We have learned absolutely nothing. Let's all jump on the bandwagon of another closed-source, proprietary, walled-garden service and hand over all of our private intra-company communications to a private third-party in another country. GREAT IDEA.
Agreed, but with that said... IRC has serious issues, and dancing around them or pretending they're not there is not helping. I talk a bit about them here:
The reason Slack exists and can be so successful yet entirely proprietary is a symptom that IRC is not good enough and that has to be fixed. It is the manifestation of the papercuts we, IRC users, have been having for a long time now. (late edit: If you are interested in fixing this problem, email me, see my profile.)
There are very promising efforts on IRCv3 (http://ircv3.net/) ongoing. I hope they eventually go live to the bigger clients and networks so that we may actually have a good foss alternative to slack (and I don't mean something like Mattermost. Like SirCmpwn said some comments below, having one browser tab per project REALLY SUCKS when you contribute to a lot of projects. I'm in over 20 channels myself, and I do my best to keep that number low...).
I really resonate with this position. IRC is open source and it has had problems FOR DECADES. IM programs from third parties add genuinely useful features which people clearly want. So rather than call for a general boycott of Slack (a negative approach) why not call to fix IRC?
IRC is just a well-established and battle-tested server/client protocol. I'm eager for the day when a competing open source server/client protocol emerges and takes over. I imagine all it would take is a really good reference implementation server and client that everyone can just start using, right?
It's a well-established shitty protocol, largely designed in the early 1990s as the simplest thing that could possibly work for the workloads we had in the early 1990s. It's terribly limited (7 bit, small message sizes, virtually no useful metadata) and in the 98% use case, its "distributed" characteristics cause more problems than they solve.
No competent person setting out to design a group communications protocol in 2015 could honestly say they'd use IRC as a starting point.
Mostly correct, but one nit to pick: IRC is not 7-bit; you can actually transmit unicode messages on every IRC network I've ever seen. It's also not usually unicode-aware, though, so if you send a message too long, it might get truncated halfway through a codepoint. Many IRC networks prohibit non-ASCII channel names and nicknames to prevent impersonation (e.g. with zero-width spaces).
IRC messages have CRLF message delimiters (and ASCII space field delimiters) and no quoting mechanism in the protocol. They're delivered over a long-lived synchronized TCP stream. Does it just happen that no 8-bit sequence people normally want to send on IRC ever manages to collide with 0D:0Ah?
I haven't seen unicode messages on IRC channels, but I don't spend much time on IRC anymore, and so this is interesting new information for me --- but there's more to being 8-bit clean than simply supporting internationalized character sets.
> Does it just happen that no 8-bit sequence people normally want to send on IRC ever manages to collide with 0D:0Ah
This is not possible on a technical level, having nothing to do with IRC itself, but instead written into the encoding design of UTF8.
First of all "7 bit" physical communication never really existed in the age of TCP - the protocol has always moved 8 bits at a time around. The "7 bit" era refers to nobody actually agreeing what codepoints within x80 ~ xFF actually mean. This is even partially true today - not everything has agreed on speaking UTF8 (hi Win32 APIs).
On the actual point of why neither 0x0D nor 0x0A will ever "manage to collide".
In a single-byte encoding (called codepages, https://en.wikipedia.org/wiki/Code_page#Noteworthy_code_page...) 0x0D always means just that, as pretty much all ASCII-derived codepages do... well, respect ASCII ( note - this does not touch on the horror of EBCDIC, which is alive and well today (2015) too ).
In the case of UTF8 any continuation byte can only carry values in the range of \x80 ~ \xBF, and any leading byte can carry values in the range \xC0 ~ \xF7. So no matter how you slice and dice things, the resulting UTF8 will have every ASCII character meaning itself (this includex \x0D and \x0A ), and the only ambiguity when mistakenly treated as any single-byte encoding would be in the "what do we do with the upper 7bit range" part ( \x80 ~ \xFF ). More info here: https://en.wikipedia.org/wiki/UTF-8#Description
True, other multibyte encodings are not so convenient: for example \N{MALAYALAM LETTER UU} ( http://graphemica.com/%E0%B4%8A ) looks really bad CRLF-wise in both UTF16/UCS2 an UTF32.
