IRCNow

Why ZNC is destined for failure

  1. ZNC requires one connection per network. If a user wants to connect to 10 networks at once (freenode, ircnow, dal, efnet, etc), it requires him to set up 10 independent connections on his IRC client. This is almost impossible with mobile apps and very confusing for GUI apps. Practical experience has shown that <30% of bouncer users know how to do this. If you rely on ZNC, you will lose >70% of potential users. ZNC developers have declared they have zero interest in fixing this design flaw; in fact, they are proud of it.
  2. ZNC has invented the most confusing way of logging in. If your username is john, your password is secret123, and you want to connect to freenode, your password field needs to be john/freenode:secret123. If you want to connect to dal, your password field needs to be john/dal:secret123. Nowhere have I ever seen such a weird and confusing way of changing networks. Nobody understands this until he has spent 1-2 hours of troubleshooting.
  3. ZNC is not designed for casual users. It requires reading far too much documentation in order to use. For example, typing /msg *status help shows a wall of text that only a sysadmin could understand. You have jargon like AddTrustedServerFingerprint, ClearAllChannelBuffers, and SetUserBindHost – words that only a sysadmin could understand after reading through several pages of wikis. As sysadmins, we should configure all this for the end-user so the end-user does not have to read a single page of documentation.
  4. ZNC relies on a web panel. There are two problems. First, I suspect this web panel cannot be easily customized without recompiling. Secondly, it does not follow the UNIX philosophy of Do One Thing and Do It Well. There is no need to bundle a web server with a bouncer. These should be two separate programs because they deal with two separate protocols/objectives. If you think about the matter critically, you will realize that users don't need a webpanel at all. There's nothing in the webpanel that could not be configured and managed by sysadmins on behalf of users.
  5. ZNC is written in C++, an ugly and inelegant language.
  6. ZNC throttles users when you first start up ZNC and connect everyone. However, the throttling is done in a very stupid manner – each connection is attempted and throttled serially, even if the networks being connected to are different. These connections should be done in parallel rather than serially. For example, if you have 30 independent networks to connect to and a 30 second throttling delay, it would take 15 minutes with ZNC, but it should only take 5 seconds with a proper bouncer that connects to all 30 networks simultaneously (no need to throttle because they are all unique). On a ZNC server with 1000 users with 10 networks each, and 30 seconds of throttling, we are talking about a startup time of 5000 minutes; more than 3 days would elapse to get connected!
  7. If a server doesn't have a properly signed SSL cert, ZNC will disconnect until the user adds the SSL fingerprint manually. This confuses >90% of users. They always blame our bouncer for not working properly. To make matters worse, ZNC then insists upon reconnecting every minute or so and failing in the same manner. And because ZNC does connection throttling, this slows everyone from being able to connect. You as a sysadmin are forced to manually disconnect networks that have SSL certs that aren't properly signed, or else in a few weeks, your ZNC becomes so slow (due to all the throttling) that it takes >10 mins to connect.
  8. This same error also occurs when our bouncers are GLINEd. Again, ZNC stupidly tries to reconnect every minute, causing everyone to suffer from connection throttling, even if they are not GLINEd.
  9. ZNC chose to adopt IRCv3, a terrible protocol because it adds nothing of value to users but introduces a lot of bugs. We have documented that older versions of mIRC (from around v7.33 to 7.41) are unable to connect because either mIRC or ZNC improperly implement IRCv3 capability negotiation. This bug has also been observed with some other Mac and Android IRC clients. What is worse is that nothing in the system logs or user clients ever show this error; it just appears to be nonresponsive after IRCv3 capability negotiation. We are able to reproduce this bug.
  10. ZNC has no way of supporting both IPv4 and IPv6 simultaneously while preferring IPv6 when available. If you want to prefer IPv6, you are forced to drop support for IPv4 (you are therefore unable to connect to IPv4-only networks). If you choose to support both IPv4 and IPv6, znc usually chooses IPv4 by default, rather than using IPv6 by default. This is a design flaw. The default should be IPv6, then fallback to IPv4.
  11. ZNC nickserv module appears to use the /nickserv alias which is not supported on all IRCds (not supported by ngircd). The proper nickserv module should instead adapt to each IRC network so that users do not have to memorize the idiosyncrasies of every single network's services. For example, for ngircd, the proper command is /squery nickserv identify <password>; for DALnet, the proper command is /msg nickserv@services.dal.net identify <password>. This really does not need to be an optional module; it needs to be integrated into the bouncer.
  12. ZNC does not offer users any way to download their chat logs. It has a chat log module which stores the chat logs on the server hard disk – but how is a user supposed to fetch these logs? Unless you give every single user on your bouncer ssh access, you are forced to manually email them. A hideous solution.
  13. Requesting a ZNC account using a web registration form or a bouncer bot is an ugly hack. Users should be able to register an account instantly upon first connection.
  14. ZNC bundles the shell module by default, a module which makes it easy to exploit a 0day to get shell access to the entire server. It is impossible to delete this module. I complained about this to #znc on freenode and was told by that this was the least of my worries. This goes to show that znc developers do not care enough about security.
  15. ZNC's Partyline module is buggy when users are connected to multiple networks. Often, messages repeat 2x or more, and sometimes it causes the users to join strange channels without requesting it. This otherwise useful module has been dropped starting v1.8, so we will need to switch to psyBNC to keep it.
  16. There is no way to turn debugging on or off without compiling ZNC from source and restarting ZNC.
  17. ZNC's blockuser module may be buggy. I have not verified this with certainty, but I suspect that if you send a reconnect message to the *controlpanel, it may connect sometimes even if a user is blocked.
  18. Chrooting ZNC is a horrible, ugly hack.
  19. A commonly requested feature is to be able to use ZNC for both mobile phone client and PC IRC client. Here's the ZNC wiki explaining how you have multiple clients. Did you understand that? Neither did I. This setup is too complex and confusing for normal people to follow.
  20. ZNC developers most likely have no interest in fixing any of the above design flaws. And even if they did, you'd be at the mercy of their development team, which may take years before they fix it. You are better off forking the code yourself.
  21. ZNC modules often fall into the category of 1) useless or 2) proprietary software. For example, the ZNC Push Notifications module is proprietary software. There is no open source push notifications for ZNC, but this feature is essential for a proper mobile IRC client.

ZNC is only 50% of the way there to a good bouncer. We chose it because it is more polished than psyBNC currently. psyBNC is only 30% of the way to a good bouncer. However, the problem is that znc is going on the wrong path, and will never straighten its course because of the above mentioned design flaws and a stubborn development team. psyBNC, however, is abandonware so we can mold it to fit our own goals.

psyBNC is the bouncer of the future

  1. Written in C, a UNIX hacker's best friend.
  2. psyBNC can multiplex multiple network connections onto a single connection, so that users only have to connect to psyBNC once to access all networks. If a user chooses to connect to 200 networks using psyBNC, his IRC client only has to connect once to psyBNC. This is a lot more intuitive than logging in 200 times.
  3. Instead of chroot, we can use OpenBSD's pledge and unveil for greater security.