IRC Improvements 75
SUIDNet writes: "The first ever secure IRC network has opened. All your communications on the SUIDNet are completely encrypted so no one can just sniff the network and watch your conversations. In addition, anyone who connects unencrypted automatically has a "-insecure" appended to their hostname and are banned from all SECURE channels. Check it out for yourself at http://suidnet.org or irc.suidnet.org." We also got a submission about a plan to improve IRC routing, Open Redundant-Link IRCd.
BITNET relay chat (Score:1)
Anyone else remember BITNET relay chat?
Back in the late 80s/early 90s our university's lower-level CS courses were all on Waterloo Pascal/ Fortran on IBM mainframes (3033/3090) using the MVS/TSO, and VM/CMS environments. We
accessed 'em thru a bunch of burnt-in surplus (from some chemical plant) color 3278 terminals -- with the 10 pound all-metal keyboards. Loved that character set though -- very readable.
These machines had pretty nice "instant messaging" features, and we had available to us all sorts of chatters and frontends.
I'd connect to Bitnet Relay chat thru (IIRC) TAMVM1, and there'd be numbered channels, those over (I think) 50 were "invisible", I suppose for private groups.
BITNET was fun -- the fileserv's, the listserv's, a great hypertext'ish navigation system -- you could see who was logged onto mainframes all over the world.
ugh...then came the september that never ended.
Re:SILC (Score:1)
For me the best thing about SILC is not just the security, but that you can still affect it's development and the protocol to create the best IRC replacement you can think of. And I do intend the SILC to replace IRC one day :)
Re:.. (Score:1)
Re:Negative people on slashdot. (Score:3)
What if they said that the picture of your kids at the beach, building a sand castle constituted kiddie porn?
My point is that you can't draw a fuzzy line in an issue like this. Just saying 'Kiddie Porn Is Bad' won't get you anywhere. Sure, it'll make you look better in your community, because the majority of people will agree with you. But that leaves the door open for too much abuse. Where does porn start? Where does your picture at the beach fit into this?
A hard line, like "Kiddie Porn is when Nipples Are Showing On Children Under 18" is also ridiculous. Ever seen a Huggies commercial? Would you call it porn? This also leaves room for they people you are trying to stop to maneuver around the law. ("See? She's not showing her nipples!")
If you support an encrypted IRC network, then great. If you don't support an encrypted IRC network, then great. If you support a specially monitored, only 'nice' channels allowed, Absolutely No Kiddie Porn network, you're in for a tough time. How are you going to regulate it? Are -You- going to do it? Who would come to your network, anyways?
Comments like 'Encryption makes spreading kiddie porn' easier are pretty silly. Of course it does. Does that mean I shouldn't use encryption? Does that mean there should be a trusted IRCop in every channel, watching for any kiddie porn? Much as it's nice to have morals, whining won't solve your problem.
PS- If you really want help your kiddie porn crusade, I suggest you contribute to developments in AI. If you accept the idea that people will eventually create a self-aware computer program, you can accept the idea that it will probably be used to monitor internet traffic.
Try Gale. IRC is NOT the platform to build on. (Score:2)
Having said all that, I've been working a lot with Gale lately. It's encrypted end to end. It is NOT 'hard linked / single path' - in fact, the servers are loosely coupled. The concept of 'nicknames' doesn't exist. Everyone is a user@galeserverhost. The only way you can connect to a gale server is if the owner of that server signs your key, and the owner of that server has to have his server key signed by the Gale authority before they can connect to the rest of the network.
The entire system has been running for a year or two now, and we're in the process of taking the next step in the protocol. There are several clients available, and the active community on the network is communicative, intelligent, and always contributing.
Tired of IRC? Try gale. http://www.gale.org/
Re:Negative people on slashdot. (Score:1)
3 is probably the best criticism, and it will be hard to address. What about this, for each person you want to talk to on the channel, you select their public key out of your trusted keyring, and anyone in the channel you don't trust, you can just not select their key. You won't have to do this for each message, you can select which keys to use for every message in each channel, kind of an add/remove type function. That way if someone walks in the channel, they won't happen to see anything but encrypted garbage, until you add their key to your ring, and select them in that channel. Even the admins couldn't see anything but encrypted garbage. This of course requires a lot of client modifications, but if we came up with something standard, I am sure Kahled would be a willing listener, one who doesn't have to follow stupid US encryption laws either.
