wiki log of #dragonfly irc channel

Dmitri Nikulin dnikulin at gmail.com
Sun Mar 4 14:28:29 PST 2007


On 3/4/07, B. Estrade <estrabd at gmail.com> wrote:
Nice one.  Just realize that most people don't mind the last 100-1000
lines of chatting up so that others can "catch up", but providing 24/7
logging of a channel is a bit unnerving ... to me anyway.  Maybe you
can either only do the last few hundred lines or allow people to
register themselves to be ignored:
I'm guessing you're serious, so I'll mention why this is a risky idea.
IRC has chewing-gum authentication and it's almost trivial for a
malicious bot to fool a server into ignoring people by pretending to
be them, and this can be done in many points*. Basically, the entire
utility of the logging bot is broken because it allows virtually
unauthenticated modifications to its behavior. Not to mention the
confusion that arises if an entire participant in a conversation has
their messages removed.
* Such as the client's machine, the server, and any gateways involved.
Yes, the same machines can be exploited to change or ignore the
messages anyway, but this is more complicated than spoofing an IRC
message and, notably, would have a very different effect on the
appearance of the conversation.
---
Dmitri Nikulin
Centre for Synchrotron Science
Monash University
Victoria 3800, Australia




More information about the Users mailing list