But this is why UTF8 "won" for all intents and purposes. And this is also why "escaping" is not necessary under virtually any modern environment, so IRC lacking any such mechanism is not really relevant.
( No opinion worth sharing on the rest of the article/discussion ;)
I certainly think having an open source reference implementation for a 21st century (and by that I mean having features like Slack or Yammer or other popular closed source packages) implementation of a successor to IRC would be the minimum starting point.
From what I've been able to gather, the open project that is most like Slack, but also offers self-host, decentralization is Matrix:
http://www.matrix.org/
There's also Zulip, which as far as I can gather, is battle-tested, but does not have a strong story for federated servers, nor a good out-of-box experience for really small servers:
https://github.com/zulip/zulip
Finnaly there's https://tox.chat -- which doesn't have a lot of the things IRC/Slack has (it's focused around p2p chat) -- but extensions are planned, for eg. persistent group chat. Perhaps most excitingly "new" of the three, which predictably is both a good and a bad thing:
https://wiki.tox.chat/users/faq#what_is_tox
For those that "want Slack", but self-hosted, open/free software server -- I think Matrix is the most viable alternative -- if IRC is seen as not good enough.
I've not included any XMPP servers, although eg. Prosody should be simple to set up and use -- because, apparently like IRC, it has too many problems for people to actually embrace out-of-the box XMPP for team chat. The fact that most big public services that host XMPP tend to favour anonymity probably has something to do with the fact that getting reliable server-side message logging and off-line messaging is still not as easy as one would expect, for any(?) of the big free XMMP daemons (or indeed support client side).
Actually, bridging is actually a first class citizen in Matrix - it's why the project's called Matrix (as we want to go federate/matrix together all the existing silos out there). Current bridges include:
...and a whole bunch of 3rd party ones too like https://github.com/SkaveRat/xmpptrix. Some of these are pretty beta, but they're all headed in the right direction. The IRC and Slack ones are the most mature.
Glad to hear that you think we are on the right track! [Disclaimer; i work on Matrix]
IRC lacks a viable attached business model. In fact the act of writing robust services that empower users with data portability and privacy does not appear to have a sustainable model at all currently. I don't know if the current situation is a transitory phase or if this is how large systems will be built in perpetuity.
By "battle-tested" I meant it has lots of patches/updates to the protocol to protect against certain kinds of attacks. Any new protocol would have to go through the same "battle-testing" before it would be reliable enough.
What is wrong with Mattermost? I've never actually used it, but it seems like a better OSS slack competitor than irc. If it really is just the problem of 1 project per tab, surely fixing that minor issue is easier than a whole new IRC spec?
It's the other way around: Mattermost has a ridiculously small userbase, compared to IRC. IRCv3 is compatible with IRC2.1. It's a lot easier to extend the IRC spec than it is to write competing software.
irccloud.com (disclaimer: I'm a subscriber) addresses a number of the deficiencies of standard IRC.
A lot of the other deficiencies are a consequence of any decentralized, open resource, due to "tragedy of the commons" effects. Those will always require active admin participation to resolve.
Freenode sometimes does get a lot of abuse, which is a shame. Some networks definitely do have better anti-spam and anti-botnet functionality, but I don't think most users ever even notice this. Even on Freenode, most channels will go without problems like botnets or channel takeovers for most or all of their life.
If you're running your own irc server, you'll probably never notice anything. If you do, it's as simple as adding a server password (or maybe even changing the default port among some other settings), and anything unwanted will likely be a thing of the past (assuming you don't have dedicated people attacking you).
On your comment about IRC bots and services, networks don't see that as something that is up to them. If something requires a U:line or other network privileges, then it's up to the network staff to implement that, sure, but anything else is for their users to do. If IRC networks were for-profit, maybe you could expect them to have things like this and advertise how amazing all of their features are to potential clients. But IRC is nothing but a money sink for everyone involved, and there's therefore often little incentive for networks to implement and integrate a lot of bots and functionality that aren't integral to network operation.
Apart from this, spam is a really hard problem if there are resourceful people dedicated to it. Email has existed for even longer than IRC, and despite absurd amounts of work into anti-spam systems and functionality with it, it's not too surprising when spam manages to finds its way into your mailbox.