Problems with this idea include weakning the power of admins to be able to tell when abuses occur. They would be able to tell if someone is flooding the channel, and obvious things like that, but as far as harassment goes, it becomes hard to prove what text was actually sent. It already is kind of hard to prove, and there has to be a level of trust that the "victim" didn't modify log files.
Let me know what you think about these ideas. My original message was more critical of the undirected negativity that I saw on here, I think its good to talk about the weaknesses of the system, in a constructive way.
-
Gale Secure Messaging Service gale.org (Score:2)
Re:Is this kind of security needed for IRC? (Score:1)
I don't think so. If you've got good compression the numbers comprising your compressed file is statistically random. If you've got good encryption, the same is true.
QED?
Re:In other news.... (Score:1)
dink!
Re:No, services requiring IDENTD are evil. (Score:1)
Re:Sense of security good but... (Score:1)
If you receive public keys from all users in a channel then its simply point to point encryption whenever you receive a message. Since the server probably will only forward instead of participate its not going to decrypt the info. I am thinking that keys are only exchanged between channel participants. In a busy channel that could be interesting as far as processor time on al the crypts is concerned.
In such a situation only a human or bot participant could log the conversation.
Re:Whats the point? (Score:1)
SILC (Score:3)
It seems secure IRC-like systems are spranging up. Quite understandable. From the land of Linux comes one.
SILC [silc.pspt.fi] takes a new approach. It's not about adding encryption via SSL to existing networks, but building secure network and clients from ground up.
And no, it's not intended as a replacement for IRC. It's an alternative. - And if I understood C any better, I'd be developing this one as well.
Avatar comms systems mostly a step backwards (Score:2)
Er, hello. GUI-based clients for IRC appeared about two milliseconds after the original version. The fact that text-based ones are still around just gives extra capability --- you can chat on IRC while on the move through your mobile, or when connected through a public access telnet. You'd have to forgo communication until you reached a fixed infrastructure if there wasn't a plain text interface to IRC.
The rest of the world has moved on to ICQ, various instant messagers, Yahoo Chat, CheetaChat and other avatar chat programs. IRC is featureless and looks positively dowdy in comparison.
And with all that prettiness, exactly how much communication gets done? Compared to IRC, very little. A picture is only worth a thousand words when the picture is specific to the message, not when it's a prepackaged icon or avatar, otherwise it's merely eye candy.
A top-band communication system would give you text, a whiteboard, and voice. The examples you cite are merely examples of graphics misused.
Demystifying Suidnet (Score:5)
Suidnet is a very new network, it has only been around for less than a week and we're still working on getting the kinks out, and we have never fully guaranteed security. All we do guarantee is that your link to the server and the links connecting the servers will be encrypted and that we are trying our best to ensure that all of the servers are secure. This is not fully implemented yet, but it will be within a week, so please do not exchange sensitive information until notified on the website.
Currently the ircd source is experimental but will be publicly released when fully finished (it is based on hybrid6rc4). I can say that we use stunnel to ssl wrap all of the connections between the servers and for connected clients (useful for running one server for encrypting/decrypting and one for ircd). I can also say that we only made modifications to the ircd to obtain hostnames of users connected through stunnel and to append -insecure to unencrypted connections and that none of them are run in debug mode.
The basic idea is that unencrypted users get -insecure appended to their hostname so if you are connected securely and want to run in secure mode, you can /ignore *!*@*-insecure, or if you want to run a secure channel you can /ban *!*@*-insecure, etc.
Oh, and all of the swapping of MP3s and kid porn that is done over /dcc will not be encrypted unless both ends run irc clients that encrypt dcc. We can't even guarantee that dcc will work the same as with normal irc yet.
