Become a fan of Slashdot on Facebook

 


Forgot your password?
Close
typodupeerror
×
Privacy Security The Internet

Using IRC for Electronic Meetings? 67

Posted by Cliff from the coopting-existing-technology-for-your-needs dept.
paenguin asks: "Our Linux User Group sometimes needs to hold Exec meetings, electronically. We have used IRC in the past, but it leaves us with a problem: there is no easy or built-in way to prove who is who. Do Slashdot readers know of a way to provide non-repudiation over IRC, or of another open source method of holding group electronic meetings where we can verify that everyone is who they say they are?" Wouldn't a private IRC server, with a combination of suitable IRC services (ala NickServ and ChanServe) and fairly restrictive policies, be one solution to this problem? How would you set up such a system? For those willing to brave the setup hassles, might some form of secure IRC also be an option?
This discussion has been archived. No new comments can be posted.

Using IRC for Electronic Meetings? More

Using IRC for Electronic Meetings?

Comments Filter:

  • Don't you have OSS IM software? (Score:5, Insightful)

    by ObviousGuy ( 578567 ) <ObviousGuy@hotmail.com> on Monday January 19, 2004 @10:25PM (#8027851) Homepage Journal
    What's stopping you from using an IM client that allows multiple users in a conference-type configuration?

    The IM server is responsible for authentication, so you just add your buddies and then start chatting. Seems simple.

    • Re:Don't you have OSS IM software? (Score:4, Informative)

      by acaird ( 530225 ) on Monday January 19, 2004 @11:10PM (#8028147)
      Jabber [jabber.org] and OpenLDAP [openldap.org] can do this. It might be a bit overkill, but it certainly works, and has decent client support for Linux (and other Unixes), Windows, and OS X.

      Jabber also supports SSL and is extensible (so can support things like group-conference room logging).

    • As silly as this sounds, first go read Snow Crash, then get some Star Wars Galaxies accounts. SWG lets you customize the avatar really quite well, it is amazing how many toons I have found walking around that look EXACTLY like me (no, not the Wookiees - the humans.) Once named the avatars own exclusive use of that name on that server so nobody can fake being them. You can own property in game, massive buildings that can have furniture such as chairs and tables, you have facial and body expressions availa
      • Thats funny, a few years ago, B2B poured money into the same kind of project, based on the WorldsAway software (habitat in Japan, glass city in Korea and VZones [vzones.com] in English speaking countries). It didn't turn out particularly well then, but who knows, maybe this time it might.

        There is room for a killer app in the avatar based chat scene, and SWG might just be it.
      • At least its a good excuse when you get caught having Star Wars: Galaxies installed on your office PC....

  • uhh - other IM services? (Score:4, Insightful)

    by jeffy124 ( 453342 ) on Monday January 19, 2004 @10:30PM (#8027887) Homepage Journal
    just exchange AOL Screen Names in a face-to-face setting, and set up a private chat room. Done!

  • Video Conferencing (Score:1, Insightful)

    by sycotic ( 26352 )
    "there is no easy or built-in way to prove who is who"

    Why not use Video Conferencing software? There would then be no question as to who is who :-)

  • Identification in IRC (Score:3, Insightful)

    by robbkidd ( 154298 ) on Monday January 19, 2004 @10:34PM (#8027909)
    It's been a while since I spent much time in IRC, but even several years ago we would identify channel ops with a bot (eggdrop [eggheads.org], if I recall correctly). Giving everyone ops isn't necessary, either. It is simple to have usernames and passwords maintained and authenticated on a bot and to set the IRC channel to require members to be given a voice (by the bot upon authentication) to speak in the channel.

  • Years ago... (Score:3, Informative)

    by NanoGator ( 522640 ) on Monday January 19, 2004 @10:35PM (#8027917) Homepage Journal
    I'm sorry I don't know much about the server end, I figure lots of other people can answer that question. I just know how I'd go about it once the server is up and running.

    I was quite active on Austnet. They had NickOp which was used for registerring a nickname and for
    logging in. They had Chanop which was for maintaining channels etc. They had noteop for sending messages. So, to answer your question, I'd either use Austnet, or build a private IRC server with similar funcationality. Then, create a channel via chanop, and set access to every registerred person so that Chanop ops them. Why do this? Well, you have 120 seconds to enter your password when you use a registerred nick. Chanop will not op you until you are logged in. So if somebody comes on using a nick they shouldn't, they won't be opped. When they have the @ next to their name, they've logged in, and you know who you're talking to.
    • Austnet was a blast years ago (95-98. I was part of 'ASD' (Austnet services dept.) and took care of spamming channels, services help, etc.. It was fun helping them That net got pretty small lately...

    • While not on-topic, I'm geniunely curious every time I see a sig such as yours;

      Sig: "All negative mods are now being metamodded as unfair. Think before you abuse."

