A short mention on Mibbit

Hi all.

It has come to our attention that Mibbit have experienced a security issue impacting (or so it initially appears) their testing servers. This has resulted in a list of plain text NickServ passwords from Mibbit’s own NickServ (the one you use if you connect to irc.mibbit.com) being made public, as well as a small section of private logs and some internal server details of the affected equipment. There’s some more information on their own blog.

As I’m sure many of you have been aware, Mibbit hasn’t been available for use with freenode for quite a while now so the issue will only indirectly impact freenode users when the password they use for their NickServ is the same as it is for elsewhere.  Therefore freenode staff are recommending that anyone that has used Mibbit’s own NickServ should ensure that their password is changed to keep your account secure.

Of course, it’s always good practice to change passwords periodically so you may wish to take the opportunity to do so as a matter of course.

Sponsorship Roundup

As you may know, the network operations of freenode are fully supported by donations – of hosting and other resources – from both companies and individuals. We acknowledge all sponsors on our website, but it is nice from time to time to provide a round-up of recent changes on the sponsorship scene!

If you’re currently connected to freenode, you will be connected to a donated server – look at the “MOTD” (delivered to you on connection or by passing the command /motd) to see who has provided your particular server.

Our newest servers include roddenberry.freenode.net (Brisbane, Australia) and asimov.freenode.net (Dallas, Texas, USA), provided by On Q Telecom and by Rackspace, respectively.

Worthy of mention indeed are those companies who support the network in ways other than providing servers. Gandi provides our SSL certificate and acts as our domain registrar, and Simtec Electronics recently generously supported the network with a donation of entropykeys. Look out for a later technical blog post as we roll these out!

While this post focuses on recent additions to the sponsorship team, it’s important not to forget the ongoing contributions of all our sponsors – take another look at our acknowledgements section and give these groups the kudos they deserve!

Cheers,
Martin

freenode 70k

With apologies to cringing table-top players, we are more than happy to announce that we passed the threshold of 70,000 active users a few minutes ago. Lingering at a maximum of 69,991 lately, we have been anticipating this day for some time, now. And it has come :)

We’d like to thank all of our users for using freenode. Without you we would, quite literally, not have made this milestone.

We would also like to take this opportunity to thank all our volunteers, whatever fields they have chosen to help out in.

At the moment, we’re growing at 10,000 users per year and a bit:

http://blog.freenode.net/2007/08/freenode-has-reached-40-000-users/

http://blog.freenode.net/2008/09/50000-active-users/

http://blog.freenode.net/2009/12/happy-new-year-2010/

We’re looking forward to continuing this trend and reaching 80,000 sometime around March of 2012 :)

Happy Holidays!

Just a quick note to wish each and every one of our users, sponsors, donors, volunteers and projects for making freenode great.

It’s amazing being able to communicate and collaborate with such a variety of people and projects. YOU make the network what it is and help us provide a fantastic resource for FOSS communities.

I’d also like to say a special “Thank You” to Martin (Martinp23) Peeks and Richard (RichiH) Hartmann for squeezing into my size 7′s and keeping a tight grip on the steering wheel ensuring that we don’t weer off track and crash into too many icebergs during my leave from active freenode management duties. You’re doing a tremendous job, and I’m thrilled to see that you’ve got the support from the fantastic volunteer base and our exceptional sponsors.

Have a happy Christmas (or whichever holiday you do or do not celebrate) and a fantastic New Year, I hope it brings you everything you wish for!

Oh. And don’t forget, tis the season for giving!

Cheers,

Christel x

Be Safe Out There

freenode is sometimes a target of spammers, bots, or attempts to trick users into taking action or giving up information they normally would not. One form of spam, popular recently, claims that freenode will require SASL to connect. Others attempt to lure users to a website that may generate revenue for the spammer, attempt to install malicious software, reveal information about the user (such as location, IP address, operating system, and so on), or lead to a shock site intended to offend or disgust. Other spam has no purpose except to cause disruption through channel noise, nick-highlights, and the ensuing complaints from those disrupted.

