Monday, March 22, 2010

Freenode Fails.

So, if you don't know what freenode is, you can stop reading right now; you won't find it interesting at all.

Out of the rest of you, those who use freenode regularly must've been around when for 2-3 days, we all faced massive netsplits due to javascript spam. Funnily enough, the solution for that problem was bloody easy:

iptables -m u32 --u32 0x0>>0x16&0x3c@0xc>>0x1a&0x3c@0x0=0x504f5354 -m recent --set --name lastmeasure --rsource -j DROP

Yes. That's it, and freenode couldn't do it for unspecified reasons. They kept telling us "Oh, we'll be moving to ircd-seven soon, and it'll be fixed then". I bought it. Everyone did. And true, no more spam and netsplits! For now.

But of course, the total failure level didn't improve at all. Now, people who don't auto-identify have a life of pain up their hands. Here's what happens when you identify after you've joined a channel:

* NICK (~HOSTNAME@IP ADDRESS) has quit: Changing host
* NICK (~HOSTNAME@CLOAK) has joined #CHANNEL

Yeah... your ip address gets displayed to everyone in the channel.

No, I lied, it doesn't get displayed to everyone. Everyone except you can see it. So you don't even know your ip address is getting displayed to everyone and quite possibly being logged in the channel. NOW WHOSE HARE-BRAINED IDEA WAS THAT?

Their "solution" for this? "Please use auto-identify, and no, we don't care about the reasons behind you not auto-identifying in the first place."

Oh, but there's more. If you have nick protection turned on, if you don't identify within 30 secs, your nick gets changed to GuestXXXX right? And the nick you were using gets "protected" right? With the move to ircd-seven, someone had to bright idea to make it "protected" against use by ANYONE including YOU. So you're left nickless unless you do a Quick Draw McGraw after logging in.

Dudes. WTF?

And don't give me the bullshit about "It's a free service, you get what you paid for". Other free networks get this right without getting funding from Canonical and hardware from Osuosl.

6 comments:

Anonymous said...

/msg NickServ HELP RELEASE
/msg NickServ HELP ACCESS

Nick owners can always regain their nick, you just have to RTFM.

Be seeing you...

mquin said...

If you've joined a channel before identifying to services your IP address will have already been displayed to the entire channel in the initial JOIN message - the faked quit-join message (which is sent for the benefit of clients which cache hostnames) doesn't increase your exposure.

If you are relying on hostname cloaking to obscure your IP address you should be identifying before joining channels, either manually or automatically.

You can always identify to services by providing your account name either in the server password field when connecting (in the form accountname:password), or using nickserv's identify command ('/msg nickserv identify accountname password').

Once you identified you can use '/msg nickserv release nick' to recover the protected nick. If you're finding this is happening a lot (as can be the case with common names) I would not expect it would be difficult for a scriptable client to automatically recover a nick when presented with the "nick is temporary unavailable" error.

nirbheek said...

@Anonymous: But why change the default and cause your ten-thousand users to have to re-learn nick protection? RTFM is not the correct response when you change behaviour. Not changing the behaviour in the first place is correct.

@mquin: Thank you for the detailed response, it was most informative. However, saving nick/pass on a shared computer is not an option, and having your ip address displayed twice (doubling the chances of misuse), really feels klutzy to me.

Anonymous said...

I wouldn't say freenode changed the 'default'. It merely corrected the abnormal way the old IRCD implemented this particular use case.

If you don't want to save the nick/pass in your client config file then don't, just make sure you identify to nickserv before joining channels, doesn't seem hard to me?

OliWarner said...

You can (and should) auth with nickserv by putting your nickserv password as the server password.

It has the additional benefit of auto-ghosting any old connections which is very handy if you have dodgy internet.

And because it happens on-connect, before you join anything, you should get your hostmask before anybody can see your IP.

mquin said...

Regarding saving your password - you shouldn't need to do that just in order to identify on connect.

In irssi for example, you can do

/connect chat.freenode.net 6667 accountname:password