Any/all comments are welcome as always, and I'm glad to see all of the discussion going on here on /.
-Ttyl
Where, Pray tell, is the Source? (Score:2)
Encrypted IRC is something I've been thinking about for a long time, and have been waiting for someone to do just such a thing.
Now it's out, I hungrily go to their page, desperately seeking the sources, and find, lo and behold, them to be nonexistant.
Unstable code or not, the power behind IRC is the fact that if you don't like the way the community is looking, you can always find make your own. I've seen proprietary IRC networks try to strive and fail miserably [another.net].
Suidnet guys, I think this is a beautiful project, and I am completely interested in how it's progressing... but I'm a bit disappointed that it's not open.
I congratulate your effort, as you've done something that has been desperately needed for years...
But until anyone can set up their own encrypted IRC server, it's just another AnotherNet.
Quarterdeck Chat? TalkCity? Those are other stories....
Re:Demystifying Suidnet (Score:1)
Ok, but who guarantees me that the administrators of the IRC servers don't modify the ircd source so that they can listen on my conversations? After all, only the links are encrypted, but the ircd still gets to see all traffic in plaintext.
It's good to see an IRC network with fully encrypted links, but I still wouldn't want to use it to "exchange sensitive information", because if I don't want to trust sniffers, I also don't want to trust IRC admins. For that, client-to-client encryption is needed.
Re:Resonable explecation of privacy (Score:1)
Re:Sense of security good but... (Score:1)
Software with Sexual Orientation? (Score:1)
Q: why does xchat not connect and/or give me cert errors?
A: because xchat's ssl support is gay.
This is an interesting concept. Can someone please tell me what I have to do to make my programs gay? I think the software world needs more diversity. Almost all the programs I have seen have actively denied being "gay" and I think we need more programs "out of the closet". Does anyone know how to program sexual orientation in C or C++? Do I have to use the select() function?
Re:Negative people on slashdot. (Score:2)
I get sick and tired of people constantly waving "kiddie porn" as a reason to give up all our rights. "You can't have privacy, you can't have P2P file sharing, you can't use the internet, and you can't access porn among consenting adults. Why? Becuase you might be a child pornographer!"
(sarcasm)
Hell, lets outlaw cars! They can be used to conduct bank robberies and kidnappings! Lets outlaw cameras! They can be used by to take pictures of naked children!".
Lets outlaw freedom! It can be used to do al sorts of heinous acts!
(/sarcasm)
Shades of EFNET (Score:1)
*** Looking up irc.suidnet.org
*** Connecting to 199.245.246.35
*** Connected to irc.suidnet.org
[s] *** Looking up your hostname...
[s] *** Found your hostname, cached
[*] Disconnected from irc.suidnet.org:6667 [Closing Link: xxxxxxxxx.xxxx.uswest.net (No more connections allowed in your connection class)]
*** Disconnected from irc.suidnet.org
Re:Demystifying Suidnet (Score:1)
Don't Laugh... (Score:2)
We'll need a properly implemented SJohn to keep our excretia from prying analysis!
encryption not a big crisis. (Score:2)
Encrypted options will probably only be used by about 5% of the users, so there won't be any significant toll on the network.
-Restil
Re:Demystifying Suidnet (Score:1)
What if you don't wish to speak to people unless you know it's secure ? What's the point of having YOUR link to the server encrypted, if the guy you're talking to isn't encrypted ? The plaintext will flow to him and ruin the whole idea.
Re:Where, Pray tell, is the Source? (Score:1)
Unstable code or not, the power behind IRC is the fact that if you don't like the way the community is looking, you can always find make your own.
I've spoken with Push, one of the admins, and he says the source isn't ready yet. Besides they've already explained what it is. Hybrid with stunnel and a slight mod for unencrypted connections. 99.99% of the source is known. Calm down and give em a little time before you berate them for not providing the source.
Re:Language Sexual Orientation: A guide (Score:1)
C++ is bi, but prefers butch women.
PASCAL is a transvestite.
FORTRAN doesn't have an active sex life anymore.
