Services: Internet Relay Chat (IRC)
Concepts
The reason for chatting
The constitution and bylaws of the OpenPKG Foundation e.V. call for a General Meeting (GM) to be held on demand and at least annually. Because members are distributed across the world the founders decided not to opt for a meeting requiring physical presence. Online chatting was considered to be a viable alternative when the time for a meeting is planned. The OpenPKG Foundation uses Internet Relay Chat (IRC) as its official way to perform real-time communications between its Foundation members. To some extend this service is also available to OpenPKG Foundation fellows and other interested parties.Justification of IRC
There are many solutions for online chatting, recently often called Instant Messaging (IM), available with IRC being the longest lasting and most common. This means that many servers, clients and tools are availabe and many people are already used to using them. Use of solutions not based on the Unix operating system or 3rd party services were out of question by the Founder's philosophy. Alternative applications were considered where Jabber was highly unstable and SILC had very limited client support. Although IRC by design is intentionally weak in the areas of authentication and privacy, proper extensions and workarounds have been found and implemented. Please keep in mind that, with regard to privacy, voting is the most critical part in the General Meeting and this will be performed within secured IRC communication channels, too.Basics
IRC uses a client/server architecture where the server echoes messages submitted from one client to the other clients. Much like putting a bunch of people in a room and let them talk. After a short period it is likely that groups of people are formed talking about a common subject. IRC works likewise and uses so called communication "channels". Users join one or more channels to talk with like-minded people about a common topic. In addition, users can whisper to peers so others cannot listen. Originally, IRC was designed to be completely open to everyone. Each person can pick an arbitrary nickname and others know it by this name. Everyone can open a new channel and becomes the operator of such a channel. The original IRC design has little idea regarding user authentication and encryption of communications and passwords. To cope with the demands of very large communities IRC also supports multiple servers being interconnected, but this is not used in our Foundation setup.Conferencing
Channels can be switched into moderated mode where only the operator can talk and the remaining audience is just listening. An operator can give a voice to additional chatters. To get a voice, demanding users raise their hands by whispering to the operator. An operator can also place a channel into invitation mode where people can join the channel only invitational. Demanding users whisper to the operator asking to receive an invitation.Clients
A huge number of IRC clients exist and many modern Instant Messaging applications also support IRC. OpenPKG packages exists for the popular text client ircII, for the X11 client Xchat and Firefox has the popular ChatZilla extension.Bots
Bots are applications using the client/server IRC protocol. They are acting on behalf of one or more users or work autonomously and perform certain automated tasks. This can be anything from hanging on the line locking a nickname to droids with Artificial Intelligence participating in human conversation. The OpenPKG foundation setup makes extensive use of custom bots, which aid in logging, directing people towards channels, voting and gatewaying external information into IRC.Services
Additional services have been created by the IRC community to overcome certain design shortcomings. In order to gain higher privileges these services act as if they were a server and use the IRC server/server protocol. The OpenPKG foundation setup makes use of services to manage users, channels and nicknames.Servers
A large number of IRC servers exists. Most of them have a fairly common support of the client/server protocol but big differences exist in the server/server protocol support. OpenPKG packages exist for the original IRCnet server ircd, the modern EFnet server ircd-ratbox and the alternative server ngIRCd.Foundation setup
Servers
The OpenPKG Foundation runs a single private IRC server listening on "localhost" only. We do neither participate in other IRC networks nor do we currently support attaching to additional servers. This is a fully stand-alone and self-contained setup using the EFnet ircd-ratbox. Client access from the outside world using IRC client/server protocol is open through an SSL gateway only.Direct Access
ircs://irc.openpkg.net/Access to the IRC service on irc.openpkg.net via TCP:994/SSL/IRC, i.e., an arbitrary IRC client is used to connect via the IRCS (IRC-over-SSL) protocol to the IRC server directly. Unprotected access via plain IRC protocol is not possible to protect potentially used authentication credentials. This access method requires an SSL-capable IRC client or at least an SSL gateway. This access method is recommended for all experienced users.
Web Access
https://irc.openpkg.net/Access to the IRC service on irc.openpkg.net via TCP:443/SSL/HTTP, i.e., a Web browser is used to connect via the HTTPS protocol to a Web User Interface (CGI:IRC) providing minimum IRC client functionality. Unprotected access via plain HTTP protocol is not possible to protect potentially used authentication credentials. This access method requires an SSL- and Javascript-capable Web browser. This access method is recommended for newbies and those who have trouble installing a local IRCS-capable IRC client.
