alan.bell at libertus.co.uk
Thu Feb 6 09:49:23 UTC 2014
this email is to give you all a summary of the situation with the
floodbots, a bit of background, and our current strategy to address the
situation. Further discussion and comments are welcomed here or on IRC
in #ubuntu-irc or #ubuntu-ops-team
The floodbots have been withdrawn from service, as of February 3rd 2014,
they are not coming back.
What the floodbots do
The most visible function of the floodbots is to impose a quiet on
people who accidentally paste multiple lines of text into the channel.
This often happens when someone intends to share part of a log file with
the channel and does not realise that this is propagated a line at a
time to the thousands of users we have in the channel, disrupting other
conversations and generally causing confusion.
As well as accidental pasting there is intentional pasting of spam and
links by attention seeking individuals and automated bot attacks, the
bots have information on bans and heuristics to detect names and hosts
that are likely to be hostile.
The floodbots have extensive facilities for responding to ddos type
situations, sometimes putting the channel into an emergency mode for
just registered users, there is then a process in the #ubuntu-unregged
channel where captchas are presented to users and the humans are allowed
back into the main channel.
The bots will detect emergency situations, such as mass joins and can
distinguish between ddos attacks and technical issues in the network
There are several floodbots normally active, they talk to each other to
detect network latency and netsplits and to update their own code
Overall, the floodbots help us to regulate abuse of the IRC channels,
but for perspective, this is just bytes on a wire. There is no actual
harm or cost caused by someone pasting an excessive amount of lines in
an IRC channel.
We have not recently seen attacks and/or abuse at the scale of what was
happening at the time the floodbots were written. This might be because
the floodbots are protecting us from it so well or we are less of a
target than we were, or something else.
1) we can do nothing, and not have these features
- not ideal, would be extra workload and/or a worse experience for
people in the larger channels, but this is basically what we have been
doing since they were turned off and the world has not ended.
2) we can get a different accidental paste protection plugin for ubottu
or another bot and have just that feature
- these exist and could be used without much fuss, that would
provide the most visible bit of floodbot functionality
3) we can rewrite more of the floodbot functionality into ubottu or
something else, aiming for feature parity at some point
- this could take some time, it seems unlikely that we would get as
far as the existing floodbots do
4) we can move to +r+z in the large channels and make a bot to help
users to register on the network to talk, people would join read-only
and have to register to talk, like most websites.
- this could be done, it would be a massive simplification of the
problem; however it has significant disadvantages in terms of the end
user experience for people new to IRC.
5) we can try to resolve whatever issue was the motivation for shutting
the floodbots down
- We don't want anyone to feel bad about their contributions to the
Ubuntu project, but this might be hard to fix. If we could then that
would be great, but we should not sustain a situation where we do not
have the freedom to use, inspect, modify and share the software that we
are using. We don't put up with that for any other software, even
freedom zero is provided by most proprietary software and today that is
what has gone from the floodbots.
and finally, for completeness
6) we can bring the existing floodbot code back on line with new
freeserve account information as it has GPL v2 boilerplate headers
- this isn't a good option, LJL has asserted that he didn't intend
to distribute it under that license. Arguing that point is unlikely to
lead to any kind of happy outcome, we are not going to do it.
What we plan to do
Right now we are at option one, the do nothing option. We are working on
option 2 to bring online some paste prevention, and have it available as
soon as possible. For the last two days we have been running without the
floodbots and we have had some impact on the channels, which was
manually responded to. We could set the channel(s) to +r+z should there
be unusual activity, returning to the normal state of affairs ASAP.
If there is a perceived view that this is not sufficient, then we will
consider a more complete flood protection via #3 but we do not intend to
reuse the current floodbot's codebase. In other words, we do not see #6
as being an option; and -- at least right now -- cannot see option 5,
redeploying the existing floodbots, without a Free Software codebase as
a viable option.
AlanBell, on behalf of The IRC Council
More information about the Ubuntu-irc