Group Registration Form verifications

For a long time, freenode has utilised a Group Registration system to give groups (such as companies and open source projects) the ability to manage channels in the primary namespace (ie, channels beginning with a single “#”) and to give contributors to their projects cloaks. Perhaps more importantly, the system allows groups to retain control of their identity on freenode. It is because of this aspect of Group Registration that filing a Group Registration Form (GRF) has been necessary for projects to acquire primary channels which have been already registered. For the same reason, we ask those who register new primary channels to file a form.

A great number of fantastic projects use freenode. Only a small subset of staff are able to handle GRFs, and in combination with the large volume of forms filed we have developed a significant backlog. We realise that because of this backlog, certain groups are unable to claim channels on freenode which should rightfully be theirs. While we appreciate that many projects have been waiting months or years for a form to be processed, we must consider GRFs filed in order to obtain channel ownership for a legitimate project to be a priority – if you’re in the former position and not the latter, I hope you can see why.

At this stage, we are hoping to move through these priority requests in the coming weeks (and, depending on volume, months), before moving on to other requests. If you are a prospective group contact who has filed a GRF form before and you fall into the priority group (to be clear: you are in the priority group only if you need the GRF to be processed in order for you to gain access to the #group or #project channel on freenode), please email us at grfprocess at freenode dot net. The email should contain your IRC nick and your group’s name – no other personal information should be sent. We will soon be in touch regarding “next steps”.

If you want to help us to provide a top class service to groups, please consider getting involved with development of our new Group Management System (GMS).

Finally, a quick word of gratitude to those who have been waiting for GRFs to be filed for a long period of time. Thank you for your patience – we will move on to processing your requests as soon as we are able, and will let you know when via this blog and network wallops. Thanks for choosing freenode :)

freenode webchat changes

Webchat has always presented an interesting problem, mostly for the staff of various channels as well as the network itself, but indirectly for all our users as well.  All webchat connections come from the IP address of the webchat service.  This results in them having to be handled a little bit differently from other connections.

To begin with, there needs to be a way for network or channel staff to identify individual connections, as well as where they originated from.  The way this has previously been handled is by encoding the IP of the source (the IP someone uses to connect to the webchat) in hexadecimal form in the ident field of the user.  The webchat users are “cloaked” (that is, their real hostname, which would be that of the webchat server, is replaced) with a unique string identifying the connection.  This method allows channel staff to ban or quiet a webchat user via the unique connection string, or via the ident information.

While this works, it’s confusing to many. The unique connection string changes every time a user makes a new connection through webchat. Therefore, we’ve changed how we do the cloaking so IPs are shown in cloaks. This makes it much simpler for channel staff to see what is going on, and who is who. For now, this change only applies to those using the freenode webchat at http://webchat.freenode.net. The effect is to change a cloak of the form “gateway/web/freenode/x-iiqzrxiqfnnglqji” to the form “gateway/web/freenode/ip.171.205.239.16“.

We would like to point out that this does not in any way reduce the privacy of users of webchat: it has always been possible for anyone to directly convert the encoded ident string back to an IP address. In addition, the real hostnames of clients have always been visible unencoded in the “whois” output for the user.

In addition, we have made a small but potentially significant change to how the “ident” is shown. This has become necessary so that, with future versions of our ircd, we can properly limit connections per IP address via webchat. For a typical freenode webchat user, the full hostmask previously had the form “~abcdef1@gateway/web/freenode/...“. Many historical webchat bans and quiets are set as “*!~abcdef1@gateway/web/freenode/*“. The change that we are making will break these bans. We have removed the ~ from the ident for all webchat connections (not just freenode’s webchat), giving a full mask of the form “abcdef1@gateway/web/freenode/ip.171.205.239.16“.

As such, channel ops are advised to adjust their bans into the form of either “*!abcdef1@gateway/web/freenode/*” or “*!*@gateway/web/freenode/ip.171.205.239.16” as soon as possible.

A further result of this change is that those hosts from which a large number of legitimate users connect to freenode through the webchat service may suffer refused connections due to breaching the limits. If you find youself faced by an error of the form “Too many connections”, please email iline at freenode dot net with details of the IP address affected (which can be obtained from www.whatismyip.org), the name of the organisation, and the number of connections expected, so that we can place a limit exemption. Please note that if you have a message of the form “Gateway connections are currently blocked” or “Gateway connections are currently being throttled”, this is a different matter for which an I:line cannot help.

