Fosscon, an open source conference in Philadelphia PA, Saturday August 10th

FOSSCON 2013 will be held on August 10th, 2013.  Several of our very own staff here at freenode will be attending this year and we are really looking forward to it.

FOSSCON was spawned from the depths of freenode and this will be the 4th event so far.

We are very excited about this year’s keynote speaker, Philadelphia’s own Jordan Miller, who leads a research team at The University of Pennsylvania. Jordan makes heavy use of open source software and is doing amazing work with 3D printing as it pertains to transplant organs.  http://www.upenn.edu/pennnews/news/penn-researchers-improve-living-tissues-3d- printed-vascular-networks-made-sugar.

Listed below is a just a quick peek at some of our confirmed speakers and their topics:

  • Bhavani Shankar will be speaking on how to bring in new developers to open source projects.
  • Elizabeth Krumbach Joseph will be speaking on Open Source Systems Administration.
  • Corey Quinn will be speaking on configuration management with Salt.
  • Brent Saner will be speaking on Project.Phree, a wireless mesh project.
  • Dru Lavigne will be speaking on FreeNAS 9.1.
  • Jérôme Jacovella-St-Louis will be hosting a workshop on cross-platform development with the Ecere SDK.
  • John Ashmead will be speaking on the math and science of invisibility.
  • John Stumpo will be offering a workshop on the Challenges facing FOSS game projects.
  • Walt Mankowski will be speaking on Scientific Programming with NumPy and SciPy.
  • Chris Nehren will be speaking on bridging the gap between development and operations.
  • Christina Simmons will be speaking on starting and managing open source events/projects.
  • Hector Castro will be offering a hands-on workshop on the Riak database engine.
  • Dan Langille will be hosting a workshop on Bacula: The Networked Backup Open Source Solution

If you haven’t registered yet, please do so here: https://www.wepay.com/events/fosscon-2013!  We’ve had such an awesome response so far and are so excited to see how far we can go this year! Invite your friends, your partners, your business associates, and everyone else you know!  We’ll see you soon!

New TLS/SSL Channel Modes & Webchat Features

We’ve recently enabled some new functionality in our ircd to further help you manage your channels:

Channel mode +S

This ensures only users that have connected via TLS/SSL (and so have user mode +Z) are able to join; you can not /invite them through it. It will not prevent the use of the channel by any non-TLS/SSL users already present.

Extended ban $z

Documented in ‘/help extban’ for some time, this has also been enabled and matches all TLS/SSL users. Usage is similar to the ‘$a’ type (which matches all identified users) and could for example be set as ‘+q $~z’ to to quiet any users not connected over an ssl connection.

Webchat

WEBIRC has been enabled so that behind their hostmask, users can now be considered to be connecting from their real address. This means that a single ban format can apply to both direct connections and webchat connections.

For example, a user connecting from 171.205.18.52 will still appear as ‘nickname!abcd1234@gateway/web/freenode/ip.171.205.18.52′ but ban masks of the form ‘*!*@171.205.18.52′ will match! This is now the most effective method of matching users using webchat but the realname and hexip username are still available.

Although freenode’s webchat is available over SSL, the webchat’s localhost connection to the ircd is not SSL, so webchat users do not get user mode +Z. Webchat users will not be able to join a +S channel and will not match the $z extban, even if they are using webchat over SSL.

Security considerations

These channel modes can not guarantee secure communication in all cases; if you choose to rely on them, please understand what they can and can’t do, and what other security considerations there are.

There are a variety of known security problems with SSL, and reasons why the +S mode may not guarantee transport security on freenode. Some of these are:

  • These modes may be unset by channel operators at any time, allowing non-TLS/SSL users to join, and the mode may subsequently be reapplied;
  • If network splits occur it may also be possible for users to bypass +S intentionally or by chance;
  • Clients may be compromised or malicious, or using a malicious shared host;
  • Clients may have traffic intercepted as part of a Man In The Middle (MITM) attack and then transparently forwarded via SSL, invisibly to channel users;
  • There may be issues with TLS/SSL itself in server or client configuration or architecture which compromise its ability to provide effective transport security at the network level (there have been several published attacks against SSL recently – see here).

