Helping GNOME defend its trademark

The GNOME project will be familiar to the vast majority of our users, what you might not be aware of is that the project is currently facing an expensive trademark battle against Groupon with the latter having allegedly chosen to infringe upon GNOME’s trademark by launching a product with the same name (a POS “operating system for merchants to run their entire operation”).

I am not going to go into the details here, as they have been explained by the GNOME project over at http://www.gnome.org/groupon/ and the GNOME folk are in a much better position than me to provide more detailed information on the matter.

What I am going to do is appeal for your help. The GNOME project is looking to raise $80,000 to cover the legal costs involved in defending their trademark. At the time of writing this post the freenode network has 89,998 connected users. Users who are passionate about FOSS.

If each of us donated just ONE DOLLAR to the GNOME project they would cover the anticipated legal costs AND have some spare change leftover for a pint when the proceedings conclude.

Even if you do not use GNOME, please consider helping them out. This is bigger than just GNOME and I think would be fantastic if the FOSS communities could drum together to support our own.

If you head over to http://www.gnome.org/groupon/ you can make a donation directly via PayPal by clicking on the “Help us by donating today” button.

Update: Due to the controversial nature of PayPal, GNOME is now also offering other ways to donate .

Thank you!

Update #2: According to the Groupon blog and this article over at Engadget Groupon has issued the following statement: “Groupon is a strong and consistent supporter of the open source community, and our developers are active contributors to a number of open source projects. We’ve been communicating with the Foundation for months to try to come to a mutually satisfactory resolution, including alternative branding options, and we’re happy to continue those conversations. Our relationship with the open source community is more important to us than a product name. And if we can’t come up with a mutually acceptable solution, we’ll be glad to look for another name.”

I am assuming that this means that the trademarks filed will be retracted and that the GNOME project can go about business as usual. I am certain they will be releasing a statement with further details before long.

Atheme 7.2 and freenode

Hello!

We’ve begun some testing on Atheme’s latest release, 7.2, and we’d like to invite interested users to help with that.

Not all changes the Atheme project has included in their new release will be included in our Atheme upgrade, so here’s the bulk of the changes that will actually affect our network:

  • /msg NickServ DROP will require confirmations from the user similar
    to the ChanServ variant. This is to prevent people DROPping when they
    should be GHOSTing or similar.
  •  We’ve loaded two exttargets:
    • $registered to grant flags to all people who are identified to
      NickServ
    • $chanacs to grant flags to people who have flags in another
      channel. Please read /msg ChanServ HELP FLAGS for details on how they work.
  • The SASL mechanism DH-BLOWFISH has been removed. People using it
    can connect via SSL and use PLAIN or upgrade to ECDSA-NIST256P-CHALLENGE.
    Details of how to do so are here and our SASL page will be updated with the relevant documentation soonish.

You should be able to connect to testnet at testnet.freenode.net Port 9002 for cleartext, and 9003 for SSL. Bear in mind, the database is a couple weeks old, so changes you’ve recently made on the production network may not be mirrored on the testnet network. Various amounts of staff should be idling in #freenode on testnet at all times, please feel free to poke us with any questions.

Thanks!

 

User-enabled sendpass

As a network, we feel it is hugely important to maintain close relationships with our many communities and users. Our interactions with users in #freenode and elsewhere on the network, fielding support requests and assisting users, help build and maintain these relationships.

But we’re constantly looking for things to change and make better, and one of the pieces of feedback we’ve had is that users would like a little automation – and the ability to be able to resolve some of their own support requests.

We recognise that allowing users to generate their own password reset e-mails brings us in line with other registration systems online and may provide a higher quality of service.

So for now, if you are having difficulties accessing your account, you can generate your own password reset e-mail using the following command:

/msg NickServ SENDPASS <account>

This command will only work with an offline account (i.e. it won’t work if a client is logged into your account via NickServ), and should obviously only be used on an account that you believe is yours.

We will be keeping an eye on how this feature is used, and may retain it permanently if it proves to be helpful and non-harmful!

