (such as globally nick names) to fight over. The networks aren't as vunerable to attack (DDoS'ing an IRC hub will make the entire network split in two, not just preventing people of that server from talking, but denying half the network from talking to the other half. DDoS'ing a Jabber server prevents users on just that server from talking).

    I personally think that the IRC protocol should die a natural death (and, in fact, should have died it about 10 years ago when it was obvious it wasn't going to work) and should be replaced with something like Jabber.
    • by szemeredy (672540) on Tuesday October 07, 2003 @01:28AM (#7150982) Homepage
      I'm going to have to disagree with your opinion of IRC...

      Regarding shells: there are many legitimate reasons to use a shell for IRC, from vanity hosts to bypassing firewall restrictions. While the use of vanity hosts (vhosts) is debatable [spamcalc.net], there's nothing wrong with wanting to show off something like the domain name of a website you maintain or a project you're involved with...

      You can't just assume thaty everyone uses a shell to hide or do something illegal. Besides, most people who really want to hide properly use a variety of non-legitimate proxies or route through trojan-infected individuals - it's too easy to get caught by using a dedicated IRC proxy on a shell maintained for such a purpose.

      Regarding accountability: If said server gets banned from a network because of something like 20 users using the same account, then it's their own fault for failing to prevent such things from happening.

      Regarding bots: There's nothing wrong with running a bot to keep others off a nickname. I do it on many networks and I usually don't have a problem with DDoS. Then again, I usually avoid networks like EFnet where there's no real way to protect hostname information from someone who really wants to pound my bot into the ground.

      Regarding illegal activity: Those who are committing illegal activity don't just use IRC. they use all forms of chat, including this "Jabber" you speak of.

      Regarding DDoS: There have been several improvements on a majority of IRCds that protect people from the attacks you describe, the biggest example of which is hostmasking (usermode +x or +z, depending on the daemon). Additional steps are also in the process of being taken to improve said safety on IRC.

      Besides that, "Kiddies" can sniff out IP adddresses just as easily via other chat mediums as they can with uncloaked users on IRC if they have the right tools. I've been DDoSed by morons on ICQ and AIM many a time...

      Regarding MPAA/RIAA: Most shell providers prohibit said illegal activity, passing the blame onto the end user since they violated the shell server's ToS. Those that don't are asking for it. Remember - the RIAA/MPAA doesn't give a crap about what's sitting on someone's server - they're out to fry whoever put it there. And do you think whoever operated the shell is going to help them? Damn right they are...

      Yes, IRC has it's faults, but keep in mind that only a portion of networks (See: EFnet, IRCnet) are lagging behind in terms of evolution. The others are working hard to bring IRC up to par with other chat mediums. All of the things you've mentioned haven't gone unnoticed within the community...
    • The effects of an attack are instantanious, but only if you are insecure to them. Back when WinNuke was the latest things my brother challanged someone to knock him off. Strange that a Mac protected by a linux firewall (which was very out of date, and insecure) isn't vulnerable to winNuke. (and that was just a 28.8 modem, should have been easy to do if an attacker had any abilities) Now a days whenever someone brags about what a leet attacker they are, we point them to the guy working at an ISP. Very

      • Most "kiddies" now days use DDoS drones. A "small" DDoS network will have a few hundred machines, a large one can have over 30,000. We see DDoS's exceeding 1gb/s against hosts. I don't know of anyone who has 10GE to their desktop with a suitable uplink that it won't get saturated.
  • Folks who want to foster quality chatting on their IRC servers might think about coming up with a way to charge some tiny amount for each message sent. Running even a single bot for any length of time would become an expense, but actually chatting would still be cheap. And the very idea that each message has a cost associated with it might improve the quality of discourse.
    • Re:Micropayments (Score:3, Insightful)

      by TubeSteak (669689)
      The whole point of IRC is that it is free. Oh wait, you said micropayments. They're small so its not a problem? Wrong. Not everyone has access to a credit card or paypal or some other form of micropayment. And the thought of paying for each message won't improve the quality of discussion. Cell phones, 2-way pagers and now SMS text messages have always been used to conduct trite, illegal, or sexual calls even when it cost something like a buck fifty per minute.
      • by shivianzealot (621339) on Tuesday October 07, 2003 @04:25AM (#7151432)

        And the thought of paying for each message won't improve the quality of discussion. Cell phones, 2-way pagers and now SMS text messages have always been used to conduct trite, illegal, or sexual calls even when it cost something like a buck fifty per minute.

