Home Explore Help
Register Sign In
EPuters_Mirrors
/
almanack_mirror
Watch 2
Star 0
Fork 0
Files Issues 0 Pull Requests 0 Wiki
Branch: main
Branches Tags
almanack_mir...
/
wiki.d
/
Debate.Zncflaws

Debate.Zncflaws 58 KB
Permalink History Raw

12345678910111213141516171819202122232425262728293031323334353637383940414243444546474849505152535455565758596061626364656667686970717273747576777879808182838485868788899091929394959697 
  1. version=pmwiki-2.2.130 ordered=1 urlencoded=1
    2. 

  2. agent=Mozilla/5.0 (X11; OpenBSD amd64; rv:82.0) Gecko/20100101 Firefox/82.0
    3. 

  3. author=jrmu
    4. 

  4. charset=UTF-8
    5. 

  5. csum=
    6. 

  6. ctime=1597415298
    7. 

  7. host=198.251.81.119
    8. 

  8. name=Debate.Zncflaws
    9. 

  9. rev=28
    10. 

  10. targets=
    11. 

  11. text=!! Why we must replace ZNC with psyBNC%0a%0a!!! ZNC requires users set up dozens of connections%0a%0aZNC requires your IRC client make one connection per network. If a user wants to connect to 10 networks at once (freenode, ircnow, dal, efnet, etc), it requires him to set up 10 independent connections on his IRC client. This is almost impossible with mobile apps and very confusing for GUI apps. Practical experience has shown that %3c30%25 of bouncer users know how to do this. If you rely on ZNC, you will lose >70%25 of potential users. ZNC developers have declared they have zero interest in fixing this design flaw.%0a%0a!!! ZNC has a confusing way of logging in%0a%0aIf your username is john, your password is secret123, and you want to connect to freenode, your password field needs to be john/freenode:secret123. If you want to connect to dal, your password field needs to be john/dal:secret123. This is an unintuitive way of changing networks. Users don't understand this without 1-2 hours of troubleshooting.%0a%0a!!! ZNC is not designed for casual users%0a%0aIt requires reading far too much documentation in order to use. For example, typing /msg *status help shows a wall of text that only a sysadmin could understand. Jargon like AddTrustedServerFingerprint, ClearAllChannelBuffers, and SetUserBindHost are exposed to users -- words that only a sysadmin could understand after reading through several pages of wikis. As sysadmins, we should configure all this for the end-user so the end-user does not have to read a single page of documentation.%0a%0a!!! ZNC relies on a web panel%0a%0aThere are two problems. First, I suspect this web panel cannot be easily customized without recompiling. Secondly, it does not follow the UNIX philosophy of Do One Thing and Do It Well. There is no need to bundle a web server with a bouncer. These should be two separate programs because they deal with two separate protocols/objectives. There is no real need for a webpanel at all. There's nothing in the webpanel that could not be configured and managed by sysadmins on behalf of users.%0a%0a!!! ZNC is written in C++, an inelegant language.%0a%0a!!! ZNC throttles users so it can take hours to connect%0a%0aThe throttling is done poorly -- each connection is attempted and throttled serially, even if the networks being connected to are different. These connections should be done in parallel rather than serially. For example, if you have 30 independent networks to connect to and a 30 second throttling delay, it would take 15 minutes with ZNC, but it should only take 5 seconds with a proper bouncer that connects to all 30 networks simultaneously (no need to throttle because they are all unique). On a ZNC server with 1000 users, it can take hours (maybe days) just to connect.%0a%0a!!! ZNC will disconnect users and throttle if SSL certs are not properly signed%0a%0aIf a server doesn't have a properly signed SSL cert, ZNC will disconnect until the user adds the SSL fingerprint manually. This confuses >90%25 of users. They always blame our bouncer for not working properly. To make matters worse, ZNC then insists upon reconnecting every minute or so and failing in the same manner. And because ZNC does connection throttling, this slows everyone from being able to connect. You as a sysadmin are forced to manually disconnect networks that have SSL certs that aren't properly signed, or else in a few weeks, your ZNC becomes so slow (due to all the throttling) that it takes >10 mins to connect.%0a%0a!!! ZNC throttles everyone if someone is glined%0a%0aWhen someone is GLINEd, ZNC tries to reconnect every minute, causing everyone to suffer from connection throttling, even if they are not GLINEd.%0a%0a!!! Upon disconnect, ZNC loses all messages%0a%0aZNC loses all its messages if you are ddosed while away, or even if there is a simple brief 10 minute hiccup in networking. When this happens, '''every single message is lost'''.%0a%0a!!! ZNC adopts a protocol that introduces new bugs without new features%0a%0aZNC chose to adopt IRCv3, an unnecessary protocol which adds nothing of value to users but introduces a lot of bugs. We have documented that older versions of mIRC (from around v7.33 to 7.41) are unable to connect because either mIRC or ZNC improperly implement IRCv3 capability negotiation. This bug has also been observed with some other Mac and Android IRC clients. What is worse is that nothing in the system logs or user clients ever show this error; it just appears to be nonresponsive after IRCv3 capability negotiation. We are able to reproduce this bug.%0a%0aIn another documented bug with ZNC, [[https://docs.inspircd.org/faq/#why-does-my-client-not-show-mode-changesopped-users-on-joinetc-correctly-when-using-inspircd-v3|mode changes]] don't show up properly on InspIRCd v3.%0a%0a!!! ZNC can't prefer IPv6 by default%0a%0aIf you try to support both IPv4 and IPv6 simultaneously, ZNC will not prefer IPv6 when available, and there is no way to fix this currently short of a custom patch. If you want to prefer IPv6, you are forced to drop support for IPv4 (you are therefore unable to connect to IPv4-only networks). If you choose to support both IPv4 and IPv6, znc usually chooses IPv4 by default, rather than using IPv6 by default. This is a design flaw. The default should be IPv6, then fallback to IPv4.%0a%0a!!! ZNC module relies on commands not supported on all IRCds%0a%0aThe ZNC NickServ module appears to use the /nickserv alias which is not supported on all IRCds (not supported by ngircd). The proper nickserv module should instead adapt to each IRC network so that users do not have to memorize the idiosyncrasies of every single network's services. For example, for ngircd, the proper command is /squery nickserv identify %3cpassword>; for DALnet, the proper command is /msg nickserv@services.dal.net identify %3cpassword>. This really does not need to be an optional module; it needs to be integrated into the bouncer.%0a%0a!!! ZNC does not offer any easy way to download chat logs%0a%0aIt has a chat log module which stores the chat logs on the server hard disk -- but how is a user supposed to fetch these logs? Unless you give every single user on your bouncer ssh access, you are forced to manually email them.%0a%0a!!! ZNC has no way to register instantly upon connection%0a%0aRequesting a ZNC account using a web registration form or a bouncer bot is bad design. Users should be able to register an account instantly upon first connection.%0a%0a!!! ZNC has poor security%0a%0aZNC bundles the [[https://wiki.znc.in/Shell|shell module]] by default, a module which makes it easy to exploit a 0day to get shell access to the entire server.%0a%0a!!! ZNC's [[https://wiki.znc.in/Partyline|Partyline]] module is buggy%0a%0aWhen users are connected to multiple networks, messages often repeat 2x or more, and sometimes it causes the users to join strange channels without requesting it. This otherwise useful module has been dropped starting v1.8, so we will need to switch to psyBNC to keep it.%0a%0a!!! ZNC's blockuser module may be buggy%0a%0aI have not verified this with certainty, but I suspect that if you send a reconnect message to the *controlpanel, it may connect sometimes even if a user is blocked.%0a%0a!!! ZNC can't be made secure without chroot%0a%0aWith psybnc, we can use pledge and unveil.%0a%0a!!! ZNC treated IRCNow as a hate group%0a%0aIn the [[https://wiki.znc.in/index.php?title=Template:Providers/table&action=history|ZNC Providers]] page, IRCNow was falsely accused of being involved with hate activities. %0a%0a-> 30 January 2020‎ IRCNow removed due to multiple complaints of discrimination and hate activities by its administrators.%0a%0aThis accusation was made without a fair trial or ability to appeal. Since the development team is not friendly to our goals, IRCNow should not rely on their software.%0a%0a!!! Confusing mobile support%0a%0aA commonly requested feature is to be able to use ZNC for both mobile phone client and PC IRC client. Here's the [[https://wiki.znc.in/Multiple_clients|ZNC wiki]] explaining how you have multiple clients. This setup is too complex and confusing for normal people to follow.%0a%0a!!! No open source push notifications%0a%0aZNC modules often fall into the category of 1) not useful or 2) proprietary software. For example, the ZNC Push Notifications module is proprietary software. There is no open source push notifications for ZNC, but this feature is essential for a proper mobile IRC client.%0a%0a!!! Development team has different goals%0a%0aZNC developers most likely have no interest in fixing any of the above design flaws. You are better off forking the psyBNC code yourself and fixing what needs to be done.%0a%0apsyBNC may not be complete, but at least we can fork it and design it correctly.
    12. 

