From ghudson at MIT.EDU Thu Dec 1 13:30:40 2005
From: ghudson at MIT.EDU (Greg Hudson)
Date: Thu, 1 Dec 2005 13:30:40 -0500
Subject: [Wocky] Re: Server-to-server
In-Reply-To: <1129927029.15179.236.camel@egyptian-gods.mit.edu>
Message-ID: <200512011830.jB1IUe3L012922@egyptian-gods.mit.edu>
On October 21, you wrote:
> It looks like server-to-server communication is disabled on
> jabber.mit.edu. Is this planned at some point? (or am I
> misinterpreting?)
Sorry it's taken so long to get back to you about this.
My testing indicates:
* s2s works between mit.edu and jis.mit.edu
* s2s works between mit.edu and 12jabber.com
* s2s does *not* work between mit.edu and jabber.org
* s2s does *not* work between mit.edu and gmail.com
It is well-known that gmail.com does not allow server-to-server Jabber
at the current time; see:
http://www.google.com/talk/developer.html#service_4
It's disappointing, but we don't have any control over that decision.
When I initially tested against jabber.org and found that it didn't
work, I assumed the problem must be on our end. I'm rather surprised
to find out that the problem seems to be on their end, since we are
able to communicate with two other open-registration servers.
From saltine at MIT.EDU Thu Dec 1 14:07:45 2005
From: saltine at MIT.EDU (Joseph Calzaretta)
Date: Thu, 01 Dec 2005 14:07:45 -0500
Subject: [Wocky] Re: Server-to-server
In-Reply-To: <200512011830.jB1IUe3L012922@egyptian-gods.mit.edu>
References: <1129927029.15179.236.camel@egyptian-gods.mit.edu>
<200512011830.jB1IUe3L012922@egyptian-gods.mit.edu>
Message-ID: <6.2.1.2.2.20051201140008.03c72070@hesiod>
At 01:30 PM 12/1/2005, Greg Hudson wrote:
>* s2s works between mit.edu and jis.mit.edu
Is this intermittent? A few weeks ago when I was setting up the Gaim
client, I couldn't see anyone @jis.mit.edu via my jcalz at mit.edu account...
nor anyone @mit.edu from my jcalz at jis.mit.edu account. Neither could Sam
Hartman. Today, the cross-server stuff seems to be working. And
presumably it worked in the past as well. So are the servers being
reconfigured every so often? Or is there some kind of intermittent
something-else going on? Thanks!
--Joe
From tfitz at MIT.EDU Thu Dec 1 15:45:44 2005
From: tfitz at MIT.EDU (Tom Fitzgerald)
Date: Thu, 01 Dec 2005 15:45:44 -0500
Subject: [Wocky] Re: Server-to-server
In-Reply-To: <200512011830.jB1IUe3L012922@egyptian-gods.mit.edu>
References: <200512011830.jB1IUe3L012922@egyptian-gods.mit.edu>
Message-ID: <1133469944.17713.162.camel@sligo.mit.edu>
Cool. I was testing with jabber.org too, unfortunately.
12jabber.com will suit me fine.
Interestingly, s2s does work between jabber.org and 12jabber.com.
> > It looks like server-to-server communication is disabled on
> > jabber.mit.edu. Is this planned at some point? (or am I
> > misinterpreting?)
>
> Sorry it's taken so long to get back to you about this.
>
> My testing indicates:
>
> * s2s works between mit.edu and jis.mit.edu
> * s2s works between mit.edu and 12jabber.com
> * s2s does *not* work between mit.edu and jabber.org
> * s2s does *not* work between mit.edu and gmail.com
>
> It is well-known that gmail.com does not allow server-to-server Jabber
> at the current time; see:
>
> http://www.google.com/talk/developer.html#service_4
>
> It's disappointing, but we don't have any control over that decision.
>
> When I initially tested against jabber.org and found that it didn't
> work, I assumed the problem must be on our end. I'm rather surprised
> to find out that the problem seems to be on their end, since we are
> able to communicate with two other open-registration servers.
From atticus at MIT.EDU Thu Dec 1 19:01:17 2005
From: atticus at MIT.EDU (Atticus O Gifford)
Date: Thu, 1 Dec 2005 19:01:17 -0500
Subject: [Wocky] MIT Adium 0.86 (Beta 1) installer available for testing
Message-ID: <20051201190117.km6hayz31x6sgckc@webmail.mit.edu>
I've put together the first version of the Mac Adium installer. Next week, this
installer, along with the Gaim installer, will have the UI cleaned up match our
other MIT installers, perform validation on the username etc.
This should allow you to install the application and create an account during
the install. You can create more accounts by running the Prefs Installer in
/Applications/MIT Adium 0.86/
The Gaim installer is also still available at:
I'll plan on coming to the meeting Tuesday if you're having one to discuss
possible next steps.
Thanks,
Atticus
From raeburn at MIT.EDU Fri Dec 2 10:58:29 2005
From: raeburn at MIT.EDU (Ken Raeburn)
Date: Fri, 2 Dec 2005 10:58:29 -0500
Subject: [Wocky] MIT Adium 0.86 (Beta 1) installer available for testing
In-Reply-To: <20051201190117.km6hayz31x6sgckc@webmail.mit.edu>
References: <20051201190117.km6hayz31x6sgckc@webmail.mit.edu>
Message-ID: <3311EAFB-8F2C-428E-BE2D-9AD855956E00@mit.edu>
>
If I understand it right, your .htaccess.mit file in that directory
limits access to people in two groups, swr-core and wocky. Problem
is, the wocky group in Moira and AFS doesn't contain any users, it
just contains the one string wocky at mailman.mit.edu. This may explain
why I wasn't able to download it. (Or, it may be related to the
problems I've been having just recently with email access from my
laptop too, if it's something certificate-related.) Fortunately I
was able to copy it out of AFS.
So, now I've got /Applications/MIT containing MIT Netscape 7.02, and /
Applications/MIT Adium 0.86. The Netscape install is kind of old, so
maybe things have changed, but does MIT (SWRT) have a consistent
policy on what level to install MIT Mac applications at?
The installer asked for my Kerberos id, which I gave it. When I
started Adium, I then had two raeburn at mit.edu accounts with basically
the same configuration data. (I've been using Adium for a while, and
already had configured an mit.edu account.) The installer should've
checked for that, and either told me nothing needed to be done, or
checked that the data was correct and updated (offered to update?) if
it was not.
So I deleted one of them, the one listed first, which I assume was
the old one.
Signing on to the account, I'm asked for my password, so I assume
this version doesn't have the Gaim patches to use Kerberos
authentication. Is there anything interesting to this version
besides having MIT's installer and prefs installer on top of the
standard Adium distribution?
I took a look at the prefs installer. (Why is it buried in yet
another subdirectory, one which contains only the one program with
the same name as the directory?) It says it will create an Adium
account for use at MIT; fine. It also says ``Items will be installed
on the disk "Mac OS X"'' -- what items? The account data should be
stored wherever the account data is stored under my home directory,
regardless of what disk that happens to be on. (If my home directory
is not on the boot partition, will this report even be correct?)
After I click "skip", the message says I can run "the Adium 0.86
Prefs Installer in your Applications -> MIT Adium 0.86 folder".
Except, that's not the name of the program ("MIT Adium 0.86 Prefs
Installer"), and it's buried in a sub-folder. Is there a right-arrow
glyph that might be used instead of the dash greater-than construct?
