people can just bomb in on anyone's conversation in real time, from any browser, no consequences
This is rather misleading. Mibbit may be a browser-based client, but it does pass on the user's IP to the remote ircd, which means exactly the same protections exist as for any other irc client.
Incidentally, having personally written the software behind an irc network that's bigger than freenode (I wrote justin.tv's chat server, which has had a peak of more than 360k concurrent clients connected), I would trust Mibbit long before I would trust a bunch of other clients. MIRC, in particular, is plain nasty.
Incidentally, having personally written the software behind an irc network that's bigger than freenode
From what I've read in your comments in the past, I'm assuming you used Twisted for the IRC backend. I was wondering, if you were starting this project today, would you still use Twisted? (apologies for veering off topic)
Yes, I used Twisted as the non-blocking network substrate for JTV chat. Actually in the initial implementation I used their IRC protocol library too, but that has been gradually dropped and replaced as more and more problems have been found. This is my general impression of Twisted actually - as an i/o core, it's rock-solid, but the protocol libraries are much more rough and many have clearly not been tested under significant load or with real-world messy data.
As for whether I would use it again... I think I'd be really tempted to use Clojure to be honest. Python is nice enough, but I still find myself missing a real Lisp (I did a lot of CL work before I joined JTV).
Not on a single box, no - we run these machines in a cluster. Each chat machine scales up to a bit more than 80k simultaneous connections (each machine runs 8 processes, each of which can do about 10k simultaneous). There's some amount of IPC between all the chat processes in the cluster, but not too much, which means we can pretty much scale linearly just by adding hardware at this point.
Hm. Still, 80k per box is nothing to sniff at, especially with Python.
I've been using Ruby's EventMachine, I can get it up to about C20k before it blows up, but that's local only, remains to be seen what proper connections will do. Haven't tried multiple processes yet. As for IPC I just dump everything into AMQP, whose fanout exchanges seem practically designed for IRC : D
Hm, anyway, thanks for the info. Really cool to hear python stretching that far.
This is rather misleading. Mibbit may be a browser-based client, but it does pass on the user's IP to the remote ircd, which means exactly the same protections exist as for any other irc client.
First, it's considerably easier to find open web proxies than it is to find IRC-capable proxies, and Freenode runs proxy detection to catch use of IRC-capable proxies.
Second, trusting Mibbit's IP address reporting is a tall order, equivalent to peering their IRC servers with Mibbit, as it would allow Mibbit to readily spoof basic user identity.
Incidentally, having personally written the software behind an irc network that's bigger than freenode (I wrote justin.tv's chat server, which has had a peak of more than 360k concurrent clients connected), I would trust Mibbit long before I would trust a bunch of other clients. MIRC, in particular, is plain nasty.
What 'trust' must be divested in end-user, per-user desktop IRC clients? Mibbit must be trusted to report user identity accurately, to not allow proxy connections, and to quickly respond to abuse while not causing freenode's volunteer's undue labor.
Most importantly, freenode is privately owned and managed, it's not a public service and has no responsibility to provide service to Mibbit, especially if Mibbit causes a disproportionately sized administrative headache.
...it would allow Mibbit to readily spoof basic user identity.
What conceivable reason would Mibbit have for doing that?
Mibbit must be trusted to ... not allow proxy connections
No, that's not true. Mibbit must be trusted merely to pass-on the correct IP. Then Freenode's existing proxy detection can handle the job of rejecting proxied connections.
You are publicly calling into question Mibbit's integrity here, and suggesting that there's an incentive to give Freenode false information about users' IP addresses. Why?
"You are publicly calling into question Mibbit's integrity here"
I know nothing about Mibbit beyond their web page and their colourful representative here, but - it's not about the personal integrity of the founder, or whatever. Mibbit's whole business model is around advertising. The more page views, the more advertising, the more profit. They have no investment in any other metric. It is reasonable to assume Mibbit does whatever they can think of to boost their usage.
"suggesting that there's an incentive to give Freenode false information about users' IP addresses"
There is a clear commercial incentive to encourage usage of the service. If sending random IPs to Freenode boosts revenue, there would be an incentive to do that. That would be reprehensible, of course, but you can't say there's no incentive.
If I have $1million there is incentive for people to shoot me in the head and take my money. I guess that means that I should hide away in the mountains as a hermit and shun society, because everyone that is part of the society has an incentive to screw me over.
You are publicly calling into question Mibbit's integrity here, and suggesting that there's an incentive to give Freenode false information about users' IP addresses. Why?
Regardless of Mibbit's integrity -- of which I have no opinion, and am not calling into question -- freenode has absolutely no responsibility (contractual, moral, or otherwise) to extend their trust to any third party.
If Mibbit wishes to resolve the issue they can enter into a contract with Freenode to establish trust. Mibbit can provide a financial incentive and contractual guarantees, and in return Freenode can agree to extend Mibbit trust and administrative resources.