  12. time=1615258176
    13. 

  13. author:1615258176=jrmu
    14. 

  14. diff:1615258176:1615258154:=89c89%0a%3c ZNC modules often fall into the category of 1) not useful or 2) proprietary software. For example, the ZNC Push Notifications module is proprietary software. There is no open source push notifications for ZNC, but this feature is essential for a proper mobile IRC client.%0a---%0a> ZNC modules often fall into the category of 1) useless or 2) proprietary software. For example, the ZNC Push Notifications module is proprietary software. There is no open source push notifications for ZNC, but this feature is essential for a proper mobile IRC client.%0a
    15. 

  15. host:1615258176=198.251.81.119
    16. 

  16. author:1615258154=jrmu
    17. 

  17. diff:1615258154:1615258132:=85c85%0a%3c A commonly requested feature is to be able to use ZNC for both mobile phone client and PC IRC client. Here's the [[https://wiki.znc.in/Multiple_clients|ZNC wiki]] explaining how you have multiple clients. This setup is too complex and confusing for normal people to follow.%0a---%0a> A commonly requested feature is to be able to use ZNC for both mobile phone client and PC IRC client. Here's the [[https://wiki.znc.in/Multiple_clients|ZNC wiki]] explaining how you have multiple clients. Did you understand that? Neither did I. This setup is too complex and confusing for normal people to follow.%0a
    18. 

  18. host:1615258154=198.251.81.119
    19. 

  19. author:1615258132=jrmu
    20. 

  20. diff:1615258132:1615258104:=93,95c93%0a%3c ZNC developers most likely have no interest in fixing any of the above design flaws. You are better off forking the psyBNC code yourself and fixing what needs to be done.%0a%3c %0a%3c psyBNC may not be complete, but at least we can fork it and design it correctly.%0a\ No newline at end of file%0a---%0a> ZNC developers most likely have no interest in fixing any of the above design flaws. You are better off forking the psyBNC code yourself and fixing what needs to be done.%0a\ No newline at end of file%0a
    21. 

  21. host:1615258132=198.251.81.119
    22. 

  22. author:1615258104=jrmu
    23. 

  23. diff:1615258104:1615257891:=23,24c23,24%0a%3c The throttling is done poorly -- each connection is attempted and throttled serially, even if the networks being connected to are different. These connections should be done in parallel rather than serially. For example, if you have 30 independent networks to connect to and a 30 second throttling delay, it would take 15 minutes with ZNC, but it should only take 5 seconds with a proper bouncer that connects to all 30 networks simultaneously (no need to throttle because they are all unique). On a ZNC server with 1000 users, it can take hours (maybe days) just to connect.%0a%3c %0a---%0a> The throttling is done poorly -- each connection is attempted and throttled serially, even if the networks being connected to are different. These connections should be done in parallel rather than serially. For example, if you have 30 independent networks to connect to and a 30 second throttling delay, it would take 15 minutes with ZNC, but it should only take 5 seconds with a proper bouncer that connects to all 30 networks simultaneously (no need to throttle because they are all unique). On a ZNC server with 1000 users with 10 networks each, and 30 seconds of throttling, we are talking about a startup time of 5000 minutes; more than 3 days would elapse to get connected!%0a> %0a31,34c31,34%0a%3c When someone is GLINEd, ZNC tries to reconnect every minute, causing everyone to suffer from connection throttling, even if they are not GLINEd.%0a%3c %0a%3c !!! Upon disconnect, ZNC loses all messages%0a%3c %0a---%0a> When someone is GLINEd, ZNC stupidly tries to reconnect every minute, causing everyone to suffer from connection throttling, even if they are not GLINEd.%0a> %0a> !!! Upon disconnect, znc loses all messages%0a> %0a39,40c39,40%0a%3c ZNC chose to adopt IRCv3, an unnecessary protocol which adds nothing of value to users but introduces a lot of bugs. We have documented that older versions of mIRC (from around v7.33 to 7.41) are unable to connect because either mIRC or ZNC improperly implement IRCv3 capability negotiation. This bug has also been observed with some other Mac and Android IRC clients. What is worse is that nothing in the system logs or user clients ever show this error; it just appears to be nonresponsive after IRCv3 capability negotiation. We are able to reproduce this bug.%0a%3c %0a---%0a> ZNC chose to adopt IRCv3, a terrible protocol because it adds nothing of value to users but introduces a lot of bugs. We have documented that older versions of mIRC (from around v7.33 to 7.41) are unable to connect because either mIRC or ZNC improperly implement IRCv3 capability negotiation. This bug has also been observed with some other Mac and Android IRC clients. What is worse is that nothing in the system logs or user clients ever show this error; it just appears to be nonresponsive after IRCv3 capability negotiation. We are able to reproduce this bug.%0a> %0a53,54c53,54%0a%3c It has a chat log module which stores the chat logs on the server hard disk -- but how is a user supposed to fetch these logs? Unless you give every single user on your bouncer ssh access, you are forced to manually email them.%0a%3c %0a---%0a> It has a chat log module which stores the chat logs on the server hard disk -- but how is a user supposed to fetch these logs? Unless you give every single user on your bouncer ssh access, you are forced to manually email them. A hideous solution.%0a> %0a57,58c57,58%0a%3c Requesting a ZNC account using a web registration form or a bouncer bot is bad design. Users should be able to register an account instantly upon first connection.%0a%3c %0a---%0a> Requesting a ZNC account using a web registration form or a bouncer bot is an ugly hack. Users should be able to register an account instantly upon first connection.%0a> %0a93c93,95%0a%3c ZNC developers most likely have no interest in fixing any of the above design flaws. You are better off forking the psyBNC code yourself and fixing what needs to be done.%0a\ No newline at end of file%0a---%0a> ZNC developers most likely have no interest in fixing any of the above design flaws. And even if they did, you'd be at the mercy of their development team, which may take years before they fix it. You are better off forking the code yourself.%0a> %0a> ZNC is only 50%25 of the way there to a good bouncer. We chose it because it is more polished than psyBNC currently. psyBNC is only 30%25 of the way to a good bouncer. However, the problem is that znc is going on the wrong path, and will never straighten its course because of the above mentioned design flaws and a stubborn development team. psyBNC, however, is abandonware so we can mold it to fit our own goals.%0a
    24. 