(The Character Palette shows Unicode code points for Rightwards
Arrow ?, Rightwards Double Arrow ?, Rightwards White Arrow ?,
and Black Rightwards Arrow ?, for example, in the Arrows and
Dingbats tables, but I don't know if these characters are always
available; some other code points listed in the Character Palette
aren't displayed for me.)
The downside for me, semi-paranoid person that I am, is that I don't
appear to have the option of simply copying in one program or folder
without running an installer program, as I get with the standard
Adium package. Sometimes it's nice to know that (1) nothing's been
installed outside that folder, so it's easy to throw it all away at
once, and (2) it's not configuring any path-dependent stuff during
installation, so renaming it or moving it to another folder is okay.
The former may not be a problem if the installer program deigns to
leave me a log file to look at, which this one appears to, though
it's hard to tell that before running it if you don't already know,
and impossible to decide whether to install a program based on
whether it installs stuff in shared system folders, replaces system
libraries, all that fun stuff you find on Windows. I know I can move
Adium.app around without breaking things, but I'm less sure about the
MIT Prefs Installer.
Ken
From atticus at MIT.EDU Fri Dec 2 16:33:19 2005
From: atticus at MIT.EDU (Atticus O Gifford)
Date: Fri, 2 Dec 2005 16:33:19 -0500
Subject: [Wocky] MIT Adium 0.86 (Beta 1) installer available for
testing
In-Reply-To: <3311EAFB-8F2C-428E-BE2D-9AD855956E00@mit.edu>
References: <20051201190117.km6hayz31x6sgckc@webmail.mit.edu>
<3311EAFB-8F2C-428E-BE2D-9AD855956E00@mit.edu>
Message-ID: <20051202163319.054lqobdba1w044o@webmail.mit.edu>
Thanks for the detailed results. I've interspersed a few comments below.
Quoting Ken Raeburn :
>>
>
> If I understand it right, your .htaccess.mit file in that directory
> limits access to people in two groups, swr-core and wocky. Problem
> is, the wocky group in Moira and AFS doesn't contain any users, it
> just contains the one string wocky at mailman.mit.edu. This may explain
> why I wasn't able to download it. (Or, it may be related to the
> problems I've been having just recently with email access from my
> laptop too, if it's something certificate-related.) Fortunately I
> was able to copy it out of AFS.
Whoops, I didn't realize wocky wasn't a standard list. For the moment, I've
made the installer available to is&t at mit.edu and I'll leave the AFS open as a
backup. I'll figure out something a little more appropriate later.
> So, now I've got /Applications/MIT containing MIT Netscape 7.02, and
> / Applications/MIT Adium 0.86. The Netscape install is kind of old,
> so maybe things have changed, but does MIT (SWRT) have a consistent
> policy on what level to install MIT Mac applications at?
Yes, all our installers install to "MIT " under
/Applications. Netscape on Mac was a little wacky (to say the least) and is
quite old, so its odd location isn't too surprising.
> The installer asked for my Kerberos id, which I gave it. When I
> started Adium, I then had two raeburn at mit.edu accounts with basically
> the same configuration data. (I've been using Adium for a while,
> and already had configured an mit.edu account.) The installer
> should've checked for that, and either told me nothing needed to be
> done, or checked that the data was correct and updated (offered to
> update?) if it was not.
You're definitely right about that. That's slated for the B2 installer next
week. The main focus of this installer was getting the code together
to add an
account correctly and making sure it worked. So far so good on that
front. Now
I need to add validation, doll up the UI (dialogs) and add the rest of
the code.
I suspect the installer will work something like:
1) Ask for Kerberos username
2) Check for an account of that name
3) If not found, add
4) If found, offer to add anyway, overwrite (update?) the existing or
just leave
it alone.
Hopefully that should all be in the next version.. if you get a chance to look
at that one let me know if it works better for you.
> So I deleted one of them, the one listed first, which I assume was
> the old one.
>
> Signing on to the account, I'm asked for my password, so I assume
> this version doesn't have the Gaim patches to use Kerberos
> authentication. Is there anything interesting to this version
> besides having MIT's installer and prefs installer on top of the
> standard Adium distribution?
The installer right now is just the main Adium distribution with configuration
added. Now that there are framework installers for Windows and Mac, we can
probably discuss additions at the Tuesday meeting (if any).
> I took a look at the prefs installer. (Why is it buried in yet
> another subdirectory, one which contains only the one program with
> the same name as the directory?)
That's a hold-over from how we've always done the installers. We used to
include a text file in the folder called "What's this?" or something
similar. Since most other installers don't have a prefs installer or
config wizard or
whatever, it seemed easier to abstract it a bit and associate it with a text
document. I'm not sure if that's the best way to do things anymore, and we're
going to be revamping our mac installer standards over the next 2 months
(hopefully). Any ideas or input you have on that front is most welcome. I'm
happy to just move the file up a level and not include a description if that
seems less confusing.
> It says it will create an Adium account for use at MIT; fine. It
> also says ``Items will be installed on the disk "Mac OS X"'' -- what
> items? The account data should be stored wherever the account data
> is stored under my home directory, regardless of what disk that
> happens to be on. (If my home directory is not on the boot
> partition, will this report even be correct?)
I thought I had turned that off, but I'll check again. It may be that since
we're using the VISE installer as a wrapper, its text always assumes it
will be
installing files of some sort. If nothing else, I can just edit the resource
string for that text to reflect something more accurate.
> After I click "skip", the message says I can run "the Adium 0.86
> Prefs Installer in your Applications -> MIT Adium 0.86 folder".
> Except, that's not the name of the program ("MIT Adium 0.86 Prefs
> Installer"), and it's buried in a sub-folder. Is there a right-arrow
> glyph that might be used instead of the dash greater-than construct?
> (The Character Palette shows Unicode code points for Rightwards
> Arrow ?, Rightwards Double Arrow ?, Rightwards White Arrow ?,
> and Black Rightwards Arrow ?, for example, in the Arrows and
> Dingbats tables, but I don't know if these characters are always
> available; some other code points listed in the Character Palette
> aren't displayed for me.)
That's a good point in general. I try not to use that sort of
construct, but I
should keep that in mind in case I can't get around it. In this case, I think
the poor writing (and poor arrow :) of the dialog are a result of slapping
together a Beta installer around the configuration script. I definitely
planned on rewriting all of that. I'll see what I can polish up for
the Beta 2
installer, and I'll use a proper arrow if the need remains.
> The downside for me, semi-paranoid person that I am, is that I don't
> appear to have the option of simply copying in one program or folder
> without running an installer program, as I get with the standard
> Adium package. Sometimes it's nice to know that (1) nothing's been
> installed outside that folder, so it's easy to throw it all away at
> once, and (2) it's not configuring any path-dependent stuff during
> installation, so renaming it or moving it to another folder is okay.
> The former may not be a problem if the installer program deigns to
> leave me a log file to look at, which this one appears to, though
> it's hard to tell that before running it if you don't already know,
> and impossible to decide whether to install a program based on
> whether it installs stuff in shared system folders, replaces system
> libraries, all that fun stuff you find on Windows. I know I can move
> Adium.app around without breaking things, but I'm less sure about
> the MIT Prefs Installer.
That's also a good point. When we write installers on the Mac platform, the
primary reason is usually to add customization. The problem is, we haven't
thought up any system to handle customization that is substantially
more clever
than the sytem we're using (a prefs installer) without being more invasive or
path-dependent. The only time we install items to non-Application folder
locales is when the vendor installer does the same thing. The new TSM
installer is a good example: it installs binaries in unix locations as well as
under /Library/Application Support. Adding a log file is trivial, but as you
say it doesn't solve the initial uneasiness. Part of the problem is balancing
experienced users' trepidations with novice users' skittishness. Too much
information and too many decisions tends to make novice users nervous, whereas
the reverse seems to be true as experience increases.
