The Floodbots

Charles Profitt indigo196 at rochester.rr.com
Thu Feb 6 13:14:19 UTC 2014 

Alan:

Thanks for the summary.

---- Alan Bell <alan.bell at libertus.co.uk> wrote: 
> Hi all,
> this email is to give you all a summary of the situation with the 
> floodbots, a bit of background, and our current strategy to address the 
> situation. Further discussion and comments are welcomed here or on IRC 
> in #ubuntu-irc or #ubuntu-ops-team
> 
> 
> What happened
> ==========
> The floodbots have been withdrawn from service, as of February 3rd 2014, 
> they are not coming back.
> 
> What the floodbots do
> ==============
> The most visible function of the floodbots is to impose a quiet on 
> people who accidentally paste multiple lines of text into the channel. 
> This often happens when someone intends to share part of a log file with 
> the channel and does not realise that this is propagated a line at a 
> time to the thousands of users we have in the channel, disrupting other 
> conversations and generally causing confusion.
> As well as accidental pasting there is intentional pasting of spam and 
> links by attention seeking individuals and automated bot attacks, the 
> bots have information on bans and heuristics to detect names and hosts 
> that are likely to be hostile.
> The floodbots have extensive facilities for responding to ddos type 
> situations, sometimes putting the channel into an emergency mode for 
> just registered users, there is then a process in the #ubuntu-unregged 
> channel where captchas are presented to users and the humans are allowed 
> back into the main channel.
> The bots will detect emergency situations, such as mass joins and can 
> distinguish between ddos attacks and technical issues in the network
> There are several floodbots normally active, they talk to each other to 
> detect network latency and netsplits and to update their own code
> 
> Overall, the floodbots help us to regulate abuse of the IRC channels, 
> but for perspective, this is just bytes on a wire. There is no actual 
> harm or cost caused by someone pasting an excessive amount of lines in 
> an IRC channel.
> 
> We have not recently seen attacks and/or abuse at the scale of what was 
> happening at the time the floodbots were written. This might be because 
> the floodbots are protecting us from it so well or we are less of a 
> target than we were, or something else.
> 
> The options
> =======
> 
> 1) we can do nothing, and not have these features
>    -  not ideal, would be extra workload and/or a worse experience for 
> people in the larger channels, but this is basically what we have been 
> doing since they were turned off and the world has not ended.
> 
> 2) we can get a different accidental paste protection plugin for ubottu 
> or another bot and have just that feature
>    -  these exist and could be used without much fuss, that would 
> provide the most visible bit of floodbot functionality
> 
> 3) we can rewrite more of the floodbot functionality into ubottu or 
> something else, aiming for feature parity at some point
>    -  this could take some time, it seems unlikely that we would get as 
> far as the existing floodbots do
> 
> 4) we can move to +r+z in the large channels and make a bot to help 
> users to register on the network to talk, people would join read-only 
> and have to register to talk, like most websites.
>    -  this could be done, it would be a massive simplification of the 
> problem; however it has significant disadvantages in terms of the end 
> user experience for people new to IRC.
> 
> 5) we can try to resolve whatever issue was the motivation for shutting 
> the floodbots down
>    -  We don't want anyone to feel bad about their contributions to the 
> Ubuntu project, but this might be hard to fix. If we could then that 
> would be great, but we should not sustain a situation where we do not 
> have the freedom to use, inspect, modify and share the software that we 
> are using. We don't put up with that for any other software, even 
> freedom zero is provided by most proprietary software and today that is 
> what has gone from the floodbots.
> 
> and finally, for completeness
> 
> 6) we can bring the existing floodbot code back on line with new 
> freeserve account information as it has GPL v2 boilerplate headers
>    -  this isn't a good option, LJL has asserted that he didn't intend 
> to distribute it under that license. Arguing that point is unlikely to 
> lead to any kind of happy outcome, we are not going to do it.
> 
> What we plan to do
> ============
> 
> Right now we are at option one, the do nothing option. We are working on 
> option 2 to bring online some paste prevention, and have it available as 
> soon as possible. For the last two days we have been running without the 
> floodbots and we have had some impact on the channels, which was 
> manually responded to. We could set the channel(s) to +r+z should there 
> be unusual activity, returning to the normal state of affairs ASAP.
> 
> If there is a perceived view that this is not sufficient, then we will 
> consider a more complete flood protection via #3 but we do not intend to 
> reuse the current floodbot's codebase. In other words, we do not see #6 
> as being an option; and -- at least right now -- cannot see option 5, 
> redeploying the existing floodbots, without a Free Software codebase as 
> a viable option.
> 
> 
> 
> AlanBell, on behalf of The IRC Council
> 
> -- 
> Libertus Solutions
> http://libertus.co.uk
> 
> 
> -- 
> community-council mailing list
> community-council at lists.ubuntu.com
> https://lists.ubuntu.com/mailman/listinfo/community-council

More information about the Ubuntu-irc mailing list