        I agree with you, but reading that first sentance I quoted gave me a different idea...

        fred (schmoe@dsl.isp.com) entered #smallcozychannel

        fred: hello channel

        cellphonenoob: hi fr3d

        fred: I've noticed a lot of trouble connecting to the server lately.

        fred: The website's news hasn't been updated in two days, anyone spoken to a higher up recently?

        cellphonenoob: Y do U talk like tat?

        fred: Huh?

        cellphonenoob: dznt ur fone cmpny chrge like a $ a msg?

        fred: No. I use a computer for IRC. Why can't you spell nomrally?

        cellphonenoob: omg im typng wit my thums!

        fred: Ok... I can see this channel isn't raising mensa entry requirments

    • Re:Micropayments (Score:2, Interesting)

      by Fubar420 (701126) *
      Not that I'm a huge user of IRC, but essentially the argument here is equivalant [to the users of IRC] as a tax on Email proper.

      Certainly it would be effective at reducing spam, but at what cost?

      It is the choice of a server operator (not IRC op, but _root_) to start the ircd of their choice.

      If they want to charge, perhaps that should be their right, but the idea of IRC has always been the free (and independant) exchange of ideas over a public network.

      Most sysadmins for IRC servers do it not for the imm
      • You're right that the idea is pretty much the same as adopting some sort of micropayment or tax system on e-mail in order to combat spam. And yes, as with e-mail, there are obvious technical problems to be solved in order to implement micropayments.

        However, I think you've really missed the point, which is that IRC server operators ought to consider micropayments as a means of reducing or eliminating the use of bots [undernet.org], while at the same time not detering actual people from chatting.

        People often run bots, or
      • Just as a matter of interest, how does one submit an rfc? I haven't seen an faq on the subject on ietf.org
  • by 0x0d0a (568518) on Monday October 06, 2003 @11:36PM (#7150586) Journal
    IRC really is the best thing going for real-time, group-based discussion. Unfortunately, it's also missing a large number of pretty useful features.

    The current state of /list is one. If I were designing an IRC-like protocol, /list would be done on a separate TCP connection to avoid tying up the first and avoid having to implement multiplexing over a single connection (a la HTTP pipelining).

    The lack of security design is another. Using nicks as identifiers just isn't a fantastic idea -- in this day and age, a public key can reasonably be part of an identifier. Encryption should be simply part of the protocol, at least client-to-client, and ideally to the server as well. There isn't *that* much traffic from each client (though it'd certainly put more load on the server, and might require a more fanned-out-network.

    Fserves are an affront to humanity. Granted, this isn't really a native IRC issue, but client support for easy linking to sftp servers would be a good idea.

    A fair bit of IRC is a holdover from the days when everything was terminal-based. There's no reason you can't make good text-based clients that provide the same presentation (say, showing chanop prefixed with an "@", but the data being transferred to the client shouldn't be constrained by these formatting issues.

    It would be nice to have some kind of anonyminity features, even if most people don't use them and doing so degrades performance. Say, the ability to form "rings" of clients that proxy each others' server-bound data.

    Some sort of native support in IRC for mapping IRC networks would be nice.
    • The lack of security design is another. Using nicks as identifiers just isn't a fantastic idea -- in this day and age, a public key can reasonably be part of an identifier. Encryption should be simply part of the protocol, at least client-to-client, and ideally to the server as well. There isn't *that* much traffic from each client (though it'd certainly put more load on the server, and might require a more fanned-out-network.

      Ok... Security 101 class - what does a public key give you on IRC that a nick d

      • what does a public key give you on IRC that a nick doesn't ???

        Absolutely nothing without a trust relationship beyond knowing that the same key is used to log in


        That alone would be useful: If someone needs to prove that they hold a private key in order to sign on with a gievn name, you dramatically reduce the risk of DDoS wars caused by people fighting over a name.
      • Ok... Security 101 class - what does a public key give you on IRC that a nick doesn't ???