We're going to try to move all our installers to .pkg installers in the near
future for those users who are using Apple Remote Desktop to manage their
users. I suspect that will only obscure the installers' workings even
further,
however. If you have any ideas or more issues you'd like addressed about
installers in general (or this installer obviously) please send them
along. It's hard to get input on these things, and the more info we
have moving
forward with a redesign the better.
Thanks for all the info,
Atticus
P.S. The prefs installer only adds accounts to ~/Library/Application
Support/Adium 2.0/... btw (in case you were still wondering).
From hallisey at MIT.EDU Mon Dec 5 15:49:45 2005
From: hallisey at MIT.EDU (Joanne Hallisey)
Date: Mon, 5 Dec 2005 15:49:45 -0500
Subject: [Wocky] Meeting Tuesday, Dec. 6 at 3:00
Message-ID: <3898751F-5A07-4064-8013-9A0E7D3D7AA9@mit.edu>
Hello,
There will be a Jabber meeting Tuesday, Dec. 6 at 6:00 in W92-225.
Agenda
1. Sponsor check in: Probable expansion of the pilot
2. Progress on survey questions
3. Progress on installers; any issues reported
4. Other
Thanks,
Joanne
--------------------------------------------
Joanne Hallisey
IS&T
W92-153
3-1894
hallisey at mit.edu
From jchrepta at MIT.EDU Mon Dec 5 23:01:54 2005
From: jchrepta at MIT.EDU (Darien J Chrepta)
Date: Mon, 5 Dec 2005 23:01:54 -0500
Subject: Fwd: [Wocky] Invitation to participate in the Jabber messaging
pilot
Message-ID: <20051205230154.9krwqe37kuwwsg84@webmail.mit.edu>
Hello IS&T
I'm interested in participating.
I'll check out the Jabber page.
Best wishes,
Jay Chrepta
----- Forwarded message from tregan at MIT.EDU -----
Date: Mon, 5 Dec 2005 20:50:47 -0500
From: Theresa M Regan
Reply-To: Theresa M Regan
Subject: Fwd: [Wocky] Invitation to participate in the Jabber messaging pilot
To: Theresa M Regan
Greetings,
IS&T is currently piloting an instant messaging service, Jabber. If
you are interested in participating, please read the following note
which highlights the service and support options during this pilot.
Questions, comments and/or suggestions may be posted to
Cheers,
Theresa
p.s. please note... one's login account is: kerberos
principal at mit.edu, i.e., tregan at mit.edu
Begin forwarded message:
> From: "Joanne M. Hallisey"
> Date: October 18, 2005 10:59:10 AM EDT
> To: IT-Partners at mit.edu, IT-Lead at mit.edu, helpstaff at mit.edu,
> helpstudents at mit.edu, athena-rcc at mit.edu, athena-rcc-students at mit.edu
> Cc: wocky at mit.edu
> Cc: is&t at mit.edu
> Subject: [Wocky] Invitation to participate in the Jabber messaging
> pilot
>
> Hello,
>
> IS&T invites you to participate in a pilot of a Jabber Instant
> Messaging service. Jabber is an instant messaging system that
> allows MIT users to communicate with one another and Jabber users
> elsewhere on the Internet. Jabber also supports creation and
> joining of chat rooms for group communication. Additionally, many
> Jabber clients also offer support for other instant messaging
> systems such as AIM (AOL) and YIM (Yahoo).
>
> The intention of the pilot is to learn more about requirements for
> providing this as an enterprise messaging service and understand
> some of the support and service issues. The pilot will focus on
> setting up the server environment and delivering installers for
> GAIM and AdiumX (software clients for Linux, Macintosh and Windows).
>
> The Jabber pilot team will provide limited best effort support, and
> pilot participants are strongly encouraged to give feedback. As the
> pilot progresses, the team will send updates and post them to the
> web pages listed below. The pilot will run through December 2005.
> IS&T will start a more formal release effort if the pilot is
> successful.
>
> The following draft web pages provide download information,
> configuration instructions and information about known issues.
>
> Jabber Service Page
>
>
> Jabber Stock Answer Branch
>
>
> Please note:
> As always, protect your password. Do not allow the client program
> to store your password.
>
> For questions or more information please contact the team via the
> Wocky mailing list:
> Wocky at mit.edu
>
>
> Thank you.
> For the Jabber Team,
> --
> Joanne Hallisey
> _______________________________________________
> Reminders:
> - Make off-campus connections through the Virtual Private Network.
> For information on the VPN see network/vpn.html>
>
> - Take advantage of the MIT Windows Automatic Update Service. For
> information on WAUS see updates/>
>
> - Take advantage of a recent enhancement to MIT's Spam Screening
> service which allows for personally setting the number of days
> "spam" is aged prior to auto deletion. For more complete
> information and to set your personal options see web.mit.edu/ist/services/email/nospam/>
>
> --
> Joanne Hallisey
> Sr. Project Manager
> MIT - Information Services and Technology
> 617-253-1894
> _______________________________________________
> Wocky mailing list
> Wocky at mit.edu
> http://mailman.mit.edu/mailman/listinfo/wocky
----- End forwarded message -----
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mailman.mit.edu/pipermail/wocky/attachments/20051205/32e9e7f7/attachment.htm
From hallisey at MIT.EDU Wed Dec 7 09:28:13 2005
From: hallisey at MIT.EDU (Joanne Hallisey)
Date: Wed, 7 Dec 2005 09:28:13 -0500
Subject: [Wocky] Meeting Notes: Jabber
Message-ID:
Theresa extended the invitation to additional piloteers. One person
responded.
We have asked Mark for usage/server statistics; waiting for his
response.
Survey - reviewed questions - Joanne will send them to wocky at the
end of the week. This will give the newest users some time to use
Jabber.
Server to server: did some tests. It works fine on some public
jabber servers. Jabber.org has had some problems and has not been
working gmail.com (googletalk) does not do server to server right
now. 12jabber.com; jis.mit.edu work. Heather will set up some
information/FAQs for server to server.
Atticus:
Saw Ken Raeburn's responses to the AdiumX and is making changes.
Did not see any responses to Windows Gaim installer.
Hope to have updates out in 2 or 3 days for next round of testing.
Windows installer should work in the domain. Gaim will appear in
the Start Menu like other MIT installers. MIT configurations in
Tools submenu consistent with other MIT installers. Run usability
testing. Joanne will set up some testing. Heather Anne will do some
documentation.
Greg has been looking at the confirmation step when you add a buddy.
Looked at presence/privacy for other IM solutions. Right now it is
hard to make it possible for people who are at MIT to see your
presence without a confirmation.
Will likely continue the pilot to get more experience and to
understand more about the Jabber community.
Next meeting: Dec. 19 at 2:00 in .
--------------------------------------------
Joanne Hallisey
IS&T
W92-153
3-1894
hallisey at mit.edu
From rboes at plant.mit.edu Wed Dec 7 14:11:20 2005
From: rboes at plant.mit.edu (Robert Boes)
Date: Wed, 7 Dec 2005 14:11:20 -0500
Subject: [Wocky] Jabber login
Message-ID:
Hi,
I was passed an invitation to test jabber by someone who's in IT Partners.
(I am not.) I downloaded the software, registered myself as a Jabber
account, but couldn't login. I was using my Kerberos password. Is the test
of the product limited to a certain group of people, or am I doing something
wrong?
Thanks for any help.