Visual BASIC is gay, but pretends it isn't.
Perl is very clearly, gay and proud.
PLEASE MOD THAT UP. THAT'S TOTALLY FUNNY
Re:Traffic analysis and secure messaging - thought (Score:1)
Re:Negative people on slashdot. (Score:1)
The best way to deal with kiddie porn is with a good f_king deal of violence in my opinion
Ok, now before you think I'm trolling here, let me explain my position. I've worked for years as a technician in the Australian District courts, and unfortunately we tend to get alot of Rock-spider pedophiles through here.
Phuck free speech when it comes to abusing children. I've had to deal with far too many suicides and absolutely horror-trashed lives from evil pricks abusing children
Fact A: When a rock-spider creates child-porn (Free speech?), he(or she) is quite likely screwing up that kid for life.
Fact: Sexual abuse is a No#1 cause of suicide and major lifetime depression
Ergo: Sexual abuse(free speech apparently) causes death.
I'm not getting hysterical here. I've seen it directly too many times.
Re:Negative people on slashdot. (Score:1)
However, I tend to believe that freedoms beget responsobilities. And as Sartre might put it, freedoms are infact precursors to responsibility.
To suggest that going after child-abusers abrogates free speech, ignores that the Child-pornographer has made an (authentic?) decision, within the context of free speech to abuse a child. To not put responsibility on the person who chose to use their freedom this way is in a sense bad faith(in the Sartre use of the term).
It's perhaps that freedom-until-your-nose thing. It's alright to use your freedom to do what thou shalt, but it's certainly not alright to use that freedom to destroy a childs life
And on that subject , in my IRC days, many moons ago, a favored past time was invading child-porn channels and nuking the crappers out of them.
And that is a positive act of good-faith freedom.
IRC Security and whats really needed. (Score:1)
That's great! (Score:4)
That way, no one else has to know who you are, or what you're saying... wait, if I wanted that, I could just lock myself in the closet...
---
pb Reply or e-mail; don't vaguely moderate [ncsu.edu].
Is this kind of security needed for IRC? (Score:2)
It's impossible to ever obtain absolute security, and the more security we have, the less convenient and powerful our programs are -- remember, the scripting in Outlook may be a security hole, but it's also a honestly useful feature for a lot of dumb secretarys. IRC doesn't seem like a medium where a lot of security is really necessary; I don't see any reason to sacrifice speed to keep A/S/L checks and MP3 begging encrypted.
Depends (Score:5)
Friend of mine works at (large computer manufacturing company). They have a non-official irc channel, sort of an e-WaterCooler...
Anyway, internal MIS dept. found out about it and started sniffing the network, and logged EVERYTHING that was said in the channel over a three week period. Talk of stupid bosses, who was screwing who, drug taking at weekend parties, the works.
Upshot: 6 people fired, 3 more severely reprimanded.
So, yeah, if you want to chat at work without "the man" hearing everything, this is a pretty important development. :^)
--
less netsplits+and a more intelligent user base (Score:1)
Sense of security good but... (Score:2)
The system also is at risk from "man in the middle" attacks, where an adversary substitutes the server's public key when it is sent out for their own key public key, and decrypts the messages, reads and/or modifies them, then encrypts them with the server key and sends them on.
Re:Depends (Score:1)
Re:Is this kind of security needed for IRC? (Score:1)
Another tax on the server? Eek... (Score:2)
There's little hope of this ever being implemented as a patch on any of the large existing networks if it's anywhere near as processor intensive as I'd guess this would be. Benchmarks, anyone?
Perhaps for small corporate networks, but forget mainstream. And isn't that where we need it?
Huh? (Score:1)
Is that some sick programmer's parody of "I.R. Baboon"?
Well, it won't work, because...
I.M. Weasel!
Re:Demystifying Suidnet (Score:2)
Re:Real security... (Score:1)
Traffic analysis and secure messaging - thoughts.. (Score:4)
Something I haven't seen brought up in these discussions is traffic analysis. Foiling TA is the key to truly secure communications. This is tougher than it sounds, as there are many ways to glean info from an encrypted channel.
