[JDEV] The "OpenAIM" Project
mitchell balsam
mbalsam at dti.net
Wed Jan 9 02:16:58 CST 2002
Never mind. No client deployment problems with your approach its not a
client just a proxy.
Only firewall issue is: it would be best if it worked across port 80
outbound. That way we need no corporate firewall changes!
Would this not be a good use for a java based jabber server?
> -----Original Message-----
> From: jdev-admin at jabber.org [mailto:jdev-admin at jabber.org] On
> Behalf Of mitchell balsam
> Sent: Wednesday, January 09, 2002 2:17 AM
> To: jdev at jabber.org
> Subject: RE: [JDEV] The "OpenAIM" Project
>
>
> I see. Thanks for the clarification. I was not thinking as
> Machiavellian as Jeremie, or AOL.
>
> Each approach has its merits depending on the users who's
> problems you want to solve.
>
> I want to bring Jabber to business users. All of them are
> behind a firewall. Also an AOL engineer cant simply sign up
> for an account to facilitate his/her IP blacklisting efforts.
> Would these business users be entitled to use the public
> redirector network. Not clear. Would they even need to,
> likely not. Since I still don't believe that AOL could tell
> the difference between the server behind the firewall and
> users working over a port 80 proxy in the firewall DMZ.
> Actually an AOL imitator working across port 80 would require
> less corporate firewall configuration than jabber that needs
> bidirectional firewall changes!
>
> Also, AOL is a company, who can not willing disobey the law
> (We hope). To signup for an account a system engineer would
> require their engineer, to accept our legal terms. Hence I
> digress...
>
> For public jabber servers,
>
> Your null client idea is absolutely the cleanest but then you
> must replace or augment all jabber clients. That's a total
> mess for business users. It would not be a problem is this
> occurred before deployment of the clients! Something to think
> about soon. :-)
>
> Have not thorough thru all the issues of null client yet. A
> question: How would null client work if the user is behind a
> firewall?
>
> > -----Original Message-----
> > From: jdev-admin at jabber.org [mailto:jdev-admin at jabber.org] On
> > Behalf Of Michael F Lin
> > Sent: Wednesday, January 09, 2002 1:27 AM
> > To: jdev at jabber.org
> > Subject: RE: [JDEV] The "OpenAIM" Project
> >
> >
> >
> > Basically, Jeremie pointed out that AOL's engineers can use
> > our own opennes against us by using our client software to
> > connect to their networks through our servers. In doing so,
> > they can figure out exactly where our servers are.
> >
> > For example, say Alice is an AOL engineer. She makes an AIM
> > account "jabbersux". Now, whenever she sees Jabber users
> > happy, she downloads WinJab and creates an account on their
> > Jabber server. She adds the AIM transport with "jabbersux" to
> > her account. Then she uses her administrative tools to see
> > where jabbersux is logged into AIM from; thus she determines
> > where the AIM transport is, and blocks it. A diabolical laugh
> > is in order here.
> >
> > So the idea of running the server behind a firewall is an
> > interesting one that would help in this scenario, but in the
> > short term it is really a hack because, as you point out,
> > there needs to be some way to get this to the masses, not
> > just to one organization.
> >
> > -Mike
> >
> >
> >
> >
> >
> >
> > "mitchell balsam"
> >
> >
> > <mbalsam at dti.net> To:
> > <jdev at jabber.org>
> >
> > Sent by: cc:
> >
> >
> > jdev-admin at jabber Subject: RE:
> > [JDEV] The "OpenAIM" Project
> >
> > .org
> >
> >
> >
> >
> >
> >
> >
> >
> > 01/09/2002 01:00
> >
> >
> > AM
> >
> >
> > Please respond to
> >
> >
> > jdev
> >
> >
> >
> >
> >
> >
> >
> >
> >
> >
> >
> > > Either they just used a
> > > normal client to do this or script with a jabber module. Once
> > > aim.jabber.org logged into AOL w/ that dummy account, they would
> > > examine the source IP for that client connection (I'm sure they
> > > regularly block abusive users/IPs and this action is quite
> > easy with
> > > their administrative tools).
> > How could AOL tell the difference beween a jabber server with
> > an AIM module behind a firewall and 50 aim users working
> > behind a firewall using aim's http proxy module? As far as I
> > know they cant. Jeremie, I conceed you have a lot of
> > experince with this but what am I missing
> > here? Now if you said that we were not repsonding to a
> > command in the
> > protocol I would agree that AOL could detect that.
> >
> > For my work, jabber is very very important if I can
> > communicate with users on all the IM networks. From a
> > busness point of view, I don't have the luxuary of not
> > talking to people on AOL.. It my believ that many jabber
> > busness user share this point of view. (I could be wrong so
> > comments are appreciated)
> >
> > Jeremie, jabber is your product and I truly respect you for
> > bring it this far. But if you want me as your customer via
> > jabber.com, this is a very imporant issue. I cant simply
> > ignore communicating with 100 Million AOL users.