We hope that these changes make connections through the freenode webchat easier to manage for channel ops and more transparent for all users.

Groups Advisory Board

For many years now, freenode has offered projects and userbases on the network the option of registering themselves as “Groups”.  Each of these groups has one or more designated people as their “Group Contacts”, who are the point of contact for freenode-staff<=>group liasion, and are thus able to contact staff to request that cloaks be set, or to request assistance in administering channels.

We now have several hundred registered groups on freenode, and many more groups for which registration requests have been submitted.  There is a rather large backlog of these requests, but this will reduce dramatically once GMS has been completed, tested, and deployed (on which note, if you think you can give some time to help code it, get in touch!). An aim of the groups policy is to foster good relationships between groups and staff.

This is where the Groups Advisory Board (GAB) comes in – immediately, for approved GCs!  This is a way in which we would like to give groups a role in influencing the direction that freenode, and the PDPC, will follow in the future with regards to group and project related policy.  The GAB is completely optional and brings with it no committment. It is open to all group contacts who would like to be members. The GAB is effectively a consultation forum where staff can get feedback from groups. As well as improptu discussions on IRC, discussions will take place on a mailing list and occasional, optional IRC meetings will be arranged. If you’re interested in giving your group a greater voice in the management of freenode, speak to staff in #freenode, or drop an email to support NOSPAM at freenode.net, and we’ll sign you up to the freenode-groups mailing list and invite you to #freenode-gab.

Thanks!

freenode is dead, long live freenode

After much time in development and testing, the move to ircd-seven is finally complete. The migration took place in the early hours of today, Saturday January 30th 2010.

I would like to express thanks to everyone who has helped us get here — those staff and users who have helped find and squash bugs, those who have done extensive load testing and those who have helped finalising documentation in preparation for the migration earlier today.

In particular I would like to thank the Charybdis development team and the ratbox contributors whose work left us with a brilliant ircd platform to build upon to create the more freenode specific ircd-seven. In no particular order my thanks go to:

dwr, Valery Yatsko <dwr -at- shadowircd.net>
gxti, Michael Tharp <gxti -at- partiallystapled.com>
jilles, Jilles Tjoelker <jilles -at- stack.nl>
nenolod, William Pitcock <nenolod -at- nenolod.net>
AndroSyn, Aaron Sethman <androsyn -at- ratbox.org>
anfl, Lee Hardy <lee -at- leeh.co.uk>
beu, Elfyn McBratney <elfyn.mcbratney -at- gmail.com>
Entrope, Michael Poole <mdpoole -at- trolius.org>
ThaPrince, Jon Christopherson <jon -at- vile.com>
twincest, River Tarnell <river -at- attenuate.org>
w00t, Robin Burchell <surreal.w00t -at- gmail.com>

And for leading the development efforts of ircd-seven, for putting up with my many quirky and often unreasonable requests:
spb, Stephen Bennett <stephen -at- freenode.net>

I’d also like to express my gratitude to the following freenode volunteers for the hard work they’ve put in to make the migration go as smoothly as possible. I’ve been amazed at the initiative and responsibility shown in this last phase. Your help has been invaluable and I feel privileged to work with you:

kloeri, Bryan Østergaard
Lorez, Mike Mattice
Martinp23, Martin Peeks
Md, Marco D’Itri

With the exception of port(s) 7000 and 7070 which are now being used for SSL, all other ports and DNS stay the same as it did prior to migration.

If you are a regular freenode user you will most likely be aware that there’s some user facing changes with the move to ircd-seven (and likely to have been annoyed by my global notices on the subject), you may wish to familiarise yourself with the updated FAQ and glance at some of these earlier ircd-seven related blog posts:

http://blog.freenode.net/2010/01/connecting-to-freenode-using-tor-sasl/

http://blog.freenode.net/2008/11/help-us-test-ircd-seven/

http://blog.freenode.net/2010/01/migration-to-new-ircd/

http://blog.freenode.net/2010/01/ircd-migration…-jan-30th-2010/

Again, thank you for helping out, however small or large your contribution may have been. We are celebrating the migration to ircd-seven with a special fundraiser “Give £7 for seven”. This campaign will end on February 7th 2010, until such time you may read more and donate here. Any donation of £21 or any multiple of £7 over £21 will receive a freenode t-shirt.

