Thursday April 17 2014 • posted by RJ

Bug bounties for responsibly disclosed security issues

It’s been said that there are two ways of building software: One way is to make it so simple that there are obviously no deficiencies, and the other way is to make it so complicated that there are no obvious deficiencies. The first method is far more difficult.

With complex software systems, there are always opportunities for bugs to creep in. This is especially true when web browsers are involved.

In addition to the work we already do to keep your IRCCloud data secure, we recently started paying bounties for bugs reported in accordance with our official Responsible Disclosure policy.

We’ve been using a platform called HackerOne to solicit for, triage, respond to, and reward security researchers for reporting bugs in our platform.

To date, we’ve paid out $5,000 split between 21 reports, with the following distribution:

  • $1,000 x 1
  • $500 x 5
  • $100 x 15

Thanks to everyone who has taken the time to report their discoveries. We anticipate running this program indefinitely, and will continue to check for new reports daily.

We’re in good company

Several well known companies have a similar program for rewarding researchers who responsibly disclose security bugs:

Further Reading

You can read more about Responsible Disclosure on Wikipedia, or read about [Hacker Classifications on Wikipedia](http://en.wikipedia.org/wiki/Hacker_(computer_security%29#Classifications) to learn about different coloured hats.

Thursday March 06 2014 • posted by RJ

Private servers for teams

Today we’re announcing private servers for teams.

Every team account now has access to a private server just for team members. It can easily be adopted by existing teams, and is the default during new team creation.

Using one of our team servers will isolate your chat on a dedicated, private server that only your team members can join. This frees up popular channels and nicknames for you to use, and helps avoid any spam or network troubles afflicting large public IRC networks.

Getting set up

To set up a server, just choose your team channels when starting a team. If you’ve already got a team, you can add a new server from your admin page, and all your members will join up automatically.


You can still provide details for a custom IRC server if you’re running your own or using a public network.

About team servers

Our team servers are built on IRC, and you can join them from any client by connecting to team-irc.irccloud.com:6697 on SSL with your unique server password; available in Advanced Options when editing your connection details.

We designed the servers to be as hassle-free as possible. No messing with chanserv or registering nicks.

There is no NickServ

Within your team, you should know who’s who, and not try to steal their nickname.

There is no ChanServ

  • Your op/voice status in all channels is remembered and reapplied automatically when you reconnect or rejoin.
  • All channel metadata is remembered too. If you set a channel mode and topic, it will be remembered until you unset it, even if everyone leaves the channel.

Team admin powers

Team admins will automatically get a +o usermode, allowing them to op themselves in any channel, and use the /KILL command (for instance, to remove ex-team members).

Feedback

As ever, you can reach us at team@irccloud.com or in our #feedback channel.

Tuesday December 17 2013 • posted by RJ

Automatic Pastebins

Pasting in lots of lines of text is considered bad etiquette on IRC. It breaks the conversation flow, and can result in you being kicked or banned from a channel.

Pastebins to the rescue! A pastebin lets you paste a large body of text, and receive a new URL to share with people.

We now automatically offer to pastebin your message if you try sending a multi-line message.

Pastebin prompt

People on IRCCloud have the pastebin embedded…

Embedded pastebin

… while other clients just get a link.

Our pastebins support line numbers and some basic syntax highlighting, both off by default

We’re limiting pastes to 50 KB. If you need more than that, or want better code highlighting, give a specialist tool a try, such as Github’s Gist.

Thursday November 28 2013 • posted by james

Nickname colours

Sometimes it’s hard to keep track of who’s talking in a busy channel, so we’ve added a setting to colourise nicknames in chat.

Here’s how it looks…

Colourised chat

… and here’s the setting to turn it on:

Preference option

It’s only available on the web app for now, but we’re working on bringing it to the mobile apps in an upcoming release.

We use a hash of the nickname to assign colours, so people stay the same colour in different channels.

See if you can find all the colours without cheating!

Alex Vidal deserves a mention here for his work on the browser script that inspired this feature. We love it when people customise their IRCCloud experience with scripts and themes, and his was a much-loved extension. Join our #themes channel to find more add-ons and share your own work.

You could even make a user style to change the nick colours…

Monday November 18 2013 • posted by RJ

Faster reconnects, bandwidth savings

Websocket Compression

We’ve enabled websocket compression in our mobile apps, and for browsers that support the x-webkit-deflate-frame extension (currently Chrome and Safari).

This gives a bandwidth saving of around 50-75% vs no compression, and speeds up the initial loading of the website and apps because there is less data to fetch.

Fast Resume

Typically, when you refresh the web app or restart a mobile app, we send you the full list of all your channels, networks, PMs etc. as well as some message logs for each conversation.

From today, we now have a fast-resume mode: if your client is disconnected, but still has state, reconnecting will just send you the handful of messages you’ve missed, instead of the full list of channels again.

For example, if you have the website or mobile apps open, and your internet connection cuts out for a few minutes, it will resume the connection almost instantly.

This will work provided your client still has state. In the browser, this means you haven’t refreshed the page (you let it auto-retry, or clicked “Reconnect” without refreshing). In the mobile apps, as long as the app is still running in the background, it will have a chance to use fast-resume.

Great if you have patchy wifi or poor reception.

Here’s the pertinent section on Reconnecting the Stream from our API docs.