Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

In what way are they making it more secure? Mibbit already implemented the WEBIRC protocol - how does the Freenode client go further than that?


Freenode manages their web client directly, which means that they can:

1) Manage it directly, immediately, and independently of any third party as to quickly respond to abuse.

2) Directly trust the web client's reporting of IP addresses, which is the primary form of unregistered user identity management on IRC.

3) Perform proxy detection on incoming web client connections, which they already use for non-web connections (http://freenode.net/faq.shtml#firewall)


(1) and (2) both boil-down to saying "we don't trust the operators of Mibbit to pass on the IP address accurately". Do you have examples of the IP address being inaccurate?

(3) makes no sense, assuming you do trust the IP address, so doesn't add anything more than (1) and (2). You can already perform proxy-detection if you have WEBIRC and you trust the reported IP.


It's not a question of "they don't trust Mibbit", it's just basic security practice. Anyone, even a freenode staffer running his personal project, would not have that trust extended to them.


http://news.ycombinator.com/item?id=665610

Apparently #perl found a way to get around this without banning all of Mibbit. Maybe others should take the time to put more than a "F* YOU!!" into this?

I'm curious as to how much time you've spend solving the problem vs. complaining about it in forums/channels... I can say that right now I have more respect for the #perl guys than you, and I'd never heard of Mibbit before this article...


Why should freenode, a not-for-profit independent entity, be required to extend trust to a third party service and their reporting of user identity?


I don't see anyone requiring that, but publicly calling into question the integrity of Mibbit without offering any evidence that they cannot be trusted is really bad karma imho.


Freenode has absolutely no innate responsibility to extend trust to a third party such as Mibbit. I see no reason to judge them poorly for failing to do so, or how this reflects on Mibbit's integrity.


Do you know what it took to get WEBIRC support setup with irc.mozilla.org? Rizon? efnet? slashnet? I popped in and asked. It's the same on most Networks.

They don't have any responsibility to provide it, they can do what they like to their users. But I think their users liked it - which is why thousands of people used mibbit to connect to freenode.

Freenode clearly has a closed management culture, which is why they want complete control of everything. I don't think that makes for a great community.


Freenode, by their own definition (lifted from the google search result for "freenode"):

Provide a friendly interaction environment for project coordination and for the support of community projects.

Freenode, as a communication platform (and particularly as a self-described "friendly" environment) have a duty, to common sense and intelligence, to make reasonable efforts to encourage communication rather than stifle it.

Being willfully wooden-headed about this whole thing is not just wrong because of the unnecessary harm it causes, it's also self-contradictory.


If AOL decided to proxy interested AIM users to Freenode, would it be Freenode's responsibility to provide the resources necessary to support those users as well?

What about Facebook? Google Talk?

As a member of several "community projects", I don't feel particularly slighted (and am, in fact, relieved due to decreased abuse) by the disconnection of Mibbit.




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: