Sneedforo

[Dixieland Buckaroo]

General question for tech retards: if I wanted to program Sneedchat for Sneedforo, with the consideration that making it more widely accessible outside of the website itself would benefit its activity and popularity, what protocol would you use for this?

@dumbledore suggests IRC, which is also used by Twitch chat.

This is a very broad RFC. I'm early in development still but it would be really cool if people could be in chat using their favorite app. But I personally literally just use the Kiwi Farms, Telegram, Signal, and very limited XMPP, so I don't have a high level of input on this.

---

Edit: I am also curious about, but lack information on, how an m3u8 playlist of smaller mp4 files is better for video playback vs. keeping original or remuxed files and using the slice / byterange headers.

One good thing with IRC is scalability. I have seen IRC channels light up for some more old school audio streamers (in particular, No Agenda), at their peak it was easily handling thousands of concurrent users, and obviously some of the old networks would get into 10k+ (but not on the same channel). There are the usual tradeoffs between open specs and quickly and widely exploited security risks, versus rolling your own. IRC is obviously working well for twitch, although they don't (to my knowledge) allow external irc clients. I would like the idea of being able to use an external app (or a separate web client).

It also looks like there is already reference library for irc in rust:

https://docs.rs/irc/latest/irc/

 

[Null]

It also looks like there is already reference library for irc in rust:

It's a client user which begs the question of how an external user connects, auths, and sends messages and how the Sneedforo web client connects, auths, and sends messages on behalf of a websocket connection. It was proposed to use a modern Go server for IRC, and then I suppose each WS connection with auth would open its own IRC client connection and auth using its own credentials to the IRC server.

 

[Concentrate Juice]

General question for tech retards: if I wanted to program Sneedchat for Sneedforo, with the consideration that making it more widely accessible outside of the website itself would benefit its activity and popularity, what protocol would you use for this?

@dumbledore suggests IRC, which is also used by Twitch chat.

This is a very broad RFC. I'm early in development still but it would be really cool if people could be in chat using their favorite app. But I personally literally just use the Kiwi Farms, Telegram, Signal, and very limited XMPP, so I don't have a high level of input on this.

---

Edit: I am also curious about, but lack information on, how an m3u8 playlist of smaller mp4 files is better for video playback vs. keeping original or remuxed files and using the slice / byterange headers.

If you decide on IRC protocol, there are some privacy concerns that should be taken into consideration such as using default host-masks that obscure client IP addresses from each other, and limiting CTCP functionality like DCC so that it can't be used to enumerate IP addresses of users or facilitate the distribution of harmful materials in an unmediated client-to-client connection. Generally speaking, if you are using a protocol library you just won't implement that, but if you use a ready-made IRCd, you will have to configure that stuff to be disabled/enabled.

XMPP clients are notorious for being improperly implemented and allowing for unexpected behavior, for example the kik messenger client would allow any user to send arbitrary control messages to other clients that only the server should have been able to send, effectively giving partial control over any messaging client's behavior. The reason for this is because XMPP is large kinda like how HTTP is large in that it allows for basically any feature you can think of and is very extensible, this is at the cost of there being a bigger surface area to make mistakes on implementation-wise.

I'd go for using an IRC protocol library rather than using some IRCd, and implement a functional subset of the features that IRC protocol has to offer. Provide that over the traditional SSL port, and also have a client served over http that connects back via websockets. I'd say the main downside for IRC is that there is thirty something years of bot software that could cause a spam problem or just simply log everything for when some retard gives out their PII by mistake.

As you know, the enemies of the farms are highly technical and are malicious to the point of committing cyber crimes, so any new feature and system will be scrutinized relentlessly for any kind of issue and will likely be abused in ways you didn't expect or design for (remember the 2022 near-miss incident with current sneedchat?), so keeping it simple and strict regarding exposed functionality and behavior is paramount.

 

[Null]

remember the 2022 near-miss incident with current sneedchat?

that is entirely due to XSS. i am schizophrenic tier with the XSS shit in sneedforo at this point. one of the first things i established was nonce generation for scripts.

