Stories
Slash Boxes
Comments

SoylentNews is people

posted by Woods on Thursday April 24 2014, @11:50PM   Printer-friendly
from the MSN-Messenger-aimed-at-AIM-met-a-meta-message dept.

Adam Ferris, a programmer from Microsoft, wrote this essay on tactics that Microsoft and AOL used to force users to use their chat service and keep them:

Some protocols, like HTTP and TCP/IP, are public, documented, and spoken by everyone, but some are private/proprietary and undocumented. AIM's protocol, known as OSCAR (for Open System for CommunicAtion in Realtime), was in the latter group. I didn't have the "key" to decode it. But what my boss and I could do was sign up for an AIM account and then watch the communications between the AIM client and the server using a network monitor, a development tool used to track network communications in and out of a computer. That way we could see the protocol that AIM was using to send the messages.

Much of the message was opaque, but in the middle was one of my text messages. "Hi... Anybody?" I would write into my AIM chat box and press return, and then on my network trace I would see my "Hi... Anybody?" Some of the protocol was always changing, but some was always the same. Our client [MSN Messenger] took the surrounding boilerplate and packaged up text messages in it, then sent it to the AOL servers. Did AOL notice that there were some odd messages heading their way from Redmond? Probably not. They had a hundred million users, and after all I was using their own protocol.

martyb adds:

The linked story is kind of dry reading, but it does lead to a good discussion topic. Have you ever been involved in a similar situation? Have you ever tried to get your system to work with some else's system while they were actively trying to thwart your efforts? What challenges did you face? How did you get it to work? What was your greatest hack?

This discussion has been archived. No new comments can be posted.
Display Options Threshold/Breakthrough Mark All as Read Mark All as Unread
The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.
  • (Score: 3, Interesting) by frojack on Friday April 25 2014, @12:08AM

    by frojack (1554) on Friday April 25 2014, @12:08AM (#35859) Journal

    I wonder if any company would get away with this sort of reverse engineering today, when just putting rounded corners on a cell phone gets you dragged into court.

    All of those early protocols have pretty much fallen by the wayside as best I can tell, out done by things like WhatsApp or taken over by one-app-does-all applications.

    So much fighting over the deck chairs on the Titanic.

    --
    No, you are mistaken. I've always had this sig.
    • (Score: 2) by tomtomtom on Friday April 25 2014, @09:46AM

      by tomtomtom (340) on Friday April 25 2014, @09:46AM (#36000)

      The various whatsapp compatibility layers [github.com] being restored after seeing refuted DMCA takedown requests [reddit.com] suggests that this wouldn't be the case. It's almost exactly analogous, even down to being essentially the same type of software (Instant Messaging).

      There are lots of other recent examples to back this up: Oracle/Google [wikipedia.org] which seems to have reaffirmed the fact that you can't copyright an API or protocol; the rulings (so far) in the Lexmark DMCA case [wikipedia.org] are another example - reverse engineering for the purpose of interoperability is allowed. Likewise it seems litigation over standards-essential patents may reaffirm interoperability as being a legitimate "exception" to the normal rules.

      These in turn follow in the tradition of the many many examples where such reverse-engineering has been permitted or even encouraged, from third-party auto parts to the original clean-room implementations of the BIOS for PC clones, to Samba (where the EU actually forced Microsoft to provide protocol documentation).

      Where there still seems to be a prohibition on interoperability is in "dual-use" tools - things which allow interoperability but might also allow for DRM-stripping to simply allow copying - the rather famous Adobe DMCA case [wikipedia.org] or the various lawsuits involving DeCSS [wikipedia.org], for example. The other notable exception is jailbreaking, eg the PS3 [wikipedia.org] case (albeit that was settled out of court). It feels like the closer you get to "traditional media", the more likely these restrictions are to be interpreted in a way which denies legal interoperability.

  • (Score: 1) by jackb_guppy on Friday April 25 2014, @12:22AM

    by jackb_guppy (3560) on Friday April 25 2014, @12:22AM (#35866)

    No, the other side did not try to block us... just said we couldn't or made it very hard to do...

    1) Clamping on a async connection between a modem and a printer, to read the data stream in parallel (htel resv system) Z-80 reading watching the line had 16k of memory and half duplex bisync to host computer.

    2) Connect to phone switch that used bisync protocol covered to async... Did you know that bisync has 2 different ACKs and 3 different ENQs? But ascii async only has one of each!