  24. host:1615258104=198.251.81.119
    25. 

  25. author:1615257891=jrmu
    26. 

  26. diff:1615257891:1615257765:=59,62c59,62%0a%3c !!! ZNC has poor security%0a%3c %0a%3c ZNC bundles the [[https://wiki.znc.in/Shell|shell module]] by default, a module which makes it easy to exploit a 0day to get shell access to the entire server.%0a%3c %0a---%0a> !!! ZNC has terrible security%0a> %0a> ZNC bundles the [[https://wiki.znc.in/Shell|shell module]] by default, a module which makes it easy to exploit a 0day to get shell access to the entire server. It is impossible to delete this module. I complained about this to #znc on freenode and was told by that this was the least of my worries. This goes to show that znc developers do not care enough about security.%0a> %0a66a67,70%0a> !! Debugging is difficult%0a> %0a> There is no way to turn debugging on or off without compiling ZNC from source and restarting ZNC.%0a> %0a73,74c77,78%0a%3c With psybnc, we can use pledge and unveil.%0a%3c %0a---%0a> And chrooting ZNC is a horrible, ugly hack. With psybnc, we can use pledge and unveil.%0a> %0a81c85%0a%3c This accusation was made without a fair trial or ability to appeal. Since the development team is not friendly to our goals, IRCNow should not rely on their software.%0a---%0a> This accusation was made without a fair trial or ability to appeal. Since the development team is not friendly to our goals, we should not rely on their software.%0a
    27. 

  27. host:1615257891=198.251.81.119
    28. 

  28. author:1615257765=jrmu
    29. 

  29. diff:1615257765:1615257631:=5,6c5,6%0a%3c ZNC requires your IRC client make one connection per network. If a user wants to connect to 10 networks at once (freenode, ircnow, dal, efnet, etc), it requires him to set up 10 independent connections on his IRC client. This is almost impossible with mobile apps and very confusing for GUI apps. Practical experience has shown that %3c30%25 of bouncer users know how to do this. If you rely on ZNC, you will lose >70%25 of potential users. ZNC developers have declared they have zero interest in fixing this design flaw.%0a%3c %0a---%0a> ZNC requires your IRC client make one connection per network. If a user wants to connect to 10 networks at once (freenode, ircnow, dal, efnet, etc), it requires him to set up 10 independent connections on his IRC client. This is almost impossible with mobile apps and very confusing for GUI apps. Practical experience has shown that %3c30%25 of bouncer users know how to do this. If you rely on ZNC, you will lose >70%25 of potential users. ZNC developers have declared they have zero interest in fixing this design flaw; in fact, they are proud of it.%0a> %0a9,10c9,10%0a%3c If your username is john, your password is secret123, and you want to connect to freenode, your password field needs to be john/freenode:secret123. If you want to connect to dal, your password field needs to be john/dal:secret123. This is an unintuitive way of changing networks. Users don't understand this without 1-2 hours of troubleshooting.%0a%3c %0a---%0a> If your username is john, your password is secret123, and you want to connect to freenode, your password field needs to be john/freenode:secret123. If you want to connect to dal, your password field needs to be john/dal:secret123. Nowhere have I ever seen such a weird and confusing way of changing networks. Nobody understands this until he has spent 1-2 hours of troubleshooting.%0a> %0a13,19c13,19%0a%3c It requires reading far too much documentation in order to use. For example, typing /msg *status help shows a wall of text that only a sysadmin could understand. Jargon like AddTrustedServerFingerprint, ClearAllChannelBuffers, and SetUserBindHost are exposed to users -- words that only a sysadmin could understand after reading through several pages of wikis. As sysadmins, we should configure all this for the end-user so the end-user does not have to read a single page of documentation.%0a%3c %0a%3c !!! ZNC relies on a web panel%0a%3c %0a%3c There are two problems. First, I suspect this web panel cannot be easily customized without recompiling. Secondly, it does not follow the UNIX philosophy of Do One Thing and Do It Well. There is no need to bundle a web server with a bouncer. These should be two separate programs because they deal with two separate protocols/objectives. There is no real need for a webpanel at all. There's nothing in the webpanel that could not be configured and managed by sysadmins on behalf of users.%0a%3c %0a%3c !!! ZNC is written in C++, an inelegant language.%0a---%0a> It requires reading far too much documentation in order to use. For example, typing /msg *status help shows a wall of text that only a sysadmin could understand. You have jargon like AddTrustedServerFingerprint, ClearAllChannelBuffers, and SetUserBindHost -- words that only a sysadmin could understand after reading through several pages of wikis. As sysadmins, we should configure all this for the end-user so the end-user does not have to read a single page of documentation.%0a> %0a> !!! ZNC relies on a confusing web panel%0a> %0a> There are two problems. First, I suspect this web panel cannot be easily customized without recompiling. Secondly, it does not follow the UNIX philosophy of Do One Thing and Do It Well. There is no need to bundle a web server with a bouncer. These should be two separate programs because they deal with two separate protocols/objectives. If you think about the matter critically, you will realize that users don't need a webpanel at all. There's nothing in the webpanel that could not be configured and managed by sysadmins on behalf of users.%0a> %0a> !!! ZNC is written in C++, an ugly and inelegant language.%0a
    30. 

  30. host:1615257765=198.251.81.119
    31. 

  31. author:1615257631=jrmu
    32. 