Services
The OpenPKG Foundation runs certain services to provide additional features on IRC. This is a stand-alone setup running "ratbox-services" which look like a separate server having some artificial clients connected. These can be contacted by whispering to them.- "USERSERV" registers users and controls user authentication. Foundation members are pre-registered to it. Passwords are transmitted in clear-text in the IRC client/server protocol. That is why we enforce SSL encryption. Passwords are stored securely in one-way-hashed format.
- "NICKSERV" registers nicknames and allows authenticated users to regain their nickname in case someone else (mis)used it during their absence.
- "CHANSERV" accepts requests for invitations to channels and accepts or denies those requests based on operator settings and user authentication.
Clients
Use your favorite IRC client on your favorite operating system. Make sure the client is SSL enabled or at least provides the possibility to use a proper SSL gateway like "stunnel". So far the following applications have been successfully tested:- ircII + stunnel on Unix/OpenPKG
- Xchat on Unix/OpenPKG
- Firefox + Chatzilla on Unix/OpenPKG
- Colloquy on MacOS/X
- Kopete on Linux [1]
- Trillian + stunnel on Windows
- mIRC on Windows [2]
- jIRCii on Windows/Java
[2] mIRC requires libssl32.dll to be renamed to ssleay32.dll
Channels
Certain channels are pre-allocated for organizational purposes. Note that the hash sign ("#") is part of the channel name. One channel is open for general discussion for all users and others are used for closed user groups with access controlled by "CHANSERV", which verifies whether the user had previously successfully authenticated to "USERSERV".| Name | Purpose | Communication | Access |
| #community | OpenPKG Community Chatting Room | unmoderated | open |
| #foundation | OpenPKG Foundation Chatting Room | unmoderated | closed |
| #conference | OpenPKG Foundation Conference Room | moderated | closed |
Hands on
Nickname
By design of IRC, arbitrary nicknames can be used. The OpenPKG Foundation assumes members use their Foundation login names for that purpose. Guest access is allowed but they must not attempt to fake a member's name. Their connection will be killed upon detection and they might get banned from the servers. The recommended choice for a guest's nickname is to prefix it with an underscore. This will avoid name space conflicts with Foundation member login names.Connection
Favorite client has embedded support for SSL:point it to irc.openpkg.net:994 using IRCS protocol (IRC-over-SSL). Favorite client needs "stunnel":
create a "stunnel.conf" file that, in version 4, looks like:
client = yes [ircs] accept = localhost:6667 connect = irc.openpkg.net:994Point client to localhost:6667 using IRC protocol.
Login/Password
Neither login nor password is required for the IRC client/server protocol to access the OpenPKG Foundation server. It is just required for authentication at "USERSERV".Message of the day
Upon connect a message of the day is printed. It contains instructions, policies, description of pre-allocated channels along with their intention and commands to be used for common purposes like registering users and nicknames, logging into "USERSERV" and asking "CHANSERV" for an invitation. It is possible to review this information at any time by issuing a /motd command.List available channels
Execute "/list" command to get a list of available channels, number of users in them and the topic being discussed. Please note that channels other than the ones mentioned in this document and the MOTD were likely established by users. Do not trust arbitrary channels! Just because someone creates a channel with name #accounting and topic "secure storage for credit card numbers" you must not deposit sensitive data there.Joining a open channel
The "#community" channel is open for everyone. Participate by entering "/join #community". You can then talk to the others by just typing messages. Please note that for access to open channels like this one, no authentication needs to be performed. Faking an identity is easy. Do not trust arbitray users! Just because someone calls himself "sysop" does not qualify him to ask you for your password.Registering a user name
Registration is permanent and survives disconnects. Foundation members are pre-registered. If you registered in a previous session, skip this step and continue with login. Otherwise whisper to "USERSERV" and tell it about you. Run "/msg USERSERV register username password <email-address>". You set the password in this step.Logging in
Login needs to be performed for every new session. If you just registered in the previous step, you are logged in automatically and can skip this step. Otherwise whisper to "USERSERV" and tell it about you. Run "/msg USERSERV login username password". You use the password in this step.Joining a closed channel
You must have been registered and logged into "USERSERV" first, as described in the previous steps. Closed channels are marked invite-only. Whisper to "CHANSERV" and ask for an invitation. If you are logged in and operators have granted you access an invitation will be issued. You must accept it with the next command otherwise the invitation is void and you must ask again. Run "/msg CHANSERV invite channel". Upon receiving an invitation, accept with "/join -invite" or "/join channel".Bots
The OpenPKG foundation setup makes extensive use of custom bots, which automate various tasks.- SECRETARY
This bot is logging all messages posted to a channel. You can instruct the SECRETARY to not log a certain message by prefixing it with a hash '#' sign. It is possible to whisper to the SECRETARY and tell her to resent previous messages identified by numer of most recent lines, regex or date. Run "/msg SECRETARY help" to see her offerings. There is also a web interface to review the logs, some of them are password protected: #community #foundation #conference - STEWARD
This bot is directing people towards channels and it allows users to drop a note to be read by others. Run "/msg STEWARD help" to see his offerings. Dropping a note can be achieved by whispering to STEWARD or by using a special "question := answer" syntax on the channel. Anyone can recover the answer by sending "question?". - VOTER
This bot handles creation, management and reporting of votings. It also allows users to assign their vote to proxies in case they cannot participate in a voting for whatever reason. The proxies are priorized with the user himself having the highest priority. Any proxy and the user can vote during the voting period. The most recent vote of the user with the highest priority counts. Run "/msg VOTER help" to see his offerings. For the average user, the "show", "vote" and "proxy" commands are the most important. - BARKER This bot is gatewaying external information into IRC. Currently CVS/shiela from openpkg.ORG pushes commit messages into the "#foundation" channel.
