[Fwd: Re: Ubuntu irssi 0.8.12-4ubuntu2]
Paul O'Malley - gnu's not unix -
ompaul at eircom.net
Sun Oct 12 21:34:43 UTC 2008
Aaron Toponce wrote:
> You
> connect on port 6667 with bad hardware, and are a victim of the exploit,
> you either:
>
> 1) purchase new hardware
Person does not have to - are you going to set a standard where you test
Peoples kit before they join the network and ban them based on that?
This seems like a "Use browser X, to read this web page" statement to me.
> 2) connect on a different port
Some networks do implement this feature this some don't.
Now you want to rewrite all ircds on all servers.....
> 3) upgrade your router firmware
>
See my comments about control below.
>> Can it be solved in a generic way?
>
> Yes: education.
>
>> This follows from the simple fact that you can't make people get new
>> routers or be better informed, as much as you might like to.
>> (See bug 1 for a parallel proof, only time can improve the situation.)
>
> Bug 1 has nothing to do with broken hardware, and dodging the exploit.
> If we don't educate, then what is your proposed solution? Users
> connecting to IRC should be educated in the exploit, and how to avoid
> it.
>
You and the point seem to be travelling in opposite directions at close
the speed of light.
I too have pointed to exactly the same causes, i.e. bug1 lives on while
people don't get educated, because we can't force them to be.
In the same vein:
Bad hardware depends on people not being educated.
Bad hardware depends on people not having the funding.
Bad hardware depends on people not having the control to fix the problem.
I say again, you assume too much.
snip
>
> Again, Freenode and OFTC have already shown how to connect without
> becoming a victim. So, it seems trivial to patch IRC client software to
> take advantage of those standards.
>
they are not standards -
The implemented "solution" is a dirty hack - not a standard.
They could have chosen port 22, and then what would you think?
Also please be aware, if it were a standard then perhaps it is highly
likely that the people who wrote the bad code would also pollute this
space with their faulty code.
It seems to me you are not addressing question.
Have fun.
Regards.
P.
More information about the Ubuntu-irc
mailing list