  32. diff:1615257631:1615257614:=23c23%0a%3c The throttling is done poorly -- each connection is attempted and throttled serially, even if the networks being connected to are different. These connections should be done in parallel rather than serially. For example, if you have 30 independent networks to connect to and a 30 second throttling delay, it would take 15 minutes with ZNC, but it should only take 5 seconds with a proper bouncer that connects to all 30 networks simultaneously (no need to throttle because they are all unique). On a ZNC server with 1000 users with 10 networks each, and 30 seconds of throttling, we are talking about a startup time of 5000 minutes; more than 3 days would elapse to get connected!%0a---%0a> The throttling is done in a very stupid manner -- each connection is attempted and throttled serially, even if the networks being connected to are different. These connections should be done in parallel rather than serially. For example, if you have 30 independent networks to connect to and a 30 second throttling delay, it would take 15 minutes with ZNC, but it should only take 5 seconds with a proper bouncer that connects to all 30 networks simultaneously (no need to throttle because they are all unique). On a ZNC server with 1000 users with 10 networks each, and 30 seconds of throttling, we are talking about a startup time of 5000 minutes; more than 3 days would elapse to get connected!%0a
    33. 

  33. host:1615257631=198.251.81.119
    34. 

  34. author:1615257614=jrmu
    35. 

  35. diff:1615257614:1609035218:=1,4c1,4%0a%3c !! Why we must replace ZNC with psyBNC%0a%3c %0a%3c !!! ZNC requires users set up dozens of connections%0a%3c %0a---%0a> !! Why ZNC is destined for failure%0a> %0a> !!! ZNC requires users set up dozens of confusing connections%0a> %0a7c7%0a%3c !!! ZNC has a confusing way of logging in%0a---%0a> !!! ZNC has an incredibly confusing way of logging in%0a
    36. 

  36. host:1615257614=198.251.81.119
    37. 

  37. author:1609035218=jrmu
    38. 

  38. diff:1609035218:1609035197:=83c83%0a%3c -> 30 January 2020‎ IRCNow removed due to multiple complaints of discrimination and hate activities by its administrators.%0a---%0a> -> 30 January 2020‎ IRCNow removed due to multiple complaints of discrimination and hate activities by its administrators. undo%0a
    39. 

  39. host:1609035218=198.251.81.119
    40. 

  40. author:1609035197=jrmu
    41. 

  41. diff:1609035197:1609035136:=81,85c81%0a%3c In the [[https://wiki.znc.in/index.php?title=Template:Providers/table&action=history|ZNC Providers]] page, IRCNow was falsely accused of being involved with hate activities. %0a%3c %0a%3c -> 30 January 2020‎ IRCNow removed due to multiple complaints of discrimination and hate activities by its administrators. undo%0a%3c %0a%3c This accusation was made without a fair trial or ability to appeal. Since the development team is not friendly to our goals, we should not rely on their software.%0a---%0a> In the [[https://wiki.znc.in/index.php?title=Template:Providers/table&action=history|ZNC Providers]] page, IRCNow was falsely accused of being involved with hate activities. This was made without a fair trial or ability to appeal. Since the development team is not friendly to our goals, we should not rely on their software.%0a
    42. 

  42. host:1609035197=198.251.81.119
    43. 

  43. author:1609035136=jrmu
    44. 

  44. diff:1609035136:1609002418:=79,81d78%0a%3c !!! ZNC treated IRCNow as a hate group%0a%3c %0a%3c In the [[https://wiki.znc.in/index.php?title=Template:Providers/table&action=history|ZNC Providers]] page, IRCNow was falsely accused of being involved with hate activities. This was made without a fair trial or ability to appeal. Since the development team is not friendly to our goals, we should not rely on their software.%0a
    45. 

  45. host:1609035136=198.251.81.119
    46. 

  46. author:1609002418=jrmu
    47. 

  47. diff:1609002418:1608203706:=45a46,54%0a> %0a> !!! ZNC segfaults on OpenBSD when the bindhost is IPv6 but the network is IPv4 only%0a> %0a> If a znc user has a bindhost that is IPv6 only but the network is IPv4 only, it will segfault: %0a> %0a> TDNS: initiating resolving of [irc.example.net] and bindhost [user.fruit.ircnow.org]%0a> Segmentation fault (core dumped)%0a> %0a> This causes all your users to disconnect!%0a
    48. 

  48. host:1609002418=198.251.81.119
    49. 

  49. author:1608203706=jrmu
    50. 

  50. diff:1608203706:1608203035:=47,54c47,49%0a%3c !!! ZNC segfaults on OpenBSD when the bindhost is IPv6 but the network is IPv4 only%0a%3c %0a%3c If a znc user has a bindhost that is IPv6 only but the network is IPv4 only, it will segfault: %0a%3c %0a%3c TDNS: initiating resolving of [irc.example.net] and bindhost [user.fruit.ircnow.org]%0a%3c Segmentation fault (core dumped)%0a%3c %0a%3c This causes all your users to disconnect!%0a---%0a> !!! ZNC segfaults when the bindhost is IPv6 but the network is IPv4 only%0a> %0a> %0a
    51. 

  51. host:1608203706=198.251.81.119
    52. 

  52. author:1608203035=jrmu
    53. 

  53. diff:1608203035:1601186671:=46,49d45%0a%3c %0a%3c !!! ZNC segfaults when the bindhost is IPv6 but the network is IPv4 only%0a%3c %0a%3c %0a
    54. 

  54. host:1608203035=198.251.81.119
    55. 

  55. author:1601186671=jrmu
    56. 

  56. diff:1601186671:1599194194:=40,41d39%0a%3c %0a%3c In another documented bug with ZNC, [[https://docs.inspircd.org/faq/#why-does-my-client-not-show-mode-changesopped-users-on-joinetc-correctly-when-using-inspircd-v3|mode changes]] don't show up properly on InspIRCd v3.%0a
    57. 

  57. host:1601186671=38.81.163.143
    58. 

  58. author:1599194194=jrmu
    59. 

  59. diff:1599194194:1598784333:=90a91,96%0a> %0a> !! psyBNC is the bouncer of the future%0a> %0a> # Written in C, a UNIX hacker's best friend.%0a> # psyBNC can multiplex multiple network connections onto a single connection, so that users only have to connect to psyBNC once to access all networks. If a user chooses to connect to 200 networks using psyBNC, his IRC client only has to connect once to psyBNC. This is a lot more intuitive than logging in 200 times.%0a> # Instead of chroot, we can use OpenBSD's pledge and unveil for greater security.%0a\ No newline at end of file%0a
    60. 

  60. host:1599194194=38.81.163.143
    61. 

  61. author:1598784333=jrmu
    62. 

  62. diff:1598784333:1598784317:minor=35c35%0a%3c ZNC loses all its messages if you are ddosed while away, or even if there is a simple brief 10 minute hiccup in networking. When this happens, '''every single message is lost'''.%0a---%0a> ZNC loses all its messages if you are ddosed while away, or even if there is a simple brief 10 minute hiccup in networking. When this happens, '''every single message is lost'''. Nothing is cached to disk.%0a
    63. 

  63. host:1598784333=38.81.163.143
    64. 

  64. author:1598784317=jrmu
    65. 

  65. diff:1598784317:1597806344:=32,35d31%0a%3c %0a%3c !!! Upon disconnect, znc loses all messages%0a%3c %0a%3c ZNC loses all its messages if you are ddosed while away, or even if there is a simple brief 10 minute hiccup in networking. When this happens, '''every single message is lost'''. Nothing is cached to disk.%0a
    66. 

