Idiot thinks you should use IRC instead of Slack



  • @blakeyrat said:

    I agree, but that's no excuse for them to be sent plaintext.

    SSL? Quickly checked the two networks that I could remember from the top of my head (efnet, freenode -- it's been a while), and they seem to support SSL connections, at least for some of the servers.



  • AFAIK there's no way to verify that NickServ is actually NickServ and not NlckServ or similar; so even if your communication with NickServ is encrypted you can't be sure you're giving your password to the right thing.

    (You could in-principle have you and the bot do challenge-response and guarantee its the bot that way, but I don't know if anything actually does that).



  • Fair enough, but it's not as if encryption fixes phishing and this kind of problems. After all, if you enter your password at (lame example) rnybank.com instead of mybank.com, you're just as screwed.

    Ok, banks nowadays mostly opt for more advanced authentication than just passwords, but s/bank/other service/.



  • @blakeyrat said:

    I agree, but that's no excuse for them to be sent plaintext.

    I'm amazed all the geeky nerdy geek nerd dork geeks don't care about that.

    I don't use IRC for anything where having my identity stolen would matter. If you did, then yeah it would be a problem.

    Also it's a protocol from 1988 principally for nerdy geeks to talk to other nerdy geeks. It predates HTTPS. It predates SSL. It predates Windows 3.0. It predates PGP. You ran it on a university mainframe to talk to other computer scientists at some other university. Nobody thoughts about security for protocols back then because it wasn't a live concern back then, and it would have been illegal for source or specification to be exported if it used strong encryption, because US law forbade exporting strong crypto up until ~1992.

    Retrofitting decent security onto it now isn't feasible; if you want that use something else. I thought you had a thing for backwards compatibility!



  • @cvi said:

    Fair enough, but it's not as if encryption fixes phishing and this kind of problems. After all, if you enter your password at (lame example) rnybank.com instead of mybank.com, you're just as screwed.

    HTTPS includes endpoint authentication as part of the certificate.


  • Discourse touched me in a no-no place

    @blakeyrat said:

    The point isn't whether a person can/can't set it up. That is not the point. That is a tiny bit of the point, but only a very tiny bit.

    Remember that I'm not disputing that Slack is better[1] for the purpose discussed in the OP. I'm just saying that IRC isn't a POS.

    [1] or may be--again, I've never used it or even seen screenshots.



  • Yeah, but both endpoints in my example have valid certificates for themselves. The password is encrypted in both cases, but -like in your example with the fake NlckServ- you sent it to the wrong person.



  • @blakeyrat said:

    no excuse for them to be sent plaintext.

    Yeah, IRC over SSL is impossible.

    And they totally aren't stored hashed with modern algorithms. Oh wait...



  • On WTFNet SSL is forced and I use a valid cert issued by LetsEncrypt...but @blakeyrat apparently thinks that such a configuration is impossible. It uses OpenSSL (you can also configure it to use GnuTLS) for this, so it supports things like ECDHE_RSA_WITH_AES256_GCM. That's what all of the clients I have seen connect use, with a few exceptions that use ECDHE_RSA_WITH_AES256_CBC_SHA.



  • The NickServ nickname is juped by any server that's been updated since 1999.

    A lot of services (like Anope) allow you to use the short command /ns in place of /msg NickServ so it'll always go to the right user.



  • NlckServ is very similar to NickServ, might fool someone who is doing it manually for some reason.

    (I am only a casual IRC user at best, I don't actually know a great deal about the fancier stuff)



  • You could easily jupe something that matched *serv, or use regexes to match some crazy pattern like ^(N(i|L)ckServ)$. However, it'd probably be easiest to just do *serv. I don't believe I have this on WTFnet but I have juped a few nicknames like RootServ, which is used by some networks (but not ours).



  • @blakeyrat said:

    It was ass. Fried ass.

    What have you got against rump steak?