> >
> >
> >
> >
> > > -----Original Message-----
> > > From: jdev-admin at jabber.org [mailto:jdev-admin at jabber.org]
> > On Behalf
> > > Of Jeremie
> > > Sent: Tuesday, January 08, 2002 11:44 PM
> > > To: jdev at jabber.org
> > > Subject: Re: [JDEV] The "OpenAIM" Project
> > >
> > >
> > > There is a very simple reason why any approach like this is
> > doomed to
> > > failure.
> > >
> > > As far as I can tell, the technique AOL is/was using to
> > track the IPs
> > > being used by aim.jabber.org was that they had a dummy AIM
> > account and
> > > registered the transport to use it via jabber like any normal user
> > > does.
> >
> > > Either they just used a
> > > normal client to do this or script with a jabber module. Once
> > > aim.jabber.org logged into AOL w/ that dummy account, they would
> > > examine the source IP for that client connection (I'm sure they
> > > regularly block abusive users/IPs and this action is quite
> > easy with
> > > their administrative tools).
> > >
> > > The entire thing could be automated on their side, and it
> > would only
> > > take a very short amount of time to obliterate any network of aim
> > > transports or socket redirectors.
> > >
> > > I fully agree, this battle isn't one for the technology,
> > our technical
> > > resources are better spent improving Jabber, and if anyone has
> > > political resources those are probably best spent showing
> the world
> > > why a commons for communication platforms is so important
> > over closed
> > > commercial/corporate networks.
> > >
> > > Jer
> > >
> > > On 8 Jan 2002, Adam Theo wrote:
> > >
> > > > Hmm... A thought just occured to me when reading about
> > these Socket
> > > > Redirects. I am not familiar with them, so they may already
> > > have this
> > > > ability.
> > > >
> > > > The key would for any "permanent solution" to be completely
> > > transport
> > > > side. This is opposed to the client-side which would
> > > require users to
> > > > install new software (won't happen), or even server-side
> > > which would
> > > > require server admins to re-do their entire server installation.
> > > > Here's a solution:
> > > >
> > > > Modify Temas's AIM-T to find other AIM-T's on the Jabber
> > > network in a
> > > > DNS-like propogation system (how DNS entries spread accross the
> > > > internet). When someone connects to an AIM-T, any AIM-T, the
> > > > collective AIM-T's "shuffle" the users connections around,
> > > randomizing
> > > > IPs and distributing load. Once a hundred or so IPs are on this
> > > > "OpenAIM" network, it would be near impossible for AOL to
> > > track down
> > > > even a small percentage of the IPs... especially if the IPs are
> > > > somehow transparent to the client (to stop an AOL employee
> > > downloading
> > > > and tracking AIM connections through Jabber). The only IP
> > > the client
> > > > would see is the AIM-T at their home server, but the IP
> > > that actually
> > > > is making the connection could be any one of dozens if not
> > > hundreds.
> > > > Alot of potential here, folks... And this OpenAIM network
> > > would bring
> > > > on alot of those "multi-protocol" clients that are not yet 100%
> > > > Jabber... I would see Everybuddy and GAIM becoming full
> > > Jabber clients
> > > > if we could pull this off...
> > > >
> > > > And in actuality, I think alot of the technology to do this
> > > is already
> > > > out there, it just needs to be pulled together.
> > > >
> > > > Yes, I'm 100% behind this idea. I am a crappy programmer,
> > > but I would
> > > > be willing to dedicate some pocket money to help a
> > > programmer or two
> > > > get this up.... Whadda say? I know there are some problems, but
> > > > instead of shooting this idea down, how about we put our
> > > thinking caps
> > > > on and figure out viable solutions? Wow, I think this
> > could work...
> > > >
> > > >
> > > > _______________________________________________
> > > > jdev mailing list
> > > > jdev at jabber.org
> > > > http://mailman.jabber.org/listinfo/jdev
> > > >
> > >
> > > _______________________________________________
> > > jdev mailing list
> > > jdev at jabber.org
> > > http://mailman.jabber.org/listinfo/jdev
> > >
> >
> > _______________________________________________
> > jdev mailing list
> > jdev at jabber.org
> > http://mailman.jabber.org/listinfo/jdev
> >
> >
> >
> >
> > _______________________________________________
> > jdev mailing list
> > jdev at jabber.org
> > http://mailman.jabber.org/listinfo/jdev
> >
>
> _______________________________________________
> jdev mailing list
> jdev at jabber.org
> http://mailman.jabber.org/listinfo/jdev
>
More information about the JDev
mailing list