 

[Short Circuit]

It's a client user which begs the question of how an external user connects, auths, and sends messages and how the Sneedforo web client connects, auths, and sends messages on behalf of a websocket connection. It was proposed to use a modern Go server for IRC, and then I suppose each WS connection with auth would open its own IRC client connection and auth using its own credentials to the IRC server.

This is something I already do for my IRC server, Ergo for IRCd and gamja for web clients, I assume the best way to glue that shit together would be making very simple OAuth provider out of Sneedforo, would also make it trivial to switch around and fuck around with other things that would need authentication.

 

[Null]

ok so just to be clear the autists responding to this believe that the effort put in to developing a full fledged IRC server that Sneedchat works with is worth it and they would chat more on it if they had this

the other issue is usernames I guess. I think usernames for IRC are very limited in their character sequences but XenForo presently allows basically any fucking thing. I could create IRC compatible names but then the question is how you protect "user_1" from being registered, or find a sequence that is impossible to impersonate.

 

[Short Circuit]

Aren't all modern IRC clients UTF-8 compatible? IRC messages are just text over a socket I assume the only thing standing between registering a dumb username would be NickServ.

 

[Flaming Dumpster]

@dumbledore suggests IRC, which is also used by Twitch chat.

+1 this suggestion. Popular IRC daemons have support for IRC traffic over a WebSocket connection (UnrealIRCd, InspIRCd) so web clients can interact with it nicely as well as whatever random client a user chooses to use over traditional ports. There will need to be some smarts like enforcing and normalizing nicknames (e.g. to strip spaces), maybe storing the user's original display name in the GECOS field and setup the web client to rely on that instead so users don't know the difference.

IRC network architecture allowing for hidden hub servers and basically as many user facing leaf nodes as you please is ideal for spreading the load from potential DDoS attacks.

You also get the benefit of all the flood control modules, channel modes and granular janny powers without having to write a shit load of code yourself.

although they don't (to my knowledge) allow external irc clients.

They do. Connect over TLS to irc.chat.twitch.tv with the username justinfan12345 (any random 5 digits are acceptable) and it'll let you connect as a guest. If you wish to be authenticated, you have to send your oauth bearer token as the password instead. Channel names match the streamer's username, so to connect to BMJ's channel you just join #thebossmanjack.

It was proposed to use a modern Go server for IRC, and then I suppose each WS connection with auth would open its own IRC client connection and auth using its own credentials to the IRC server.

Pretty much. Just like how you're sending the Xenforo token as a cookie, you'd instead auth using PASS with a token. For example InspIRCd has a module called sqlauth for plugging the PASS command into databases https://docs.inspircd.org/4/modules/sqlauth/ and you can create exceptions for guest users in there.

This is something I already do for my IRC server, Ergo for IRCd and gamja for web clients, I assume the best way to glue that shit together would be making very simple OAuth provider out of Sneedforo, would also make it trivial to switch around and fuck around with other things that would need authentication.

Ergo looks cool but coming out of the box with services is probably not ideal for this.

Aren't all modern IRC clients UTF-8 compatible? IRC messages are just text over a socket I assume the only thing standing between registering a dumb username would be NickServ.

The IRC protocol is space delimited so you can't use a space in a nickname. The GECOS (real name) field can accept spaces as it's the last field so any spaces are treated as part of the GECOS https://modern.ircdocs.horse/#user-message

 

[Concentrate Juice]

ok so just to be clear the autists responding to this believe that the effort put in to developing a full fledged IRC server that Sneedchat works with is worth it and they would chat more on it if they had this

the other issue is usernames I guess. I think usernames for IRC are very limited in their character sequences but XenForo presently allows basically any fucking thing. I could create IRC compatible names but then the question is how you protect "user_1" from being registered, or find a sequence that is impossible to impersonate.

Maybe let forum users reserve nicks in advance and/or have a system that auto-assigns a benign IRC channel membership prefix (parameter) that represents having the IRC account and forum account linked, with the associated forum username available from a WHOIS query response.