    3) Connecting to another phone switch, the connection was through a terminal interface where any command seen could take up to 30 seconds to respond... terminal is lower priority of a guest picking up a phone. Can you said C program with pointers to pointers to pointers (ring buffer to ring buffer to message buffer) and 640kB was a big space!

    4) reading the phone charge for a call and mapping tp a room charge... even for calls to locations are in other counties that host country was at war with nor recognized as being existing.

  • (Score: 4, Funny) by Kilo110 on Friday April 25 2014, @01:42AM

    by Kilo110 (2853) Subscriber Badge on Friday April 25 2014, @01:42AM (#35891)

    That was a nice story. Although the bits about programming 101 seemed a little unnecessary.

    I liked the part when aol exploited their a buffer overrun in their own client to prove authenticity. My jaw dropped at that. I don't think anything like that would fly these days.

  • (Score: 2) by Snotnose on Friday April 25 2014, @01:52AM

    by Snotnose (1623) on Friday April 25 2014, @01:52AM (#35893)

    Seems stories show up on Soylent News a day or three after they show up on /., and the comments don't add anything I got from /.. Naming issues be damned, if this site can't be more relevant it's doomed.

    / yeah, I know there's a difference between /. and /..

    // deal with it

    --
    Why shouldn't we judge a book by it's cover? It's got the author, title, and a summary of what the book's about.
    • (Score: 4, Informative) by Angry Jesus on Friday April 25 2014, @02:13AM

      by Angry Jesus (182) on Friday April 25 2014, @02:13AM (#35896)

      > Seems stories show up on Soylent News a day or three after they show up on /., and the comments don't add anything I got from /..

      I agree. But instead of whining about it, I make an effort to find stories that aren't yet on /. and submit them here. What have you done?

      • (Score: 3, Funny) by tomp on Friday April 25 2014, @05:31AM

        by tomp (996) on Friday April 25 2014, @05:31AM (#35936)

        Thank you. You're a big part of why this is working. I really appreciate the effort you've put in.

        Odd how you never see people complaining on the CNN site that they're publishing the same news as other news organizations.

    • (Score: 2) by AnonTechie on Friday April 25 2014, @07:02AM

      by AnonTechie (2275) on Friday April 25 2014, @07:02AM (#35959) Journal

      There are many stories here, which have not been featured on /. I make an effort to submit stories that have not been published on the other website. Ofcourse, sometimes my endeavours are not successful !! Even if the stories are replicated, the comments/arguments are unique to this website and I hope that continues ...

      --
      Albert Einstein - "Only two things are infinite, the universe and human stupidity, and I'm not sure about the former."
      • (Score: 2) by lhsi on Friday April 25 2014, @01:04PM

        by lhsi (711) on Friday April 25 2014, @01:04PM (#36037) Journal

        I don't really check /. that much any more, so wouldn't know if I was accidentally submitting a stale story. I usually try to get something relatively recent though, so hopefully its unlikely (although as the article I find could be talking about old news, it is possible).

        What I like here is that sometimes even if a story only gets a couple of comments, they are usually all worth reading.

    • (Score: 2) by janrinok on Friday April 25 2014, @08:14AM

      by janrinok (52) Subscriber Badge on Friday April 25 2014, @08:14AM (#35972) Journal

      I've checked your posting history.

      You read this story 3 days ago and did not submit it? The lag seems to be entirely on your part. Or perhaps you're waiting for them to first appear on MSN or AIM?

      Please submit any stories when you first see them, then perhaps you can contribute rather than just criticise. However, we welcome your input and hope you will continue to stay part of the community.

      • (Score: 0) by Anonymous Coward on Friday April 25 2014, @01:56PM

        by Anonymous Coward on Friday April 25 2014, @01:56PM (#36075)

        That makes no sense. It would be trivial for SN editors to check the 5-10 stories Slashdot publishes each day and decide which ones they want to allow here. Why wait for a random person with dual citizenship to bother to submit one?

        I don't know where this stupid NIMBY / DIY / NIH crap comes from, but there's nothing wrong with having a partial mirror of stories from a site (Slashdot) that those here no longer wish to frequent. Despite the redesign and politics and sponsorships and iffy discussion, they still get good content links.