  66. host:1598784317=38.81.163.143
    67. 

  67. author:1597806344=jrmu
    68. 

  68. diff:1597806344:1597806299:=15,17c15%0a%3c !!! ZNC relies on a confusing web panel%0a%3c %0a%3c There are two problems. First, I suspect this web panel cannot be easily customized without recompiling. Secondly, it does not follow the UNIX philosophy of Do One Thing and Do It Well. There is no need to bundle a web server with a bouncer. These should be two separate programs because they deal with two separate protocols/objectives. If you think about the matter critically, you will realize that users don't need a webpanel at all. There's nothing in the webpanel that could not be configured and managed by sysadmins on behalf of users.%0a---%0a> !!! ZNC relies on a web panel. There are two problems. First, I suspect this web panel cannot be easily customized without recompiling. Secondly, it does not follow the UNIX philosophy of Do One Thing and Do It Well. There is no need to bundle a web server with a bouncer. These should be two separate programs because they deal with two separate protocols/objectives. If you think about the matter critically, you will realize that users don't need a webpanel at all. There's nothing in the webpanel that could not be configured and managed by sysadmins on behalf of users.%0a
    69. 

  69. host:1597806344=38.81.163.143
    70. 

  70. author:1597806299=jrmu
    71. 

  71. diff:1597806299:1597806078:=58,83c58,64%0a%3c %0a%3c !! Debugging is difficult%0a%3c %0a%3c There is no way to turn debugging on or off without compiling ZNC from source and restarting ZNC.%0a%3c %0a%3c !!! ZNC's blockuser module may be buggy%0a%3c %0a%3c I have not verified this with certainty, but I suspect that if you send a reconnect message to the *controlpanel, it may connect sometimes even if a user is blocked.%0a%3c %0a%3c !!! ZNC can't be made secure without chroot%0a%3c %0a%3c And chrooting ZNC is a horrible, ugly hack. With psybnc, we can use pledge and unveil.%0a%3c %0a%3c %0a%3c !!! Confusing mobile support%0a%3c %0a%3c A commonly requested feature is to be able to use ZNC for both mobile phone client and PC IRC client. Here's the [[https://wiki.znc.in/Multiple_clients|ZNC wiki]] explaining how you have multiple clients. Did you understand that? Neither did I. This setup is too complex and confusing for normal people to follow.%0a%3c %0a%3c !!! No open source push notifications%0a%3c %0a%3c ZNC modules often fall into the category of 1) useless or 2) proprietary software. For example, the ZNC Push Notifications module is proprietary software. There is no open source push notifications for ZNC, but this feature is essential for a proper mobile IRC client.%0a%3c %0a%3c !!! Development team has different goals%0a%3c %0a%3c ZNC developers most likely have no interest in fixing any of the above design flaws. And even if they did, you'd be at the mercy of their development team, which may take years before they fix it. You are better off forking the code yourself.%0a%3c %0a---%0a>   - There is no way to turn debugging on or off without compiling ZNC from source and restarting ZNC.%0a>   - ZNC's blockuser module may be buggy. I have not verified this with certainty, but I suspect that if you send a reconnect message to the *controlpanel, it may connect sometimes even if a user is blocked.%0a>   - Chrooting ZNC is a horrible, ugly hack.%0a>   - A commonly requested feature is to be able to use ZNC for both mobile phone client and PC IRC client. Here's the [[https://wiki.znc.in/Multiple_clients|ZNC wiki]] explaining how you have multiple clients. Did you understand that? Neither did I. This setup is too complex and confusing for normal people to follow.%0a>   - ZNC developers most likely have no interest in fixing any of the above design flaws. And even if they did, you'd be at the mercy of their development team, which may take years before they fix it. You are better off forking the code yourself.%0a>   - ZNC modules often fall into the category of 1) useless or 2) proprietary software. For example, the ZNC Push Notifications module is proprietary software. There is no open source push notifications for ZNC, but this feature is essential for a proper mobile IRC client.%0a> %0a86,90c67,71%0a%3c !! psyBNC is the bouncer of the future%0a%3c %0a%3c # Written in C, a UNIX hacker's best friend.%0a%3c # psyBNC can multiplex multiple network connections onto a single connection, so that users only have to connect to psyBNC once to access all networks. If a user chooses to connect to 200 networks using psyBNC, his IRC client only has to connect once to psyBNC. This is a lot more intuitive than logging in 200 times.%0a%3c # Instead of chroot, we can use OpenBSD's pledge and unveil for greater security.%0a\ No newline at end of file%0a---%0a> ====== psyBNC is the bouncer of the future ======%0a> %0a>   - Written in C, a UNIX hacker's best friend.%0a>   - psyBNC can multiplex multiple network connections onto a single connection, so that users only have to connect to psyBNC once to access all networks. If a user chooses to connect to 200 networks using psyBNC, his IRC client only has to connect once to psyBNC. This is a lot more intuitive than logging in 200 times.%0a>   - Instead of chroot, we can use OpenBSD's pledge and unveil for greater security.%0a\ No newline at end of file%0a
    72. 

  72. host:1597806299=38.81.163.143
    73. 

  73. author:1597806078=jrmu
    74. 

  74. diff:1597806078:1597806026:=51,57c51,52%0a%3c !!! ZNC has terrible security%0a%3c %0a%3c ZNC bundles the [[https://wiki.znc.in/Shell|shell module]] by default, a module which makes it easy to exploit a 0day to get shell access to the entire server. It is impossible to delete this module. I complained about this to #znc on freenode and was told by that this was the least of my worries. This goes to show that znc developers do not care enough about security.%0a%3c %0a%3c !!! ZNC's [[https://wiki.znc.in/Partyline|Partyline]] module is buggy%0a%3c %0a%3c When users are connected to multiple networks, messages often repeat 2x or more, and sometimes it causes the users to join strange channels without requesting it. This otherwise useful module has been dropped starting v1.8, so we will need to switch to psyBNC to keep it.%0a---%0a> !!! ZNC bundles the [[https://wiki.znc.in/Shell|shell module]] by default, a module which makes it easy to exploit a 0day to get shell access to the entire server. It is impossible to delete this module. I complained about this to #znc on freenode and was told by that this was the least of my worries. This goes to show that znc developers do not care enough about security.%0a>   - ZNC's [[https://wiki.znc.in/Partyline|Partyline]] module is buggy when users are connected to multiple networks. Often, messages repeat 2x or more, and sometimes it causes the users to join strange channels without requesting it. This otherwise useful module has been dropped starting v1.8, so we will need to switch to psyBNC to keep it.%0a
    75. 

  75. host:1597806078=38.81.163.143
    76. 

  76. author:1597806026=jrmu
    77. 