Server Issues: Update

Following up on our previous blog post, we have continued to investigate the compromise of freenode infrastructure, aided by our sponsors in addition to experts in the field.

NCC Group’s Cyber Defence Operations team kindly provided pro bono digital forensic and reverse engineering services to assist our infrastructure team and have recently published a report with some of their findings:

https://www.nccgroup.com/en/blog/2014/10/analysis-of-the-linux-backdoor-used-in-freenode-irc-network-compromise/

NCC’s support has been invaluable in aiding us in further securing our infrastructure, and we have already made significant changes to ensure that it is more resilient against further attacks. Our investigation into the compromise is ongoing and we will provide further updates as appropriate.

In the mean time, if you haven’t updated your password, we would advise you do so as some traffic may have been sniffed. Simply “/msg nickserv set password newpasshere” and don’t forget to update your client’s saved password.

Whilst we endeavour to provide a robust service, it is worth bearing in mind that no computer system is ever perfectly secure and many are inevitably breached. For this reason we do not suggest relying entirely on freenode (or any infrastructure) to protect sensitive data, and encourage our users to take further steps (e.g. unique passwords per service, encryption) as part of a defence in depth strategy to safeguard it.

We are extremely grateful to NCC in addition to our many other sponsors for their assistance and continued support. Without the ongoing support of our generous sponsors and wonderful infrastructure team, freenode would quite literally not have a network!

We will be continuing to work with our sponsors in addition to other relevant authorities regarding this breach and any further incidents.

Server issues

Earlier today the freenode infra team noticed an anomaly on a single IRC server. We have since identified that this was indicative of the server being compromised by an unknown third party. We immediately started an investigation to map the extent of the problem and located similar issues with several other machines and have taken those offline. For now, since network traffic may have been sniffed, we recommend that everyone change their NickServ password as a precaution.

Before changing your password, please check your email address in /msg nickserv info and, if needed, update it – see /msg nickserv help set email (remember to check your new email for the verification key). This will ensure that we can send you a password reset email should, for whatever reason, your password change not work properly. If you have no email set on your account or an email set that you cannot access, we cannot send password resets to you, so do please keep this up-to-date.

To change your password use /msg nickserv set password newpasshere

Since traffic may have been sniffed, you may also wish to consider any channel keys or similar secret information exchanged over the network.

We’ll issue more updates as WALLOPS and via social media!

New extban: $j

We have loaded a new module on the network which provides the $j extban type:

$j:<chan> – matches users who are or are not banned from a specified channel

As an example…

/mode #here +b $j:#timbuktu

…would ban users from #here that are banned (+b) in #timbuktu.

Please note that there are a couple of gotchas:

  • Only matching +b list entries are checked. Quiets (+q) Exemptions (+e) & invexes (+I) are NOT then considered. As such, the following mode change would not alter the behaviour of the first example:

/mode #timbuktu +e *!*@*

  • Quiets and the quieting effect of bans may not immediately take effect on #here when #timbuktu’s ban list changes due to caching by the ircd.
  • $j isn’t recursive. Any $j extbans set in #timbuktu are ignored when matching in #here.

We imagine you’ll have some more useful use cases than the above.

Thanks for flying freenode!

April 1st 2014, Followup

It’s been almost too long for this blog post to arrive here after the April Fools quiz this year. Thanks to everyone who participated!

The first ten people who completed the challenges are, in descending order of aprilness:

(times are listed in UTC)

  1. 2014-04-02T18:25:17 booto
  2. 2014-04-02T23:36:53 Fuchs *

  3. 2014-04-03T00:29:29 furry
  4. 2014-04-03T01:34:18 mniip
  5. 2014-04-03T09:41:38 jojo
  6. 2014-04-03T16:29:51 redi
  7. 2014-04-03T18:57:21 BlueShark
  8. 2014-04-04T15:33:24 larinadavid
  9. 2014-04-04T22:27:20 Omniflux
  10. 2014-04-04T23:02:19 apoc
  11. 2014-04-04T23:13:02 thommey

(*) user opted out of any prizes
There were 25 additional nicks who completed the quiz and made it to the winner’s circle but weren’t fast enough to place in the top 10.