Most of your arguments (throughout all the discussion threads) boil down to:
1. All the channels you help manage banned all Mibbit users due to abuse/problems.
2. Freenode _could possibly_ have IP addresses purposefully misreported by Mibbit to them, so they shouldn't have to trust them.
3. Freenode shouldn't be _forced_ to accept traffic/users from Mibbit.
My Responses:
(1) You had a problem with Mibbit users that you seem to have solved. Why do you need to argue so passionately against Mibbit if it was so easy for you to solve? Did it take you hours and hours to figure out how to ban Mibbit users from your channels? There is a post by someone from #perl that says they even figured out how to extract the original user's IP and that they were able to get rid of most of the bad users by banning the default Mibbit prefix. That doesn't seem too hard to me (banning the nick prefix). Could you enlighten us as to why Mibbit made it a PITA to ban all Mibbit users from your channel?
(2) I don't see any claims that Freenode knows that Mibbit is misreporting its users' IP addresses. Whether or not they have incentive to do so is irrelevant because it does not even seem to be a stated reason behind Freenode's decision. Therefore presumably Freenode either believes what Mibbit reports or they don't think that it's a minor issue. In either case, I don't see how it should be a large part of this discussion. To further argue against your point, Freenode supports Tor. Tor's stated objective is to help users be anonymous. Should Freenode also ban all users from ISPs that allow them to reset their modems to get another dynamic IP address?
(3) I see lots of disagreement with Freenode's decision, and calls for reversal but I have yet to see someone claiming that Freenode should be required to never ban a certain client. Just because someone disagrees with a decision doesn't mean they believe that the person/group doesn't have a right to make a decision. Much in the same way that just because Freenode has the right to make this decision I am not required to like it.
Could you enlighten us as to why Mibbit made it a PITA to ban all Mibbit users from your channel?
We had to solve the problem, as did all other channels with this issue. You reference another poster who had similar issues. How many man hours were blown by individual channel managers dealing with Mibbit issues?
I don't see any claims that Freenode knows that Mibbit is misreporting its users' IP addresses. Whether or not they have incentive to do so is irrelevant because it does not even seem to be a stated reason behind Freenode's decision. Therefore presumably Freenode either believes what Mibbit reports or they don't think that it's a minor issue. In either case, I don't see how it should be a large part of this discussion. To further argue against your point, Freenode supports Tor. Tor's stated objective is to help users be anonymous. Should Freenode also ban all users from ISPs that allow them to reset their modems to get another dynamic IP address?
1) Whether or not Mibbit misrepresents IP addresses isn't really the issue. Why should Freenode have to adopt a policy of extending trust to a third party service? What about future services that also request similar access? Why is this Freenode's problem?
Additionally, this is relevant because extending trust would simplify freenode's handling of abuse, and is so the recommended (demanded?) course of action by Mibbit proponents.
2) Freenode supports Tor, but has banned Tor in the past, may do so again in the future, and had to expend extra effort to work with the EFF to support Tor.
Since Tor is intended (in no small part) to provide a service to users in fascist states, Freenode clearly felt this was worth addressing, but even still, have had to take draconian measures due to abuse in the past.
I see lots of disagreement with Freenode's decision, and calls for reversal but I have yet to see someone claiming that Freenode should be required to never ban a certain client. Just because someone disagrees with a decision doesn't mean they believe that the person/group doesn't have a right to make a decision. Much in the same way that just because Freenode has the right to make this decision I am not required to like it.
Simply put, I find the sense of entitlement to be audacious. Mibbit is an external service, has no claim to Freenode's services, and was causing Freenode a disproportionate amount of trouble.
I wouldn't expect or demand that Freenode accommodate peering AOL/AIM, Facebook, or any other external service -- why is Mibbit any different?
Well, I don't really know all the details behind Mibbit's implementation. Interesting that they pass on the IP. But the problem would then be that people can then use any of a number of proxies, etc, to get around that - Mibbit certainly does not have any incentive to block proxies, it's interested only in ad views. So it seems there would be a conflict of interest between Mibbit, interested in maximising users, and freenode, interested in maximising quality. Anyway, obviously freenode couldn't easily get around it, otherwise this news item wouldn't exist, right?
Funnily enough, I'm currently writing my own (toy) IRC server too, though I doubt it will (or could) ever serve the numbers you're talking about! Amazing that it has never really progressed beyond RFC2812, and even that was old news when it was written in 2000. I'd like to see IRC 2.0.
>> Mibbit certainly does not have any incentive to block proxies, it's interested only in ad views.
Mibbit blocks all known web proxies, tor, etc and has done for a long time. You really do think the worst of everyone don't you. I wonder what that says about you? :/
This is rather misleading. Mibbit may be a browser-based client, but it does pass on the user's IP to the remote ircd, which means exactly the same protections exist as for any other irc client.
Incidentally, having personally written the software behind an irc network that's bigger than freenode (I wrote justin.tv's chat server, which has had a peak of more than 360k concurrent clients connected), I would trust Mibbit long before I would trust a bunch of other clients. MIRC, in particular, is plain nasty.