Don’t be a victim of these mischievous ploys. Don’t react when you see this sort of activity. Don’t click on unsolicited links. Don’t trust spam to be accurate or truthful. Instead, be a catalyst or just ignore the unwanted behavior. Most IRC clients offer a way to filter out messages from a person or containing certain text by using a command called /ignore. Even if your client doesn’t support /ignore, you can mentally ignore it just like you might ignore someone yelling on a street corner.

Bad behavior that is limited to one or two channels can be handled by the helpers and operators in the channel. If you feel compelled to report spam or abusive behavior, privately message one of the people on the channel’s access list, which may be seen using /msg chanserv access #channel list. To check how recently a person was active, use /whois nickname nickname. (Yes, put the nick twice). This will show whether they are away, and how long they have been idle. Some projects use a -ops channel (e.g. #ubuntu-ops) to make it easier to contact an operator.

If bad behavior is widespread, network staff may intervene. As always, staffers can be reached in #freenode. When reporting an issue, please do not (re-)paste spam or highlight many nicks. This only adds to the disruption and makes the reporter look like the spammer. When a staffer responds, you can privately message the content of the spam, if it is important to addressing the problem.

And one final word about announcements: any major change to the network’s operations (like, say, requiring SASL) would be announced properly through the website and/or blog. We might also announce it over IRC using a global notice or wallop. A wallop or global notice would come from a staffer — someone with a freenode/staff cloak in whois — and probably appear in your client’s server or status window. Spammers may choose nicks that look similar to those of staffers, but staffers will have a freenode/staff cloak and we will not spam channels as a way of making announcements. A bit of skepticism before trusting something seen on the internet can help keep you safe, and the network running smoothly.

Further webchat issues

Unfortunately, it seems the box our webchat is on has decided to fall out with the Internet again. We’re working on setting up a reserve instance which shouldn’t be affected by this sort of issue in the future. When we have more details, we’ll update this post. We’re really sorry for the inconvenience this causes, and guarantee it will be less in future.

Update: The host’s issues appear to have been resolved. We now also have a backup instance running which can easily be switched to in the event of downtime in the future.

Webchat downtime

Hi everyone.
Currently the freenode webchat instance (webchat.freenode.net) is down. This is due to maintenance by the host of the box upon which the service sits, and looks set to continue for up to a further 6 hours.
This is maintenance that we, as staff, were not previously aware of.
We’re very sorry for the inconvenience and are doing what we can to reduce it.

Update: resolved.

Java webclient decommissioning

Following our successful switch of cloaking on our web gateway (http://webchat.freenode.net) to show the full IP address of connecting users (see this blog post), we have decided to transition our old and relatively unused Java client (pjIRC) to our webchat service. This will be done via a HTTP redirect.

Only around 30 users at a time can be found from the java client, hence as time goes on it makes less and less sense to continue to support this platform. We’ll be decommissioning the Java client on Sun 8th August.

Other pjIRC instances which connect to freenode will be unaffected. We are simply removing our version of the program.

If you’ve any concerns, queries or comments we’d love to hear from you either in #freenode or via support at freenode.net.

Group Registration Form verifications

For a long time, freenode has utilised a Group Registration system to give groups (such as companies and open source projects) the ability to manage channels in the primary namespace (ie, channels beginning with a single “#”) and to give contributors to their projects cloaks. Perhaps more importantly, the system allows groups to retain control of their identity on freenode. It is because of this aspect of Group Registration that filing a Group Registration Form (GRF) has been necessary for projects to acquire primary channels which have been already registered. For the same reason, we ask those who register new primary channels to file a form.

