ATG 25: How to Use TWiT's IRC Chat

Beep boop - this is a robot. A new show has been posted to TWiT…

What are your thoughts about today’s show? We’d love to hear from you!

Hmmmm, my thoughts …
Oh the irony of the wiki and IRC being offline most of the day.
Hehe…sigh. Murphys Law.

I wish @Leo you had remembered to point out not to use passwords on the site for the moment as it is still unencrypted HTTP, but to use passwords in a client with TLS on port 6697.

It was back up by the time the episode went out.

Handy timing all round then.
…though not for your host obviously eh.

BTW. You can give links for IRC clients, eg.
SSL/TLS On ircs://irc.twit.tv:6697/twitlive
SSL/TLS Off irc://irc.twit.tv:6667/offtopic

I actually didn’t know our server supported TLS. 6697 you say. Interesting.

It’s a somewhat common idiom with IRC clients to put a + sign in front of the port to let it know that it’s SSL. So for mIRC I have a configuration like:

Yep, I have always used port 6697 with TWiT.
Current session connected using SSL cipher “DHE-RSA-AES-256-CBC-SHA1”

I notice some clients are clever and will swap the port if you tick SSL/TLS on, but generally you have to change it yourself.
This is why I often give out prepared clickable links, though unfortunately many IRC clients don’t add the MIME type, so browsers are left clueless what to do unless you can add it yourself.

We have all these wonderful standards to make things easy.
It will be nice when vendors bother adopting them.

I’m only surprised because I don’t remember putting a cert on the server!

Maybe the IRC server is automatically making use of a valid cert for the domain ?

I did a bit of poking about (hope it wasn’t uncomfortable) you can see InspIRCd port 6697 is using a lets encrypt cert if you look at the IP in Shodan
Actually you can also see a bunch of other stuff listed on the “wrong side” of the page which may be more interesting for a certain colour hat-wearing ne’er-do-well. The Qualys SSL test is not a pretty sight either if this is the cert in use .

The *.twit.tv cert is from GoDaddy. So now I’m baffled!

Well I just Googled for cert checker and popped in https://irc.twit.tv:6697/ and got this:

TWitIRCcert1020×952 101 KB

You can see the HTTPS cert info just looking in the browser

twitirc419×521 46.8 KB

SSL Shopper shows the barest minimum of info.
Qualys SSL Labs checker lists potential security conflicts and known exploits such as Zombie POODLE and GOLDENDOODLE , plus tips on how to resolve them.
https://www.ssllabs.com/ssltest/analyze.html?d=irc.twit.tv
You can see it gets a grade F and several things may need attending to.

twitircssl1360×768 154 KB

Shodan more specifically shows the Lets Encrypt cert being used on port 6697.
Sites like Qualys and SSL Shopper don’t look at ports you specify as they are expecting a regular website on port 80, 443

I think somehow during the re-hosting of the downed domains recently, TWiT has the gained Lets Encrypt certbot ?

Turns out that the mods did install Let’s Encrypt in 2016. Neither I nor ScooterX knew this! But there ya go!

A handy gift-horse it would seem.
However maybe one worth having a look in the mouth.
Good work moderators but it does seem a bit remiss not to tell Leo.
Magic certificates growing on trees could have been a fake-news item this week

Perhaps some of the settings can be disabled as it is only required for the IRC, though the webIRC could be setup to use it, in which case the config should definitely be changed

I didn’t even know about secure IRC until I joined Twit. My IRC app had Twit as a predefined network with security. I’ve been using IRC for 25 years.
Now I feel old.

I saw this and thought, “25 years?! Wow that’s…as long as I’ve been using IRC. Wow…I’m old too!”
I was a regular member of one IRC channel of assorted friends for 20 years. They just shut it down and replaced it with Discord. Now everyone’s chatting much more than we have been in the last 15 years!

Yeah, its hard to think about it.
I’m going to log in to Prodigy now…

I moderate 2 IRC channels that the owners suggested we close because there we also have discord.
As long as the users visit I am happy to be there, and IRC<->Discord bots mean you can keep both running and connected.
I think of it as just making the chat-house bigger by adding another room.

@AaronK Your app came with TWiT already predefined !?
Very cool, perhaps it is one Leo can recommend.

Wouldn’t that make it hard to moderate? For example, if an inappropriate comment was removed from Discord chat, it would still be visible in IRC. …and someone banned from Discord could easily get a second round of attacks by hopping over to IRC.

IRC always has that problem. Discord doesn’t bring any new issue.
The beauty of IRC is the transient nature of conversations, as well as the drawback.
It is easy enough to kickban someone and fill the chat with new lines for a bit.
New visitors will not see it anyway, and only people that really want to bother will look in their log file.

So far over the years moderation problems have been limited to occasional spam campaigns, in which case we just go secret and allow registered users only for a week or so. Most real users arrive from the links on the project sites.
The only grief we had of note was with an ex-helper of one of the projects, that turned into a game of IRC whack-a-mole, so we got one of the server admin to lurk with us and deal with it more thoroughly.
That grief thankfully moved to twitter where he accuses us of whatever random conspiracy is on his drunken mind at the time, and it makes it much easier to ignore.