      Can I ask you why it is you feel this way? Would you, for example, M2 "unfair" a "Flamebait" or "Troll" moderation on a Goatse, ASCII art penis, or other trite?

      What is it about the threshold system that doesn't satisfy you to the point where you have taken such an extreme viewpoint?

      Not looking to start any kind of argument or anything; I

      • "Not looking to start any kind of argument or anything; I'm just curious as to your motivation. Thanks for your time."

        Thank you for taking the time to ask, I appreciate it. I doubt I'll impress you a wohle lot, but at least know that I have a lot of respect for you for asking instead of judging right away.

        "Would you, for example, M2 "unfair" a "Flamebait" or "Troll" moderation on a Goatse, ASCII art penis, or other trite?"

        Heh, not really, it depends. I'm just going to be up-front. I'm mad at how du
  • Wouldn't a private IRC server, with a combination of suitable IRC services (ala NickServ and ChanServe) and fairly restrictive policies, be one solution to this problem?

    umm... yes. I host such a service from my DSL line, and as there's only about 10 people on at any one time, it's plenty fast enough. Perhaps set up nickserv with their usernames and passwords beforehand, then email them to the appropriate users?
    • Slight variation on theme. i have a ewtoo talker on my cablenet machine. seems like a more fFlexible means of opperating, cos the code is more rounded. it's easy enough to alter the theme of the thing to be more or less business, and adding fFeatures doesnt fFall into certain restraints of IRC.
      < plug shameless=true > Here's what we've come up with. [merseine.nu] < /plug > it runs over telnet, but we've added a nice bit of ssh access with a specialized user shell. and we can open or close it to anyone at
  • Having been on irc for years now (sadly). One thing I know, is that large groups of people in a channel tend to attract a lot of bad attention. Either set your channel to +s and advertise it elsewhere on the net www/usenet/email whatever. Another way is to set it to +m (this allows only @/+'s to talk)and have sort of a guest list, only givig 'ops' and 'voice' to the people who were invited. setting +ps is a good idea regardless. And dont forget +i, you have to manually invite people into the channel for t

  • Verifying users on IRC (Score:3, Informative)

    by Kris_J ( 10111 ) * on Monday January 19, 2004 @10:40PM (#8027952) Homepage Journal
    Can you require users to MSG a bot with a password before joining a channel, or be kicked? Anyone got a good site for IRC bots?

    I'm considering proposing an IRC network across our group for real-time multi-person chatting -- rather than Messenger or ICQ. There are so many nice things about the very mature IRC system that gets drowned out by all the pre-teens on public IRC networks, it's worth exploring.

  • I think that the writer is looking for something that will allow them to reasonably securely be sure that the person in the other end is in fact who they say they are. I don't believe that IM can provide this level of authentication

    My immediate thought is that perhaps what's needed is not a technological solution, but one that relies on personal knowledge of other participants. "Your mother's maiden name" is probably too obvious, but "the name of the stripper that we saw last Friday" would work.

  • Services (Score:3, Informative)

    by cyan ( 370 ) on Monday January 19, 2004 @10:44PM (#8027981) Homepage Journal

    Yes, to elaborate further in the comment in the story, the best way to establish this kind of 'identity' scheme is to make use of a set of services. Andy Church makes a very good IRC Services package which is available at http://www.ircservices.za.net [za.net] which is more than capable for performing the task at hand.

    You'll need an IRC daemon which is also able to be tightly integrated with services, and for that task, I recommend using Bahamut (available at http://bahamut.dal.net [dal.net]. As the URL implies, it's the same IRCd that DALnet uses. In particular, you're looking for a channel mode which restricts channel access to registered clients only. In Bahamut, this is the +R channel mode (which is different from +r.)

    Services has a channel option known as 'RESTRICTED' which will only allow people who are on that channel's access list into the channel. Everyone else will be kicked and banned automatically by services. Thus, you can have reasonable assurance that everyone who's in the channel has A) identified to their registered nick with services, and B) is supposed to be in the channel, since they're on that channel's access list. Furthermore, the status of someone's identity can be checked by doing '/MSG NickServ STATUS ', where is the nickname you want to know the status of. NickServ will then tell you if the nickname is identified to properly (i.e. via a password.)

    Some of the more advanced IRC options include replacing the ancient 'ident' system with something more modern. On IRC, anyone who isn't 'identified' has a tilde (~) prefixed to their username. However, since almost anyone can put anything in the ident reply these days, this has become practically useless (it used to be that you could tell, with reasonable assurance, what user was coming from what Unix box with ident -- not so anymore.) Instead, it's possible to setup an authorization scheme that makes use of IRC's 'PASS' command to also 'identify' to a unique username.

