[JDEV] The "OpenAIM" Project

Michael F Lin MFLIN at us.ibm.com
Wed Jan 9 00:47:25 CST 2002

If we get 500 servers (which I think is pushing it), it is perfectly
feasible to block that many IPs. If it was getting really bad for them,
they could set up a hash table on the addresses and get a pretty darn
efficient search as long as we can't conspire to control our IP addresses.
And certainly, it works just as well for them to accept connections and
then kill them later, once comuptational time is cheap, like they did with
all that "You are using unauthorized software" stuff.

I agree with everything else you say. I again recommend the null client. It
could solve both problems.


                      "David Waite"                                                                                                    
                      <mass at akuma.org>         To:       <jdev at jabber.org>                                                             
                      Sent by:                 cc:                                                                                     
                      jdev-admin at jabber        Subject:  Re: [JDEV] The "OpenAIM" Project                                              
                      01/09/2002 12:25                                                                                                 
                      Please respond to                                                                                                

----- Original Message -----
From: "Jeremie" <jeremie at jabber.org>
> As far as I can tell, the technique AOL is/was using to track the IPs
> being used by aim.jabber.org was that they had a dummy AIM account and
> registered the transport to use it via jabber like any normal user does.
> Either they just used a normal client to do this or script with a jabber
> module. Once aim.jabber.org logged into AOL w/ that dummy account, they
> would examine the source IP for that client connection (I'm sure they
> regularly block abusive users/IPs and this action is quite easy with
> administrative tools).
> The entire thing could be automated on their side, and it would only take
> a very short amount of time to obliterate any network of aim transports
> socket redirectors.

In this way also a large number of servers in a mesh would imitate (and
be) an attack - blocked IPs could begin to take up memory, and there isn't
any way to block based on an IP without doing an O(log n) search. It would
not be feasable to block this number of IPs. If these machines were on
dynamic IPs (DSL and cable modem users), legitimate users would start to be
blocked at times because they got an unlucky IP. As a solution it would
work, but we would be no better than AOL.

We also would not be making our product better. Jabber is designed to be
interoperable IM, but even if it is not interoperable there are a ton of
advantages to Jabber over any other IM system. Given that there are still
very few resources focused on improving the server, everything will be a
trade-off. Is interoperability more important than supporting things like
SOAP? Is interoperability more important than creating a stable platform?
More important than attracting a wider user base?

The only thing we do is promote the advantages of interoperability, and try
to make a better product than AOL has, in order to entice AOL to become
interoperable, or have their user base leave for other interoperable
solutions. Rather than forcing them to deal with us, let us make them
realize that we were right all along.

- David Waite

jdev mailing list
jdev at jabber.org

More information about the JDev mailing list