Bob
Robert G. Boes
Senior Systems Planner
MIT Campus Planning and Design
77 Massachusetts Ave. Room NE49-2100
Cambridge 02139
(617) 452-2992
rboes at mit.edu
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mailman.mit.edu/pipermail/wocky/attachments/20051207/05fbfb16/attachment.htm
From hallisey at MIT.EDU Wed Dec 7 14:43:32 2005
From: hallisey at MIT.EDU (Joanne Hallisey)
Date: Wed, 7 Dec 2005 14:43:32 -0500
Subject: [Wocky] Jabber login
In-Reply-To:
References:
Message-ID:
Hello Robert,
There is some information here. http://web.mit.edu/ist/services/
messaging/jabber.html
--------------------------------------------
Joanne Hallisey
IS&T
W92-153
3-1894
hallisey at mit.edu
On Dec 7, 2005, at 2:11 PM, Robert Boes wrote:
> Hi,
> I was passed an invitation to test jabber by someone who's in IT
> Partners. (I am not.) I downloaded the software, registered myself
> as a Jabber account, but couldn't login. I was using my Kerberos
> password. Is the test of the product limited to a certain group of
> people, or am I doing something wrong?
> Thanks for any help.
> Bob
>
> Robert G. Boes
> Senior Systems Planner
> MIT Campus Planning and Design
> 77 Massachusetts Ave. Room NE49-2100
> Cambridge 02139
> (617) 452-2992
> rboes at mit.edu
>
> _______________________________________________
> Wocky mailing list
> Wocky at mit.edu
> http://mailman.mit.edu/mailman/listinfo/wocky
From ghudson at MIT.EDU Mon Dec 12 16:06:02 2005
From: ghudson at MIT.EDU (Greg Hudson)
Date: Mon, 12 Dec 2005 16:06:02 -0500
Subject: [Wocky] Status update on gaim GSSAPI patches
Message-ID: <200512122106.jBCL62sr018709@egyptian-gods.mit.edu>
I decided to set up a source repository for gaim to manage the various
changes we are prototyping. It's in
/afs/dev.mit.edu/project/jabber/repos/gaim. This repository doesn't
have a trunk; it has a branches/upstream for the stock Gaim 1.5.0
source and a branches/gssapi-only for Simon's more recent patch with
our additions. I expect to create a branches/cyrus-sasl branch for
working on Simon's older patch if we continue to believe that's the
direction to go in. However, I'm currently prototyping with the
GSSAPI-only patch since that's temporarily easier to work with and
might be appropriate for a local deployment.
Qing, I took your change to get the connect server instead of
hardcoding jabber.mit.edu. Thanks.
On requesting the password only when it is needed: currently, the
machinery for requesting the user's password on demand is in a
sub-block of gaim_connection_connect(), which also creates the
connection. I will need to move that out into a separate function in
src/connection.c. In the Jabber code, I've determined that all
authentication goes through auther jabber_auth_start or
jabber_auth_start_old (the latter for old-style IQ auth, which doesn't
support GSSAPI). I can request the password unconditionally in
jabber_auth_start_old, and conditionally depending on whether the
server and client support GSSAPI in jabber_auth_start. Those
functions will have to be broken up into two pieces since requesting
the password is a stop-and-wait-for-a-callback operation.
From ghudson at MIT.EDU Wed Dec 14 01:57:53 2005
From: ghudson at MIT.EDU (Greg Hudson)
Date: Wed, 14 Dec 2005 01:57:53 -0500
Subject: [Wocky] Status update on gaim GSSAPI support
Message-ID: <200512140657.jBE6vrow008218@egyptian-gods.mit.edu>
I've written and checked in prototype code to make gaim request a
password when the connection isn't using GSSAPI. I think we now have
something we could deploy locally as a Gaim 1.5.0 enhancement, if we
want to go that route.
I'll start working on the older Cyrus SASL patches and see if I can
beat them into shape, and I'll starting talking with Simon and the
Gaim developers about how we might integrate this stuff upstream.
From jcolon at MIT.EDU Wed Dec 14 10:30:55 2005
From: jcolon at MIT.EDU (=?iso-8859-1?Q?Jessica_Col=F3n?=)
Date: Wed, 14 Dec 2005 10:30:55 -0500
Subject: [Wocky] Trillian
Message-ID: <007801c600c3$5fe23200$4900aa12@econ.ms.mit.edu>
Hello,
My suggestion: Allowing access and/or post configuration instructions for
Jabber through Trillian. http://www.ceruleanstudios.com/learn/
=]
__________________________________________________
Jessica Col?n
Massachusetts Institute of Technology
Department of Economics
50 Memorial Drive
Building E52, Room 373
Cambridge MA 02142
Email jcolon at mit.edu
Phone 617.253.3807
Fax 617.253.1330
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mailman.mit.edu/pipermail/wocky/attachments/20051214/6c139319/attachment.htm
From morzinski at MIT.EDU Wed Dec 14 13:10:56 2005
From: morzinski at MIT.EDU (Jacob Morzinski)
Date: Wed, 14 Dec 2005 13:10:56 -0500
Subject: [Wocky] Trillian
In-Reply-To: Message from =?iso-8859-1?Q?Jessica_Col=F3n?=
of "Wed, 14 Dec 2005 10:30:55 EST."
<007801c600c3$5fe23200$4900aa12@econ.ms.mit.edu>
References: <007801c600c3$5fe23200$4900aa12@econ.ms.mit.edu>
Message-ID: <200512141810.jBEIAvfn026864@kamp-krusty.mit.edu>
I took a brief look at Trillian, but could not proceed. The
"basic" version of Trillian does not support their Jabber plugin;
only the "pro" version supports Jabber.
Without a Jabber-enabled version of Trillian to test on, I can't
suggest how to set up Jabber. All I can suggest is that you take
the Gaim configuration instructions, and adapt them as best as
you can.
Regards,
Jacob Morzinski jmorzins at mit.edu
On Wed, 14 Dec 2005, Jessica Col?n wrote:
> My suggestion: Allowing access and/or post configuration
> instructions for Jabber through Trillian.
> http://www.ceruleanstudios.com/learn/
From ghudson at MIT.EDU Wed Dec 14 13:56:52 2005
From: ghudson at MIT.EDU (Greg Hudson)
Date: Wed, 14 Dec 2005 13:56:52 -0500
Subject: [Wocky] Trillian
In-Reply-To: <200512141810.jBEIAvfn026864@kamp-krusty.mit.edu>
References: <007801c600c3$5fe23200$4900aa12@econ.ms.mit.edu>
<200512141810.jBEIAvfn026864@kamp-krusty.mit.edu>
Message-ID: <1134586612.12162.258.camel@egyptian-gods.mit.edu>
On Wed, 2005-12-14 at 13:10 -0500, Jacob Morzinski wrote:
> Without a Jabber-enabled version of Trillian to test on, I can't
> suggest how to set up Jabber. All I can suggest is that you take
> the Gaim configuration instructions, and adapt them as best as
> you can.
You can also try adapting the instructions at
http://www.google.com/support/talk/bin/answer.py?answer=24077
in order to triangulate from another direction. Of course, you'd use
username at mit.edu instead of username at gmail.com, and you'd use
jabber.mit.edu in place of talk.google.com.
From pbh at MIT.EDU Wed Dec 14 17:56:08 2005
From: pbh at MIT.EDU (Paul B. Hill)
Date: Wed, 14 Dec 2005 17:56:08 -0500
Subject: [Wocky] SASL vs. GSSAPI
Message-ID: <200512142256.jBEMubQI008183@outgoing.mit.edu>
Hi,
The Windows Oracle Calendar software (TechTime) has a configuration option
for a couple of authentication methods. These are gssapi:kerberos5,
SASLKerberosv4, CST Basic Authentication, and Standard Authentication.
