Page 1 of 1
Why eggdrop must NOT be ircop ?
Posted: Mon Sep 02, 2013 4:32 am
by CrazyCat
Hello there,
I'm trying to write a small article about the reasons to not have eggdrops ircoped. I've already a small list of arguments, but any comment or other idea is welcome, so I ask you a little help
I won't give you my arguments yet, because it may orient your ideas.
And if you have any argument about why an eggdrop could be ircop, you can give them too
Thanks.
Posted: Mon Sep 02, 2013 9:35 am
by Madalin
From my point of view an eggdrop can do alot more things than a normal user (and here im not talking about .mrc scripts) im talking about the person itself. I dont think a person can be 24/7 online and protect a channel/server. So i think eggdrop is the best at that. For example if you want to restrict user on a irc server that dont meet some criterias what will do do? Check every conection manually ? I dont think ! So you write a script and load it to the eggdrop and thats it.
So if your arguments are that the eggdrop can be hacked i can say that i heard that maybe 2 times in 8 years and that was a ....mistake by the one that created the shell account.
So PRO arguments for why the eggdrop should have IRC OP status (if you need it like that)
- its 24/7
- its faster/more reliable
- it can have alot of functions for protecting the users/server/channels
- it can be made to have functions that alot of other users may benefit from
...and alot more..
Posted: Mon Sep 02, 2013 4:30 pm
by CrazyCat
You, bastard
! But good arguments. I'm interesting in your "alot more".
My arguments against eggdrop as ircop are actualy:
- it's mechanic, without any discernment,
- eggdrop is hackable, quite easily,
- people who use eggdrop as ircop don't really know what their eggdrop do,
- to have an eggdrop ircop, you need a minimal access to the server (network), so it's not for anyone,
- Errare humanum est, perseverare diabolicum
- To err is human, but it takes a computer to cause a disaster
Posted: Tue Sep 03, 2013 12:55 am
by caesar
By design computers are bound to act and follow a set of predefined rules and instructions, it doesn't have a mind of it's own and can decided if to act in a different manner than it's instructions say.
If the instructions are well laid and all situations are taken into consideration then only a human is bound to fail, not a computer.
I'd say you've seen "I Robot" movie recently and got such ideas from there. If you didn't then you should read the book as I've heard it's better than the movie.
Anyway, the eggdrop it's designed in the same manner (to be mechanic), made to act and bound to a set of of instructions (it's already built in and whatever scripts/modules you load), a lot faster than a human could.
By default, the eggdrop itself isn't hackable. It's your own fault if you compromise it with sloppy/poorly designed scripts that may or may not give access to a certain degree of it's commands, but that's another thing.
Having an eggdrop as ircop can help in some situations, for instance be used by a special channel operators to recover other people channel op, remove a takeover or whatever other reason. Another thing it could be used would be to monitor a certain behavior if the IRC server doesn't already have such a plugin, or you need a custom made thing just to suit your needs.
Posted: Tue Dec 31, 2013 3:41 pm
by MrBenC
This is something of a late reply.
Short Answer: Don't oper an Eggdrop bot.
Longer Answer: You might if there's a specific use case, but it is rather dangerous and should be avoided.
I don't believe you can really say that you must not Oper an Eggdrop bot. I do believe there are certain possible use cases, such as possibly logging all server notices (though the IRCd itself can sometimes log those).
Another network uses an Eggdrop bot to relay certain messages from the services channel (which requires Oper to join) to a "HostServ/V-Host" channel.
However, it IS something I strongly recommend against, if you don't really know what you are doing. If you simply download scripts and don't read them, or can't understand how they work, you are likely asking for trouble since a few scripts have had back-doors built into them.
There's also the concern that by default, DCC isn't restricted in a new install, so even if the network has some form of hostmasking the real IP can easily be revealed.
I do have an opered Eggdrop bot, but it has no scripts and just creates a connection and takes up a nick. It's purpose on my network is to simply sit as a channel operator in official channels.
As for it being "mechanical" without any human thought or judgement, that is merely the premise of any bot. ChanServ and NickServ are bots. It's best to not have it do anything you wouldn't do the exact same way every time, to any user.
For actions that take place on connect (the bot sees the connect notice), you do have the added caveat of being unable to exempt certain users via Eggdrop user records with hostmasks, since that only takes effect if the connect is successful. And chances are if you want to prevent certain hostmasks from connecting you will probably want to use an AKILL/global k-line instead of an Eggdrop, which was indeed never designed to be an oper.
So while I believe there could be certain use cases, such cases would be very limited.
Posted: Sat Jan 11, 2014 2:05 am
by Yourname
A bot is only as good as who runs it.
If you know how to run it, give it the oper.