Statement by freenode because of the block
http://blog.freenode.net/2009/06/new-freenode-webchat-and-wh...
Analysis:
Seems like mibbit was being abused and it was difficult for freenode to combat the abuse. Freenode eventually just got fed up with all the time required to fix the problem. It was too easy to get on mibbit to evade a ban to screw with a channel.
As someone who has been placed in the position of semi-regularly banning mibbit from freenode OSS project channels due to abusive users, I can't see how this is a bad thing.
The quality of user was exceptionally low, and "easy webchat" simply doesn't seem like a strong value proposition for the technical users that frequent the network.
Doesn't serve as counter argument for web chat providing strong value proposition, just that Freenode leveraged existing open source software to provide an alternative solution that they could directly manage.
(1) and (2) both boil-down to saying "we don't trust the operators of Mibbit to pass on the IP address accurately". Do you have examples of the IP address being inaccurate?
(3) makes no sense, assuming you do trust the IP address, so doesn't add anything more than (1) and (2). You can already perform proxy-detection if you have WEBIRC and you trust the reported IP.
It's not a question of "they don't trust Mibbit", it's just basic security practice. Anyone, even a freenode staffer running his personal project, would not have that trust extended to them.
Apparently #perl found a way to get around this without banning all of Mibbit. Maybe others should take the time to put more than a "F* YOU!!" into this?
I'm curious as to how much time you've spend solving the problem vs. complaining about it in forums/channels... I can say that right now I have more respect for the #perl guys than you, and I'd never heard of Mibbit before this article...
I don't see anyone requiring that, but publicly calling into question the integrity of Mibbit without offering any evidence that they cannot be trusted is really bad karma imho.
Freenode has absolutely no innate responsibility to extend trust to a third party such as Mibbit. I see no reason to judge them poorly for failing to do so, or how this reflects on Mibbit's integrity.
Do you know what it took to get WEBIRC support setup with irc.mozilla.org? Rizon? efnet? slashnet? I popped in and asked. It's the same on most Networks.
They don't have any responsibility to provide it, they can do what they like to their users. But I think their users liked it - which is why thousands of people used mibbit to connect to freenode.
Freenode clearly has a closed management culture, which is why they want complete control of everything. I don't think that makes for a great community.
Freenode, by their own definition (lifted from the google search result for "freenode"):
Provide a friendly interaction environment for project coordination and for the support of community projects.
Freenode, as a communication platform (and particularly as a self-described "friendly" environment) have a duty, to common sense and intelligence, to make reasonable efforts to encourage communication rather than stifle it.
Being willfully wooden-headed about this whole thing is not just wrong because of the unnecessary harm it causes, it's also self-contradictory.
If AOL decided to proxy interested AIM users to Freenode, would it be Freenode's responsibility to provide the resources necessary to support those users as well?
What about Facebook? Google Talk?
As a member of several "community projects", I don't feel particularly slighted (and am, in fact, relieved due to decreased abuse) by the disconnection of Mibbit.
Agreed. Maybe it's not very nice, but I kind of think that anyone incapable of installing a proper IRC client probably shouldn't be using IRC in the first place.
The situation on, say, the ruby-talk mailing list is analogous; whenever you see a really, really stupid question, check out the submitter - chances are it's through one of the web interfaces to the ML.
The necessity of installing and configuring an IRC client to use freenode is an example of a good barrier to entry.
I can think of several times I've used mibbit to pop in to #startups (or another channel on another network) because installing an IRC client just isn't possible (lack of admin rights, on someone else's computer, etc).
Not at all. It's like a short, basic aptitude test before you're able to join a recreational sports team, or maybe a driving test. Just shows that you know the ropes at least a bit, you have at least basic competence.
Remove that and people can just bomb in on anyone's conversation in real time, from any browser, no consequences, nothing. Is that really what you want?