Quickstart
Note that the "--ssl" option to ircII is implemented by a wrapper script that creates an "stunnel.conf" file on-the-fly and invokes "stunnel". The script is part of the OpenPKG package "ircii". It can be found in the CVS for use outside OpenPKG.Anonymous public access
$ irc --ssl foo irc.openpkg.net /list /join #community /who * Hello, World! Anyone awake? /quit
Registration
Note: throughout the examples the password is bar$ irc --ssl foo irc.openpkg.net /msg userserv register foo bar foo@example.com /msg nickserv register /quitUse out of band communication like email and tell a human operator that you have been registered. He must configure "CHANSERV" and assign your registered account to channels you can join. This is not automated! Foundation members are pre-registered.
Change Password
$ irc --ssl foo irc.openpkg.net /msg userserv login foo bar /msg userserv set password bar newbar /quit
Access to closed channels
$ irc --ssl foo irc.openpkg.net /list /msg userserv login foo bar /msg chanserv invite #foundation /join -invite /who * Hello, Foundation! How can I pay my membership fee? /quit
Regaining my Nickname
$ irc --ssl foo irc.openpkg.net Nickname is already in use. $ irc --ssl terminator irc.openpkg.net /msg userserv login foo bar /msg nickserv regain foo /nick foo …
Create own public channel
$ irc --ssl foo irc.openpkg.net /join #newchan /topic We are discussing something new here /list … negotiate with friends … /who * Hello, Fellows! I'm dreaming about a new … /quit
Create own closed channel with invitation
$ irc --ssl foo irc.openpkg.net /join #newchan /topic We are discussing something intimate here /mode #newchan +i /list … negotiate with friends … /invite friend #newchan … friend needs to /join -invite … /who * Hello, Friend! I have a secret to tell … … OK. It's in the news, not a secret anymore. /mode #newchan -i … /quit
Create own closed channel with key
$ irc --ssl foo irc.openpkg.net /join #newchan /topic We are discussing something intimate here /mode #newchan +k secretkey /list … negotiate secretkey with friends … … friends need to /join #newchan secretkey … /who * Hello, Friend! I have a secret to tell … … OK. Now open the door for everyone. /mode #newchan -k … /quit
Create own moderated channel
$ irc --ssl foo irc.openpkg.net /join #newchan /topic Speakers Corner /mode #newchan +m /list … negotiate with friends … /who * Hello, Fellows! I always wanted you to know … Ah, I see a hand from confused /mode #newchan +v confused … /mode #newchan -v confused Good that we talked about that. … OK. Open discussion now. /mode #newchan -m … /quit
Asking SECRETARY to repeat last ten lines
Note the "Good morning …" will appear in the logs while the "#oops" line will not.$ irc --ssl foo irc.openpkg.net /join #community Good morning boys and girls #oops, no girls!? /msg SECRETARY log #community last 10 /quit
Posting to and querying infos from STEWARD
Note both the posting and the querying can either be done through public message or whispering.$ irc --ssl foo irc.openpkg.net /join #community /msg STEWARD foo := out for lunch foo? … out for lunch /quit
using VOTER for creation, management and reporting of a voting
Note the "music" voting is open for three minutes or until it is closed manually, whatever happens first. The user only needs the "vote" command, the "show" and "result" commands are for convenience and everything else is for the operator. In this example the voter first goes for "pop" then changes his mind to "rock". The last vote counts.$ irc --ssl foo irc.openpkg.net /join #community /msg voter create music "Foundation Soundtrack" pop,rock,rap you,me,thl /msg voter show /msg voter open music 3 /msg voter vote music pop /msg voter vote music rock /msg voter close music /msg voter result music /quit