The prizes were cloaks for those in the top-10. In addition to the top-10 cloaks everyone else who finished the challenge that ‘opted-in’ were eligible for the cloak lottery. This was a lottery for 3 runnerup cloaks.

Out of the 25 additional people that completed the challenge, the following 3 won a cloak through the cloak lottery:

  • skasturi
  • danielg4
  • jojoa1997

Here are the riddles and their solutions, in the original order:

  • Level 0
    • The clue was given in the April 1st blog post: IyMjI3hrY2Q=
    • That is the string "####xkcd" encoded using base64.
    • The answer: ####xkcd, which was the first channel in the quiz.
  • Level 1
    • Clue: Tnl2cHItbmFxLU9iby1qbnl4LXZhZ2Itbi1vbmU=
    • This is a rot13‘ed and base64’ed string.
    • In Python: "Tnl2cHItbmFxLU9iby1qbnl4LXZhZ2Itbi1vbmU=".decode('base64').decode('rot13')
    • The answer: ####Alice-and-Bob-walk-into-a-bar
  • Level 2
    • Clue: MKWkpKMa
    • This is another string that is encoded with a series of base64 and rot13 transformations.
    • In Python: "MKWkpKMa".decode('rot13').decode('base64').decode('rot13')
    • The answer: ####reddit
  • Level 3
    • Clue: SHg5RkR4SUpIeHFGSnlXVUlJSVFJeHFKCg== | Save this for a later level: https://i.imgur.com/87cX9y4.jpg | 4 decodes needed
    • Yet another string encoded with a series of base64 and rot13 transformations.
    • In Python: "SHg5RkR4SUpIeHFGSnlXVUlJSVFJeHFKCg==".decode('base64').decode('rot13').decode('base64').decode('rot13')
    • This yields: EBEORIETEMETHHPITI
    • Contestants were expected to do a web search for this and find out it is the end of the Zodiac Killer’s infamous message.
    • The answer: ####zodiac
  • Level 4
    • Clue: https://i.imgur.com/x4nejBh.png | LaTeX right direction | Google! | No maths needed
    • The topic changed several times as contestants seemed pretty stumped on this level, the topic line above was its final form.
    • The answer: ####exner – this was expected from figuring out what the equation is. Simply put, the equation in the image is Exner’s Equation.
  • Level 5
  • Level 6
    • Clue: https://www.dropbox.com/s/emz7xy3p9r2ivxe/wat.unknown (verify the file, sha256sum: 0efade1bb29d1b7fdd65e5612159e262cbd41a2e27ed89a0144701a5556da68f)
    • This file is more stenography:
      • Use ‘file‘ to determine what the file type is.
      • Un-7zip the .unknown file
      • Base64 decode the output
      • Use ‘file’ to determine that the output is a .jpg
      • Unzip the .jpg
      • Untar two.tar.gz
      • Open the surprised.txt file.
    • The content of surprised.txt is: ####ImSoMetaEvenThisAcronym
    • The answer: ####ImSoMetaEvenThisAcronym
  • Level 7
    • Clue: AQwPfPN1ZBXNfvNj4bPmVR4fVQYPfPNlZBXNfvNkAP4jZhXNflOS and “Da Vinci” | Jules Verne | s/.02/.03/ in the decrypted text
    • The clue is base64’ed and rot13’ed. To decode it in Python: print "AQwPfPN1ZBXNfvNj4bPmVR4fVQYPfPNlZBXNfvNkAP4jZhXNflOS".decode('rot13').decode('base64')
    • This yields: 48° 50′ 0″ N, 2° 20′ 14.02″ E
    • These are GPS coordinates for the Paris meridian.
    • From this and the “Da Vinci” clue contestants were expected to find the Wikipedia page about the Rose Line.
    • The specific quote that contestants were suppose to find:
      "Dan Brown simply invented the 'Rose Line' linking Rosslyn and Glastonbury. The name 'Roslin' definitely does not derive from any 'hallowed Rose Line'. It has nothing to do with a 'Rose Bloodline' or a 'Rose Line meridian'. There are many medieval spellings of 'Rosslyn'. 'Roslin' is certainly not the 'original spelling': it is now the most common spelling for the village."[18]

      Source

    • The “Jules Verne” clue is suppose to reaffirm to contestants that they were on the right track:
      The competition between the Paris and Greenwich meridians is a plot element in Jules Verne's "Twenty Thousand Leagues Under the Sea", published just before the international decision in favor of the British one.