  • @jmp said:

    Also it's a protocol from 1988 principally for nerdy geeks to talk to other nerdy geeks. It predates HTTPS. It predates SSL. It predates Windows 3.0. It predates PGP. You ran it on a university mainframe to talk to other computer scientists at some other university. Nobody thoughts about security for protocols back then because it wasn't a live concern back then, and it would have been illegal for source or specification to be exported if it used strong encryption, because US law forbade exporting strong crypto up until ~1992.

    So why the holy fuck are people still using it?



  • Network effects and because there isn't much in the same space. Has a lot of similarities to email, actually, and I don't expect Facebook messages or the like to supplant email any time soon, either.



  • @rc4 said:

    You could easily jupe something

    You could easily what, now?



  • @rc4 said:

    The NickServ nickname is juped by any server that's been updated since 1999.

    Where juped has an aside of "reserved, even on networks that don't have it"

    Alternately you could ask the internet



  • So it just means 'reserved' then? Way to go making your software easy to understand by inventing new words for things. This is just pointless obfuscation for the sake of being different.

    Checking the link you provided, it doesn't even have a sane etymology - it's apparently derived from the name of a troll who tried to spoil everyone's user experience by registering himself as NickServ with the obvious hilarity ensuing. That's like naming those laws to protect children after the abductors, rather than the kidnapped child. The mind boggles...

    And these people call Slack users elitist hipsters?!?



  • Given that it says "one possible explanation" for the etymology, it's likely that the term is old enough that nobody really knows. EFnet was founded in 1990, and NickServ was created at roughly the same time - i.e. this all started up roughly when the web did.

    (And I don't know the history here, it's possible that the guy grabbed the nickname to prevent other people trolling with it; that would make the etymology make slightly more sense).

    Also: A smallish group of people interacting together in a subculture come up with their own shibboleths, memes, and jargon? I'm sure something like that would never happen here.



  • It isn't an official term, it's jargon/slang. And it's derived from the name of an IRC Oper on EFNet who registered the nickname "NickServ" on EFnet where NickServ isn't available, to prevent others from misusing it (if you actually read the wikipedia link). What the fuck's wrong with you?



  • @grkvlt said:

    So it just means 'reserved' then? Way to go making your software easy to understand by inventing new words for things. This is just pointless obfuscation for the sake of being different.

    C.f. "tweet".

    And probably many many others.



  • "Enterprise" consultant here. You get to use something other than Lync at work (now "Skype for Business")? Count yourself lucky.



  • I've never had any gripes about Lync/SfB...AFAICT neither has anyone else I've run into. What's bad about it?



  • IRC might be ancient, ugly, and generally lacking in features, but it is definitely NOT difficult to use (from an end-user standpoint anyway).



  • Aside from actually having to learn typed commands instead of a cute little button to do X function.



  • where can I begin. It's ok for 1-1 IM. But meetings don't let you see the past chat history of the room, insist on a crappy audio/video panel that you can't get rid of, and often fail to connect. I have yet to find a collaboration technology that actually makes it easier than a 5 minute in person stand up.


  • BINNED

    @rc4 said:

    What's bad about it?

    The groups only half work, removing someone is a toss up and sometimes users are simply gone from the group only to reappear later on.
    Searching a name is a pain. Search "Jan". 4 Jans slide into view and then rrrrrright when you are clicking on the Jan I need it adds a fith Jan from god knows where, some external dude or something, changing the order of the Jans in view and making me start a conversation with the wrong Jan. Really ... I didn't want to talk to the CEO about the clogged up toilet.
    It's dead slow, not only at startup but at anything. Putting focus on the damn window. The pop-up comes to start a new conversation but sometimes I could just walk over to the other side of the building before the pop-up actually transforms into the chat window.


  • BINNED

    @NTW said:

    But meetings don't let you see the past chat history of the room

    Oh god forgot about that ... never, ever invite someone to an ongoing conversation. You might as wel start typing the entire conversation over, again.



  • @NTW said:

    I have yet to find a collaboration technology that actually makes it easier than a 5 minute in person stand up.

    The company I worked at that used Google Hangouts had it open on the PC/TV combo 24/7, that actually worked ok once people went through the pain and annoyance of having to deal with Google's shitty account system.


Log in to reply