        • (Score: 2) by janrinok on Friday April 25 2014, @06:00PM

          by janrinok (52) Subscriber Badge on Friday April 25 2014, @06:00PM (#36226) Journal

          Because we do not poach stories from other sites that haven't given us permission to do so! I do not frequent /. - do you remember the slashcott? It wasn't just a passing fad. Lots of us have never been back. Pass us the original source link to the item being reported, describe what it is about, and then we will process it. Don't worry about format - That is my job.

          I suspect that there are some at Dice who would like to see us in court for such a stupid action. One of the reasons the editing takes so long is that we have to check it isn't a copy/pasta from another site, perhaps with a different headline. Feel free to volunteer to become an editor - we are always looking for more!

          We have a community of over 4000 members. If every member posted ONE story every THREE months we would never be short of material. But some people think that everyone else should be doing all the work. I disagree.

      • (Score: 2) by Snotnose on Friday April 25 2014, @01:58PM

        by Snotnose (1623) on Friday April 25 2014, @01:58PM (#36077)

        I tried to submit a story a couple weeks ago and couldn't figure out how to make the html links work. I should try again to see if the code has been updated.

        Remember, not all of us are html techies who know off the top of our head how to create a working html link. We need buttons that show windows that say "link here" and "text here", then it does the magic.

        --
        Why shouldn't we judge a book by it's cover? It's got the author, title, and a summary of what the book's about.
        • (Score: 2) by n1 on Friday April 25 2014, @05:02PM

          by n1 (993) on Friday April 25 2014, @05:02PM (#36188) Journal

          We really appreciate all submissions (that arn't trying to get product placements). If you paste the URL as is that's fine, don't worry about the HTML too much if you don't know it. I'd prefer a unique writeup than perfect HTML in a submission when editing.

    • (Score: 2) by martyb on Friday April 25 2014, @11:50AM

      by martyb (76) Subscriber Badge on Friday April 25 2014, @11:50AM (#36019) Journal

      Snotnose wrote:

      Seems stories show up on Soylent News a day or three after they show up on /., and the comments don't add anything I got from /..

      I am an editor here but am not speaking in any official capacity.

      First off, thanks for the reply! I have not gone to /. but a couple times since the start of the "slashcott". It's likely you will occasionally find a "dupe" here. You might even see something posted here that later makes it back over to there, too. =)

      In an ideal world, I'd read both sites in their entirety and omit all stories that overlap. My time is, however, limited and I have chosen to donate what time I have in support of SN.

      I see you have been active in posting here; thank you! Please consider submitting a story or two for us to consider, as well.

      --
      Wit is intellect, dancing.
    • (Score: 2) by tangomargarine on Friday April 25 2014, @06:38PM

      by tangomargarine (667) on Friday April 25 2014, @06:38PM (#36250)

      cd /..
      rm -rf *

      --
      "Is that really true?" "I just spent the last hour telling you to think for yourself! Didn't you hear anything I said?"
  • (Score: 2) by Reziac on Friday April 25 2014, @02:37AM

    by Reziac (2489) on Friday April 25 2014, @02:37AM (#35903) Homepage

    I remember seeing the server name Oscar, and another of AOL's that was called Kermit (there was another Muppet-server too but I don't recall the name). So I wonder if "Open System for CommunicAtion in Realtime" is one of those backformations, or if it just set the tone for their other server names.

    --
    And there is no Alkibiades to come back and save us from ourselves.
    • (Score: 1) by jackb_guppy on Friday April 25 2014, @05:42AM

      by jackb_guppy (3560) on Friday April 25 2014, @05:42AM (#35939)

      Remember Kermit was name of another protocol/client used for file transfers... http://www.columbia.edu/kermit/ [columbia.edu]

      • (Score: 2) by Reziac on Friday April 25 2014, @12:38PM

        by Reziac (2489) on Friday April 25 2014, @12:38PM (#36026) Homepage

        Haha, YES!

        Now get these damn gophers off my lawn!! How they got outta the modem, I'll never know.

        --
        And there is no Alkibiades to come back and save us from ourselves.
    • (Score: 2) by NCommander on Friday April 25 2014, @08:21AM

      by NCommander (2) Subscriber Badge <michael@casadevall.pro> on Friday April 25 2014, @08:21AM (#35977) Homepage Journal

      You're getting your history confused. There were two AIM protocols, TOC and OSCAR. TOC was meant for third-party clients, but it was feature incomplete compared to OSCAR which lead to Gaim to reverse-engineer it is.