The "Buddy List" (or, if you prefer, list of users on a channel) is the most useful piece of intelligence for any security force. Start with an individual under suspicion, watch who that individual communicates with, when, and how frequently, and you know who to investigate next. Encrypted message traffic doesn't affect this channel of info.
Consider encrypted ICQ - messages may be encrypted, and broadcast point-to-point, every user's "buddy list" lives on AOL's servers. Every sign-on or -off is recorded. At this point, say you've got a "buddy" in your list who's sharing MP3s or hosting DeCSS. RIAA/MPAA subpoenas user's buddy list from AOL (whoops, since it's AOL/TW, a court order probably isn't necessary!). Now you are brought under suspicion or targeted for harassment, or otherwise dragged into a case you may have known nothing about.
Now, this has me thinking, what would it take to defeat TA in an instant-messenger type product. I'm not a coder by any means, but I have a few ideas:
Any thoughts on this? Anyone working on such a system already?
-Isaac
Forgot to mention... (Score:2)
-Isaac
Re:Negative people on slashdot. (OT) (Score:1)
PS- If you really want help your kiddie porn crusade, I suggest you contribute to developments in AI. If you accept the idea that people will eventually create a self-aware computer program, you can accept the idea that it will probably be used to monitor internet traffic.
Thats the scary part about singularity that most of us don't want to see. Infinite power as such an AI could wield, should not be wielded for "social causes," or we are all in BIG BIG trouble. Think the ultimate Big Brother. We can only hope to not pass on our social goals into any seed AI that we write, if it would even be possible. (A lot of our society doesn't make logical sense from an external point of view. The AI may be too smart to fall victim to our socialization.)
-
Re:Negative people on slashdot. (Score:2)
Encryption is a double-edged sword - It protects you against evesdropping when working correctly, but unfortunately it also makes you *feel* secure. The immediate question then has to be - if you feel secure, and start divulging secrets you wouldn't trust to an insecure channel, then under what circumstances could someone else gain access to that information? when will your trust in the security of the channel let you down? As I see it, there are several points of attack:
- Tunnel insecurity or MitM attacks
- client insecurity
- Server insecurity
- Abuse of priviledge
- Exploits against the server
These are just the first few points that spring to mind, and yes, the #suid people have done well (and more importantly, have gotten off their backsides and written this stuff rather than just sitting around saying how good it would be if someone did) but security, like fire safety, is something that needs a good hard look and frequent inspection.Someone could compromise the security of the channel between you and the server, either by getting the server's key, getting you to switch to an insecure channel, or intercepting the initial communications so as to set up TWO encrypted channels, one from you to him, and one from him to the server.
Someone could hack, exploit loopholes in or plain replace your client with one that lets him spy. This also effects any logfiles you keep - you may think of them as historic data, but they are really a realtime window into what you can see, on a second-by-second basis
This is a biggie, and needs dividing up
Server admins could (for example) activate logging on a channel to see what was said there - or create an invisible client for themselves so they are "on" the channel without being seen
A blackhat attacker could exploit weaknesses in the server software to gain admin priviledges, then abuse them as above
--
web server = losangeles3.ca.us.suidnet.org (Score:2)
-suidnet.org- *** Looking up your hostname...
-suidnet.org- *** Found your hostname
Welcome to the Internet Relay Network Jesse
--
Hostname (Score:2)
--
Re:How secure is this really? (Score:1)
Second. I did not read specs. But I immagine that one could create a secure system where:
As for increase in network traffic. 16 extra bytes per message for authentication is not a big deal when just tcp/ip header is 40 bytes long. And you could save more by changing full name of server to just id.
For those who speak about central authority. If I have some friends who I communicate a lot I will have stored their id files (also I don't know if this is in this implementation) and my client could warn me if somebody other pretending to be friend of mine.
All in all - I suppose this is good idea. The only problem - I could not find source for their server.