  77. diff:1597806026:1597805834:=38,51c38,41%0a%3c %0a%3c !!! ZNC module relies on commands not supported on all IRCds%0a%3c %0a%3c The ZNC NickServ module appears to use the /nickserv alias which is not supported on all IRCds (not supported by ngircd). The proper nickserv module should instead adapt to each IRC network so that users do not have to memorize the idiosyncrasies of every single network's services. For example, for ngircd, the proper command is /squery nickserv identify %3cpassword>; for DALnet, the proper command is /msg nickserv@services.dal.net identify %3cpassword>. This really does not need to be an optional module; it needs to be integrated into the bouncer.%0a%3c %0a%3c !!! ZNC does not offer any easy way to download chat logs%0a%3c %0a%3c It has a chat log module which stores the chat logs on the server hard disk -- but how is a user supposed to fetch these logs? Unless you give every single user on your bouncer ssh access, you are forced to manually email them. A hideous solution.%0a%3c %0a%3c !!! ZNC has no way to register instantly upon connection%0a%3c %0a%3c Requesting a ZNC account using a web registration form or a bouncer bot is an ugly hack. Users should be able to register an account instantly upon first connection.%0a%3c %0a%3c !!! ZNC bundles the [[https://wiki.znc.in/Shell|shell module]] by default, a module which makes it easy to exploit a 0day to get shell access to the entire server. It is impossible to delete this module. I complained about this to #znc on freenode and was told by that this was the least of my worries. This goes to show that znc developers do not care enough about security.%0a---%0a>   - ZNC nickserv module appears to use the /nickserv alias which is not supported on all IRCds (not supported by ngircd). The proper nickserv module should instead adapt to each IRC network so that users do not have to memorize the idiosyncrasies of every single network's services. For example, for ngircd, the proper command is /squery nickserv identify %3cpassword>; for DALnet, the proper command is /msg nickserv@services.dal.net identify %3cpassword>. This really does not need to be an optional module; it needs to be integrated into the bouncer.%0a>   - ZNC does not offer users any way to download their chat logs. It has a chat log module which stores the chat logs on the server hard disk -- but how is a user supposed to fetch these logs? Unless you give every single user on your bouncer ssh access, you are forced to manually email them. A hideous solution.%0a>   - Requesting a ZNC account using a web registration form or a bouncer bot is an ugly hack. Users should be able to register an account instantly upon first connection.%0a>   - ZNC bundles the [[https://wiki.znc.in/Shell|shell module]] by default, a module which makes it easy to exploit a 0day to get shell access to the entire server. It is impossible to delete this module. I complained about this to #znc on freenode and was told by that this was the least of my worries. This goes to show that znc developers do not care enough about security.%0a
    78. 

  78. host:1597806026=38.81.163.143
    79. 

  79. author:1597805834=jrmu
    80. 

  80. diff:1597805834:1597805755:=22d21%0a%3c %0a26d24%0a%3c %0a35,37c33%0a%3c !!! ZNC can't prefer IPv6 by default%0a%3c %0a%3c If you try to support both IPv4 and IPv6 simultaneously, ZNC will not prefer IPv6 when available, and there is no way to fix this currently short of a custom patch. If you want to prefer IPv6, you are forced to drop support for IPv4 (you are therefore unable to connect to IPv4-only networks). If you choose to support both IPv4 and IPv6, znc usually chooses IPv4 by default, rather than using IPv6 by default. This is a design flaw. The default should be IPv6, then fallback to IPv4.%0a---%0a>   - ZNC has no way of supporting both IPv4 and IPv6 simultaneously while preferring IPv6 when available. If you want to prefer IPv6, you are forced to drop support for IPv4 (you are therefore unable to connect to IPv4-only networks). If you choose to support both IPv4 and IPv6, znc usually chooses IPv4 by default, rather than using IPv6 by default. This is a design flaw. The default should be IPv6, then fallback to IPv4.%0a
    81. 

  81. host:1597805834=38.81.163.143
    82. 

  82. author:1597805755=jrmu
    83. 

  83. diff:1597805755:1597805722:=29,32c29%0a%3c !!! ZNC adopts a protocol that introduces new bugs without new features%0a%3c %0a%3c ZNC chose to adopt IRCv3, a terrible protocol because it adds nothing of value to users but introduces a lot of bugs. We have documented that older versions of mIRC (from around v7.33 to 7.41) are unable to connect because either mIRC or ZNC improperly implement IRCv3 capability negotiation. This bug has also been observed with some other Mac and Android IRC clients. What is worse is that nothing in the system logs or user clients ever show this error; it just appears to be nonresponsive after IRCv3 capability negotiation. We are able to reproduce this bug.%0a%3c %0a---%0a> !!! ZNC chose to adopt IRCv3, a terrible protocol because it adds nothing of value to users but introduces a lot of bugs. We have documented that older versions of mIRC (from around v7.33 to 7.41) are unable to connect because either mIRC or ZNC improperly implement IRCv3 capability negotiation. This bug has also been observed with some other Mac and Android IRC clients. What is worse is that nothing in the system logs or user clients ever show this error; it just appears to be nonresponsive after IRCv3 capability negotiation. We are able to reproduce this bug.%0a
    84. 

  84. host:1597805755=38.81.163.143
    85. 

  85. author:1597805722=jrmu
    86. 

  86. diff:1597805722:1597805651:=22,29c22,24%0a%3c !!! ZNC will disconnect users and throttle if SSL certs are not properly signed%0a%3c %0a%3c If a server doesn't have a properly signed SSL cert, ZNC will disconnect until the user adds the SSL fingerprint manually. This confuses >90%25 of users. They always blame our bouncer for not working properly. To make matters worse, ZNC then insists upon reconnecting every minute or so and failing in the same manner. And because ZNC does connection throttling, this slows everyone from being able to connect. You as a sysadmin are forced to manually disconnect networks that have SSL certs that aren't properly signed, or else in a few weeks, your ZNC becomes so slow (due to all the throttling) that it takes >10 mins to connect.%0a%3c !!! ZNC throttles everyone if someone is glined%0a%3c %0a%3c When someone is GLINEd, ZNC stupidly tries to reconnect every minute, causing everyone to suffer from connection throttling, even if they are not GLINEd.%0a%3c %0a%3c !!! ZNC chose to adopt IRCv3, a terrible protocol because it adds nothing of value to users but introduces a lot of bugs. We have documented that older versions of mIRC (from around v7.33 to 7.41) are unable to connect because either mIRC or ZNC improperly implement IRCv3 capability negotiation. This bug has also been observed with some other Mac and Android IRC clients. What is worse is that nothing in the system logs or user clients ever show this error; it just appears to be nonresponsive after IRCv3 capability negotiation. We are able to reproduce this bug.%0a---%0a>   - If a server doesn't have a properly signed SSL cert, ZNC will disconnect until the user adds the SSL fingerprint manually. This confuses >90%25 of users. They always blame our bouncer for not working properly. To make matters worse, ZNC then insists upon reconnecting every minute or so and failing in the same manner. And because ZNC does connection throttling, this slows everyone from being able to connect. You as a sysadmin are forced to manually disconnect networks that have SSL certs that aren't properly signed, or else in a few weeks, your ZNC becomes so slow (due to all the throttling) that it takes >10 mins to connect.%0a>   - This same error also occurs when our bouncers are GLINEd. Again, ZNC stupidly tries to reconnect every minute, causing everyone to suffer from connection throttling, even if they are not GLINEd.%0a>   - ZNC chose to adopt IRCv3, a terrible protocol because it adds nothing of value to users but introduces a lot of bugs. We have documented that older versions of mIRC (from around v7.33 to 7.41) are unable to connect because either mIRC or ZNC improperly implement IRCv3 capability negotiation. This bug has also been observed with some other Mac and Android IRC clients. What is worse is that nothing in the system logs or user clients ever show this error; it just appears to be nonresponsive after IRCv3 capability negotiation. We are able to reproduce this bug.%0a
    87. 