      Kermit is a file transfer protocol: https://en.wikipedia.org/wiki/Kermit_(protocol) [wikipedia.org]

      --
      Still always moving
      • (Score: 2) by Reziac on Friday April 25 2014, @12:52PM

        by Reziac (2489) on Friday April 25 2014, @12:52PM (#36030) Homepage

        No, AOL named a server that too. Nothing to do with the protocol (yes, I'm old enough to remember such things). And they had another Muppet name in their stable as well, tho I've forgotten which.

        Back then my email arrived in the raw state via the BBS, so I routinely got to see all the server names and routings and whatnot. And I noticed lots of outfits had thematically named servers. For bonus points, name the ISP that named 'em after birds. :)

        --
        And there is no Alkibiades to come back and save us from ourselves.
        • (Score: 2) by NCommander on Friday April 25 2014, @01:09PM

          by NCommander (2) Subscriber Badge <michael@casadevall.pro> on Friday April 25 2014, @01:09PM (#36040) Homepage Journal

          I'm unfamiliar with any puppet names w.r.t AIM, though I know the AOL software used the RAINMAN protocol. Incidently, we use an elemental naming scheme; neon just came online the other night.

          --
          Still always moving
          • (Score: 2) by Reziac on Friday April 25 2014, @01:48PM

            by Reziac (2489) on Friday April 25 2014, @01:48PM (#36067) Homepage

            So are you sticking to noble gasses, or...??

            --
            And there is no Alkibiades to come back and save us from ourselves.
            • (Score: 2) by NCommander on Friday April 25 2014, @02:36PM

              by NCommander (2) Subscriber Badge <michael@casadevall.pro> on Friday April 25 2014, @02:36PM (#36097) Homepage Journal

              Nope, we started with hydrogen and helium which our first webserver, and DB backend, and then went up. As of right now, here's our server list

              * hydrogen - first webserver, gluster node
              * helium - primary DB server + LDAP/KDC master
              * beryllium - wiki, primary MTA, other misc services (only box running CentOS vs. Ubuntu)
              * lithium - dev server (freshly upgraded to Ubuntu 14.04!)
              * boron - staff server + service monitor, slashd box, gluster node
              * carbon - IRC server
              * nitrogen - staff slash server/tor proxy
              * oxygen - offsite backup (very slow machine with big honking HDD)
              * fluorine - second webhead
              * neon - second DB server (not in service yet)

              --
              Still always moving
              • (Score: 2) by Reziac on Friday April 25 2014, @03:44PM

                by Reziac (2489) on Friday April 25 2014, @03:44PM (#36132) Homepage

                I like it :)

                Some of those wind up being pretty funny... like how oxygen can save your life, and how after enough dev stuff, you may need lithium treatments :D

                --
                And there is no Alkibiades to come back and save us from ourselves.
        • (Score: 2) by Jaruzel on Friday April 25 2014, @02:04PM

          by Jaruzel (812) on Friday April 25 2014, @02:04PM (#36080) Homepage Journal

          One of my first jobs over 20 years ago was working for the UK MoD, and all their Mainframes (on the site I was at) were named after Greek Gods. To this day I maintain that tradition with my own home lab of servers. It sure beats calling things 'DC01' or 'MAIL04'... I even try to align names to purpose - a media server I once had, had lots of cables connected to it, so I called it Medusa. :)

          NB. That MoD site is now long gone, which is why I'm now allowed to talk about it ;)

          -Jar

          --
          This is my opinion, there are many others, but this one is mine.
          • (Score: 2) by Reziac on Friday April 25 2014, @02:15PM

            by Reziac (2489) on Friday April 25 2014, @02:15PM (#36084) Homepage

            Haha, Medusa, that's really a good one!

            And yeah, as one of those folks who accumulates computers, it's just easier to name 'em than to refer to the "P3-550"... especially if you've got five or six just alike.

            --
            And there is no Alkibiades to come back and save us from ourselves.
          • (Score: 2) by tangomargarine on Friday April 25 2014, @06:41PM

            by tangomargarine (667) on Friday April 25 2014, @06:41PM (#36252)

            Any of them named Eris? :-)

            --
            "Is that really true?" "I just spent the last hour telling you to think for yourself! Didn't you hear anything I said?"
  • (Score: 2) by Subsentient on Friday April 25 2014, @06:54AM

    by Subsentient (1111) on Friday April 25 2014, @06:54AM (#35956) Homepage Journal

    I enjoyed it quite a bit.

    --
    "It is no measure of health to be well adjusted to a profoundly sick society." -Jiddu Krishnamurti