Merge pull request #553 from oragono/changelog

manual and changelog updates

CHANGELOG.md

@@ -1,7 +1,92 @@
 # Changelog
 All notable changes to Oragono will be documented in this file.
 
-This project adheres to [Semantic Versioning](http://semver.org/). For the purposes of versioning, we consider the "public API" to refer to the configuration files, CLI interface and database format.
+## [1.1.0-rc1] - 2019-06-11
+We're pleased to be publishing the release candidate for 1.1.0 (the official release should follow in a week or two, with more complete credits). This version has a number of exciting improvements, including:
+
+* Simplified commands for registering new accounts with NickServ.
+* Support for IP cloaking.
+* Support for attaching multiple clients to the same nickname.
+* Support for the newly ratified [message tags](https://ircv3.net/specs/extensions/message-tags.html) and [message ID](https://ircv3.net/specs/extensions/message-ids.html) IRCv3 specifications; client developers are invited to use Oragono as a reference when implementing these specifications.
+* Support for running Oragono as a Tor hidden service.
+
+This release includes a database change. If you have `datastore.autoupgrade` set to `true` in your configuration, it will be automatically applied when you restart Oragono; otherwise, you can update the database manually by running `oragono upgradedb`.
+
+### Config changes
+* `tor-listeners` section added for configuring listeners for use with Tor.
+* `compatibility` section added for toggling compatibility behaviors for legacy clients.
+* `ip-cloaking` section added for configuring cloaking.
+* `bouncer` section added for configuring bouncer-like features (in particular, whether multiple clients can use the same nickname).
+* `check-ident` now defaults to `false`.
+* `nick-reservation.method` now defaults to `"strict"`.
+* `fakelag.enabled` now defaults to `true`
+* `limits.linelen.tags` removed due to ratification of the [message-tags spec](https://ircv3.net/specs/extensions/message-tags.html), which fixes the maximum tags length at 8191 bytes.
+* `limits.registration-messages` added to restrict how many messages a user can send to the server during connection registration (while connecting to the server).
+* `channels.operator-only-creation` added to optionally restrict creation of new channels to ircops (#537).
+
+### Security
+* Users can no longer impersonate network services like ChanServ by using confusing nicks like "ChɑnServ" (#519, thanks [@csmith](https://github.com/csmith)!).
+* Secret channels (mode `+s`) now act more secret (#380, thanks [@csmith](https://github.com/csmith)!).
+* The `+R` (registered-only) mode now prevents unregistered users from joining the channel, not just from speaking (#463, thanks [@bogdomania](https://github.com/bogdomania)!).
+* Limited how many messages clients can send during connection registration to mitigate potential DoS attacks (#505).
+* Attempting to reauthenticate with SASL now fails with `907 ERR_SASLALREADY` (#476).
+
+### Fixed
+* Fixed `/ISON` command reporting users as always being online (#479).
+* Fixed clients who negotiated CAP version 302 or higher not receiving cap-notify messages (#464).
+* We now treat channel privileges such as halfop more consistently (#400).
+* Fixed a bug where clients could receive message tags they hadn't enabled (#434).
+* When replaying history, messages now have more consistent IDs and timestamps
+* IDs and timestamps are now applied more consistently to messages (#388, #477, #483).
+* Client-to-client tags are now stored and replayed in message history (#437).
+* Fixed various error numerics that were being sent with incorrect parameters (#425, thanks [@Ascrod](https://github.com/Ascrod)!).
+* Fixed STATUSMSG not adding the correct prefix to the channel when relaying the message (#467).
+* Fixed `/RENAME` command not correctly renaming the channel for some users (#300, thanks [@jesopo](https://github.com/jesopo)!).
+* History playback is now batched when applicable (#456, thanks [@transitracer](https://github.com/oragono/oragono/issues/456)!).
+* Notices from NickServ/ChanServ/etc should display better in some clients (#496, thanks [@jwheare](https://github.com/jwheare)!).
+* Fixed nickname timer warnings not displaying correctly sometimes (#449, thanks [@bogdomania](https://github.com/bogdomania)!).