  87. host:1597805722=38.81.163.143
    88. 

  88. author:1597805651=jrmu
    89. 

  89. diff:1597805651:1597805603:=16,21c16,17%0a%3c %0a%3c !!! ZNC is written in C++, an ugly and inelegant language.%0a%3c %0a%3c !!! ZNC throttles users so it can take hours to connect%0a%3c %0a%3c The throttling is done in a very stupid manner -- each connection is attempted and throttled serially, even if the networks being connected to are different. These connections should be done in parallel rather than serially. For example, if you have 30 independent networks to connect to and a 30 second throttling delay, it would take 15 minutes with ZNC, but it should only take 5 seconds with a proper bouncer that connects to all 30 networks simultaneously (no need to throttle because they are all unique). On a ZNC server with 1000 users with 10 networks each, and 30 seconds of throttling, we are talking about a startup time of 5000 minutes; more than 3 days would elapse to get connected!%0a---%0a>   - ZNC is written in C++, an ugly and inelegant language.%0a>   - ZNC throttles users when you first start up ZNC and connect everyone. However, the throttling is done in a very stupid manner -- each connection is attempted and throttled serially, even if the networks being connected to are different. These connections should be done in parallel rather than serially. For example, if you have 30 independent networks to connect to and a 30 second throttling delay, it would take 15 minutes with ZNC, but it should only take 5 seconds with a proper bouncer that connects to all 30 networks simultaneously (no need to throttle because they are all unique). On a ZNC server with 1000 users with 10 networks each, and 30 seconds of throttling, we are talking about a startup time of 5000 minutes; more than 3 days would elapse to get connected!%0a
    90. 

  90. host:1597805651=38.81.163.143
    91. 

  91. author:1597805603=jrmu
    92. 

  92. diff:1597805603:1597415298:=1,15c1,6%0a%3c !! Why ZNC is destined for failure%0a%3c %0a%3c !!! ZNC requires users set up dozens of confusing connections%0a%3c %0a%3c ZNC requires your IRC client make one connection per network. If a user wants to connect to 10 networks at once (freenode, ircnow, dal, efnet, etc), it requires him to set up 10 independent connections on his IRC client. This is almost impossible with mobile apps and very confusing for GUI apps. Practical experience has shown that %3c30%25 of bouncer users know how to do this. If you rely on ZNC, you will lose >70%25 of potential users. ZNC developers have declared they have zero interest in fixing this design flaw; in fact, they are proud of it.%0a%3c %0a%3c !!! ZNC has an incredibly confusing way of logging in%0a%3c %0a%3c If your username is john, your password is secret123, and you want to connect to freenode, your password field needs to be john/freenode:secret123. If you want to connect to dal, your password field needs to be john/dal:secret123. Nowhere have I ever seen such a weird and confusing way of changing networks. Nobody understands this until he has spent 1-2 hours of troubleshooting.%0a%3c %0a%3c !!! ZNC is not designed for casual users%0a%3c %0a%3c It requires reading far too much documentation in order to use. For example, typing /msg *status help shows a wall of text that only a sysadmin could understand. You have jargon like AddTrustedServerFingerprint, ClearAllChannelBuffers, and SetUserBindHost -- words that only a sysadmin could understand after reading through several pages of wikis. As sysadmins, we should configure all this for the end-user so the end-user does not have to read a single page of documentation.%0a%3c %0a%3c !!! ZNC relies on a web panel. There are two problems. First, I suspect this web panel cannot be easily customized without recompiling. Secondly, it does not follow the UNIX philosophy of Do One Thing and Do It Well. There is no need to bundle a web server with a bouncer. These should be two separate programs because they deal with two separate protocols/objectives. If you think about the matter critically, you will realize that users don't need a webpanel at all. There's nothing in the webpanel that could not be configured and managed by sysadmins on behalf of users.%0a---%0a> ====== Why ZNC is destined for failure ======%0a> %0a>   - ZNC requires one connection per network. If a user wants to connect to 10 networks at once (freenode, ircnow, dal, efnet, etc), it requires him to set up 10 independent connections on his IRC client. This is almost impossible with mobile apps and very confusing for GUI apps. Practical experience has shown that %3c30%25 of bouncer users know how to do this. If you rely on ZNC, you will lose >70%25 of potential users. ZNC developers have declared they have zero interest in fixing this design flaw; in fact, they are proud of it.%0a>   - ZNC has invented the most confusing way of logging in. If your username is john, your password is secret123, and you want to connect to freenode, your password field needs to be john/freenode:secret123. If you want to connect to dal, your password field needs to be john/dal:secret123. Nowhere have I ever seen such a weird and confusing way of changing networks. Nobody understands this until he has spent 1-2 hours of troubleshooting.%0a>   - ZNC is not designed for casual users. It requires reading far too much documentation in order to use. For example, typing /msg *status help shows a wall of text that only a sysadmin could understand. You have jargon like AddTrustedServerFingerprint, ClearAllChannelBuffers, and SetUserBindHost -- words that only a sysadmin could understand after reading through several pages of wikis. As sysadmins, we should configure all this for the end-user so the end-user does not have to read a single page of documentation.%0a>   - ZNC relies on a web panel. There are two problems. First, I suspect this web panel cannot be easily customized without recompiling. Secondly, it does not follow the UNIX philosophy of Do One Thing and Do It Well. There is no need to bundle a web server with a bouncer. These should be two separate programs because they deal with two separate protocols/objectives. If you think about the matter critically, you will realize that users don't need a webpanel at all. There's nothing in the webpanel that could not be configured and managed by sysadmins on behalf of users.%0a
    93. 

  93. host:1597805603=38.81.163.143
    94. 

  94. author:1597415298=jrmu
    95. 

