DragonFly users List (threaded) for 2007-03
DragonFly BSD
DragonFly users List (threaded) for 2007-03
[Date Prev][Date Next]  [Thread Prev][Thread Next]  [Date Index][Thread Index]

Re: wiki log of #dragonfly irc channel


From: "Dmitri Nikulin" <dnikulin@xxxxxxxxx>
Date: Mon, 5 Mar 2007 09:13:01 +1100

On 3/4/07, B. Estrade <estrabd@gmail.com> wrote:
Nice one.  Just realize that most people don't mind the last 100-1000
lines of chatting up so that others can "catch up", but providing 24/7
logging of a channel is a bit unnerving ... to me anyway.  Maybe you
can either only do the last few hundred lines or allow people to
register themselves to be ignored:

I'm guessing you're serious, so I'll mention why this is a risky idea. IRC has chewing-gum authentication and it's almost trivial for a malicious bot to fool a server into ignoring people by pretending to be them, and this can be done in many points*. Basically, the entire utility of the logging bot is broken because it allows virtually unauthenticated modifications to its behavior. Not to mention the confusion that arises if an entire participant in a conversation has their messages removed.

* Such as the client's machine, the server, and any gateways involved.
Yes, the same machines can be exploited to change or ignore the
messages anyway, but this is more complicated than spoofing an IRC
message and, notably, would have a very different effect on the
appearance of the conversation.

---
Dmitri Nikulin

Centre for Synchrotron Science
Monash University
Victoria 3800, Australia



[Date Prev][Date Next]  [Thread Prev][Thread Next]  [Date Index][Thread Index]