(Actually the choice are dependant on what other libraries appear on your
system.)
When gssapi:kerberos5 is selected the client will use the CMU SASL libraries
if they are present. However, if the CMU SASL libraries are not present,
then the client will look for gssapi.dll and use that directly.
If we want to provide authentication patches to Gaim, then a similar
strategy might be the best way to get the Gaim developer community to accept
the changes.
The clients should see if the SASL libraries are present. If they are, then
any of the SASL mechanisms installed could be used. If the SASL libraries
are not able to be loaded, then see if the GSSAPI libraries can be loaded
directly.
Paul
From ghudson at MIT.EDU Thu Dec 15 02:49:34 2005
From: ghudson at MIT.EDU (Greg Hudson)
Date: Thu, 15 Dec 2005 02:49:34 -0500
Subject: [Wocky] SASL vs. GSSAPI
In-Reply-To: <200512142256.jBEMubQI008183@outgoing.mit.edu>
References: <200512142256.jBEMubQI008183@outgoing.mit.edu>
Message-ID: <1134632974.12162.283.camel@egyptian-gods.mit.edu>
One of the issues with dynamic loading is that the Gaim code needs to
know the signatures of each function it wants to load. Simon's strategy
was to include a copy of the krb5 gssapi.h, hacked up so that instead of
declaring functions, it declared types. I don't think that approach
would be acceptable to the Gaim people, and I'm curious what TechTime
does.
I suspect that whatever we send upstream will need to use a more
conventional strategy of linking to dependency libraries. Other
protocol plugins have their own library dependencies, I believe, and I
don't think they use dynamic loading. I can look into that more.
From ghudson at MIT.EDU Thu Dec 15 18:38:58 2005
From: ghudson at MIT.EDU (Greg Hudson)
Date: Thu, 15 Dec 2005 18:38:58 -0500
Subject: [Wocky] More on Gaim dependency architecture
Message-ID: <200512152338.jBFNcwZY030869@egyptian-gods.mit.edu>
I looked into how Gaim handles dependencies on non-ubiquitous external
libraries today. Here are my conclusions:
* Gaim dynamically loads its own plugins, including protocol
plugins. There is no issue with needing to know function
signatures for this kind of loading, since Gaim gets to define the
plugin ABI itself. Gaim is generally tolerant of failure to load
any given plugin, and just doesn't offer the plugin's
functionality.
* Protocol plugins with dependencies are nothing new. The Zephyr,
silc, and Bonjour plugins all have dependencies on external
libraries. The Unix binary packaging strategy is to build the
protocol plugin so that it links against the external library, and
then put the resulting plugin in a separate package so that the
core gaim package doesn't have to depend on libsilc or whatnot.
* However, all of those protocol plugin dependencies are mandatory.
You cannot have a Gaim Zephyr plugin without libzephyr. For our
work, the GSSAPI or Cyrus SASL dependency would be optional. Unix
binary packagers would want to be able to distribute the Jabber
plugin without making it depend on Kerberos libraries.
* Gaim has solved this problem in the past with SSL. What they did
was create a separate plugin purely for SSL support (two of them,
actually, for different external SSL libraries) and a layer in the
core code which takes care of loading the plugin and offering or
not offering SSL support as available. I think we would need to
do the same thing for SASL. The existing built-in DIGEST-MD5 code
could be moved into this new layer, and we could have plugins to
wrap either libgssapi_krb5 or libsasl2 or both.
* It will be substantially easier to write this new layer if we
don't have to worry about supporting security layers, and just
rely on SSL to take care of protecting the data stream. But I'm
willing to do it either way. I don't think the Gaim developers
would care.
From awillis at MIT.EDU Fri Dec 16 14:00:51 2005
From: awillis at MIT.EDU (Albert Willis)
Date: Fri, 16 Dec 2005 14:00:51 -0500
Subject: [Wocky] Adium 0.87 released
Message-ID: <423B1588-1868-443C-B56B-B6551A2B4620@MIT.EDU>
You can see all of the changes at http://trac.adiumx.com/wiki/
AdiumVersionHistory.
-- Al
From atticus at MIT.EDU Fri Dec 16 16:32:53 2005
From: atticus at MIT.EDU (Atticus O Gifford)
Date: Fri, 16 Dec 2005 16:32:53 -0500
Subject: [Wocky] MIT Adium 0.87 (Beta 2) available for testing
Message-ID: <20051216163253.dh5c8gpyq4u8088g@webmail.mit.edu>
I've updated the Adium installer to incorporate a number of the changes Ken
recommended (among other tweaks) and to perform basic input validation. The
installer also includes the new 0.87 binary which seems to work fine so far as
I've tested it. If a version of the installer with 0.86 is desired, just let
me know and I'll re-upload it:
Our plan is to revise our Mac installer requirements in general over the next
few weeks. I think that going forward this installer will probably receive the
new polish as well if it's finished in time, but we can discuss that before
anything is released.
Have a good weekend,
Atticus
From pbh at MIT.EDU Fri Dec 16 16:44:05 2005
From: pbh at MIT.EDU (Paul B. Hill)
Date: Fri, 16 Dec 2005 16:44:05 -0500
Subject: [Wocky] google talk future directions...
Message-ID: <200512162144.jBGLiT4M022862@outgoing.mit.edu>
>From :
4. What other communication services will you federate with?
We plan to support open server-to-server federation. We do believe, however,
that it is important to have the safeguards in place to ensure that we
maintain a safe and reliable service that protects user privacy and blocks
spam and other abuses. We are using the federation opportunity with
EarthLink, Sipphone and other partners to develop a set of best practices by
which all members of the federated network can work together to ensure that
we protect our users while maximizing the reach of the network. We are also
eager to hear from other people in the industry about how best to build a
federation model that is open, scalable, and ensures best-in-class user
experiences. If you have thoughts on federation or suggestions for how we
can better enable open communications, please share them with us at the
Google Talk Interoperability Google Group.
----
Some of the traffic on the Google Talk Interoperability Google Group seems
to indicate that the change will happen in the very near future. Supporting
evidence is that Google started publishing the SRV records on December 9th,
but at the moment the ports aren't open.
---
Somewhat orthogonal...
The people from Google Talk have been cooperating with people from the
Jabber Foundation to develop specifications for VoIP signaling and media
encoding.
-----Original Message-----
From: sip-bounces at ietf.org [mailto:sip-bounces at ietf.org] On Behalf Of
fwmiller at cornfed.com
Sent: Friday, December 16, 2005 4:11 PM
To: sip at ietf.org
Subject: [Sip] Jabber VoIP specs
For those that may not have seen this, the Jabber Foundation has published
their VoIP signaling and media encoding specs. These specs have been
reconciled with Google Talk if I read the introductory comments correctly.
I'd be interested in any discussion of the design of these protocols by the
SIP gurus here...
http://www.jabber.org/jeps/jep-0166.html
http://www.jabber.org/jeps/jep-0167.html
FM
_______________________________________________
Sip mailing list https://www1.ietf.org/mailman/listinfo/sip
This list is for NEW development of the core SIP Protocol
Use sip-implementors at cs.columbia.edu for questions on current sip
Use sipping at ietf.org for new developments on the application of sip
From hallisey at MIT.EDU Mon Dec 19 09:15:34 2005
From: hallisey at MIT.EDU (Joanne Hallisey)
Date: Mon, 19 Dec 2005 09:15:34 -0500
Subject: [Wocky] Initial Evaluation of Jabber IM
Message-ID: <811ADEE8-2050-43A4-9F71-1A85502582AC@mit.edu>
Hello,
We would like to get an initial evaluation of your experience with
Jabber. Please answer the following questions and send your
responses to wocky at mit.edu. If possible, send responses by December
19, 2005. After we have assessed the experience of the pilot, we
will determine next steps.