  95. diff:1597415298:1597415298:=1,31d0%0a%3c ====== Why ZNC is destined for failure ======%0a%3c %0a%3c   - ZNC requires one connection per network. If a user wants to connect to 10 networks at once (freenode, ircnow, dal, efnet, etc), it requires him to set up 10 independent connections on his IRC client. This is almost impossible with mobile apps and very confusing for GUI apps. Practical experience has shown that %3c30%25 of bouncer users know how to do this. If you rely on ZNC, you will lose >70%25 of potential users. ZNC developers have declared they have zero interest in fixing this design flaw; in fact, they are proud of it.%0a%3c   - ZNC has invented the most confusing way of logging in. If your username is john, your password is secret123, and you want to connect to freenode, your password field needs to be john/freenode:secret123. If you want to connect to dal, your password field needs to be john/dal:secret123. Nowhere have I ever seen such a weird and confusing way of changing networks. Nobody understands this until he has spent 1-2 hours of troubleshooting.%0a%3c   - ZNC is not designed for casual users. It requires reading far too much documentation in order to use. For example, typing /msg *status help shows a wall of text that only a sysadmin could understand. You have jargon like AddTrustedServerFingerprint, ClearAllChannelBuffers, and SetUserBindHost -- words that only a sysadmin could understand after reading through several pages of wikis. As sysadmins, we should configure all this for the end-user so the end-user does not have to read a single page of documentation.%0a%3c   - ZNC relies on a web panel. There are two problems. First, I suspect this web panel cannot be easily customized without recompiling. Secondly, it does not follow the UNIX philosophy of Do One Thing and Do It Well. There is no need to bundle a web server with a bouncer. These should be two separate programs because they deal with two separate protocols/objectives. If you think about the matter critically, you will realize that users don't need a webpanel at all. There's nothing in the webpanel that could not be configured and managed by sysadmins on behalf of users.%0a%3c   - ZNC is written in C++, an ugly and inelegant language.%0a%3c   - ZNC throttles users when you first start up ZNC and connect everyone. However, the throttling is done in a very stupid manner -- each connection is attempted and throttled serially, even if the networks being connected to are different. These connections should be done in parallel rather than serially. For example, if you have 30 independent networks to connect to and a 30 second throttling delay, it would take 15 minutes with ZNC, but it should only take 5 seconds with a proper bouncer that connects to all 30 networks simultaneously (no need to throttle because they are all unique). On a ZNC server with 1000 users with 10 networks each, and 30 seconds of throttling, we are talking about a startup time of 5000 minutes; more than 3 days would elapse to get connected!%0a%3c   - If a server doesn't have a properly signed SSL cert, ZNC will disconnect until the user adds the SSL fingerprint manually. This confuses >90%25 of users. They always blame our bouncer for not working properly. To make matters worse, ZNC then insists upon reconnecting every minute or so and failing in the same manner. And because ZNC does connection throttling, this slows everyone from being able to connect. You as a sysadmin are forced to manually disconnect networks that have SSL certs that aren't properly signed, or else in a few weeks, your ZNC becomes so slow (due to all the throttling) that it takes >10 mins to connect.%0a%3c   - This same error also occurs when our bouncers are GLINEd. Again, ZNC stupidly tries to reconnect every minute, causing everyone to suffer from connection throttling, even if they are not GLINEd.%0a%3c   - ZNC chose to adopt IRCv3, a terrible protocol because it adds nothing of value to users but introduces a lot of bugs. We have documented that older versions of mIRC (from around v7.33 to 7.41) are unable to connect because either mIRC or ZNC improperly implement IRCv3 capability negotiation. This bug has also been observed with some other Mac and Android IRC clients. What is worse is that nothing in the system logs or user clients ever show this error; it just appears to be nonresponsive after IRCv3 capability negotiation. We are able to reproduce this bug.%0a%3c   - ZNC has no way of supporting both IPv4 and IPv6 simultaneously while preferring IPv6 when available. If you want to prefer IPv6, you are forced to drop support for IPv4 (you are therefore unable to connect to IPv4-only networks). If you choose to support both IPv4 and IPv6, znc usually chooses IPv4 by default, rather than using IPv6 by default. This is a design flaw. The default should be IPv6, then fallback to IPv4.%0a%3c   - ZNC nickserv module appears to use the /nickserv alias which is not supported on all IRCds (not supported by ngircd). The proper nickserv module should instead adapt to each IRC network so that users do not have to memorize the idiosyncrasies of every single network's services. For example, for ngircd, the proper command is /squery nickserv identify %3cpassword>; for DALnet, the proper command is /msg nickserv@services.dal.net identify %3cpassword>. This really does not need to be an optional module; it needs to be integrated into the bouncer.%0a%3c   - ZNC does not offer users any way to download their chat logs. It has a chat log module which stores the chat logs on the server hard disk -- but how is a user supposed to fetch these logs? Unless you give every single user on your bouncer ssh access, you are forced to manually email them. A hideous solution.%0a%3c   - Requesting a ZNC account using a web registration form or a bouncer bot is an ugly hack. Users should be able to register an account instantly upon first connection.%0a%3c   - ZNC bundles the [[https://wiki.znc.in/Shell|shell module]] by default, a module which makes it easy to exploit a 0day to get shell access to the entire server. It is impossible to delete this module. I complained about this to #znc on freenode and was told by that this was the least of my worries. This goes to show that znc developers do not care enough about security.%0a%3c   - ZNC's [[https://wiki.znc.in/Partyline|Partyline]] module is buggy when users are connected to multiple networks. Often, messages repeat 2x or more, and sometimes it causes the users to join strange channels without requesting it. This otherwise useful module has been dropped starting v1.8, so we will need to switch to psyBNC to keep it.%0a%3c   - There is no way to turn debugging on or off without compiling ZNC from source and restarting ZNC.%0a%3c   - ZNC's blockuser module may be buggy. I have not verified this with certainty, but I suspect that if you send a reconnect message to the *controlpanel, it may connect sometimes even if a user is blocked.%0a%3c   - Chrooting ZNC is a horrible, ugly hack.%0a%3c   - A commonly requested feature is to be able to use ZNC for both mobile phone client and PC IRC client. Here's the [[https://wiki.znc.in/Multiple_clients|ZNC wiki]] explaining how you have multiple clients. Did you understand that? Neither did I. This setup is too complex and confusing for normal people to follow.%0a%3c   - ZNC developers most likely have no interest in fixing any of the above design flaws. And even if they did, you'd be at the mercy of their development team, which may take years before they fix it. You are better off forking the code yourself.%0a%3c   - ZNC modules often fall into the category of 1) useless or 2) proprietary software. For example, the ZNC Push Notifications module is proprietary software. There is no open source push notifications for ZNC, but this feature is essential for a proper mobile IRC client.%0a%3c %0a%3c ZNC is only 50%25 of the way there to a good bouncer. We chose it because it is more polished than psyBNC currently. psyBNC is only 30%25 of the way to a good bouncer. However, the problem is that znc is going on the wrong path, and will never straighten its course because of the above mentioned design flaws and a stubborn development team. psyBNC, however, is abandonware so we can mold it to fit our own goals.%0a%3c %0a%3c ====== psyBNC is the bouncer of the future ======%0a%3c %0a%3c   - Written in C, a UNIX hacker's best friend.%0a%3c   - psyBNC can multiplex multiple network connections onto a single connection, so that users only have to connect to psyBNC once to access all networks. If a user chooses to connect to 200 networks using psyBNC, his IRC client only has to connect once to psyBNC. This is a lot more intuitive than logging in 200 times.%0a%3c   - Instead of chroot, we can use OpenBSD's pledge and unveil for greater security.%0a\ No newline at end of file%0a
    96. 

  96. host:1597415298=38.81.163.143
    97. 

  97.