This is not an authoritative list, so before using +S as part of any channel which requires strong anonymity, please ensure you understand what it does and its drawbacks.

There are other security tools you may want to look at – you may want to consider using client plugins that provide additional encryption or route your connection through Tor. Tor also allows you to create spurious traffic to hide real traffic patterns. freenode provides its own hidden Tor node which means you can trust this connection as much as you trust freenode. Your IRC traffic with freenode via Tor is end-to-end encrypted from your Tor client to our Tor node. It does not pass through any third party nodes in unencrypted form.

Finally, unless you can trust everyone in a channel and are sure it is configured properly and you understand the other technical risks, do not rely on these channel modes exclusively. Security is generally layered; ensure you have good defense in depth and don’t rely on individual controls which may be a single point of failure.

Using other websites or services via Tor

Remember to always encrypt your traffic when using Tor as you have no control over who is running exit nodes and if they are doing traffic analysis on them. While your traffic to the exit node is encrypted and the ingress node can not read it, the exit node will always need to be able to remove Tor encryption. If your traffic is clear-text said exit node will be able to read it.

Over 9000 * 10

freenode has been growing slowly and steadily, breaking the next practically-useless-but-still-kinda-neat barrier of more than 90,000 concurrent connections at the same time. It’s very nice, and humbling, to know that we are able to enable so many people to communicate with each other.

I shouldn’t have added a month of leeway at the last second to my last prediction so the scary scary 100,000 is officially targeted for May 2014. Yes, the pace at which freenode is growing seems to be increasing ever so slightly.

Historic posts for those of you keeping track:

http://blog.freenode.net/2007/08/freenode-has-reached-40-000-users/

http://blog.freenode.net/2008/09/50000-active-users/

http://blog.freenode.net/2009/12/happy-new-year-2010/

http://blog.freenode.net/2011/01/freenode-70k/

http://blog.freenode.net/2012/04/80k/

The good, the bad, and the ugly…

Firstly, I would like to apologise for the interruptions the network has experienced in the last week (and continues to experience as we speak). I would also like to thank our incredible server sponsors for the time and dedication they have shown in helping us attempt to deal with the situation.

Sponsors — sponsors are the lifeblood of the network; without sponsors there would be no freenode. Unfortunately, the recent attacks have been significant enough for some of our sponsors to pull the plug as they were unable to continue providing the same level of assistance to the network as they had in the past. These kind of attacks can be costly for our sponsors; the disruptions soon have a financial impact for sponsors and their paying clients when service is disrupted. They are also costly in time and resources spent trying to alleviate the issues caused within their networks. To those of our sponsors who have had to discontinue sponsorship, in part or in full, I would like to thank you for the years of support. Not just for freenode but for the Free and Open Source Software Communities and we can only apologise for the difficulties your organisations have experienced as a result of these recent attacks.

Free and Open Source Software Communities — whilst sponsors may be the lifeblood of the network, the FOSS communities are our reason for being. Unfortunately they, along with our sponsors, are the ones suffering at the hands of the attacker(s) — it is their projects that are disrupted and affected and we can only apologise for the instability and disruption experienced by projects on the network in this last week.

freenode — ironically freenode is the puzzle piece that gets off lightly. We’re just a bunch of people passionate about FOSS — the network itself is devoid of feeling and whilst our volunteers do their best dealing with the aftermath of the attacks and try to keep the network up and running the reality is that in the grand scheme of things freenode is nothing. freenode is just a means to an end; the projects that have chosen to use freenode could easily go elsewhere, the volunteers who staff the network… well, they could easily go wherever their projects went — we volunteer for freenode because we’re passionate about FOSS, and the majority of us also contribute to one or several FOSS projects or have done in the past. For us it has never been about “freenode” — it has been about FOSS; and the projects we, as individuals, care about. We are all freenode users first, and staffers second.

If there was no freenode, there would be other alternatives — perhaps similar alternatives, perhaps very different alternatives. The FOSS communities are full of talented, passionate people and I have no doubt that we’d all find different ways to stay in touch and work on our projects even if there was no freenode.

That’s not to say we’re about to throw in the towel — we’ve all invested a lot of time and effort in the network and I am sure we will continue to do so for as long as there are projects wanting to use it and sponsors willing to help us.