A great number of fantastic projects use freenode. Only a small subset of staff are able to handle GRFs, and in combination with the large volume of forms filed we have developed a significant backlog. We realise that because of this backlog, certain groups are unable to claim channels on freenode which should rightfully be theirs. While we appreciate that many projects have been waiting months or years for a form to be processed, we must consider GRFs filed in order to obtain channel ownership for a legitimate project to be a priority – if you’re in the former position and not the latter, I hope you can see why.

At this stage, we are hoping to move through these priority requests in the coming weeks (and, depending on volume, months), before moving on to other requests. If you are a prospective group contact who has filed a GRF form before and you fall into the priority group (to be clear: you are in the priority group only if you need the GRF to be processed in order for you to gain access to the #group or #project channel on freenode), please email us at grfprocess at freenode dot net. The email should contain your IRC nick and your group’s name – no other personal information should be sent. We will soon be in touch regarding “next steps”.

If you want to help us to provide a top class service to groups, please consider getting involved with development of our new Group Management System (GMS).

Finally, a quick word of gratitude to those who have been waiting for GRFs to be filed for a long period of time. Thank you for your patience – we will move on to processing your requests as soon as we are able, and will let you know when via this blog and network wallops. Thanks for choosing freenode :)

freenode webchat changes

Webchat has always presented an interesting problem, mostly for the staff of various channels as well as the network itself, but indirectly for all our users as well.  All webchat connections come from the IP address of the webchat service.  This results in them having to be handled a little bit differently from other connections.

To begin with, there needs to be a way for network or channel staff to identify individual connections, as well as where they originated from.  The way this has previously been handled is by encoding the IP of the source (the IP someone uses to connect to the webchat) in hexadecimal form in the ident field of the user.  The webchat users are “cloaked” (that is, their real hostname, which would be that of the webchat server, is replaced) with a unique string identifying the connection.  This method allows channel staff to ban or quiet a webchat user via the unique connection string, or via the ident information.

While this works, it’s confusing to many. The unique connection string changes every time a user makes a new connection through webchat. Therefore, we’ve changed how we do the cloaking so IPs are shown in cloaks. This makes it much simpler for channel staff to see what is going on, and who is who. For now, this change only applies to those using the freenode webchat at http://webchat.freenode.net. The effect is to change a cloak of the form “gateway/web/freenode/x-iiqzrxiqfnnglqji” to the form “gateway/web/freenode/ip.171.205.239.16“.

We would like to point out that this does not in any way reduce the privacy of users of webchat: it has always been possible for anyone to directly convert the encoded ident string back to an IP address. In addition, the real hostnames of clients have always been visible unencoded in the “whois” output for the user.

In addition, we have made a small but potentially significant change to how the “ident” is shown. This has become necessary so that, with future versions of our ircd, we can properly limit connections per IP address via webchat. For a typical freenode webchat user, the full hostmask previously had the form “~abcdef1@gateway/web/freenode/...“. Many historical webchat bans and quiets are set as “*!~abcdef1@gateway/web/freenode/*“. The change that we are making will break these bans. We have removed the ~ from the ident for all webchat connections (not just freenode’s webchat), giving a full mask of the form “abcdef1@gateway/web/freenode/ip.171.205.239.16“.

As such, channel ops are advised to adjust their bans into the form of either “*!abcdef1@gateway/web/freenode/*” or “*!*@gateway/web/freenode/ip.171.205.239.16” as soon as possible.

A further result of this change is that those hosts from which a large number of legitimate users connect to freenode through the webchat service may suffer refused connections due to breaching the limits. If you find youself faced by an error of the form “Too many connections”, please email iline at freenode dot net with details of the IP address affected (which can be obtained from www.whatismyip.org), the name of the organisation, and the number of connections expected, so that we can place a limit exemption. Please note that if you have a message of the form “Gateway connections are currently blocked” or “Gateway connections are currently being throttled”, this is a different matter for which an I:line cannot help.

We hope that these changes make connections through the freenode webchat easier to manage for channel ops and more transparent for all users.