If you know people who are using Jabber and are not on the wocky
list, please feel free to send this survey to them.
Thanks very much for your feedback.
Joanne
--------------------------------------------
1. Which client did you use?
Gaim for Windows
Gaim for Linux
AdiumX for Macintosh
iChat (Mac OS 10.4)
2. How did you acquire the client software?
Download from vendor site
Download from MIT site
Pre-installed with OS
3. Please rate the following for the client that you used: (can use
a 1 - 5 scale)
MIT download and installation
Creation of "buddy" list
Initiation of IM conversation
IM conversation/chat history
Creation of multi-user Chat
Speed
Reliability
Login
4. Please list other features or functionality that you would like to
have in an IM service
5. Please comment on any problems you may have had with the IM pilot
service
6. Please add any suggestions/comments
--------------------------------------------
Joanne Hallisey
Sr. Project Manager
Information Services and Technology
W92-153
617-253-1894
hallisey at mit.edu
From morzinski at MIT.EDU Mon Dec 19 13:09:22 2005
From: morzinski at MIT.EDU (Jacob Morzinski)
Date: Mon, 19 Dec 2005 13:09:22 -0500
Subject: [Wocky] Initial Evaluation of Jabber IM
In-Reply-To: Message from Joanne Hallisey of "Mon,
19 Dec 2005 09:15:34 EST."
<811ADEE8-2050-43A4-9F71-1A85502582AC@mit.edu>
References: <811ADEE8-2050-43A4-9F71-1A85502582AC@mit.edu>
Message-ID: <200512191809.jBJI9Nw4011180@kamp-krusty.mit.edu>
> --------------------------------------------
> 1. Which client did you use?
Mostly Gaim for Solaris/Athena, a very little Gaim for Windows
> 2. How did you acquire the client software?
Gaim for Solaris/Athena is part of the Athena release.
> 3. Please rate the following for the client that you used: (can use
> a 1 - 5 scale)
> MIT download and installation
Very good
> Creation of "buddy" list
Somewhat poor
> Initiation of IM conversation
Somewhat good
> IM conversation/chat history
Somewhat poor
> Creation of multi-user Chat
Somewhat poor.
> Speed
Neutral
> Reliability
Somewhat good
> Login
Somewhat poor
> 4. Please list other features or functionality that you would like to
> have in an IM service
'()
> 5. Please comment on any problems you may have had with the IM pilot
> service
Learning to use @mit.edu "handles" was an adjustment, but
once it was learned it was easy enough to remember.
Creating a chat room in Gaim easy, but configuring a chat room is
hard. This may be something we have to live with.
> 6. Please add any suggestions/comments
'()
From pbh at MIT.EDU Mon Dec 19 14:51:25 2005
From: pbh at MIT.EDU (Paul B. Hill)
Date: Mon, 19 Dec 2005 14:51:25 -0500
Subject: [Wocky] Initial Evaluation of Jabber IM
In-Reply-To: <811ADEE8-2050-43A4-9F71-1A85502582AC@mit.edu>
Message-ID: <200512191951.jBJJpUjO009349@outgoing.mit.edu>
--------------------------------------------
1. Which client did you use?
Gaim for Windows
Exodus for Windows
Imov for PocketPC 2003
2. How did you acquire the client software?
Download from vendor site (imov, and Gaim on XP)
Download from MIT site (Gaim on Vista beta)
3. Please rate the following for the client that you used: (can use
a 1 - 5 scale)
MIT download and installation
Download was OK. There was a z-buffer problem while running the installer on
Vista. A configuration screen that required user input was displayed behind
all other windows making it look like the installer had hung.
Creation of "buddy" list
Surprised by the consistently poor UI in each of the clients. There were no
onscreen hints to indicate that the user should enter a qualified username
(@mit.edu) in the dialog box. By default clients did not indicate that
the user being added was offline and therefore didn't appear in the buddy
list by default. Most clients didn't indicate that the buddy being added had
to authorize this step before messages could be sent.
Initiation of IM conversation
Easy after buddy approval step had occurred.
IM conversation/chat history
Chat history is useful. It would be more useful if there was a way to see
history that occurred before the server was last restarted.
The imov PocketPC client does not provide the ability to join chat rooms
from what I can see. It appears to be limited to messaging between
individual users.
Creation of multi-user Chat
I prefer the Exodus UI to the Gaim UI for this task.
Speed
Reliability
Appears to work OK with users on the same server. It is difficult for a user
to determine the source of problems when interacting with resources on
different servers. In many cases it works, in some cases it doesn't, but the
clients don't provide enough information for the end user to understand why.
Login
So far I have only used SSL. I would prefer GSSAPI.
4. Please list other features or functionality that you would like to
have in an IM service
I'd like to understand how to use bots running at other sites. I'd like to
be able to create bots at MIT.
5. Please comment on any problems you may have had with the IM pilot
service
6. Please add any suggestions/comments
--------------------------------------------
Joanne Hallisey
Sr. Project Manager
Information Services and Technology
W92-153
617-253-1894
hallisey at mit.edu
_______________________________________________
Wocky mailing list
Wocky at mit.edu
http://mailman.mit.edu/mailman/listinfo/wocky
From ghudson at MIT.EDU Mon Dec 19 19:10:54 2005
From: ghudson at MIT.EDU (Greg Hudson)
Date: Mon, 19 Dec 2005 19:10:54 -0500
Subject: [Wocky] More updates on gaim's Jabber authentication
Message-ID: <200512200010.jBK0AsaV026190@egyptian-gods.mit.edu>
I've modified the gaim code which dynamically loads the GSSAPI module
so that it can work for win32 and various different Unix GSSAPI
libraries. I also took out the hardcoded /usr/athena/lib dependency.
I've put a build and a source tree checkout in
/afs/dev.mit.edu/project/jabber/gaim-krb5. Qing, can you test this
code under Windows?
While corresponding with Simon and feeding back my changes, I learned
that Mozilla is apparently shifting to a strategy of dynamically
loading the GSSAPI module, using the same approach (a bundled
gssapi.h). I was able to verify that with the current Mozilla code.
So it's possible that this approach would be reasonable for Gaim as
well. The bundled gssapi.h in Mozilla is identical.
Simon said that he still uses Cyrus SASL for Linux local deployments
(perhaps because his SASL-using patch has security layer support), but
the direct GSSAPI approach "was the only way to get Gaim with GSSAPI
working on Windows (and of getting libgaim working on Mac OS X, so
that Adium would run)." I don't know what the specific issues were.
Simon says he has attempted to get the Gaim developers interested in
his changes, but has had no luck. From lurking on the gaim-devel
list, it looks like they are pretty focused in their 2.0 release, so I
will give it a try after that's out. In the meantime, we may want to
think about distributing a locally-modified version of Gaim.
Two people were talking on Zephyr about playing with Gaim 2.0.0beta1,
and say it has issues authenticating to jabber.mit.edu. I will look
into that this week.
From hallisey at MIT.EDU Tue Dec 20 12:19:31 2005
From: hallisey at MIT.EDU (Joanne Hallisey)
Date: Tue, 20 Dec 2005 12:19:31 -0500
Subject: [Wocky] Next Meeting
Message-ID:
Hello,
I will be away until Dec. 28. While I had hoped we would meet this
week, I did not have a chance to send out a reminder for yesterday.