I wish I could provide you with detailed information about the attacks and the cause of them — but these details are but a mystery to us and with nearly 90,000 users I’d be loathe to speculate as to who we might have annoyed… or how. For the time being, we intend to continue mitigating attacks where possible and continuing to endeavour to provide service as usual!

Once more, thank you for the support and the faith in the project — and thank you for the patience whilst our infrastructure team desperately tries to juggle our infrastructure around to bring back as much of our normal services as is possible at this point in time.

April 1st 2013, the aftermath

It’s been a little more than a week since we started our April Fools quiz this year; thanks to everybody who participated.

The first ten people who completed all three tracks are, in descending order of aprilness:

  • jojo
  • homerj
  • AndrewF
  • stereo`
  • ditzydoo
  • talisein
  • nebkat
  • timgoh0
  • Aster
  • PyroPeter

 

Here are the riddles and their solutions, in the original order:

Misc

  1. ###>++++++++++ [>++++++++++>+++++++++++>+++++++++++>+++++++++++>++++++++++><<<<<<-] >+>++>++++>+>+++> <<<<<< >.>.>.>.>.
    • This was brainfuck code, writing eprog to stdout
    • ###eprog
  2. #####9466848004102444800
    • This was a range between two unix timestamps, from 1.1.2000 until 1.1.2100 (midnight)
    • #####century
  3. ##### 277453665
    • This level was slightly harder, on a phone keyboard (according to TU-T E.161) writing with these numbers spelled aprilfool (with some guessing or T9)
    • #####aprilfool
  4. http://www.youtube.com/watch?v=oHg5SJYRHA0
    • The beloved Rick Roll video. This was a joke idea, the channel ########gotyou was actually hidden as a channel forward (mode +f)
    • ########gotyou
  5. ###### BOGBOS, SEAPHXDENDALMSP, CPTOSL, SCLBOSCPTARN
    • Similar to last years keyboard riddle, you had to connect the airports on a map which formed the letters I W I N.
      • Bogota to Boston: I
      • Seattle to Phoenix to Denver to Dallas to Saint Paul: W
      • Cape Town to Oslo: I
      • Santiago to Boston to Cape Town to Stockholm: N
    • ######iwin

The topic in ######iwin was: Congratulations, you finished the misc track. Here, have a puzzle piece: It’s dangerous to go alone! Take this! ###the. Make sure to also play the other quiz tracks!

Music

The list number references the level number of the listed question.

  1. What does Dorothy wish she was on the other side of?
    • ##rainbow
    • Referencing: Dorothy from the The Wizard of Oz sings “Somewhere Over the Rainbow.”
  2. What is the first thing Rick Astley will never give up?
    • ##you
    • Referencing: Never Gonna Give You Up by Rick Astley.
    • Source
  3. This person can’t touch “this.”
    • ##mchammer
    • Referencing: U Can’t Touch This by MC Hammer.
  4. This old song leaves many people wondering what the writers had wrote it about. Most people think the song is about drugs, however the group has said in interviews that it didn’t really have any meaning at all.
    • ##hotelcalifornia
    • Referencing: Hotel California by the Eagles.
    • Source
  5. This 1975 classic is fairly self-explanatory.
    • ##bohemianrhapsody
    • Referencing: Bohemian Rhapsody by Queen.
  6. The main character, a kid, in this classic music video was mocked for being “this”.
    • ##poet
    • Referencing: Another Brick in the Wall by Pink Floyd, specifically Part 1.
    • This question seemed to trip up the most people, as it was the most vague question.
  7. We reminisces about the good ole days of when those popular in music were radio stars.
    • ##buggles
    • Referencing: Video Killed the Radio Star by The Buggles.
    • This was the official answer for Level 8, however, as someone pointed out the official name of the band is “The Buggles.”
  8. Michael Jackson’s most popular song predicts this future event that is popular on the Internet as an event worth preparing for.
    • ##zombieapocalypse
    • Referencing: Thriller by Michael Jackson.
    • This one was a tad tricky as the answer was not in the lyrics of the song.
  9. This 80’s song was very controversial when it came out, offending several people, including average working people. It is often censored on the radio when played.
    • ##moneyfornothing
    • Referencing: Money For Nothing by Dire Straits.
    • More about the controversy.
  10. The most popular guitar riff is from the beginning of this group’s most popular song.
    • ##deeppurple
    • Referencing: Smoke on the Water by Deep Purple.
  11. This band was the first band to have three consecutive multi-platinum albums.
    • ##styx
    • Referencing: The Grand Illusion, Pieces of Eight, Cornerstone, and Paradise Theatre. These albums have been certified Multi-Platinum by the RIAA.

