Enable the IRC gateway on the slack interface about bitcoinclassic HOT 14 CLOSED

Fully agree with opening IRC and XMPP gateway should be done!

from bitcoinclassic.

Slack requires either a continuously-open browser window, or running a third-party untrusted GUI application to run unless the IRC gateway is enabled.

This is false, Slack is not like IRC, its a couple of generations newer. For starters, you don't need to be connected to be able to 'get' messages. Unlike IRC if you are not connected, people can still see you and send you messages. You can scroll back over the period you didn't run any software.

The 'untrusted' part is also odd, its your own webbrowser. Slack doesn't need anything silly like flash.
When even Richard Stallman is saying that closed source software for a service like Slack is, is Ok, then I'm not all too worried about the security...
http://lunduke.com/2015/12/16/need-for-compromise-in-free-software-with-richard-stallman/

Transparency in development is absolutely crucial to the success of a project like Bitcoin.

Communication happens in the open, not sure why you think that it doesn't. Slack is not something that has a high threshold for entry. The browser interface is maybe not something you like, but it is the standard in todays world for all sorts of applications.
Everyone uses this approach, really.

The fact is that we've had 1300 people on the slack channel for a while now. Which is about a magnitude more than ever on IRC. I think this approach is a big success.

Either way, you have access to many different browsers with various open source ones to choose from. Please join us on slack using your free open source stack.

from bitcoinclassic.

Won't argue against any of the points made except for maybe that javascript might not always be safe, and a browser might not be the optimal way to run a chat client.

Now the question is rather what the downside of enabling the IRC/XMPP gateway is, and why it can't be a compliment to the "gui" version of Slack?

from bitcoinclassic.

@zander: Incorrect. I can only participate in the Slack conversations while a browser is open.

It is untrusted because portions of it are closed-source, server-side and I don't know what they're going to do with the data. What does it do with the data? How do I know their server-side application is secure? I don't. I also don't know what happens when they get bought by another commercial entity. I also don't see the >10,000 line chat log exports anywhere and can't do such an export myself, and so a portion of the history of the project (an important portion) is therefore completely hidden to someone like myself until the administrator of the project decides to do the export, and continues to decide to do the export into the future.

Their client-side application doesn't have nearly the eyes on it that older, smaller, more easily-audited non-GUI software like an IRC interface and is therefore less trustworthy.

I do not trust my browser when I need to leave it open to watch communications in the Slack team. The attack surface is too great, too huge, with too wide of an exposure; too much of a payoff with 0-day researchers racing for them and trading them for millions on the open market.

Communications do happen in the open: but I am saying that increasing access vectors makes it more open.

The rationale for not implementing the IRC gateway is what I'm interested in. I would like the opportunity to address the objections specifically. Letting me sit here and make my case absent whatever internal objections people have is just letting me spin my wheels needlessly and is disingenuous.

from bitcoinclassic.

You can also require SSL on Slack's IRC/XMPP gateway, but one could argue about the security of that all day.

In the end, people shouldn't be using Slack for secure communications anyways, that's why we have BitMessage ;) /s

from bitcoinclassic.

please enable the IRC gateway if you want to "look like" you re open to the community and not just stonewalling your private stuff.

from bitcoinclassic.

IRC gateway won't be enabled. It's a possible attack vector and we want to keep those to a minimum for now. Everyone has a browser and can use Slack inthere if they don't want to install any software. We can't accomodate everything and everyone. The decision has been made.

from bitcoinclassic.

Can you please explain why it is an attack vector? Do you mean attack in the security sense, or attack in the political sense?

Note that one of your developers was willing to implement this, Ahmed Bodi, in the Slack conversation about this.

from bitcoinclassic.

Another reason why it should be enabled: if you leave your browser closed for too long, private/direct message queues also disappear -- in other words, if you want to resume communicating with someone you were PM'ing and you keep your browser closed long enough, the 10,000 message limit wipes your communications out. Come on, it's just a checkbox. :(

I will also point out that the "1300" logged-in users is actually false, since the 10k limit means that when a user closes his browser, it is similar to joining IRC, and then leaving again. In actuality, there seem to be only a few dozen active users at any one time. If we are going to count "people who logged in but aren't active" then the current number for the #bitcoin* hierarchy on Freenode is sitting at 22,894 in just the last 140 days or so, and the current number just on #bitcoin is 1141 of users/clients/bots/whatever currently actively receiving all channel messages, including ones that don't mention their names.

So.. not really comparable at all.

from bitcoinclassic.

Another reason why it should be enabled: if you leave your browser closed for too long, private/direct message queues also disappear [snip] the 10,000 message limit wipes your communications out

Who told you that? The private messages do not get expired in that 10.000 messages limit. You are misinformed.

I will also point out that the "1300" logged-in users is actually false

Is this a point anyone made? It looks like a counter to an argument nobody made. The bitcoinclassic slack has over 1400 members.

If we are going to count "people who logged in but aren't active" then the current number for the #bitcoin* hierarchy on Freenode [snip].
So.. not really comparable at all.

Indeed, comparing the entire Bitcoin ecosystem to the bitcoin Classic slack is a useless comparison...

from bitcoinclassic.

I am not misinformed. I had communications open with the consider.it gentleman, was notified via email that he sent me a few questions, re-opened the Slack interface to answer him, but the Slack interface itself said, and I quote: "Your team has more than 10,000 messages in its archive, so although there are older messages than are shown below, you can't see them." This is in the actual private message window I had open with tkriplean. I see no way to reveal the older historical notes I had open with him. Perhaps you know a way? Why is Slack itself telling me that messages that I have that are older than the 10,000 line limit are unavailable?

Also, you are wondering who made the point about IRC vs. Slack user counts that I was responding to. Well.. uh.. you did. Just a few messages ago. You said, specifically:

"The fact is that we've had 1300 people on the slack channel for a while now. Which is about a magnitude more than ever on IRC. I think this approach is a big success."

This is what I was responding to. So I don't know how you're comparing "members" with "members" on IRC. I'm just pointing out that similar counting methods yield two or three orders of magnitude more members on IRC. So.. by either measure, it's not comparable.

from bitcoinclassic.

I am not misinformed.

I guess that slack doesn't like you personally, because it works different for the rest of us :)

Either way, I do really understand that IRC is the thing you know and Slack is hard because its different. I sympathise, I really do.

This report has been closed based on security reasons, so your struggles may be very real, but not really relevant to this point.

from bitcoinclassic.

@zander This report has been closed, claiming security reasons, and when asking about which security issues exist, or might exist, no answer was given.

@midnightmagic wrote "Can you please explain why it is an attack vector? Do you mean attack in the security sense, or attack in the political sense?"

If there is security concerns maybe they should be addressed, and if not it would be good for others who run slack to know which issues exists when GW is enabled.

from bitcoinclassic.

@zander Actually, it is not just me. It is appears to be all people:

< aknix> so my logs are gone from slack :(
< aknix> they were slack PMs
< Luke-Jr> aknix: yeah, problem with using slack..

Slack is not hard. It appears I know it, at this point, to a greater degree than is generally known.

I would say also that at this point, you are being disingenuous given the stated aims of the -classic project to be inclusive.

from bitcoinclassic.