    My Synchronet IRCd (http://www.synchro.net/docs/ircd.txt [synchro.net]) makes use of this scheme by letting users be 'identified' whenever they provide the correct password and username that corresponds to the local BBS account (Synchronet is a very nice piece of BBS software for Linux/Win32/BSD/etc.) That way, a user coming online from a certain BBS without a tilde in their username is an indicator that they've identified correctly to their local BBS account. That's just one of the ways ident can be replaced to provide something more useful.

  • Many IRC servers, such as DALnet's, have nickname reservation systems that validate nicknames aren't used by other people. By setting up your server with a similar system or using a server with the system you can have people verify their nicknames via other, more secure means.

  • Silc? (Score:1, Interesting)

    by Anonymous Coward
    I would give Silc a try (www.silcnet.org). It allows people to use a PKI for authentication.

  • Again, MOOs work for this sort of thing. (Score:4, Interesting)

    by Cecil ( 37810 ) on Monday January 19, 2004 @11:07PM (#8028126) Homepage
    This purpose has been adequately served for several companies I'm involved with by using a MOO [mud.org] or other MU*s [gammon.com.au]. My bias may be revealed by the fact that one of those corporations [www.moo.ca] is in fact dedicated to running a particular MOO.

    However, I have to say that it satisfies all of your requirements and provides a great deal of flexibility for the future as well. It has its own internal programming language (affectionately but not officially known as C&) which allows you to modify basically everything without requiring a restart. It has full support for TCP/IP and file IO, and though the binary support leaves something to be desired, it is quite possible to write a fully functional HTTP server [www.moo.ca] for example.
    • Beat me too it.. A MOO, or any other social mud server is probably exactly what the doctor ordered, here. Unless, of course, you have 2000 executives who all need to talk at the same time; then, you might have some organizational problems to deal with, first.

      • You are in a board room. Its long, polished oval table and leatherette chairs are quite intimidating. A filter coffee machine bubbles quietly in the corner.

        A Board Member is here.
        A Chairman is here.
        An Executive Directory is here.
        An Axe is on the floor.

        • I can see it now - Advent(ure): the Dilbert Edition...

          You are in a board room. Its long, polished oval table and leatherette chairs are quite intimidating. A filter coffee machine bubbles quietly in the corner.

          A Board Member is here.
          A Chairman is here.
          An Executive Directory is here.
          An Axe is on the floor.

          Your PHB has entered the room and taken a seat at the table.

          > Kill PHB

          Kill a PHB?!! With what? Your bare hands?

          > Yes

          Congratulations, you have just vanquished a PHB with your bare hands!

          A w

  • Is it really so difficult? (Score:3, Interesting)

    by ambient ( 8381 ) on Tuesday January 20, 2004 @12:12AM (#8028559)
    Simply "sign" in...

    Use your PGP key to sign something that the mod's post. Voilla. Non-repudiation.

    If you're an established group, you must have already exchanged your public keys, right?
    • This is a great idea. This is really one purpose of public key encryption. It wouldn't be hard to write a little script to download something from one member's ftp server or something, then sign it and post the result.
      • This idea certainly authenticates that someone holds a given private key at the beginning of a virtual meeting. It doesn't take the notion of session hijacking into account, or other potential attacks, however. A more complete solution is the prior, and after the meeting is adjourned have every member take the entire logged conversation (fetched from ftp, perhaps) and sign that as well. This way you're establishing that someone is who they say they are at the beginning, and that they're still them at the
    • Challenge authenticate...

      Send a short message to channel op signed with PGP Signature.
      ChanOp verifies and invites to +i channel.

      ChanOp send email to everyone on a lest, they decrypt with PGP the password for the channel then join a limited number channel.

  • PKE (Score:1)

    by Xepo ( 69222 )
    Heh, this is one of the exact usages of public key encryption, to prove who someone is over an unsecure forum. Just get them to sign something when they first get in there. You could even depend upon the +p to set a password on a channel in IRC, and just distribute the password beforehand, but that password could easily be distributed among non-execs.

  • solution (Score:2, Informative)

    by Leroy_Brown242 ( 683141 )
    IRC would work.
    1. Set up a freeBSD machine.
    2. Install an IRC server.
    3. Get Chanserv and nickserv working.
    4. Have everyone ssh into that box. Then, allt eh communication would be over ssh, or to and from localhost.

  • SILC? (Score:2, Informative)

    by kyhwana ( 18093 )
    Or you could use SILC [silcnet.org] which is an encrypted/authenicated chat network. Every client has to generate a public/private keypair, so you could get/post public key fingerprints in the workplace/wherever, then simply authenicate each user who comes into the channel, or password protect the channel.