+* When history playback is disabled, the `/HISTORY` command now says so instead of silently failing (#429, thanks [@bogdomania](https://github.com/bogdomania)!).
+* The `/HOSTSERV ON/OFF` commands now tell you when you don't have a vhost (#404, thanks [@bogdomania](https://github.com/bogdomania)!).
+* When operators use the `/SANICK` command, the snomask now says which operator did it instead of saying the target changed their nickname themselves (#360, thanks [@bogdomania](https://github.com/bogdomania)!).
+* History playback now includes messages that the user sent themselves (especially useful with the new bouncer-like capabilities) (#487).
+
+### Added
+* IP cloaking is now supported (see the manual for details) (#108).
+* Users can now attach multiple clients to the same nickname (see the manual for details) (#403).
+* Oragono can now be used as a Tor hidden service (see the manual for details) (#369).
+* The `znc.in/playback` capability is now supported, which can automate history playback for clients that support it (#486).
+* User preference system controlling various behaviors (`/msg NickServ help set` for details) (#466).
+* Support for the [draft/event-playback](https://github.com/DanielOaks/ircv3-specifications/blob/master+event-playback/extensions/batch/history.md) spec (#457).
+* The `TAGMSG` and `NICK` messages are now replayable in history (#457).
+* Added the draft IRCv3 [`SETNAME` command](https://ircv3.net/specs/extensions/setname) for changing your realname (#372).
+
+### Changed
+* Registering an account with NickServ is now `/msg NickServ register <password>`, which registers the current nickname as an account, matching other services (#410).
+* Added a compatibility hack to make SASL work with ZNC 1.6.x (#261).
+* We now support the ratified [message-tags](https://ircv3.net/specs/extensions/message-tags.html) spec, replacing `draft/message-tags-0.2`.
+* We now support the ratified [message IDs](https://ircv3.net/specs/extensions/message-ids.html) spec, replacing `draft/msgid`.
+* The [`oragono.io/maxline-2`](https://oragono.io/maxline-2) capability has replaced `oragono.io/maxline`, the new version now working alongside the ratified message-tags spec (#433).
+* We now support [`draft/resume-0.5`](https://github.com/ircv3/ircv3-specifications/pull/306) and the associated `BRB` command, replacing `draft/resume-0.3`.
+* Upgraded support for the `/RENAME` command to the [latest draft of the specification](https://github.com/ircv3/ircv3-specifications/pull/308).
+* Upgraded support for the `/ACC` command to the [latest draft of the specification](https://github.com/DanielOaks/ircv3-specifications/blob/register-and-verify/extensions/acc-core.md) (#453, #455).
+* Removed the `+a` away mode as no other servers use it (#468, thanks [@jesopo](https://github.com/jesopo) and [@jwheare](https://github.com/jwheare)!).
+* Forcing trailing parameters for legacy compatibility can now be disabled in config (#479).
+* `autoreplay-on-join` no longer replays `JOIN` and `PART` lines by default (#474, thanks [@amyspark](https://github.com/amyspark)!).
+* snomasks are no longer sent for unregistered clients (#362, thanks [@bogdomania](https://github.com/bogdomania)!).
+* `WHOIS` responses no longer include the `690 RPL_WHOISLANGUAGE` numeric, as it doesn't show anything useful to other users (#516).
+* `ISON` now reports services (ChanServ/NickServ/etc) as online (#488).
+* All times are now reported in UTC (#480).
+* `NICKSERV ENFORCE` is deprecated in favor of the new `NICKSERV SET ENFORCE` (the old syntax is still available as an alias).
+* The `WHO` command is now treated like `PONG` in that it doesn't count as user activity, since client software often uses it automatically (#485).
+* The `NAMES` command now only returns results for the first given channel (#534).
+
+### Internal Notes
+* Building Oragono is now easier (#409).
+* Official builds now use Go 1.12 (#406).
+* Our message building and parsing code is slightly faster now (#387).
+* Added the [`oragono.io/nope`](https://oragono.io/nope) capability to encourage clients to request capabilities safely (#511).
+* Made some previously untranslatable strings translatable (#407).
+* Fixed portability issues with 32-bit architectures (#527).
 