My apologies.
In the next week, please consider what our next steps are for this
pilot. If we decide to continue in Pilot, what is our focus? If we
decide to roll out a service, what are some of the risks, and, how do
we minimize, avoid etc. You can also consider what the impact of a
no-go decision is.
We can have a discussion around this next week.
I have reserved W92-125 on Wednesday, Dec. 28 at 2:00 PM for our next
meeting. Please let me know if this time does not work.
Thanks, and have a wonderful holiday.
Joanne
--------------------------------------------
Joanne Hallisey
IS&T
W92-153
3-1894
hallisey at mit.edu
From ghudson at MIT.EDU Tue Dec 20 14:31:17 2005
From: ghudson at MIT.EDU (Greg Hudson)
Date: Tue, 20 Dec 2005 14:31:17 -0500
Subject: [Wocky] Flaw in reciprocal buddy-adding
Message-ID: <200512201931.jBKJVHF2015747@egyptian-gods.mit.edu>
Until today, I never actually added anyone to my Gaim buddies
proactively (except for myself). I always waited until they added me,
at which point after I authorized them I was asked if I wanted to
reciprocally add them, and I said yes.
Gaim does not seem to request authorization when you reciprocally add
a buddy. I just tried this with systest (using @mit.edu on all the
JIDs, of course):
systest adds ghudson as a buddy
ghudson receives an authorization dialog
ghudson reciprocally adds systest as a buddy
systest does *not* receive an authorization dialog
systest appears offline to gaim, or "Not authorized" if I l-click
If I r-click and "(Re-)request authorization" from systest, systest
gets an authorization dialog and all becomes kosher.
I assume this is a Gaim bug, but it could conceivably be a jabberd bug
if the server is expected to provide reciprocal access. I will put
this on my list of things to dig into.
From ghudson at MIT.EDU Tue Dec 20 15:24:14 2005
From: ghudson at MIT.EDU (Greg Hudson)
Date: Tue, 20 Dec 2005 15:24:14 -0500
Subject: [Wocky] Gaim 2.0 and Jabber authentication
Message-ID: <200512202024.jBKKOEtf016294@egyptian-gods.mit.edu>
It looks like Gaim integrated Simon's Cyrus SASL support (not the
dynamically-loaded GSSAPI support) for Jabber on December 17. Then
they released the beta. Then on December 19, they reverted Simon's
change to make passwords optional in the Jabber plugin, since that
change broke password authentication if you're not storing the
password.
The code which handles requesting the password for a new connection
has changed a bunch between 1.5 and 2.0, so I'll have to rework my
patch to allow requesting a password after the connection is opened.
I'll also have to rework the Jabber side of that patch against the
Cyrus SASL code instead of the GSSAPI code.
From ghudson at MIT.EDU Wed Dec 21 01:49:52 2005
From: ghudson at MIT.EDU (Greg Hudson)
Date: Wed, 21 Dec 2005 01:49:52 -0500
Subject: [Wocky] [Fwd: Re: [jabberd] Online Game Group is pleased to
announce the release of palaver 0.1.]
Message-ID: <1135147792.12162.396.camel@egyptian-gods.mit.edu>
We should keep in mind that there are alternatives to mu-conference if
we want better group chat functionality. I'm assuming, perhaps
optimistically, that palaver interfaces with Jabberd 2. This particular
one would likely require us to install the Twisted framework, but it
might allow us to ditch the JCR in return. (The JCR, which we have a
repository for alongside the jabberd 2 repository
in /afs/dev/project/jabber, is a way of making jabberd 1.4 components
interface with jabberd 2; in our case, we use it to make mu-conference
work. I don't particularly like its build system and would be happy to
see it go.)
-------------- next part --------------
An embedded message was scrubbed...
From: Christopher Parker
Subject: Re: [jabberd] Online Game Group is pleased to announce the release
of palaver 0.1.
Date: Tue, 13 Dec 2005 10:07:57 -0600
Size: 4633
Url: http://mailman.mit.edu/pipermail/wocky/attachments/20051221/442f6655/attachment.eml
From ghudson at MIT.EDU Wed Dec 21 10:32:16 2005
From: ghudson at MIT.EDU (Greg Hudson)
Date: Wed, 21 Dec 2005 10:32:16 -0500
Subject: [Wocky] [Fwd: [Gaim-devel] Jabber, SASL, passwords, binary packages]
Message-ID: <1135179136.12162.416.camel@egyptian-gods.mit.edu>
I realized this morning that I cannot easily adapt my password-request
support to Simon's Cyrus SASL patch, because Cyrus SASL will be
requesting the password in a callback which must return the information
immediately. Since we can't put up modal dialogs in Gaim given it's
architecture, we need another approach.
Also, I'm afraid that binary packagers on some platforms (particularly
Windows) won't build in Cyrus SASL support. So I sent this message to
gaim-devel proposing a gaim_sasl layer which (a) can have a direct
dynamically-loaded GSSAPI implementation when the Cyrus SASL plugin
isn't available, and (b) will "just know" when a given mechanism is
going to require a password. Here's the message I sent.
-------------- next part --------------
An embedded message was scrubbed...
From: Greg Hudson
Subject: [Gaim-devel] Jabber, SASL, passwords, binary packages
Date: Wed, 21 Dec 2005 10:25:53 -0500
Size: 6316
Url: http://mailman.mit.edu/pipermail/wocky/attachments/20051221/f0dbac45/attachment.eml
From raeburn at MIT.EDU Thu Dec 22 19:07:28 2005
From: raeburn at MIT.EDU (Ken Raeburn)
Date: Thu, 22 Dec 2005 19:07:28 -0500
Subject: [Wocky] jabber for web browsers?
Message-ID: <8F0792D1-DB13-45BD-86EF-3789903611A0@MIT.EDU>
Is anyone looking at web-based solutions for people unable to install
software on systems? (E.g., one friend of mine at a company where
policy forbids it; borrowing a friend's laptop and not wanting to
mess around with the configuration.)
There seem to be a couple of approaches in freeware that wouldn't
require sending the user's password off to some third-party site. If
I'm reading it right, JabberApplet lets you install on your web
server Java code that a browser can run to connect back to a Jabber
server on the same server host. Then there's JWChat, which appears
to be an AJAX-based web interface, which on the back end plugs into
your Jabber server.
I don't know anything more about them, like whether they'd be
practical for us to use securely, but having a friend I'd like to
chat with who can't install software on her machine at work, I'm
getting interested in the issue...
Ken
From hallisey at MIT.EDU Wed Dec 28 08:59:19 2005
From: hallisey at MIT.EDU (Joanne Hallisey)
Date: Wed, 28 Dec 2005 08:59:19 -0500
Subject: [Wocky] Meeting Wed. at 2:00
Message-ID:
Hello,
Before I left for vacation, I had scheduled a meeting for today,
Wednesday at 2:00 in W92-125. If this time is not good, please let
me know what other time this week will work. I would like to review
progress and write our recommendation to Theresa.
Thanks,
Joanne
--------------------------------------------
Joanne Hallisey
IS&T
W92-153
3-1894
hallisey at mit.edu
From ghudson at MIT.EDU Wed Dec 28 16:19:07 2005
From: ghudson at MIT.EDU (Greg Hudson)
Date: Wed, 28 Dec 2005 16:19:07 -0500
Subject: [Wocky] Flaw in reciprocal buddy-adding
In-Reply-To: <200512201931.jBKJVHF2015747@egyptian-gods.mit.edu>
Message-ID: <200512282119.jBSLJ7aG013327@equal-rites.mit.edu>
> I assume this is a Gaim bug, but it could conceivably be a jabberd
> bug if the server is expected to provide reciprocal access. I will
> put this on my list of things to dig into.