Re:Demystifying Suidnet (Score:1)
Andy Church's IRC3 proposal (Score:1)
I read through it a while ago, didn't see anything obviously wrong with it - although at that point there were still a few loose ends pointed out in the text. Problems with retaining sync across a redundant-link network, in particular (this is why IRC-II, the current protocol, specified non-redundant links).
Other enhancements in IRC3 include better international support and features which should encourage better-designed IRC clients.
Re:Screw encryption, I want redundant links (Score:1)
]$`};L(;/proc);[I(;];<C{;};1S[;`\/while=1E1L[`\p roc{>=
Re:anonirc (Score:1)
.siglost
kpr0nz==sexual exploitation (Score:2)
Yes, there is such a thing as a sexually precocious child, and a couple of recent studies have found (to great outcry) that there is indeed a matter of degree when it comes to traumatization, but there are enough ten year old Cambodian girls being conscripted into what amount to rape camps so that kiddie porn and child prostitution can happen that I can see the merits of disrupting the revenue flow at every level. It is not the content itself that is condemned, but the fact that a crime must be committed in order to produce the content. Therefore governments feel justified in supressing this material, because making kpr0nz unpossessible makes it unbuyable makes it unsellable makes it unprofitable makes it stop being an industry.
The problem arises, though, that this model no longer applies. A digital camera and a modem can make anyone a pornographer. Plenty of Internet porn of the consenting adult variety is created without profit as a motivator. Kpr0nz are just as easy to produce. So now we face the dilemma that there is no revenue stream to disrupt: you aren't necessarily trying to destroy a commercial enterprise. The payment isn't money, but pride; sort of the Open Source philosophy as applied to naked people. But can even if certain transactions can be outlawed, can approval be outlawed as well? If it's illegal to sell it, is it illegal to give it away?
So what can be done about people who sexually exploit children just for the hell of it? I am inclined to say that without a revenue model, the current kpr0nz laws make less sense. Nevertheless, the producers thereof are severe assholes for doing what they are doing, money or no money. I will cheerfully endorse their prosecution, not because of what they are making, but because of what they are doing.
If we are back to a pure-speech issue about the material itself, whether to outlaw it becomes a somewhat more difficult question.
One last question, just to thicken the stew: What about material in which no sexual exploitation happened? For example: if you have ever seen a picture of a supermodel doctored up so that it looks like somebody just ejaculated on her face, would a picture of Jean Benet Ramsey doctored up the same way constitute child pornography? Where was the sexual exploitation?
--
Re:kpr0nz==sexual exploitation (Score:1)
"Innocent until proven guilty."
At least thats how it was supposed to work.
What about Jabber? (Score:1)
after trying Gale, I tried Jabber [jabber.org]. I think jabber is much closer to the answer I was looking for. I just wish it was closer to done than it is...and I REALLY wish there was a clearer map of all the jabber-related projects.
All I wanted was an easy to set up and easy to use chat/messaging server with encrypted communication and strong authentication.
IMHO,
Michael
Re:Demystifying Suidnet (Score:1)
Your words will be just as secure.
Re:Negative people on slashdot. (Score:2)
Well, (1) is inherent in single-ended PK systems - If you used (for example) PGP keys in the mix, then you would have to compromise all the PGP keyservers; single-endedness is one of the known weaknesses of SSL.
(2) is a specific weakness in IRC packages - I am not saying that the software you choose does have that weakness, just that many security loopholes have been found so far, and more will be in the future. IRC software is often not secured against such attacks, as it isn't normally security-critical.
3 is probably the best criticism, and it will be hard to address. What about this, for each person you want to talk to on the channel, you select their public key out of your trusted keyring, and anyone in the channel you don't trust, you can just not select their key.