I still agree there's a lot of room for improvement, both at the protocol level and at the user level, though.
is there a way for me to, instead of using a server password, use something like OAuth so that I can grant access to the server based on my companies central login database? otherwise, every time someone leaves the project, we have to rotate the server password...
I don't see why it wouldn't be possible, however, using OAuth would probably need some nice integration on client side you'd have to provide. Maybe just login to the server using your credentials and authenticate via LDAP?
> Let's all jump on the bandwagon of another closed-source, proprietary, walled-garden service and hand over all of our private intra-company communications to a private third-party in another country. GREAT IDEA.
Well said, I chuckled. Let me just add something...
If you want a paper trail of anything, use an email you own.
I have a friend who was locked out of a startup's Slack right before he was due to be paid for three months of work. He had been discussing business inside of Slack, and instantly lost access to all of those messages.
Could this have happened if the startup used a private email server, or a private IRC server? Of course. But if they were using more open protocols, he would have at least been able to back up the messages. Slack provides an easy tool for backups to admins, but not for normal team members. Slack provides an API for all users, but team admins can disable the API. Slack also allows team members to connect over IRC and XMPP, if team admins turn on that feature (https://slack.zendesk.com/hc/en-us/articles/201727913-Connec...).
Slack is great, I love using it. Just remember who owns the data. Always use your own personal email if you want to create a papertrail, as my friend found out.
Uh, in both cases "not the user", your friend using any other system unless he decided to back it up would have been locked out anyway unless he was using a localised system like POP3... Most systems allow admins to block/prevent data exports one way or another. He could have copied and pasted the slack history if he wanted a copy as easily as he could have backed up gmail / irc / etc....
> We have learned absolutely nothing. Let's all jump on the bandwagon of another closed-source, proprietary, walled-garden service and hand over all of our private intra-company communications to a private third-party in another country. GREAT IDEA.
So don't use AWS or Google App Engine or Heroku? etc. Why?
I use Facebook for a lot of my communications. Seems to be working out OK so far.
Use the tools that help you get your work done efficiently. Consider the long-term consequences, of course, but if someone took all of my Slack team messages and told me I couldn't have them back, I'd be annoyed but it wouldn't affect my productivity much.
OTOH, losing the ability to coordinate via Slack, as you're suggesting, would certainly lower my productivity.
> So don't use AWS or Google App Engine or Heroku? etc. Why?
Leaving aside that there are extremely valid reasons not to use those services, communication is a huge deal. Can you imagine if email was a walled garden?
I feel like that has to diminish the walled-garden, proprietary weight at least a little bit if slack & irssi can communicate. And it works over SSL too. Once I started doing that, I didn't mind using slack. You have to "/ignore" certain server messages though or your whole screen will be spammed with them and you'll barely see the stuff people are saying.
> another closed-source, proprietary, walled-garden service and hand over all of our private intra-company communications to a private third-party
Amen to that. Our company yet to transition away from using Salesforce, but we greatly restrict its use for the reasons above, and one day will move completely away from it.
Not only is there IRC, which many people have talked about, there is also chat over XMPP, which is how I prefer to use slack. The alternatives are worse in connectability, because they restrict you to one narrow range of clients and protocols, instead of letting you choose the right client for the job at hand. People use services like slack because they don't want to have to give a shit about communications, they just have something that works.
And you used to be able to get an RSS feed from twitter. Things in walled gardens tend to have a habit of disappearing when interoperability no longer seems to be in the proprietor's interest.
At which point I'll reevaluate the use of the application and potentially move elsewhere. FOSS developers pull these kinds of things all the time as well. Look at the cessation of interoperability after Lennart Poettering decided to "deprecate" consolekit in favor of the non-interoperable systemd. Or they'll stop development of software, like RedHat decided to cease development of the Insight Debugger they gained control of after they bought out Cygnus. The FOSS world is chock full of the same kind of silly, shady underhanded behavior of the rest of the software world.
And you were fully welcome to continue the development of ConsoleKit if you wanted. Slack, on the other hand, can hold all your important logs & metadata hostage.
Completely different situations. Neither of your examples could sanely be described as shady or underhanded - neither of them gave the producer a business advantage it wouldn't otherwise have. FOSS developers don't owe anything to you - they don't have to continue to develop your favourite feature for the rest of their lives. They do however give you the freedom to do that yourself.