The /topic in ##styx was: Congratulations! | You have answered all the music trivia correctly. | Make you to play the other quizzes and you’ll need this for later, ###best

Crypto

The list number references the level number of the listed question.

  1. Blog post of ##bhggbyhapu
    • This is a simple ROT13 cipher
    • where AtoN, BtoO, CtoP, etc.
    • python -c “print ‘bhggbyhapu’.decode(‘rot13′)”
    • The answer is: ##outtolunch
  2. pTShnJAmo3W0
    • This is base64 encoded then ROT13’ed.
    • python -c “print ‘pTShnJAmo3W0′.decode(‘rot13′).decode(‘base64′)”
    • The answer is: ##panicsort
  3. http://i.imgur.com/AArVy5H.png
  4. QOZTMLUVG IPAJGECYZ | Don’t forget to nT92MKV= | orange
    • QOZTMLUVG IPAJGECYZ
    • nT92MKV=
      • This is the same as the previous level, rot13’ed and then base64’ed.
      • python -c “‘nT92MKV=’.decode(‘rot13′).decode(‘base64′)”
      • hover
    • If you hover over the comic on https://xkcd.com/944/ you’ll see:
      • After exhausting the OED, we started numbering them. When overlapping hurricanes formed at all points on the Earth’s surface, and our scheme was foiled by Cantor diagonalization, we just decided to name them all “Steve”. Your local forecast tomorrow is “Steve”. Good luck.
        • This next step is a bit of a leap, but we expected you to search for key phrases in the string. You should end up on Cantor’s diagonal argument on wikipedia. From here you’ll see some description of it. We want the most popular example of Cantor’s diagonal argument, which is Russell’s Paradox. (Can a set of all sets contain itself?)
    • The answer is ##russell’sparadox
  5. http://git.io/Y60F5g | 936 | UHG | NZCBXBXUSXDBXIWZWMMLLVLHM | WEQ | I’m So Meta Even This Acronym | freenode | 12 | ♥
    • The /topic changed a little bit during the game. This is the most recent form.
    • Hints given:
      • 2013-04-01 18:51:18 <yano> i think you should focus more on how you “cracked” the code for the last
      • 2013-04-01 18:51:32 <yano> and by code i mean, QOZTMLUVG IPAJGECYZ
      • 2013-04-01 18:52:12 <yano> UHG and WEG are pretty important
      • 2013-04-02 04:13:28 <yano> it is vigenere
      • 2013-04-02 05:42:38 <yano> one more semi-important hint: UHG | NZCBXBXUSXDBXIWZWMMLLVLHM | WEQ are each encrypted with the same KEY and method
    • The last hint pretty much gave it away for many people.
    • UHG | NZCBXBXUSXDBXIWZWMMLLVLHM | WEQ
      • This is vigenère again.
      • The key is IRC ROT12-ed.
        • IRC is expected to come from the reference of I’m So Meta Even This Acronym and freenode as in an acronym of/about freenode.
        • The 12 comes from the number directly in the /topic.
        • UGH decrypts to
          • AES
        • NZCBXBXUSXDBXIWZWMMLLVLHM decrypts to
          • TWOHUNDREDANDFIFTYSIXBITS
        • WEQ decrypts to
          • CBC
      • Now, let’s take a break and follow a pattern from previous levels. Let’s pull up https://xkcd.com/936
        • This should be obvious given the previous pattern of XKCD being involved in these levels.
      • While viewing that you should probably download http://git.io/Y60F5g
        • wget http://git.io/Y60F5g
      • Y60F5g is encrypted with AES-256-CBC. This is provided by the previous clues.
      • The key for the encrypted file is Tr0ub4dor&3
      • openssl enc -d -aes-256-cbc -a -in Y60F5g -out Y60F5g.plaintext
      • The output of the file is: ##K&R
    • The answer to this level is ##K&R

The topic in ##K&R was: Congratulations! You have completed freenode’s crypto challenge! | Make sure to also play the other quizzes, and take this with you ###est | http://git.io/TLfWTg

With ###the and ###best and ###est you are expected to put these pieces together to find ###thebestest

Congratulations to those who have completed all the tracks and levels!