To all our users, thank you for using the network, and welcome to seven!

Connecting to freenode using Tor: SASL

With our change of ircd to the all new ircd-seven, we are trialling a new method of allowing users to connect to the network via Tor. This method brings a number of changes:

  • The only Tor hidden service is: the new p4fsi4ockecnea7l.onion.
  • You will need to have a registered and verified NickServ account to connect using Tor. Beyond this, no further steps are necessary.
  • You will need to use a SASL mechanism to identify to the server.

We have collected together scripts for irssi and mirc, while Conspire supports SASL natively. Scripts may be available for other clients in addition.

irssi

Download and install this script (cap_sasl.pl) and, after loading it, configure it using

/sasl set <network> <username> <password> <mechanism>

Supported mechanisms are PLAIN and DH-BLOWFISH.

mirc

A mirc script is available, taken from a forum post by Kyle Travaglini. You can retrieve the source here.

Instructions (adapted from that forum):

  • Place SASL.dll and sasl.mrc into your $mircdir.
  • Load sasl.mrc into your remotes.
  • Press F2 and configure the network, before connecting as usual.

If you have any problems, either pop into #freenode from a non-torified connection or drop an email to support AT freenode.net.

This method of connecting to freenode using Tor supersedes all previous methods, including Tor-GPG. We hope that this method of connecting via Tor will help to make it somewhat more accessible to you!

Javascript spam

You may have noticed some unusual amounts of spam over the past few days, which has had an impact on a number of channels.  This spam is the result of some malicious javascript being distributed on a number of webpages which causes visitors to these pages to make a connection to freenode and send spam.  While we are doing what we can to mitigate the spam, we would ask that you take a careful look at any unusual sites or URLs you might visit in the near future to be sure you are not being tricked into visiting such a site.

If you have been banned from the network after clicking on one of these links, please email [email protected] with your internet-routeable IP address. Visit http://myip.dk/ and include both the IP address and hostname provided on this site.  It’s also helpful if you let us know what nick you were using at the time.  We will address these requests as quickly as possible, but please be patient.

It is of course never a good idea to visit a link that’s not from a trusted source.  If you must do so, look into using a browser with limited or no scripting support (wget from the command line is a great solution here on linux, as is links) or using something like no-script for firefox.

If you run a channel on freenode, you might want to consider setting +R to prevent unregistered users from sending to the channel as the spambots described here will not be registered.  If you do so please consider being proactive about contacting unregistered users joining your channel to ensure they get the help they need, and feel free to send them to #freenode so network staff can help them register.

For users, now is an excellent time to register your nickname and setup your client to auto-identify.  You can find information about registering here.  Configuring your client to auto-identify varies depending on the client, but one easy way is setting up your client to send the nickserv password as your server password. Most clients have an option for this.

It is also worth noting we will be moving to a new ircd in just 13 more days, as described here.  This new ircd provides a number of exciting new capabilities including improved capability to deal with spam of all kinds, including this most recent type which is entirely mitigated by improvements in seven.

ircd Migration Sat Jan 30th 2010

In the coming weeks, we will be migrating freenode to our new ircd, ircd-seven.  Presently, freenode uses hyperion and efforts have been underway for some time move us off this platform for reasons of stability and functionality.  We are now almost there.

As users please be aware that during the migration all clients will be temporarily disconnected and will need to reconnect in order to move over to the new servers. For most of you this will happen as the old servers are shut down.

Please Note: While we will copy over channel modes and topics for registered channels (there will be no changes to the services database, all nick and channel settings with services will stay the same) we are unable to do so for channels NOT registered with ChanServ. If your project utilises non-registered channels for whatever reason, please make note of the topics and modes so you can make a manual transfer of these yourselves. For more information on registering a channel, see this post.

If you operate a channel on freenode and have any concerns, feel free to stop by #freenode to discuss any issues you might have.  If you run any channel utility bots, you may want to test them on the current testnet.  More information can be found here.

Important Changes

There are several significant changes users should be aware of in ircd-seven:

Channel quiets are no longer a modified version of bans but are now on their own list, queried with “mode #channel q”, and as such do not appear on the normal banlist.

After the migration, we will have ssl access available on the production network.