I object to your use of the word "elitism". Someone's basic technical competence, and the effort they've put in to do something, is a pretty reliable guide to the quality of their contribution, whatever it might be. When I see someone has a free blog on wordpress.com or what not, I instantly assume they either do not care or do not know how to set up their own system. When I see someone with a hotmail address I assume they do not know better. And on irc, when I see someone using mibbit, I assume they do not know how - or are too lazy - to set up IRC.
If people can't put in this basic effort, why let them in? You can yell "elitism" all you want; I prefer to think of it as "rules of the club". Anyone can join the club, they just have to pass the first, very easy, test. What is wrong with that?
And I think your use case for the service, as described in your anecdote, is likely to be quite atypical. I doubt the majority of Mibbit users just happened to be using it because they were using someone else's computer. You are the exception to the rule.
Someone's basic technical competence, and the effort they've put in to do something, is a pretty reliable guide to the quality of their contribution, whatever it might be. When I see someone has a free blog on wordpress.com or what not, I instantly assume they either do not care or do not know how to set up their own system.
What about actually looking at their contribution and judging it on its own merits?
Isn't this just like judging someone's talk by how they look or judging a book by its cover? Isn't this the same principle as racial profiling? You take a factor which seems to have a correlation but which is incidental to what you're really trying to determine?
For that matter, isn't it like, "that new VM can't be that much better. Aren't our VM guys really smart?"
The really annoying thing about the Pointy Haired Bosses is their constant use of such heuristics in evaluating technology. It's when we see how their heuristics are maddeningly wrong when they dismay us the most.
I propose that we techies would be better served by eschewing such sloppy heuristics and actually evaluating technology and technical expertise. We have big brains, so we can just reserve judgment on the rest until we have actual evidence.
people can just bomb in on anyone's conversation in real time, from any browser, no consequences
This is rather misleading. Mibbit may be a browser-based client, but it does pass on the user's IP to the remote ircd, which means exactly the same protections exist as for any other irc client.
Incidentally, having personally written the software behind an irc network that's bigger than freenode (I wrote justin.tv's chat server, which has had a peak of more than 360k concurrent clients connected), I would trust Mibbit long before I would trust a bunch of other clients. MIRC, in particular, is plain nasty.
Incidentally, having personally written the software behind an irc network that's bigger than freenode
From what I've read in your comments in the past, I'm assuming you used Twisted for the IRC backend. I was wondering, if you were starting this project today, would you still use Twisted? (apologies for veering off topic)
Yes, I used Twisted as the non-blocking network substrate for JTV chat. Actually in the initial implementation I used their IRC protocol library too, but that has been gradually dropped and replaced as more and more problems have been found. This is my general impression of Twisted actually - as an i/o core, it's rock-solid, but the protocol libraries are much more rough and many have clearly not been tested under significant load or with real-world messy data.
As for whether I would use it again... I think I'd be really tempted to use Clojure to be honest. Python is nice enough, but I still find myself missing a real Lisp (I did a lot of CL work before I joined JTV).
Not on a single box, no - we run these machines in a cluster. Each chat machine scales up to a bit more than 80k simultaneous connections (each machine runs 8 processes, each of which can do about 10k simultaneous). There's some amount of IPC between all the chat processes in the cluster, but not too much, which means we can pretty much scale linearly just by adding hardware at this point.
Hm. Still, 80k per box is nothing to sniff at, especially with Python.
I've been using Ruby's EventMachine, I can get it up to about C20k before it blows up, but that's local only, remains to be seen what proper connections will do. Haven't tried multiple processes yet. As for IPC I just dump everything into AMQP, whose fanout exchanges seem practically designed for IRC : D
Hm, anyway, thanks for the info. Really cool to hear python stretching that far.
This is rather misleading. Mibbit may be a browser-based client, but it does pass on the user's IP to the remote ircd, which means exactly the same protections exist as for any other irc client.
First, it's considerably easier to find open web proxies than it is to find IRC-capable proxies, and Freenode runs proxy detection to catch use of IRC-capable proxies.