Top 10

All times listed are in UTC.

Rank Nick Time
1 jojo 2013-04-02 06:04:34
2 homerj 2013-04-02 06:14:31
3 AndrewF 2013-04-02 06:42:53
4 Stereo` 2013-04-02 06:51:42
5 ditzydoo 2013-04-02 07:20:45
6 talisein 2013-04-02 08:06:23
7 nebkat 2013-04-02 08:24:36
8 jarick 2013-04-02 09:53:51
9 Sarah 2013-04-02 10:06:50
10 PyroPeter 2013-04-02 10:55:47

Lists

Those who have completed all the levels and made it to the final channel but didn’t make it in time for the top 10:

  • alex_joni
  • CeruleanSky
  • DonkeyHotei
  • erkin
  • fsckd
  • kaneda^
  • Kent
  • luckybunny
  • Martok
  • pekuja
  • Pixelz
  • PoohBear
  • Rutix
  • shino
  • slidercrank
  • stac
  • Tordek
  • Valodim

These people were elligible for our cloak lottery, where we used a piece of code to randomly pick three people to win a cloak. Those people were: fsckd, Rutix, and stac.

Top 10 For Each Track

All times are listed in UTC.

Misc

Rank Nick time
1 Xneby 2013-03-31 20:19:19
2 Stereo` 2013-03-31 20:25:27
3 AndrewF 2013-03-31 20:31:31
4 FireFly 2013-03-31 20:36:28
5 ubuntor 2013-03-31 20:38:47
6 thommey 2013-03-31 20:40:30
7 luckybunny 2013-03-31 20:44:34
8 lastplacer 2013-03-31 20:48:33
9 Pixelz 2013-03-31 20:50:20
10 Mortomes 2013-03-31 20:51:10

Music

Rank Nick time
1 grawity 2013-03-31 22:00:47
2 PoohBear 2013-03-31 22:32:45
3 nikis 2013-03-31 22:37:01
4 CeruleanSky 2013-03-31 22:37:32
5 ss 2013-03-31 23:31:32
6 AndrewF 2013-04-01 00:01:47
7 Kent 2013-04-01 00:05:03
8 carharttjimmy 2013-04-01 00:07:31
9 Sarah 2013-04-01 00:09:11
10 fsckd 2013-04-01 00:09:49

Crypto

Rank Nick time
1 jojo 2013-04-02 03:30:13
2 homerj 2013-04-02 06:12:04
3 AndrewF 2013-04-02 06:41:25
4 Stereo` 2013-04-02 06:43:39
5 ditzydoo 2013-04-02 07:12:06
6 talisein 2013-04-02 08:05:32
7 nebkat 2013-04-02 08:21:49
8 shino 2013-04-02 09:21:46
9 jarick 2013-04-02 09:52:16
10 Sarah 2013-04-02 10:05:44

Insert witty title here

Like every year, we would like to invite our users to take part in the April 1st quiz and have the chance to win an April Fools’ cloak.

Good luck, lots of fun, and thanks for flying freenode trebutchet!

What does Dorothy wish she was on the other side of?
###>++++++++++ [>++++++++++>+++++++++++>+++++++++++>+++++++++++>++++++++++><<<<<<-] >+>++>++++>+>+++> <<<<<< >.>.>.>.>.
##bhggbyhapu

Bye bye PDPC

Sadly, we were forced to dissolve PDPC, freenode’s parent organisation.

When the organisation transferred across from the US to the UK we wanted to keep the organisational structure as close to what it had been before (change is scary, right?) — however, we made the conscious decision to no longer have any paid employees after Rob Levin passed away. This meant that everyone involved with the organisation were volunteers and we no longer had anyone who could invest the time and effort required to do fundraising and similar tasks, meaning that the organisation was unable to sustain the levels of donations required to obtain and maintain charitable status in the UK.