        You also sign a timestamped message from the server when you sign in. By checking signatures and comparing the advertised private key, other clients can form trusted mappings between "(bob37, [pubkey])" pair on Wednesday and a "(bob37, [pubkey])" pair today. This means that I know that Bob really is bob.

        Private keys wouldn't need to be broadcast on a per message basis. Once a trusted mapping has been formed, the c
    • SILC has the answers. ;)
      SilcNET [silcnet.org]
      It's a totally new protocol built from the ground up on being secure, unlike IRC.
    • "Encryption should be simply part of the protocol, at least client-to-client, and ideally to the server as well. There isn't *that* much traffic from each client (though it'd certainly put more load on the server, and might require a more fanned-out-network."

      Funny thing, I've been running an ircd with client-to-client and server-to-server SSL enabled connections for about 3-4 years. We're small and developer-focused, but it works, and if your client supports SSL on port 994, your connections are secured.

  • IRC (Score:3, Insightful)

    by rabbit994 (686936) on Tuesday October 07, 2003 @12:31AM (#7150818)
    IRC has become the pit for reasons of DOS and generally 13 year olds being dumbasses. I personally blame people releasing scripts that allow 13 year olds to become dumbasses. I hang out on a smaller IRC server and lately due to increased popularity, the owner has considered kill -9 the IRCD server because of stupid idiots. IRC is from the same age as SMTP. Both were protocols designed for a nicer internet. Both are being abused to no end and require a rewrite.
    • by HBI (604924)
      Every time I am reminded of the fact that old protocols must die, I think on why the net has changed so much.

      I think it is because of the commercialization of the internet, I remember what the visionaries were saying back in the early 1990s about how much we all would benefit from this. Then the floodgates of AOL users arrived. What did we get that we didn't have in 1994?

      Broadband? Ok. That is good. But at this price? I'd trade an ISDN BRI setup for the cable modem, gladly, if it would clean things
      • On Tuesday, October 7, HBI said:
        > What did we get that we didn't have in 1994?

        Me too!


        ~Philly
      • Yeah, this "new" internet in 2003 sucks. Especially stuff like OpenCourseware at MIT, babelfish.altavista.com, and the fact that I can import real manga cheaper than buying English translations by going to amazon.co.jp (who accept my American credit card just fine, though). I hate being able to download entire operating systems for free and the ability to play extremely detailed video games against anyone in the world. I still miss the days of doing email in pine and web surfing in Lynx (could never quite g
        • by HBI (604924)
          None of the things you mention except the manga purchasing require commercialization of the net. Babelfish was a free service 8 or 9 years ago. I was happy with porn mags or ordered videotapes myself, so I don't need to get it online.

          Like somehow everyone would still be using character mode apps in this day and age. You know better, and so do I.

          Silly.
          • None of those things require commercialization. Fine. My point is that the funding for the improvements and the general level of usefulness have directly resulted from what you call the "commercialization" of the net. This wisftfulness for the net of yore is like trying to pretend life was somehow better back in the 50s or the 20s or the Middle Ages or whatever. There were no good old days. They were just the old days, and they weren't better or worse, they just were... different. I remember the net in 1994
  • Botnets? Botnets? We don't need no stinking botnets!
  • Speaking of which, is there still a viable place to chat in realtime about Linux? I've tried to get into efnet a few times recently and found nothing but split-off servers with two people in #linux.
    • [10-06-03 20:25:20] well, you get tech support for any linux you like on #angband, provided it's debian

      [TOPIC] Luc: #angband: the self-help no-relationship support group. playing angband optional. (FFTA, on the other hand...)

      #angband is the mostly-official channel for the game Angband [thangorodrim.net] and runs on WorldIRC. WorldIRC sucks. ;D
      Actually, besides the fact that WorldIRC is prone to having flaky connections, it's a pretty good network. They have some nice services- nickname services and channel services which

    • I use irc.chatjunkies.org:6667 - channel #linuxhelp or #linux :)
      It seems to be down today... That's not good!

The difficult we do today; the impossible takes a little longer.

Working...