Second, trusting Mibbit's IP address reporting is a tall order, equivalent to peering their IRC servers with Mibbit, as it would allow Mibbit to readily spoof basic user identity.
Incidentally, having personally written the software behind an irc network that's bigger than freenode (I wrote justin.tv's chat server, which has had a peak of more than 360k concurrent clients connected), I would trust Mibbit long before I would trust a bunch of other clients. MIRC, in particular, is plain nasty.
What 'trust' must be divested in end-user, per-user desktop IRC clients? Mibbit must be trusted to report user identity accurately, to not allow proxy connections, and to quickly respond to abuse while not causing freenode's volunteer's undue labor.
Most importantly, freenode is privately owned and managed, it's not a public service and has no responsibility to provide service to Mibbit, especially if Mibbit causes a disproportionately sized administrative headache.
...it would allow Mibbit to readily spoof basic user identity.
What conceivable reason would Mibbit have for doing that?
Mibbit must be trusted to ... not allow proxy connections
No, that's not true. Mibbit must be trusted merely to pass-on the correct IP. Then Freenode's existing proxy detection can handle the job of rejecting proxied connections.
You are publicly calling into question Mibbit's integrity here, and suggesting that there's an incentive to give Freenode false information about users' IP addresses. Why?
"You are publicly calling into question Mibbit's integrity here"
I know nothing about Mibbit beyond their web page and their colourful representative here, but - it's not about the personal integrity of the founder, or whatever. Mibbit's whole business model is around advertising. The more page views, the more advertising, the more profit. They have no investment in any other metric. It is reasonable to assume Mibbit does whatever they can think of to boost their usage.
"suggesting that there's an incentive to give Freenode false information about users' IP addresses"
There is a clear commercial incentive to encourage usage of the service. If sending random IPs to Freenode boosts revenue, there would be an incentive to do that. That would be reprehensible, of course, but you can't say there's no incentive.
If I have $1million there is incentive for people to shoot me in the head and take my money. I guess that means that I should hide away in the mountains as a hermit and shun society, because everyone that is part of the society has an incentive to screw me over.
You are publicly calling into question Mibbit's integrity here, and suggesting that there's an incentive to give Freenode false information about users' IP addresses. Why?
Regardless of Mibbit's integrity -- of which I have no opinion, and am not calling into question -- freenode has absolutely no responsibility (contractual, moral, or otherwise) to extend their trust to any third party.
If Mibbit wishes to resolve the issue they can enter into a contract with Freenode to establish trust. Mibbit can provide a financial incentive and contractual guarantees, and in return Freenode can agree to extend Mibbit trust and administrative resources.
Most of your arguments (throughout all the discussion threads) boil down to:
1. All the channels you help manage banned all Mibbit users due to abuse/problems.
2. Freenode _could possibly_ have IP addresses purposefully misreported by Mibbit to them, so they shouldn't have to trust them.
3. Freenode shouldn't be _forced_ to accept traffic/users from Mibbit.
My Responses:
(1) You had a problem with Mibbit users that you seem to have solved. Why do you need to argue so passionately against Mibbit if it was so easy for you to solve? Did it take you hours and hours to figure out how to ban Mibbit users from your channels? There is a post by someone from #perl that says they even figured out how to extract the original user's IP and that they were able to get rid of most of the bad users by banning the default Mibbit prefix. That doesn't seem too hard to me (banning the nick prefix). Could you enlighten us as to why Mibbit made it a PITA to ban all Mibbit users from your channel?
(2) I don't see any claims that Freenode knows that Mibbit is misreporting its users' IP addresses. Whether or not they have incentive to do so is irrelevant because it does not even seem to be a stated reason behind Freenode's decision. Therefore presumably Freenode either believes what Mibbit reports or they don't think that it's a minor issue. In either case, I don't see how it should be a large part of this discussion. To further argue against your point, Freenode supports Tor. Tor's stated objective is to help users be anonymous. Should Freenode also ban all users from ISPs that allow them to reset their modems to get another dynamic IP address?