 
 ## [1.0.0] - 2019-02-24

README.md

@@ -22,15 +22,17 @@ Oragono is a fork of the [Ergonomadic](https://github.com/edmund-huber/ergonomad
 * UTF-8 nick and channel names with rfc7613 (PRECIS)
 * [yaml](http://yaml.org/) configuration
 * native TLS/SSL support
-* server password (`PASS` command)
+* updating server config and TLS certificates on-the-fly (rehashing)
+* user accounts and SASL
+* supports [multiple languages](https://crowdin.com/project/oragono) (you can also set a default language for your network)
+* integrated services: NickServ for user accounts, ChanServ for channel registration, and HostServ for vanity hosts
+* experimental support for bouncer-like features (storing and replaying history, allowing multiple clients to use the same nickname)
+* advanced security and privacy features (support for requiring SASL for all logins, cloaking IPs, and running as a Tor hidden service)
 * an extensible privilege system for IRC operators
 * ident lookups for usernames
 * automated client connection limits
-* on-the-fly updating server config and TLS certificates (rehashing)
-* client accounts and SASL
-* passwords stored with [bcrypt](https://godoc.org/golang.org/x/crypto) (client account passwords also salted)
+* passwords stored with [bcrypt](https://godoc.org/golang.org/x/crypto)
 * banning ips/nets and masks with `KLINE` and `DLINE`
-* supports [multiple languages](https://crowdin.com/project/oragono) (you can also set a default language for your network)
 * [IRCv3 support](http://ircv3.net/software/servers.html)
 * a heavy focus on developing with [specifications](https://oragono.io/specs.html)
 

docs/MANUAL.md

@@ -5,10 +5,10 @@
     ▐█▌.▐▌▐█•█▌▐█ ▪▐▌▐█▄▪▐█▐█▌ ▐▌██▐█▌▐█▌.▐▌
      ▀█▄▀▪.▀  ▀ ▀  ▀ ·▀▀▀▀  ▀█▄▀ ▀▀ █▪ ▀█▄▀▪
 
-         Oragono IRCd Manual 2019-02-23
+         Oragono IRCd Manual 2019-06-12
               https://oragono.io/
 
-_Copyright © 2018 Daniel Oaks <daniel@danieloaks.net>_
+_Copyright © Daniel Oaks <daniel@danieloaks.net>, Shivaram Lingamneni <slingamn@cs.stanford.edu>_
 
 
 --------------------------------------------------------------------------------------------
@@ -18,6 +18,7 @@ _Copyright © 2018 Daniel Oaks <daniel@danieloaks.net>_
 
 - Introduction
     - Project Basics
+    - Scalability
 - Installing
     - Windows
     - macOS / Linux / Raspberry Pi
@@ -26,6 +27,8 @@ _Copyright © 2018 Daniel Oaks <daniel@danieloaks.net>_
         - Nickname reservation
     - Channel Registration
     - Language
+    - Bouncer
+    - History
     - IP cloaking
 - Frequently Asked Questions
 - Modes
@@ -46,14 +49,14 @@ _Copyright © 2018 Daniel Oaks <daniel@danieloaks.net>_
 
 This document goes over the Oragono IRC server, how to get it running and how to use it once it is up and running!
 
-If you have any suggestions, issues or questions, feel free to submit an issue on our [GitHub repo](https://github.com/oragono/oragono/) or ask in our channel [`#oragono` on Freenode](ircs://irc.freenode.net:6697/#oragono).
+If you have any suggestions, issues or questions, feel free to submit an issue on our [GitHub repo](https://github.com/oragono/oragono/) or ask in our channel [`#oragono` on freenode](ircs://irc.freenode.net:6697/#oragono).
 
 
 ## Project Basics
 
 Let's go over some basics, for those new to Oragono. My name's Daniel, and I started the project (it was forked off a server called [Ergonomadic](https://github.com/edmund-huber/ergonomadic) that'd been around for a number of years). In addition to Oragono, I also do a lot of IRC specification work with the [various](https://modern.ircdocs.horse) [ircdocs](https://defs.ircdocs.horse) [projects](https://ircdocs.horse/specs/) and with the [IRCv3 Working Group](https://ircv3.net/).
 
-Oragono's a new IRC server, written from scratch. My main goals when starting the project was to write a server that:
+My main goals when starting the project were to write a server that:
 