This is one of the better reasons for opting for open-source alternatives to new technologies.
If you have a single person that is even slightly technical, it should be trivial to set up your own IRC server, and then you get complete control over all of your own information.
Even with that, you still can choose from a multitude of servers, services, clients, bots, client scripts, bouncers, and so on. Anything common you want to add on after that point has likely already been written for what your purposes (and is of course open-source), whether it's a git commit bot, a logging/relay bot, or even end-to-end encryption (even after TLS). It's even quick to write custom IRC bots for arbitrary purposes if you use a framework or copy some example code (even without that, it is only so bad).
> If you have a single person that is even slightly technical, it should be trivial to set up your own IRC server, and then you get complete control over all of your own information.
That's a pretty narrow view of 'slightly technical'.
These days, we've got generations of people who can manage their own email account setup, install web apps and mysql databases, configure zapier to connect multiple apps together within a few minutes. I know dozens of people who do things like this all day long for their clients.
I'd call all these people more than "slightly technical", but there's no way on earth they'd be qualified to set up and administer an IRC server.
You need far more than "slightly technical". "Slightly technical" sets you up for disaster. And... it's not 'trivial' to understand what's going on and how to manage it.
I agree, though, it should be trivial. It's just not.
somewhat agreed, but I sort of think folks here get a bit insulated and have an inflated view of what "trivial" is. I've done a lot of sysadmin stuff for years, and web work for 20. Setting up an IRC server for me would not be 'trivial' either. Earlier this year I was told by several people that setting up an icecast server was 'trivial' too - anything but, ime.
It's the sort of thing that's really easy to do poorly. I can skim ircd docs and get something running, but making sure it's set up correctly and securely is another thing entirely.
Good luck pretending than "setting-up your own IRC server" is easier than not having to care about such a thing, and that most people really enjoy to have to "choose from a multitude of servers, services, clients, bots, client scripts, bouncers, and myriad of bots" instead of just going to https://slack.com/downloads
The article does not even discuss the fact that projects that opened a slack community with a big increase in their audience. Apparently audience is much less important than purity.
You're correct, I understand why most people don't want that, and thus also why Slack is so hugely popular. I'm primarily thinking about technical people who actually do want this (such as what's referred to in the article, people working on open source projects or who otherwise require things not offered by slack).
You underestimate how much effort it is to mantain a service running. I setup a irc logger for React and it would go down every other week, I was pinged at random times by people saying it was down and either needed to drop everything I was doing to fix it or let it be broken for a while.
I want to spend my time working on React, not be a sysadmin for the irc bot. I switched to botbot.me and it's been always up and with a much better interface :)
> If you have a single person that is even slightly technical, it should be trivial to set up your own IRC server, and then you get complete control over all of your own information.
I'm "slightly" technical and I have absolutely no interest in setting up an IRC server for my project or company. That's time better spent on developing our offerings. While I have no doubt I could set up a server, I also have no doubt that setting it up and maintaining it would drain time unnecessarily.
It's the same reason that I don't advocate for most people to maintain their own servers in 2015.
Sure, but ve55 said "trivial", not "interesting" or "worth the time." It just means that you value your data and its ownership a certain way and your time a certain way. Also note that a for-profit company will have that balance in a different spot than a FOSS project.
I agree with this completely.
I hate that we now have SO many competing protocols that do basically the same darn thing and NOBODY wants interoperability!
I really don't get this, 99% of the stuff you use everyday is closed-source and proprietary. Most often the tradeoff in something bad happening (which has yet to be with Slack) versus having a functional and productive system is more than worth it.
Or do you also build your own computer from raw silicon and communicate with pirated radio signals?
As usual, I'm (not) surprised by the downvotes but no real exposition here. What's the collective freakout over what Slack is going to do? So the features and user experience aren't worth it? Why isn't everyone on IRC then?
If some basic programming chat about an open source project isn't safe then we should all throw away our phones and turn off the internet immediately, but I don't see that happening. This is basically bikeshedding on how to run open source projects.
We have learned absolutely nothing. Let's all jump on the bandwagon of another closed-source, proprietary, walled-garden service and hand over all of our private intra-company communications to a private third-party in another country. GREAT IDEA.