Due to the massive reduction in financial support we found ourselves in a position where being an incorporated organisation cost more than what we were able to bring in in donations and after years of operating at a loss it was decided that we would apply for the dissolution of the corporation in order to drastically reduce costs. The application has been processed and the organisation has been dissolved; to further reduce costs we have also discontinued the majority of infrastructure services for which the organisation paid, together with the reduced administration and organisational fees this means that we are now in a position where our outgoings are restricted to domain renewals! We would like to thank everyone who has contributed to the organisation in the past, users, organisations and staff in particular, who have always been (begrudgingly?) happy to contribute towards the difference in order to cover the deficit.

What does this organisational change mean for freenode?

In practise it means very little, the PDPC has never been involved in the day to day operations of the network and there will be no changes to the way in which the network is run. freenode is staffed entirely by volunteers from all over the globe who contribute their time and expertise to keep the network up and running in between contributing to various other FOSS projects.

What about other PDPC projects, such as fosscon, geeknic, and the fossevents site?

These projects will continue as they have before, and we invite you to attend fosscon for real world talks and collaboration, to join a geeknic picnic or plan your own at http://geeknic.org, and to check out http://fossevents.org for events in your neighbourhood and around the world.

I appreciate the work you do and I still want to contribute

The best way in which to help the network is to contribute time — help out in #freenode or elsewhere on the network, assist users in finding answers to their questions and help us try keep the channel and network temperature at a nice, comfortable level which encourages collaboration!
If you are low on time but still want to help out you might be able to help us through your company or organisation by becoming a server sponsor (See “Hosting a server” for more information).
If you feel that one particular volunteer has helped you out and you want to say thank you — ask them if they have a preferred charity to which you could make a small donation! With time we might update our website to provide links and information of such preferences.
Alternatively, you may consider donating to one of the following projects:

Existing PDPC donor cloaks

Existing PDPC donor cloaks will remain valid for a full year, after which they will be converted to unaffiliated cloaks. Ongoing donations will be cancelled by us. If you have previously donated to PDPC you’ll still qualify for your donor cloak as normal. If you believe you’re due a cloak and we haven’t processed it yet please contact us.

Upgrade and database prune completed

The planned services upgrade and database prune went ahead today as planned and has completed successfully. Approximately 300000 nicks were removed from the database, and we’ve moved to Atheme 7, so hopefully response times from services should be improved, with less of the lag that was sometimes noticeable before.

In addition, certificate based authentication is now available. We’ll hopefully get the docs for this up online shortly.

Group Registration Closure

Our group registration system has been around for some time, in various guises.  Over that time, our small but dedicated team of staff has attempted to keep up with demand for groups.  Unfortunately, in the early years of GRF, this generated a substantial backlog of processing, since the system was very manual, a lot of data was processed (restricting the staff who had access) and each group can take some time to properly investigate.  To address this issue, we’ve tried a number of alternatives, such as priority group emails, and, lately, a streamlined group registration system known as “grf-f”.

For various reasons, these replacements haven’t worked quite how we’d want or need them to in order to achieve our objective of registering groups in a timely fashion.  Meanwhile, development of GMS, our automated replacement GRF system, continues.

For these reasons, we have taken the decision to temporarily close the group registration system.

What this means is that –

  • No new group registrations will be accepted from this point onwards, until further notice.
  • Outstanding grf-f applications already in the queue will be processed in due course.
  • Outstanding “old style” GRF applications will *not* be processed (most of the applications in this set are very old now, and the people who submitted them should have seen at least one reminder to refile under grf-f)
  • All existing registered groups are unaffected and continue as normal.

Please bear with us whilst we work on where we want to go next with this system.  Meanwhile, if there are channels currently owned by freenode-staff that your project could make use of, please contact a staffer to see if (provisional) op rights can be granted to your account. (These would likely be done on a somewhat temporary basis, until such time as registration re-opens.)  Note also that this is *only* to gain ops on channels, *not* for obtaining group cloaks.

As always, thanks for flying freenode!

mrmist.