(3) I see lots of disagreement with Freenode's decision, and calls for reversal but I have yet to see someone claiming that Freenode should be required to never ban a certain client. Just because someone disagrees with a decision doesn't mean they believe that the person/group doesn't have a right to make a decision. Much in the same way that just because Freenode has the right to make this decision I am not required to like it.
Could you enlighten us as to why Mibbit made it a PITA to ban all Mibbit users from your channel?
We had to solve the problem, as did all other channels with this issue. You reference another poster who had similar issues. How many man hours were blown by individual channel managers dealing with Mibbit issues?
I don't see any claims that Freenode knows that Mibbit is misreporting its users' IP addresses. Whether or not they have incentive to do so is irrelevant because it does not even seem to be a stated reason behind Freenode's decision. Therefore presumably Freenode either believes what Mibbit reports or they don't think that it's a minor issue. In either case, I don't see how it should be a large part of this discussion. To further argue against your point, Freenode supports Tor. Tor's stated objective is to help users be anonymous. Should Freenode also ban all users from ISPs that allow them to reset their modems to get another dynamic IP address?
1) Whether or not Mibbit misrepresents IP addresses isn't really the issue. Why should Freenode have to adopt a policy of extending trust to a third party service? What about future services that also request similar access? Why is this Freenode's problem?
Additionally, this is relevant because extending trust would simplify freenode's handling of abuse, and is so the recommended (demanded?) course of action by Mibbit proponents.
2) Freenode supports Tor, but has banned Tor in the past, may do so again in the future, and had to expend extra effort to work with the EFF to support Tor.
Since Tor is intended (in no small part) to provide a service to users in fascist states, Freenode clearly felt this was worth addressing, but even still, have had to take draconian measures due to abuse in the past.
I see lots of disagreement with Freenode's decision, and calls for reversal but I have yet to see someone claiming that Freenode should be required to never ban a certain client. Just because someone disagrees with a decision doesn't mean they believe that the person/group doesn't have a right to make a decision. Much in the same way that just because Freenode has the right to make this decision I am not required to like it.
Simply put, I find the sense of entitlement to be audacious. Mibbit is an external service, has no claim to Freenode's services, and was causing Freenode a disproportionate amount of trouble.
I wouldn't expect or demand that Freenode accommodate peering AOL/AIM, Facebook, or any other external service -- why is Mibbit any different?
Well, I don't really know all the details behind Mibbit's implementation. Interesting that they pass on the IP. But the problem would then be that people can then use any of a number of proxies, etc, to get around that - Mibbit certainly does not have any incentive to block proxies, it's interested only in ad views. So it seems there would be a conflict of interest between Mibbit, interested in maximising users, and freenode, interested in maximising quality. Anyway, obviously freenode couldn't easily get around it, otherwise this news item wouldn't exist, right?
Funnily enough, I'm currently writing my own (toy) IRC server too, though I doubt it will (or could) ever serve the numbers you're talking about! Amazing that it has never really progressed beyond RFC2812, and even that was old news when it was written in 2000. I'd like to see IRC 2.0.
>> Mibbit certainly does not have any incentive to block proxies, it's interested only in ad views.
Mibbit blocks all known web proxies, tor, etc and has done for a long time. You really do think the worst of everyone don't you. I wonder what that says about you? :/
Right, because insinuating anyone who uses mibbit is incapable of installing an IRC client is not a sniping remark?
I have no problem with basic aptitude tests. I have no problem with restricting a community to the technically literate. What I have a problem with is the assumption that anyone choosing to use X over Y is some kind of moron.
Right, because insinuating anyone who uses mibbit is incapable of installing an IRC client is not a sniping remark?
No, simply that as an initial barrier to entry for a technical community, "browsing to a web page" isn't very difficult and serves poorly as a first-pass filter.
webmail clients are only blocked 'due to abuse' because it's easy to make bots to register fake email addresses. But even that is not fool-proof. I remember that back when AOL on dial-up was my internet connection, the 'master' account could create multiple 'child' accounts. So even the ISP in that case could allow you to create a 'fake' email for the purpose of registration.
