Since I started using Windows Vista awhile ago, the AIM 5.2 + DeadAIM combination stopped working. DeadAIM is no longer maintained, and registering my key doesn't actually work. I started using shaim in its place (just recently celebrating 1,000 revisions!), since I have a natural distaste for alien user interfaces, such as GTK on Windows (Gaim), Qt on Windows (Psi--not as related, I know), and whatever Trillian, AIM 6.0, and AIM Lite use. The reason I stuck with AIM 5.2 for so long was because it wasn't bloated, and it was simple; when AOL started adding in features from DeadAIM, I thought they made it look retarded, so I didn't upgrade.
In addition to using shaim, I also got commit access to the Subversion repository very recently, which makes this my first open source project. Unfortunately for all of you non-Windows users, shaim's UI is currently built on WPF, which means it's native to Windows. Now this is a good thing (OS X users, see: TextMate); however, even though it's currently Windows-native, it's built on C#, and Mono compatibility (for non-UI elements) is very feasible; the UI is modular, and can be rewritten using other toolkits/interfaces.
But now I'm getting off topic from what I actually want to mention; the UI rant can be saved for later. Recently, for our last OS project, I set up a Subversion repository to work with my roommate and left him instructions including the repository location, which was a file:// URI. The next day, he asked if I would be setting up a Subversion repository. What? I kindly informed him that he must have missed the message I sent him the night before, but he was fairly certain that he had read all of his messages. I sent him another one while he was in class, but apparently that didn't go through either.
I thought it might be a URL parsing error, since shaim previously had some problems with converting URIs to actual hyperlinks, but it turned out that such was not the case. I followed the logic all the way to watching Wireshark report the packet being sent out. Wireshark never reported the message coming back in! Apparently AOL servers filter messages that contain file:// hyperlinks. Try it yourself! Sending file:// in plain text works fine, but shaim automatically parsed all URIs to be hyperlinks. If you try sending "file://test" hyperlinked to yourself, you'll only see one copy of the message--it never echoes! This is because AOL's AIM servers simply drop any packets that have hyperlinked file:// URIs.
Is this really the best course of action? There isn't any sort of notification that the packet is dropped, which is really user unfriendly. AIM 6.0 doesn't automatically convert file:// URIs, but if you manually do it (for whatever reason), it still just drops. It feels like there should be better ways to handle these potentially malicious hyperlinks. For example, why not offload the processing to the client? The client could either reject (and send a notice! How novel!) the incoming message, or it could remove the <a href=... from the message. I'm guessing the AIM servers don't have the ability to handle that kind of processing load, but the clients could do it easily. This makes it plainly obvious to everyone (senders, receivers, developers) what's going on, rather than just dropping packets left and right and being so secretive about it.
3 comments:
Are you saying the sender's client, the receiver's client, or the server drops the packets?
The server in between drops the packets.
haha your right. That's a horrible idea.
Post a Comment