Yep, that was (roughly) the approach that occurred to me too. However, I was thinking in terms of Session Keys for a channel - so (assuming a PGP overlay) the first person on channel generates a session key; The second person online must request the key from the channel founder, via a PK encrypted request and reply (keys from the public servers, not implicit of trust). If the two have an existing relationship, the channel is marked trusted; if the two don't have an existing trust relationship, but the channel founder hands over the key, then the channel is marked secure-but-distrusted; if the channel founder refuses the key request, the channel remains dormant, but the new user remains on the external waiting-for-admittance list (structurally, this will look like a join-refused to any external IRC package; some new commands would need to be added between the IRC package and the interface module handling the encryption so the user could check his waiting status)
Ok, now a third party joins; if he is trusted, then he gets the session key and the channel owner sends to him the current waiting list; anyone on that list HE trusts he then contacts and invites to the channel, thus maintaining the trusted status; there is some additional stuff I have mapped out about doing a trust-check to upgrade secure-but-distrusted to trusted; basically, there is a rekey event, and it is handed to all the trusted users via the "hard" trust relationships; if any untrusted users remain, they either receive the key via the old session key (a soft upgrade attempt) or are excluded from the channel (a hard upgrade)
This of course requires a lot of client modifications, but if we came up with something standard, I am sure Kahled would be a willing listener, one who doesn't have to follow stupid US encryption laws either.
One of the advantages of the scheme I came up with was it could be done entirely from a "gateway" app, similar to the one used to provide SSH functionality to apps that don't support SSH. As it would inherently understand IRC, it could handle ping/pong events, the encryption/keying and rekeying itself, and support "additional" commands that trigger events (similar to bot ! commands, but not displayed on the channel)
--
Re:kpr0nz==sexual exploitation (Score:1)
My stance on gun control is the same as it is on vehicle control, steak knife control, and technology control: fix the societal ills that produce people willing to commit heinous crimes, and there will be no need to control the tools and implements with which the crimes are committed (and which have perfectly legitimate and society-benefitting uses). And if you (generally and collectively) are not willing to fix those ills, then you must tolerate the crimes. What it mostly boils down to in my mind is the lack of proper parenting in the current and immediately previous generations. If we as a society raise good parents, then within two generations most of our violent crime, drug use, child abuse, etc. will be gone. It may sound Utopian, but if you think about it you might start to agree with me.
</rant>
Real security... (Score:2)
The next question you have to ask is if you trust the operators of your network. Did they (intentionally) hack the ircd to give them a copy of all traffic? Did they (unintentionally) leave some security hole open on one of their servers?
This is a big step forward, but don't think that this protects you from everything.
--Kai
--slashsuckATvegaDOTfurDOTcom
Negative people on slashdot. (Score:5)
Don't you think the Government already has some sort of monitoring system for IRC? Don't you think that this would at least provide some higher level of security than none at all? Sure, none of you all will admit to using IRC, but that doesn't matter, because hundreds of thousands of other people do use IRC, and in the end, we are the ones that know how to protect ourselves, they are the ones that don't.
I think this system is a good idea, and while some of you have valid points, there are limits to the security of a public messaging system. After all, all security eventually boils down to trusted authority regarding identity, which is something IRC may never have.
-
Re:Is this kind of security needed for IRC? (Score:1)
block irc traffic with security as an excuse, with the real reason ofcourse
that users should not be wasting time on irc anyway.
But currently irc is a security threat, as the favourite hobby of
script kiddies is invading channels on irc. However, I don't see how ssl
connections to IRC will make it any more secure. Ofcourse, you can't
be sniffed, but channel/nick invasions remain.
personally, I have better expectations for silc [silc.pspt.fi],
which seems to be IRC Done right.
Re:Negative people on slashdot. (Score:2)
How secure is this really? (Score:3)
with delusions of grandeiur. If all the links are
encrypted from clientsservers then how much security have you really gained? Noone can sniff your network, but do you trust the admin's of the servers not to patch the daemon and sniff your traffic? What about the local SS coming and forcing you to install those patches? You'd be far better to extend the CTCP (Client To Client Protocol) that runs over the top of irc to support encryption. IRC already has this in the 'SED' CTCP, which unfortunately isn't too secure. Someone with some spare time could easily hack this up.
The next point is how much cpu do you have? Encryption is
all very fine, but having the servers do all the work causes all sorts of problems, when you hit 10k clients per server as some networks have done how much cpu are you going to need to use then?