 

[Jotch]

General question for tech retards: if I wanted to program Sneedchat for Sneedforo, with the consideration that making it more widely accessible outside of the website itself would benefit its activity and popularity, what protocol would you use for this?

Tech Retard idea: use http GET and POST

 

[AnOminous]

@dumbledore suggests IRC, which is also used by Twitch chat.

It's pretty trivial to set up a one channel or single purpose server although the scale of it might determine what you go with. I wouldn't trust anyone else's network for something like that, though.

Also since people who don't already have one probably aren't going to install a standalone irc client, having a web interface client (like Mibbit) embedded on a simple website would be an easy solution.

You also might want to disable things like dcc if you can that could conceivably be used maliciously to compromise people's systems.

 

[shinto minto]

ok so just to be clear the autists responding to this believe that the effort put in to developing a full fledged IRC server that Sneedchat works with is worth it and they would chat more on it if they had this

An IRC server would be a cool idea but I can't see that being worth your time, even if it is a fun project. I have trouble believing that being required to use the chat through KF.net is a big enough problem for normal people.

 

[Captain Wetbeard]

If someone wanted to start a forum for a tech project, how usable would Ruforo be currently? If it isn't usable, what software would be best for the job? I'm not especially familiar with forum software, but the project in question is likely to have a lot of angry troons trying to cause problems for them.

 

[Null]

If someone wanted to start a forum for a tech project, how usable would Ruforo be currently? If it isn't usable, what software would be best for the job? I'm not especially familiar with forum software, but the project in question is likely to have a lot of angry troons trying to cause problems for them.

not at fucking all. I'm juggling 100 things at once.

 

[HildegardOrgonAkkumulator]

Nool may have had success with Scylla earlier in this thread, but between then and now the license changed from AGPL to Source-Available since last December.

One of the terms in this new license restricts the use of the free version, specifically regarding hardware usage:

"Usage Limit": Licensee's total overall available storage across all deployments and clusters of the Software and the Licensed Work
under this License shall not exceed 10TB and/or an upper limit of 50 VCPUs (hyper threads).

src (a)

If the farms hit these limits (which it probably does for storage), Scylla may be in a position to pull a XenForo here too.
And don't expect a fork of Scylla with its complexity, might have to switch DBs again or risk having to do another migration.

 

[Sultan Bin Jewstar]

Nool may have had success with Scylla earlier in this thread, but between then and now the license changed from AGPL to Source-Available since last December.

One of the terms in this new license restricts the use of the free version, specifically regarding hardware usage:

src (a)

If the farms hit these limits (which it probably does for storage), Scylla may be in a position to pull a XenForo here too.
And don't expect a fork of Scylla with its complexity, might have to switch DBs again or risk having to do another migration.

License is only as good as their ability to enforce it, but for non-kiwi reasons, God fucking dammit.

I wonder whether it's a known scale limitation or something.

 

[HildegardOrgonAkkumulator]

I wonder whether it's a known scale limitation or something.

I'd naively say no since Scylla is kind of a rewrite of Apache Cassandra from Java to C++.
Cassandra is already used by large companies like Instagram or Apple at their scale. Scylla's advantage over Cassandra is speed. While I'm not aware of limitations at a higher scale, it's more likely just a rug-pull against outside contributors, which signed the CLA.

This appears to be happening more frequently with FOSS projects having CLAs, changing their license to something proprietary and heavily monetize it.

 

[Sultan Bin Jewstar]

Scylla's advantage over Cassandra is speed

And ease of deployment if fanboys can be trusted. I know Cassandra is a pain in the ass to deploy into a kubernetes cluster if you expect any form of deployment orchestration.
I think it was 7 operators or something absurd when I putzed around with it.

But yeah, those are good points. I hope they don't take it there before I have a chance to fuck around with it.

 

[Null]

Nool may have had success with Scylla earlier in this thread, but between then and now the license changed from AGPL to Source-Available since last December.

just acknowledging that i have now seen this and am livid

 

[Sultan Bin Jewstar]

just acknowledging that i have now seen this and am livid

Time for a cold storage?

Could do something like a TTL on last read or something
If greater than 14 days, put in cold object store