[JDEV] The "OpenAIM" Project
mitchell balsam
mbalsam at dti.net
Wed Jan 9 01:16:32 CST 2002
I see. Thanks for the clarification. I was not thinking as Machiavellian
as Jeremie, or AOL.
Each approach has its merits depending on the users who's problems you
want to solve.
I want to bring Jabber to business users. All of them are behind a
firewall. Also an AOL engineer cant simply sign up for an account to
facilitate his/her IP blacklisting efforts. Would these business users
be entitled to use the public redirector network. Not clear. Would they
even need to, likely not. Since I still don't believe that AOL could
tell the difference between the server behind the firewall and users
working over a port 80 proxy in the firewall DMZ. Actually an AOL
imitator working across port 80 would require less corporate firewall
configuration than jabber that needs bidirectional firewall changes!
Also, AOL is a company, who can not willing disobey the law (We hope).
To signup for an account a system engineer would require their engineer,
to accept our legal terms. Hence I digress...
For public jabber servers,
Your null client idea is absolutely the cleanest but then you must
replace or augment all jabber clients. That's a total mess for business
users. It would not be a problem is this occurred before deployment of
the clients! Something to think about soon. :-)
Have not thorough thru all the issues of null client yet. A question:
How would null client work if the user is behind a firewall?
> -----Original Message-----
> From: jdev-admin at jabber.org [mailto:jdev-admin at jabber.org] On
> Behalf Of Michael F Lin
> Sent: Wednesday, January 09, 2002 1:27 AM
> To: jdev at jabber.org
> Subject: RE: [JDEV] The "OpenAIM" Project
>
>
>
> Basically, Jeremie pointed out that AOL's engineers can use
> our own opennes against us by using our client software to
> connect to their networks through our servers. In doing so,
> they can figure out exactly where our servers are.
>
> For example, say Alice is an AOL engineer. She makes an AIM
> account "jabbersux". Now, whenever she sees Jabber users
> happy, she downloads WinJab and creates an account on their
> Jabber server. She adds the AIM transport with "jabbersux" to
> her account. Then she uses her administrative tools to see
> where jabbersux is logged into AIM from; thus she determines
> where the AIM transport is, and blocks it. A diabolical laugh
> is in order here.
>
> So the idea of running the server behind a firewall is an
> interesting one that would help in this scenario, but in the
> short term it is really a hack because, as you point out,
> there needs to be some way to get this to the masses, not
> just to one organization.
>
> -Mike
>
>
>
>
>
>
> "mitchell balsam"
>
>
> <mbalsam at dti.net> To:
> <jdev at jabber.org>
>
> Sent by: cc:
>
>
> jdev-admin at jabber Subject: RE:
> [JDEV] The "OpenAIM" Project
>
> .org
>
>
>
>
>
>
>
>
> 01/09/2002 01:00
>
>
> AM
>
>
> Please respond to
>
>
> jdev
>
>
>
>
>
>
>
>
>
>
>
> > Either they just used a
> > normal client to do this or script with a jabber module. Once
> > aim.jabber.org logged into AOL w/ that dummy account, they would
> > examine the source IP for that client connection (I'm sure they
> > regularly block abusive users/IPs and this action is quite
> easy with
> > their administrative tools).
> How could AOL tell the difference beween a jabber server with
> an AIM module behind a firewall and 50 aim users working
> behind a firewall using aim's http proxy module? As far as I
> know they cant. Jeremie, I conceed you have a lot of
> experince with this but what am I missing
> here? Now if you said that we were not repsonding to a
> command in the
> protocol I would agree that AOL could detect that.
>
> For my work, jabber is very very important if I can
> communicate with users on all the IM networks. From a
> busness point of view, I don't have the luxuary of not
> talking to people on AOL.. It my believ that many jabber
> busness user share this point of view. (I could be wrong so
> comments are appreciated)
>
> Jeremie, jabber is your product and I truly respect you for
> bring it this far. But if you want me as your customer via
> jabber.com, this is a very imporant issue. I cant simply
> ignore communicating with 100 Million AOL users.