      Source

    • The answer: ####roslin
  • Level 8
  • Level 9
    • Clue: ZCLVLLCOIUTKKJSCEKHHHSMKTOOPBA | OGUCSSGAPVGVLUMBTVOGICUNJDHSTB | RUTJJGNXUNTY | Letters that would repeat in a typical word do not repeat in the key(s), example ‘freenode’ would be ‘frenod’ | https://i.imgur.com/pGIBjEE.png | http://is.gd/TgNsvm
    • Alright this one is really really really tricky. The topic changed several times.
    • The three strings are encoded with Four-square from the previous level with the same keys.
    • Contestants were expected to use ‘UVB’ and ‘RUSSIA’ as keys for the Four-square cipher.
    • It was expected that contestants arrive at ‘UVB’ from the channel name, ####POVAROVOSOLNECHNOGORSKRUSSIA
    • The former transmitter[27] was located near Povarovo, Russia[28] at 56°5′0″N 37°6′37″E which is about halfway between Zelenograd and Solnechnogorsk and 40 kilometres (25 mi) northwest of Moscow, near the village of Lozhki.

      Source

    • The is.gd link points to a file that has the “No Q” image from a previous level hidden in it.
    • The “RUTJJGNXUNTY” decrypts to AaronHSwartz
    • The answer: ####AaronHSwartz
  • Level 10
    • Clue: HKGJSUOJVRLGSBELAUHOUIGLVRURWMGTUGJGWTKN
    • Originally this channel (####AaronHSwartz) was suppose to be the winner’s circle, however due to too many people leaking answers and channel names, one more challenge was added.
    • Same cipher as before, this time the keys were ‘DEMAND’ and ‘PROGRESS’
    • Demand Progress is an Internet activist-related organization specializing in petitions to help gain traction for legal movements against Internet censorship and related subjects, started by Aaron Swartz, source.
    • The clue decrypts to JOINUSNOWANDSHARETHESOFTWAREWRITTENBYRMS
    • RMS is Richard Matthew Stallman, and ‘Join Us Now and Share the Software’ is an openly licensed song by Richard Stallman.
    • The answer: ####JOINUSNOWANDSHARETHESOFTWAREWRITTENBYRMS

The topic in ####JOINUSNOWANDSHARETHESOFTWAREWRITTENBYRMS was: Congratulations on solving the freenode’s April Fools 2014 Crypto Challenge | Want MOAR? #ircpuzzles

Congratulations to those who participated this year!

The 25 additional people that completed the challenge:

  • 2014-04-05T04:06:53 knivey
  • 2014-04-05T10:00:12 Tordek
  • 2014-04-05T15:40:50 jacob1 *
  • 2014-04-05T15:48:48 stac
  • 2014-04-05T16:24:01 Changaco *
  • 2014-04-05T17:30:01 Arch-TK *
  • 2014-04-05T17:35:05 ar *
  • 2014-04-05T18:16:20 Weetos *
  • 2014-04-05T18:38:39 nyuszika7h
  • 2014-04-05T18:56:26 vi[NLR]
  • 2014-04-05T19:06:38 tkd *
  • 2014-04-05T21:54:56 Chiyo
  • 2014-04-05T22:46:01 slidercrank
  • 2014-04-05T22:54:10 jojoa1997
  • 2014-04-06T00:55:51 Pixelz *
  • 2014-04-06T02:53:25 Transfusion
  • 2014-04-06T02:58:15 DonkeyHotei
  • 2014-04-06T03:04:01 sdamashek *
  • 2014-04-06T03:07:49 Cypi *
  • 2014-04-06T03:36:03 FXOR
  • 2014-04-06T13:44:35 pad
  • 2014-04-06T19:22:06 skasturi
  • 2014-04-06T19:37:13 Bloodhound
  • 2014-04-07T08:16:22 molly *
  • 2014-04-07T14:42:32 Bijan-E

(*) user opted out of the cloak lottery

Heartbleed

The recently exposed heartbleed bug in the OpenSSL library has surprised everyone with a catastrophic vulnerability in many of the world’s secure systems.

