ubuntu-us-tn ATTN: IRC Channel OPS

Zach Gibbens infocop411 at gmail.com
Sun Jan 17 12:34:33 GMT 2010


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

(Forgot to sign last one, woops)

due to the recent attacks on freenode, they have recommended placing a
mode +r or +R on as many channels that feel that to be reasonable. +r
is block unidentified, +R is quiet unidentified, if I see the attack
in here, I'll apply +R until the end of the attack. if it seems
reasonable, applying it now might not be a bad idea, but I don't wanna
be rash on that, since our unregestered users will also be quieted
(it's better than a ban & we can help them register too) if we are
targeted, I will put a temporary quiet unidentified that moment, but I
thought that I should run the thought of applying this prior to an
attack past other ops, or making the change more long term
http://blog.freenode.net/2010/01/javascript-spam/

makes a number of notes on this issue, in addition to a few wallops &
global notices, the two most important is users that fall for this
will be banned (whereas the +R mode keeps our users safe in our
channel, but they could be affected in other channels) this is a
javascript attack, it does not care about linux, mac or windows &
every modern browser by default can thus play a part & last but not
least, there will soon be better ways to deal with this attack after
they migrate to a new ircd (which should happen on the 30th, before
our next meeting)
also, the ircd server would notify the client, so they would not be
clueless & it seems most if not all our current members (outside of
meetings, next one I am aware of is in feb. this would be altered for
something less harsh a fix once freenode is on it's new ircd or could
be adjusted for a meeting & reapplied) are registered & id when they login

some food for thought, I won't apply any changes until I hear someone
thinking this is reasonable or we have the attack in our channel (at
which point, I'll only apply it for as long as absolutely necessary,
unless I hear a better way to mitigate the issue, I will send a memo out
if that happens as well)

Signed,
Zach Gibbens
cyberanger

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iEYEARECAAYFAktTA9gACgkQqNhj3HsCKFsCWQCeIOvAC7iK4CHgSFUFF5FnBqiU
HDoAnjgRa89/54WSN90Yz8H6qdVP7V98
=oatu
-----END PGP SIGNATURE-----



More information about the Ubuntu-US-TN mailing list