>
>
>
>
> > -----Original Message-----
> > From: jdev-admin at jabber.org [mailto:jdev-admin at jabber.org]
> On Behalf
> > Of Jeremie
> > Sent: Tuesday, January 08, 2002 11:44 PM
> > To: jdev at jabber.org
> > Subject: Re: [JDEV] The "OpenAIM" Project
> >
> >
> > There is a very simple reason why any approach like this is
> doomed to
> > failure.
> >
> > As far as I can tell, the technique AOL is/was using to
> track the IPs
> > being used by aim.jabber.org was that they had a dummy AIM
> account and
> > registered the transport to use it via jabber like any normal user
> > does.
>
> > Either they just used a
> > normal client to do this or script with a jabber module. Once
> > aim.jabber.org logged into AOL w/ that dummy account, they would
> > examine the source IP for that client connection (I'm sure they
> > regularly block abusive users/IPs and this action is quite
> easy with
> > their administrative tools).
> >
> > The entire thing could be automated on their side, and it
> would only
> > take a very short amount of time to obliterate any network of aim
> > transports or socket redirectors.
> >
> > I fully agree, this battle isn't one for the technology,
> our technical
> > resources are better spent improving Jabber, and if anyone has
> > political resources those are probably best spent showing the world
> > why a commons for communication platforms is so important
> over closed
> > commercial/corporate networks.
> >
> > Jer
> >
> > On 8 Jan 2002, Adam Theo wrote:
> >
> > > Hmm... A thought just occured to me when reading about
> these Socket
> > > Redirects. I am not familiar with them, so they may already
> > have this
> > > ability.
> > >
> > > The key would for any "permanent solution" to be completely
> > transport
> > > side. This is opposed to the client-side which would
> > require users to
> > > install new software (won't happen), or even server-side
> > which would
> > > require server admins to re-do their entire server installation.
> > > Here's a solution:
> > >
> > > Modify Temas's AIM-T to find other AIM-T's on the Jabber
> > network in a
> > > DNS-like propogation system (how DNS entries spread accross the
> > > internet). When someone connects to an AIM-T, any AIM-T, the
> > > collective AIM-T's "shuffle" the users connections around,
> > randomizing
> > > IPs and distributing load. Once a hundred or so IPs are on this
> > > "OpenAIM" network, it would be near impossible for AOL to
> > track down
> > > even a small percentage of the IPs... especially if the IPs are
> > > somehow transparent to the client (to stop an AOL employee
> > downloading
> > > and tracking AIM connections through Jabber). The only IP
> > the client
> > > would see is the AIM-T at their home server, but the IP
> > that actually
> > > is making the connection could be any one of dozens if not
> > hundreds.
> > > Alot of potential here, folks... And this OpenAIM network
> > would bring
> > > on alot of those "multi-protocol" clients that are not yet 100%
> > > Jabber... I would see Everybuddy and GAIM becoming full
> > Jabber clients
> > > if we could pull this off...
> > >
> > > And in actuality, I think alot of the technology to do this
> > is already
> > > out there, it just needs to be pulled together.
> > >
> > > Yes, I'm 100% behind this idea. I am a crappy programmer,
> > but I would
> > > be willing to dedicate some pocket money to help a
> > programmer or two
> > > get this up.... Whadda say? I know there are some problems, but
> > > instead of shooting this idea down, how about we put our
> > thinking caps
> > > on and figure out viable solutions? Wow, I think this
> could work...
> > >
> > >
> > > _______________________________________________
> > > jdev mailing list
> > > jdev at jabber.org
> > > http://mailman.jabber.org/listinfo/jdev
> > >
> >
> > _______________________________________________
> > jdev mailing list
> > jdev at jabber.org
> > http://mailman.jabber.org/listinfo/jdev
> >
>
> _______________________________________________
> jdev mailing list
> jdev at jabber.org
> http://mailman.jabber.org/listinfo/jdev
>
>
>
>
> _______________________________________________
> jdev mailing list
> jdev at jabber.org
> http://mailman.jabber.org/listinfo/jdev
>
More information about the JDev
mailing list