It's a Gaim bug. Here's what happens:
1. Alice adds a buddy Bob
2. Bob receives an authorization request for Alice's subscription
3. Bob approves the request (message sent to server)
4. Bob's Gaim process sees that Alice is not currently a buddy, and
displays the reciprocal buddy-adding dialog. (Like all Gaim
dialogs, this one is non-modal, so control returns to the main
loop.)
5. Bob's Gaim receives a roster push from the server containing a
buddy entry for Alice, with a subscription type of 'From'. Bob's
Gaim stuffs that into the 'Buddies' group since no group is
specified.
6. Bob finishes filling out the reciprocal buddy-adding form, thus
asking Gaim to add Alice to his 'Buddies' group. (If Bob chooses
a different group, then things actually work.)
7. Bob's Gaim sees that Alice is already a buddy, due to the roster
push in step 5, and does nothing. Bob may as well have clicked
cancel on the reciprocal buddy-adding dialog.
There is clearly an impedance mismatch between Jabber, where you can
have a buddy entry but not have requested subscription rights, and
Gaim, which was built around the simpler AIM model. Also, it's not
clear to me that Gaim is making a wise decision by sticking ungrouped
roster entries in the 'Buddies' group.
Confusing matters, the conditional in step 7 only appears on the gaim
1.5 branch, along with a bunch of other work which never seems to have
made it to the mainline. So Gaim 2.0 probably doesn't manifest this
bug, but might manifest other bugs instead.
I will test some candidate fixes soon, and will also try this scenario
and some related scenarios in the Gaim 2.0 beta.
From hallisey at MIT.EDU Thu Dec 29 09:49:07 2005
From: hallisey at MIT.EDU (Joanne Hallisey)
Date: Thu, 29 Dec 2005 09:49:07 -0500
Subject: [Wocky] Meeting Notes: Jabber - Dec. 28. 2005
Message-ID:
Jabber
Meeting Notes
December 28, 2006
Recommendation to Theresa for next steps on Jabber.
There are few things that would make the adoption of Jabber less
successful. The lack of single sign on support for an MIT local
service would lead some Athena users to resist. Another issue is
that Gaim does not seem to request authorization when you
reciprocally add a buddy. Greg will be investigating this, but it is
not a show stopper.
We have also noticed since the pilot user group is somewhat small,
not many people are using Jabber after initial experiences.
There needs to be more testing of the group chat functionality.
There needs to be a better understanding of the server to server
functionality.
The project will continue in pilot.
By the end of January the team would like to begin work on support
and service plans.
Some tasks that will prepare for this follow:
- Do a focus group during IAP to get moere community feedback -
Joanne will talk to Training and IS&T Comm Teams.
- Establish a Support Plan
- Talk to training and Pubs
- Create Quick Start training for users
- FAQs, and Self Help documentation
- Training for Computing Help Desk
- Establish a Service Plan
- Server maintenance plan - talk to Mark
- Determine change processes
- Develop Communication Plan
Greg also looked into web solutions>
- There is a jwchat for Ajax solution - uses http polling or binding
- possible to modify this to use certificates - need to look into
this possibility
A better solution may be:
- jabber applet - because it is written in java could not have
Kerberos support - need to use passwork over ssl
Greg will set up and test to see if this is a viable solution. We
will need to determine how to introduce this. (I would suggest asking
one of the interested groups to be a tester)
--------------------------------------------
Joanne Hallisey
IS&T
W92-153
3-1894
hallisey at mit.edu
--------------------------------------------
Joanne Hallisey
Sr. Project Manager
Information Services and Technology
W92-153
617-253-1894
hallisey at mit.edu
From pbh at MIT.EDU Thu Dec 29 10:08:12 2005
From: pbh at MIT.EDU (Paul B. Hill)
Date: Thu, 29 Dec 2005 10:08:12 -0500
Subject: [Wocky] Meeting Notes: Jabber - Dec. 28. 2005
In-Reply-To:
Message-ID: <004f01c60c89$b04124f0$b103bc12@pbhtablet>
>A better solution may be:
>- jabber applet - because it is written in java could not have
>Kerberos support - need to use passwork over ssl
>Greg will set up and test to see if this is a viable solution. We
>will need to determine how to introduce this. (I would suggest asking
>one of the interested groups to be a tester)
Actually Java applets can use Kerberos and GSS. GSS/Kerberos support was
first added in 1.3 although there were a number of issues in the older
implementations. SASL support was first added in 1.4. There was a big
improvement from JDK 1.4 to 1.5. It is already possible to create a single
sign-on Java applet when the ticket cache is file based when using 1.5. With
1.6, a number of improvements are being made. On Windows Vista with 1.6 and
KfW installed the ability to have single sign-on while using the in memory
ticket cache will be possible.
Paul
From ghudson at MIT.EDU Thu Dec 29 21:32:45 2005
From: ghudson at MIT.EDU (Greg Hudson)
Date: Thu, 29 Dec 2005 21:32:45 -0500
Subject: [Wocky] Server-to-server notes
Message-ID: <200512300232.jBU2WjXW029627@egyptian-gods.mit.edu>
I did some testing today regarding server-to-server with jabber.org.
My findings:
* wocky.mit.edu to jabber.org works
* jis.mit.edu to jabber.org works
* mit.edu to jabber.org fails:
mit.edu -> jabber.org fails with a service-unavailable error
jabber.org -> mit.edu fails with a remote-server-timeout error
My best guess right now is that jabber.org does not support SRV
records. I suppose we could run a port forwarder on mit.edu to work
around servers like that, but I'm not sure how NIST would feel about
the idea.
From ghudson at MIT.EDU Fri Dec 30 13:41:13 2005
From: ghudson at MIT.EDU (Greg Hudson)
Date: Fri, 30 Dec 2005 13:41:13 -0500
Subject: [Wocky] Flaw in reciprocal buddy-adding
In-Reply-To: <200512282119.jBSLJ7aG013327@equal-rites.mit.edu>
Message-ID: <200512301841.jBUIfD4o014351@egyptian-gods.mit.edu>
> Confusing matters, the conditional in step 7 only appears on the
> gaim 1.5 branch, along with a bunch of other work which never seems
> to have made it to the mainline. So Gaim 2.0 probably doesn't
> manifest this bug, but might manifest other bugs instead.
> I will test some candidate fixes soon, and will also try this
> scenario and some related scenarios in the Gaim 2.0 beta.
As I expected, Gaim 2.0 beta exhibits differently-buggy behavior.
With the older code (which is in the newer release), the reciprocal
buddy add works, but the local buddy list winds up with two entries
for the same buddy, one of which is functional and one of which is
not. The redundant entry does not exist on the server, so if you quit
and restart Gaim, the redundant entry is cleaned up and you wind up
with just one, functional buddy entry.
I came up with a fix for the Gaim 1.5 behavior which does the right
thing: if you're trying to add a buddy which already exists, tell the
server to add it, but don't redundantly add it to the local buddy
list. I've checked this into the Gaim repository in
/afs/dev.mit.edu/project/jabber, in anticipation of a local deployment
with some Jabber fixes and GSSAPI support.
There was an old bug entry for the old bug, so I submitted my findings
there. See:
https://sourceforge.net/tracker/?func=detail&atid=100235&aid=1041829&group_id=235