Identifying upon connection works as before but there are two new ways to do so: specifying username:password in the server password field will allow you to login to a specific account, and SASL authentication is also available.  Using SASL varies by client and is not supported in all clients.

The CAP command:

A brief summary:

  • The CAP LS command will list all client capabilities that are available to the client.
  • The CAP REQ :<cap1> <cap2> <...> command can be used to request one or more capabilities. The response to this will be either CAP ACK :<cap> <...>, or CAP NAK :<cap> <...>, depending on whether the request was successful.
  • A CAP name token can be prefixed by - to disable that capability. This was not available with hyperion’s CAPAB command.
  • CAP negotiation can take place either during connection and registration (as is required for SASL), or afterwards, to enable identify-msg.

For those implementing support for it, a full specification is at http://www.leeh.co.uk/draft-mitchell-irc-capabilities-02.html.

The IDENTIFY-MSG capability still exists but there is a new way to activate it.  It is now part of the CAP mechanism.   A script for irssi that understands both hyperion’s and seven’s identify-msg capability is available at http://adipose.attenuate.org/~stephen/ircd-seven/format_identify.pl.

The n= and i= prefixes are not used, instead ~ is prefixed to a non-identd username as is common in most other ircds.

For further information on changes that might impact you please visit http://freenode.net/seven-for-hyperion-users.html

As always, thank you for using freenode, and see you on the other side!

Happy New Year 2010

The New Year is arriving in various parts of the world, and we’d like to take this opportunity to thank the people who continue making freenode possible.

Our very dedicated and generous hardware and bandwidth sponsors, for whom the tail end of 2009 have been a particularly challenging time, we’re very grateful for the extra manpower you’ve all put in to help with the recent DDoS attacks the network has been experiencing. While we’ve lost some sponsors due to the costs involved over the attacks, we’d like to thank those for the time they were able to continue supporting our services and express our complete understanding for the decisions they’ve had to make in choosing to discontinue the support. For those of our sponsors who have been able to continue providing hardware and bandwidth we’d like to thank you for your generousity and for the patience while the attacks have been ongoing.

We’d like to thank all the PDPC supporters for their donations, Canonical Ltd and the Gallery project for their generous donations, as well as those donations from indiviual users which in 2009 enabled us to purchase some additional hardware and bandwidth and we hope that the support continues throughout 2010 and that we’ll be able to start making some progress with the work on our upcoming freenode live conference. Your support is invaluable to us and we’re grateful for the continued support. Should you wish to become a donor; you may make a donation here.

We’d also like to thank the freenode staff volunteers, past and present, for administering the network and putting in a lot of time to help both projects and end users with their freenode experience.

And finally, we’d like to thank the most important people of all — the many projects and users who make freenode what it is. 2009 saw us passing the 60,000 concurrent users mark and it’s fantastic to see that so many people use and contribute to the various FOSS projects on the network. Thank you all for using freenode.

We’d like to wish you all 12 months of happiness, 52 weeks of fun, 365 days of success, 8760 hours of good health, 52600 minutes of good luck and 3153600 seconds of joy! Have a very happy New Year!

Free as in freenode

Most of you are probably familiar with the various freedoms that are frequently stated, such as freedom of speech or expression.  While freenode does exist to promote communication amongst free and open source projects, it is not an open forum for all to use in any way.

The purpose and goals of freenode are simple, but often misunderstood.  Freenode is a privately operated special purpose irc network, aimed at improving communication between developers, and users, and others interested in free and open source software.  These people and their ability to communicate efficiently are our primary concern and focus.  The “free” in freenode in intended to indicate this goal, and our commitment to providing a collaboration platform for those with an interest in free and open source software, rather than “freedom of speech or expression”.

As a private network, we do reserve the right to limit the sort of content allowed on freenode.  Some of things considered on and offtopic are outlined here.

Hopefully this clears up a little about what the “free” in freenode actually stands for (and what we do, as well).

Web chat updates

Over the last few  weeks we have had quite a bit of feedback from our new web chat client.  As a result of this we’ve been able to feed back requests to the qwebirc developers who have been able to add many requested features:

  • Optional Nick colour support
  • Optional join, part and quit message hiding
  • Optional last position indicator to track which content is new since you last focused on IRC
  • CSS changes to highlight messages from yourself
  • https support
  • NickServ authentication

Some of the optional features are disabled by default, but can be enabled in the option pane, accessible from the menu (top left).