Re:Negative people on slashdot. (Score:1)
-
Re:Resonable explecation of privacy (Score:1)
Ever heard of "invite only"? This would also let the people on the channel see that you're there.
>IRC is more like a club.. Everything is public and quite a few people are jerks.
This doesn't mean that I shoul accept that any jerk treats me like shit(or listen's to private conversation, or whatever)
Just because it traditionally IRC have been easy to spy on IRC users doesn't mean that it should be.
--
Re:Developing alternatives: (Score:1)
If you don't speak hungarian you can always try it by
1)Install stunnel<PLUG>(apt-get install stunnel)</PLUG>
2)run "stunnel -c -d localhost:6667 -r segfault.sirc.hu:6657" as root(I don't know if it's the same syntax for MS windows).
3)connect to localhost:6667 with your favorite IRC-client.
--
Screw encryption, I want redundant links (Score:1)
I don't need encryption on IRC. I'm not a tinfoil-hat-wearing psycho, afraid that THE MAN is going to snoop on my takeovers and age/sex checks. However, I'm a big-time EFnet user, and one sure way to stop the recent EFnet problems - huge splits - is with redundant links.
The current network is laid out with hub servers and leaf servers. The IRC protocol forbids any link that would provide more than one path for a message between two given servers (a redundant link). That means that if big hub irc.exodus.net loses its connection to big hub irc.best.net, the network is split into two sub-networks of roughly equal size.. the worst kind of split.
If redundant links were allowed, each big hub could link to every other big hub, and smaller hubs could link to more than one big hub. When a hub connection dies, there's already another connection in place. The result? No split.
]$`};L(;/proc);[I(;];<C{;};1S[;`\/while=1E1L[`\p roc{>=
anonirc (Score:2)
"nick!user@host joins #whatever", you'll see
"anonymous!anonymous@anonymous joins &whatever"
The trick iirc is that you have to join &channelname (ampersand instead of hash) and set the +a channel mode on.
/mode &whatever +a
This is however not 100% securely enforced, but along with secure-irc it would be close enough
Interesting... (Score:2)
the network traffic and requires no changes to the server,
and gives you the same amount of protection.
The redundant links idea has been thrown around irc for years,
and runs into some serious problems, for starters irc is very prone to 'desyncs', and
many of the serverserver protocols aren't atomic with respect to a command, causing more
desyncs. It basically ends up with you sending all the data multiple times which isn't really practical. And even if you could, if a servers unreachable, it's unreachable, no number of TCP connections will stop it from splitting.
A lot of the splits on the major networks today are due to DDoS attacks against ISPs and/or the servers.
In other news.... (Score:3)
Today was the announcement of the encryption toilet, SecureJohn (SJohn). When flushed, it scrambled it's contents as to render them useless to prying eyes. Microsoft has chosen to implement it's own version in it's latest OS with stand alone versions available for purchase. While MS John will not be full compatible with SJohn, open source proponents are rumored to be working on OpenJohn for the various flavours of Unix.
Back to you CmdrTaco.
Resonable explecation of privacy (Score:1)
E-mail is a personal message from me to someone else.. this privacy should not be invaded.
IRC is a public chat.. You allready have no privacy on IRC.. Want to see whats being said on a given channel? Supper secret IRC command that will let you do this....
Packet sniffing will let you observe chats on channels you were banned from.. big deal... It's not private... The most you can do is secure a channel from some jerk flooding the channel with "I am the lizard king" or "Hay babe want hot sex?"
E-mail is well mail.. how would you feel if someone openned your personal mail?
IRC is more like a club.. Everything is public and quite a few people are jerks.
When when you kick the out they can still look in the Windows.
I'd be annoyed if someone was reading my e-mail to my GF but spying in on a chat with friends on IRC is pritty much fair game... big deal
.. (Score:1)
Developing alternatives: (Score:2)
will perform similar functionality (and other stuff), and also be more secure
NOTE: It's very much "in development" at the moment...
best wishes,
Mike.