[Twisted-Python] Words.Participant capabilities

Christopher Armstrong carmstro at twistedmatrix.com
Mon Feb 11 21:07:48 EST 2002

On Mon, 2002-02-11 at 18:43, Kevin Turner wrote:
> On Sun, 2002-02-10 at 23:14, Christopher Armstrong wrote:
> > On Mon, 2002-02-11 at 00:06, Kevin Turner wrote:
> > > One central question is "Do queries about a participant get answered by
> > > the server, or by the participant's client?"
> > 
> > Let the server handle user-status queries, but let the client tell the
> > server how to respond to them.
> Does that provide enough flexibility?  Your possible configurations
> would be limited by the things the server can think of.  That means you
> probably can't program a configuration like "If it's during working
> hours and I don't have anything scheduled on my appointment calander and
> I don't have a personal chat session with Cindy open and I'm not
> listening to my deth metal playlist, then let Ross see my status as
> 'available'."

Interesting. Maybe we could have an option to say "let the client
respond to this query", but maybe that would just be a bunch of added
complexity. *shrug*.


> > > Server descriptions.  The best I've seen is something like
> > > self.service.serviceName, which in practice always yields
> > > "twisted.words".  
> > 
> > I'm not sure where you're going with this point,
> I just want to stop seeing "welcome to twisted.quux" on whatever service
> I sign on to, and instead see something that identifies whose service
> I'm connected using.

That probably shouldn't be the service name, but some sort of MOTD

> > I *definitely* don't want to allow clients to get IPs of other clients
> > without explicit consent. After living on dalnet for a few years, where
> > kiddies DDoS you for looking at them the wrong way, I've been locked
> > into this opinion.
> You're right about client IPs, I think.  There are only two reasons
> those are useful on IRC.  1) to help identify the user, which you have a
> hard time doing due to IRC's non-existant authentication 2) DoS
> attacks.  Since we'll actually have authentication, reason #1 goes away.

Not allowing viewable IPs allows DoS attacks? Hmm. I guess when it comes
to ops trying to ban a join-flood, or something. Of course, you can
always have programmed DoS-stoppers, as well as "wordscops" who can see
the IPs of participants. Or am I way off?

> > And the server thing - I don't see any harm, but why
> > does it matter?
> I can think of two reasons for publishing the server address.  One is
> for advertising, you might be thinking "Gee, my server sucks.  What are
> other people using?"  The other might be to help track down problems. 
> "That server is administered really poorly.  Lets add it to our
> blacklist."


                                Chris Armstrong
                         << radix at twistedmatrix.com >>

More information about the Twisted-Python mailing list