  • IRC is probably not what you want (Score:3, Interesting)

    by Tom7 ( 102298 ) on Tuesday January 20, 2004 @01:17AM (#8028899) Homepage Journal
    First, make your channel +sk and tell the keyword and channel name to only the people who you want invited.

    After that you could use PGP to have everyone sign a newly created message with their private key, thus proving that they are who they are. However, this doesn't prevent eavesdropping, message insertion, or denial of service. If you want protection from any of these, IRC is definitely not what you want.
  • certain jabber clients allow you to pgp encrypt or just sign every message in an exchange. couple that with jabber servers support for ssl and you have a secure and autheticated message stream and meeting space
    • You can set your own server up locally, and use Jabber throughout the enterprise. It does IM, but also allows conferencing (unlike many IMs), public and private. Also, it can use SSL and other encryption technologies to ensure data safety.. you can also do centralized logging.

  • I have a simpler suggestion (Score:3, Insightful)

    by Artifex ( 18308 ) on Tuesday January 20, 2004 @03:19AM (#8029382) Journal
    You guys are all Linux people, so I'm sure you have the ability and wherewithal to set up a private local IRC service on your server. Set the meeting channel to keyed if you need to, but here's the best part: your local usernames on your server are visible in the /whois, so as long as you have usernames (maybe just for these meetings) that are your.name@*, you don't need any nickserve, etc., because everyone can see your name when you log in. If you have any suspicions still, you can pop to another screen and run "w" to see whether they're really logged in and running epic or bitchx or whatever.

  • Lily (Score:2, Informative)

    by Damien Neil ( 11403 )
    Lily [sourceforge.net] is a CMC (computer mediated communications) server that supports user authentication and discussion history. Lily is mature; the oldest lily server has been in constant service (with only occasional brief downtime for upgrades) for over ten years.
  • we need more money
    * Boss sets mode +b IT_Guy012*!*@*.*
    * IT_Guy012 has been kicked by Boss (YOU'RE FIRED)
  • Use Teamspeak and do a conference call without the telephone and without paying money.

    My Puzzle Pirates crew uses it, it freakin' rocks!

    http://www.teamspeak.org

  • Private IRC server (Score:3, Informative)

    by cjpez ( 148000 ) on Tuesday January 20, 2004 @11:39AM (#8032193) Homepage Journal
    Yeah, where I used to work we had a private IRC server set up inside the corporate network, so you either had to be physically on our network or connected up through the VPN. We didn't bother with nickservs or chanservs or anything like that, 'cause since it was just us nobody had any interest in pretending to be someone else. Worked out perfectly fine.

    Of course, then we started writing bots to emulate our presence on the channel when we were gone ("How's the new release looking?") and the company went bankrupt, but that's beside the point. :P

  • WASTE [sourceforge.net] is a secured P2P file sharing system that allows for IM and Chat inside it. You need to exchange PGP keys somehow, but once your P2P network is up, it is for all intents, secure from eavesdropping.
  • Well probably the most simple solution would be to use channel key on the channel you're using for meetings. No need to install new software, your existing IRC server and client will do fine and no extra configuration is needed (no bots with user infos as someone suggested). Just agree upon the pass pharse using a secure method (face to face, phone, what ever) and no outsiders will be able to join our channel. More about channel key aka. mode +k [mishscript.de]

  • Run the server yourself (Score:3, Interesting)

    by mikeswi ( 658619 ) * on Tuesday January 20, 2004 @09:17PM (#8038697) Homepage Journal
    Run the ircd yourself on an internal company server and deny it access to the internet.

    If you need to allow people outside the company internal network in, find out what IP address your employees will be connecting from ahead of time, make certain you are opered (/oper [ircop name] [oper password]) and check their IP address when they connect.

    If it gives you a non-numerical address, use the /dns command to do a nslookup. ex/ /dns dpc6682193179.direcpc.com would give you the IP address 66.82.193.179.

    If the person claiming to be Bob Smith emailed you ahead of time saying he was going to use that IP, then it's him. If it's nowhere close, then it's not.
    -
  • jabber [jabber.org] is an open source im system with multichat and ssl capabilities. just run your own server somewhere, let your users register with it, and presto!

    jabber has built-in SASL/TLS support, is proven to work just great in intranets, and is free as in beer and speech.

    there's also a variety of clients for linux, windows and mac os x, <shameless ad> the best being psi [affinix.com] ;) </shameless ad>
  • From the question you asked you could need a dozen different things: are you needing to keep outsiders from joining the channel or maybe you need a way of "taking role call" or maybe you don't want one employee pretending to be someone else???

    If you are simply trying to keep outside people from getting into the channel set a channel password and send that out via email...internal memo...fax whatever works for you and your company.

    If you need to know that each user is who they say they are find a bot/scrip

Slashdot Top Deals

Friction is a drag.

Close