IRC.com outlines its roadmap (opens in new tab)

Full disclosure: i'm being paid to work on InspIRCd for use on the IRC.com network. This is my personal opinion not an official statement on behalf of my employer.

The IRC server software used by Snoonet, InspIRCd, does not contain any functionality for message interception (it doesn't even tell server operators the contents of a message that has matched a spam filter) and at least on the infrastructure I have access to Snoonet does not have any message interception capability either.

That's pretty damning. Glad I never went to Snoonet. Something seemed off about the network as a whole, and it appears that my assumptions were correct...

MK the same man behind mt. gox?

"Oh and PIAs support site and customer DB were compromised using a deserialization vulnerability in kayako."

Can you please detail when this was? I would assume based on your example in December 2016, however PIA Support wasn't using Kayako in December 2016. For clarity, I run PIA Support and one of the first things I did when I joined the company was replace Kayako.

Even if you removed every other part of this comment, Mark Karpeles as CTO is more than enough by itself to stay very far away from this. Might as well hire Bernie Madoff as CFO of your new investment startup.

The IRC Foundation, as it says on the linked page, doesn't exist yet. That's a goal of irc.com to do.

irc.com is a domain purchased by Andrew Lee of Private Internet Access last year. Formerly, irc.com had a letter written from him about his goals hosted on it:

https://web.archive.org/web/20180622180151/https://irc.com/

For the most part, the Foundation's just a project to support existing projects and developers who use the IRC protocol. This can mean providing financial support, access to more business-oriented resources like designers/legal/etc, as well as simply improving the quality of protocol documentation out there (the part I'm handling).

In terms of strict protocol improvements, the IRCv3 WG is the real place where that's going on, the most authoritative thing in terms of introducing new stuff across the IRC infrastructure these days: https://ircv3.net/

But, for new developers looking to get into IRC today, the resources aren't as available as they could be. Sure, there's a bunch of code to look at, libraries you can use to get started that seem to work fine. But when you wanna start digging into the wire protocol, how particular commands or functions work, how to actually approach writing a client/server from scratch, all you have are either the RFCs, some newer resources like the ircdocs/IRCv3, or stuff spread across 20+ year-old textfiles and pages all across the net. My intention for the documentation side of the Foundation is to build up information on how to use/parse commands and numerics, how widely they're used (in terms of software support), and how to really dig into and approach development with the protocol – since that feels like the more valuable information to be out there right now for new devs. It'll be linked to and public sometime soon, it's just that building up a swathe of documentation large enough to show we're serious about it takes some time (if you want those docs to be decent-quality, at least).

For what it's worth, I'm both the primary writer/maintainer of the Foundation's developer docs work, and the maintainer of the more community effort https://ircdocs.horse/ , so hopefully I'm on the right track with supporting devs in the protocol documentation sense.

If there's any questions or suggestions for directions to take on this (stuff that you, as a dev, would find useful for writing IRC software), please let me know! Even if it's not there for initial launch there's a fair backlog of stuff I'm looking to make up with this project.

Full disclosure: i'm being paid to work on InspIRCd for use on the IRC.com network. This is my personal opinion not an official statement on behalf of my employer.

Everything IRC.com is working on usability-wise is happening on top of the existing protocol. If you're an advanced user you'll be able to connect to the server with your IRC client of choice just like you always have to any other IRC server.

Because 99% of the people don’t know what a port is. If they want to rethink the way things work and make the protocol more attractive you have to rethink some assumptions that were maybe correct in the early days.

Nobody is going to stop you from just using the “old” protocols. Maybe it’s even backwards compatible in the way that right now you can also add port 80 to a URL but you don’t have to.

As the maintainer of InspIRCd i'm biased towards it but ngircd is a pretty solid piece of software if you only want something which is simple and easy to set up without a bunch of fuss.

I have to look through the source code of other IRC server implementations regularly when checking for cross-server compatibility and looking through ngircd's source code is always a pleasure. Its extremely well written and easy to follow unlike the irc2-based IRC server implementations (UnrealIRCd, etc) which usually are a pain to find out what they're even doing.

Charybdis and ratbox are both installable in that fashion and easy to configure, not to mention they are also more stable, better-programmed, and better optimised for large networks than ngircd. With ngircd it's trivial to cause a netsplit by flooding; also, the dev Alex Barton admitted a while ago to neglecting proper input validation from server-to-server links, claiming servers are "trusted" ... I think after a while he finally agreed that it wasn't best practice and that all incoming data should be considered untrusted and hostile, but the fact that he didn't care at one point speaks volumes for the rest of his code which is probably still unsafe and unidiomatic to a degree. Meanwhile, ratbox and its charybdis successor both practise proactive defensive coding for untrusted input and I have witnessed no crashes with either, and I have been able to modify both their sources with relatively little trouble.

IP spoofing is possible on ratbox and charybdis; host cloaking is possible on charybdis but I would not depend on it. Personally I believe IP addresses are public information, but for those who don't agree with me, it's super easy to spoof hosts. Not to mention, both ratbox and charybdis support alternate I:lines (connection classes) for bouncers and the like.

Yep ngirc is awesome! It’s so easy to set up a quick server without setting up Anope and all the services separately. The only problem is that I sometimes accidentally restart nginx instead of ngirc because of auto-complete :P

I don't think it can be. Everything irc does is better done centralized. The big problem is leaking of user iP's. Ip's regardless of how they work technically are treated by police and courts as a unique identifier. As sad as it may be, Discord thrives far more than IRC ever did for that very good reason. All content has to be proxied, and that costs big bucks.

One way around it would be to stick to embedding of content only from a small number of known sites, but even then things like YouTube can still show geography of viewers iirc. Plus if those sites get tired of your bandwidth they can just block you, no negotiation of money if you don't have big bucks.

But regardless of how it's done, when you host your own actual server, you're now liable. You're identifiable, and In the U.S. identity is all that's required for any civil case, which could be thrown at you by anyone for any reason. When you host yourself you're taking on legal liability for your users, too, such as underage users that get access to pornography through it.

I think the best approach to the issue of IRC not being federated is to create a separate protocol that can not only do that, but also learn from the mistakes of IRC. By design IRC is not very extensible, and because of the initial limitations of the protocol and the divided opinions on what IRC should be, we have each software vendor proposing different standards and clients that have to support all of these differences. While IRCv3 is making efforts to standardise everything, there are still very large networks that will never switch from the old-style IRC and we still have that backwards-compatibility kludge in our way when we try to build modern clients. Creating a new, modern protocol from scratch hopefully allows us not to repeat these issues and have some foresight about extensibility, elegance, and standardisation.

And before anyone proposes Matrix to fill in that blank, I do not believe that it is at all suitable for the goals it is trying to accomplish.

Yes, currently we’re putting full time dev resources into Inspircd to bring it up to date with newer IRCv3 features so that we can showcase what IRC is capable of these days. Once the Foundation has been setup further down the line then we plan to open that up to other projects.