 - Is fully-functional.
 - I can use to very easily prototype new [IRCv3](https://ircv3.net/) proposals and features.
@@ -68,6 +71,17 @@ Some of the features that sets Oragono apart from other servers are:
 - Integrated user account and channel registration system (no services required!).
 - Native Unicode support (including appropriate casemapping).
 - Support for [multiple languages](https://crowdin.com/project/oragono).
+- Bouncer-like features, including allowing multiple clients to use the same nickname
+
+Oragono has multiple communities using it as a day-to-day chat server and is fairly mature --- we encourage you to consider it for your community!
+
+## Scalability
+
+We believe Oragono should scale comfortably to 10,000 clients and 2,000 clients per channel, making it suitable for small to medium-sized teams and communities. Oragono does not currently support server-to-server linking (federation), meaning that all clients must connect to the same instance. However, since Oragono is implemented in Go, it is reasonably effective at distributing work across multiple cores on a single server; in other words, it should "scale up" rather than "scaling out".
+
+In the relatively near term, we plan to make Oragono [highly available](https://github.com/oragono/oragono/issues/343), and in the long term, we hope to support [federation](https://github.com/oragono/oragono/issues/26) as well.
+
+If you're interested in deploying Oragono at scale, or want performance tuning advice, come find us on [`#oragono` on freenode](ircs://irc.freenode.net:6697/#oragono), we're very interested in what our software can do!
 
 
 --------------------------------------------------------------------------------------------
@@ -117,6 +131,20 @@ If you're using Arch, the abovementioned AUR package bundles a systemd file for
 On a non-systemd system, oragono can be configured to log to a file and used [logrotate(8)](https://linux.die.net/man/8/logrotate), since it will reopen its log files (as well as rehashing the config file) upon receiving a SIGHUP.
 
 
+## Upgrading to a new version of Oragono
+
+As long as you are using official releases or release candidates of Oragono, any backwards-incompatible changes should be described in the changelog.
+
+The database is versioned; upgrades that involve incompatible changes to the database require updating the database. If you have `datastore.autoupgrade` enabled in your config, the database will be backed up and upgraded when you restart your server when required. Otherwise, you can apply upgrades manually:
+
+1. Stop your server
+1. Make a backup of your database file
+1. Run `oragono upgradedb` (from the same working directory and with the same arguments that you would use when running `oragono run`)
+1. Start the server again
+
+If you want to run our master branch as opposed to our releases, come find us in our channel and we can guide you around any potential pitfalls.
+
+
 --------------------------------------------------------------------------------------------
 
 
@@ -174,8 +202,8 @@ To enable this mode, set the following configs:
 
 The following additional configs may be of interest:
 
-* `accounts.nick-reservation.method = timeout` ; setting `strict` here effectively forces people to use SASL, and some popular clients either do not support SASL, or have bugs in their SASL implementations.
-* `accounts.nick-reservation.allow-custom-enforcement = true` ; this allows people to opt into strict enforcement or opt out of enforcement as they wish. For details on how to do this, `/msg NickServ help enforce`.
+* `accounts.nick-reservation.method = strict` ; we currently recommend strict nickname enforcement as the default, since we've found that users find it less confusing.
+* `accounts.nick-reservation.allow-custom-enforcement = true` ; this allows people to opt into timeout-based enforcement or opt out of enforcement as they wish. For details on how to do this, `/msg NickServ help set`.
 
 ### SASL-only mode
 
@@ -243,6 +271,28 @@ The above will change the server language to Romanian, with a fallback to Chines
 Our language and translation functionality is very early, so feel free to let us know if there are any troubles with it! If you know another language and you'd like to contribute, we've got a CrowdIn project here: [https://crowdin.com/project/oragono](https://crowdin.com/project/oragono)
 
 
+## Bouncer
+
+Traditionally, every connection to an IRC server is separate must use a different nickname. [Bouncers](https://en.wikipedia.org/wiki/BNC_%28software%29#IRC) are used to work around this, by letting multiple clients connect to a single nickname. With Oragono, if the server is configured to allow it, multiple clients can share a single nickname without needing a bouncer. To use this feature, both connections must authenticate with SASL to the same user account and then use the same nickname during connection registration (while connecting to the server) – once you've logged-in, you can't share another nickname.
+
+To enable this functionality, set `accounts.bouncer.enabled` to `true`. Setting `accounts.bouncer.allowed-by-default` to `true` will allow this for everyone – by default, users need to opt-in to shared connections using `/msg NickServ SET BOUNCER`.
+
+You can see a list of your active sessions and their idle times with `/msg NickServ sessions` (network operators can use `/msg NickServ sessions nickname` to see another user's sessions).
+
+
+## History
+
+Oragono can store a limited amount of message history in memory and replay it, which is useful for covering brief disconnections from IRC. You can access this using the `/HISTORY` command (depending on your client, you may need to use `/QUOTE history` instead), for example `/HISTORY #mychannel 100` to get the 100 latest messages from `#mychannel`.
+
+Server administrators can configure `history.autoreplay-on-join` to automatically send clients a fixed number of history lines when they join a channel. Users can use `/msg NickServ set autoreplay-lines` to opt in or out of this behavior.
+
+We are working on a number of improvements to this functionality:
+
+* We currently emulate the ZNC playback module for clients that have special ZNC support (see the "ZNC" section below)
+* The [`/CHATHISTORY`](https://github.com/ircv3/ircv3-specifications/pull/349) command will be a standardized way for clients to request history lines
+* [Connection resuming](https://github.com/ircv3/ircv3-specifications/pull/306), which we support in draft form, automatically replays history lines to clients who return after a brief disconnection
+
+
 ## IP cloaking
 