In common with many other SSL-exposed services, some freenode servers were running vulnerable versions of OpenSSL, exposing us to this exploit. Consequently, all of our affected services have been patched to mitigate the vulnerability, and we have also regenerated our private SSL keys and certificates.

In an unrelated event, due to service disruption & the misconfiguration of a single server on our network, an unauthorised user was allowed to use the ‘NickServ’ nickname for a short period Sunday morning. Unfortunately there is a possibility that your client sent data (including your freenode services password) to this unauthorised client. Identification via SASL, certfp or server password were not affected, but any password sent directly to the “NickServ” user might have been.

Because of these two recent issues, we would like to make the following recommendations to all of our users. It would also be good practice to follow them at regular intervals.

  • Though we are not aware of any evidence that we have been targeted, or our private key compromised, this is inevitably a possibility. SSL sessions established prior to 2014/04/12 may be vulnerable. If your current connection was established prior to this date via ssl then you should consider reconnecting to the network.
  • We would advise that users reset their password (after reconnecting) using instructions returned by the following command:

/msg nickserv help set password

This should help ensure that if your password was compromised through an exploitation of the Heartbleed vulnerability, the damage is limited.

  • In line with general best practice, we would always recommend using separate passwords on separate systems – if you shared your freenode services password with other systems, you should change your password on all of these systems; preferably into individual ones.
  • If you use CertFP, you should regenerate your client certificate (instructionsand ensure that you update NickServ with the new certificate hash. You can find out how to do this using the following command:

/msg nickserv help cert

  • Having changed passwords and/or certificate hashes, it cannot hurt to verify your other authentication methods (such as email, ACCESS or CERT). It is possible you have additional access methods configured either from past use or (less likely) due to an account compromise.
  • Finally, it is worth noting that although probably the least likely attack vector, Heartbleed can also be used as client-side attack, i.e. if you are still running a vulnerable client a server could attack you. This could be a viable attack if, for instance, you connect to a malicious IRC server and freenode at the same time; hypothetically the malicious IRC server could then attack your client and steal your IRC password or other data. If affected, you should ensure your OpenSSL install is updated and not vulnerable then restart your client.

As ever, staff are available in #freenode to respond to any questions or concerns.

+freenode

UPDATE: This was of course an April Fool… you can “/msg nickserv set property GOOGLE+” to remove the property from your account. There might still be other secrets within the message though…

freenode4

Edit: Previous versions of the post contained an incorrect NickServ command. We have corrected this and apologise for the inconvenience.

Turbulence

As many of you will be aware, freenode has been experiencing intermittent instability today, as the network has been under attack. Whilst we have network services back online, the network continues to be a little unreliable and users are continuing to report issues in connecting to the network.

We appreciate the patience of our many wonderful users whilst we continue to work to mitigate the effects this has on the network.

We also greatly appreciate our many sponsors who work with us to help minimise the impact and who are themselves affected by attacks against the network.

We’ve posted on this subject before, and what we said then remains as true as ever – and for those of you who didn’t read the earlier blogpost first time round, it’s definitely worth perusing it now if this subject interests or affects you.

Thank you all for your patience as we continue to work to restore normal service!

[UPDATE 04/02/2014]

At the moment SASL authentication works only on PLAINTEXT, *not* BLOWFISH. We’ve checked and TOR should be working too. Sadly wolfe.freenode.net will be taken off the rotation, so those users who’ve connected specifically to it, please make sure that your client points to our recommended roundrobin of chat.freenode.net!