No, I regularly find modern registration forms that won't accept mailinator or even hotmail addresses (and your service is probably more akin to mailinator than hotmail).
* Going http is a nice way to get around firewalls. Sure, I can tunnel through SSH to my server, but that is a bit harder and not everyone has a server to tunnel to.
* Part of axod's idea, from what I gather, is simply to provide a nice chat system, that happens to have IRC as a backend. Would you say that people who can't install a proper nntp/smtp/whatever client shouldn't be allowed either? How 'bout twitter, to pick something popular? How about people who need help setting up an online store presence because they can't code it themselves? We owe the existence of this site to pg knocking down that particular barrier to entry.
Now, the question of abusive users is another one, and one that deserves to be taken seriously. But I have no idea about how axod handles that side of things.
I wouldn't say shouldn't, but I would say that a slightly higher barrier to entry serves as a good first-pass filter for technically-oriented communities.
You need something better, though. After all, it should be noted that discussion here is via a web based interface, and yet the conversation isn't that bad.
I agree, but IRC is different and arguably antiquated technology. It doesn't require registration, operates in real-time, has no concept of reputation or community moderation. It's difficult to manage, and services that accidentally facilitate abuse make it more so.
More accurately, the protocol doesn't say anything about registration. It's dead simple to implement some form of registration outside of the IRC protocol, and then only allow registered users to connect.
We (as a channel) initially tried to avoid banning Mibbit wholesale, but that strategy failed. I imagine Freenode had similar issues at a larger scale. I can't say that any developers I associate with are unhappy that Mibbit was blocked.
Specifically, on a technical channel:
<me> Looks like Mibbit was blocked
<user1> so sick of mibbit luzers
<user2> nice!
<user3> mothafuckers who can't be bothered to
use an IRC client probably don't need to be on IRC
<user1> had some random moron join #scheme and then
start /msging me to ask where I was from
It's difficult to find places to engage in community discussions with other high-quality developers without eventually being inundated with low-quality participants. The quoted response may be overtly rude, but the fact is, Mibbit brought exactly the type of users that we're on IRC (and freenode, specifically) to avoid.
Why did it fail? You can just ban mibbit if you like on the channel :/
We didn't want to ban an entire service! Unfortunately, it wound up being the easiest way -- hence, our attempt to avoid doing so failed.
I've used Mibbit as my primary client for a year. I take offense at your blanket statements about the "type of users that use mibbit".
You are an outlier. The "type of users that use mibbit" were consistently abusive, difficult to deal with, and ultimately detrimental to our communities.
That was not my experience, but you and I probably have differing opinions of "detrimental", and I'm not sure how you would correlate abuse or "community detriment" with your data.
We tend to be patient with individuals (even semi-abusive ones) before resorting to crude methods such as banning.
The necessity of installing and configuring an IRC client to use freenode is an example of a good barrier to entry.
Doesn't strike me as good enough of a barrier. Then you still get a lot of idiots who think they are elite just because they can set up a client. Not sure that's improved the situation that much.
Are you claiming mIRC made it difficult to use a proxy?
There has always been proxy settings available. I...know some people...that wrote scripts for mIRC that loaded thousands of bots on proxies. That was on an early Pentium with dialup too.
Are you claiming mIRC made it difficult to use a web proxy?
Since IRC traffic can't be conveyed via a web proxy, yes. =)
There has always been proxy settings available. I...know some people...that wrote scripts for mIRC that loaded thousands of bots on proxies. That was on an early Pentium with dialup too.
Absolutely, I used to abuse WinGate TCP proxies back in the day. Those eventually disappeared, and it's now much harder to find open TCP-capable (SOCKS, etc) proxies. To seal the deal, major IRC networks perform TCP proxy detection on incoming connections to check for open proxies operating on standard ports.
This is completely stupid of Freenode. Shame on them.
Axod, how do you know it’s permanent? Have they made a statement?