 Unlike many other chat and web platforms, IRC traditionally exposes the user's IP and hostname information to other users. This is in part because channel owners and operators (who have privileges over a single channel, but not over the server as a whole) need to be able to ban spammers and abusers from their channels, including via hostnames in cases where the abuser tries to evade the ban.
@@ -648,6 +698,13 @@ Instructions on how client software should connect to an .onion address are outs
 1. Pidgin should work with [torsocks](https://trac.torproject.org/projects/tor/wiki/doc/torsocks).
 
 
+## ZNC
+
+ZNC 1.6.x (still pretty common in distros that package old versions of IRC software) has a [bug](https://github.com/znc/znc/issues/1212) where it fails to recognize certain SASL messages. Oragono supports a compatibility mode that works around this to let ZNC complete the SASL handshake: this can be enabled with `server.compatibility.send-unprefixed-sasl`.
+
+Oragono can emulate certain capabilities of the ZNC bouncer for the benefit of clients, in particular the third-party [playback](https://wiki.znc.in/Playback) module. This enables clients with specific support for ZNC to receive selective history playback automatically. To configure this in [Textual](https://www.codeux.com/textual/), go to "Server properties", select "Vendor specific", uncheck "Do not automatically join channels on connect", and check "Only play back messages you missed". Other clients with support are listed on ZNC's wiki page.
+
+
 --------------------------------------------------------------------------------------------
 
 
@@ -657,4 +714,4 @@ Always, thanks to Jeremy Latt for creating Ergonomadic. Thanks for Edmund Huber
 
 Thanks to Euan Kemp (euank) for the contributions and help with this, along with other projects, and to James Mills, Vegax and Sean Enck for various other help and contributions on the server.
 
-And a massive thanks to Shivaram Lingamneni (slingamn) for being an awesome co-maintainer of Oragono! You really convinced me to step up with this and take it forward in a big way, and I'm grateful for that.
+And a massive thanks to Shivaram Lingamneni (slingamn) for being an amazing co-maintainer of Oragono! You've contributed a lot to Oragono, and really convinced me to step up with this and take the server forward in a big way. I'm grateful for everything you've done, and working with ya' is a pleasure.

oragono.yaml

@@ -96,8 +96,8 @@ server:
     # you should also add these addresses to the connection limits and throttling exemption lists
     proxy-allowed-from:
         # - localhost
-        # - "127.0.0.1"
-        # - "127.0.0.1/8"
+        # - "192.168.1.1"
+        # - "192.168.10.1/24"
 
     # controls the use of the WEBIRC command (by IRC<->web interfaces, bouncers and similar)
     webirc:
@@ -113,9 +113,8 @@ server:
             # you should also add these addresses to the connection limits and throttling exemption lists
             hosts:
                 # - localhost
-                # - "127.0.0.1"
-                # - "127.0.0.1/8"
-                # - "0::1"
+                # - "192.168.1.1"
+                # - "192.168.10.1/24"
 
     # allow use of the RESUME extension over plaintext connections:
     # do not enable this unless the ircd is only accessible over internal networks
@@ -284,7 +283,6 @@ accounts:
         # IPs/CIDRs which are exempted from the account requirement
         exempted:
             - "localhost"
-            # - '127.0.0.2'
             # - '10.10.0.0/16'
 
     # nick-reservation controls how, and whether, nicknames are linked to accounts
@@ -568,7 +566,7 @@ limits:
 # fakelag: prevents clients from spamming commands too rapidly
 fakelag:
     # whether to enforce fakelag
-    enabled: false
+    enabled: true
 
     # time unit for counting command rates
     window: 1s