Okay, I’m sure it’s not really like that. I’m ashamed to admit this one bit me, though: ORDB, which 16 months ago called it quits but has still been online and more-or-less functional, decided last week to false-positive all queries (a mailing list thread on the issue can be seen here. Harsh, but fair–I do stuff-all email through this site but it still has been costing someone bandwidth to bounce my silly queries back to me. Multiply that up by all the part-time-sysadmins like me that don’t pay close-enough attention, follow old wiki articles, or get bad advice, and pretty soon you’re talking about a HEAP of bandwidth wasted to NOT provide a service any more. Shame it had to end like this though.
Archive for category Networks
Jabber and Google: part two
Jan 13
In part one I mentioned how I was considering using Google Talk as my main chat ID. As it turns out, I talked myself out of it pretty quickly after I delved into using Google Talk to connect to MSN and other services as I do now with my own Jabber server. While there are a lot of links around for using Jabber transports to hook your Google Talk ID to other services, there’s a tiny catch… well, actually, I think it’s a bloody great huge catch personally.
You see, it wasn’t until I read the how-tos that it became clear how it works. The trick is that Google doesn’t run Jabber transports on their own servers, so you therefore need to take advantage of various “open” Jabber servers that do (“open” in this context refers to a server that lets you use its transports without necessarily being a registered user there).
Seeing there didn’t seem to be any restrictions on the servers that could be used, I figured that I could use my own server. Sure enough, after the right incantations to expose the service on the ‘net, I could connect my Google Talk ID through the Jabber-MSN transport on my server to my MSN account. Yay, right? Well, not really — each little test message I sent in either direction incurred three trips over my Internet connection! Yes, three: one to go from my Google Talk client to Google, one back from Google to the transport on my Jabber server, then a third from the transport to MSN. Obviously the same happens in reverse as well (for incoming messages from MSN).
Seeing this as a less than optimum setup, and also being wary of getting listed as a Google Talk-friendly Jabber transport provider, I lopped the transport’s external visibility and went back to using my own JID for transport access. It’s a bit of a shame too; since fring (mentioned briefly in my last post) doesn’t let me connect to an arbitrary Jabber server, to keep connected to everything I’d need two mobile chat programs running.
It’s not like I do that much IM that I need to keep all this running, but it is at least a little bit interesting… 
I reactivated an idle Google account the other day. A friend of mine from the Netherlands invited me ages ago but I never really did anything with it until I discovered that a Google Mail account can be used for other Google stuff as well, including Google Talk. I read that Google Talk is based on Jabber and works with any Jabber client, so I flicked over to Kopete and plugged in the details. Sure enough it worked… but then it got interesting.
I run a Jabber server for internal things. I wanted to have a secure, private chat facility to use over VPN with my nephews; I want to someday migrate my Nagios IRC bot to Jabber; and I use transports to link into MSN and Yahoo! to reach friends on those networks. The last point is great: I really like the fact that now, from whatever Jabber client I use (even the mobile ones I’ve played with) that I merely connect to my Jabber server and I’m online on MSN and Yahoo! as well.
Google Talk, though, has proven to be a bit of a challenge. It’s actually working like a tower, even though it’s based on (arguably) the most open of the IM platforms! You see I more-or-less took for granted that “transport” way of doing things, using my Jabber server to bridge to other networks. There’s no Jabber transport for Jabber though!
What I want to do kind-of flies in the face of how Jabber is designed. Ideally, you’re supposed to only have one Jabber ID (JID) — Jabber creates an open network with servers establishing connections when needed, very much like e-mail, and you only need an ID on one server to be able to chat with anyone on any other server. So what I wanted to do, which was connect to one Jabber server and have it “relay” messages to an ID on a different server is just not necessary with Jabber. Nor should it be necessary for Google Talk users to send messages to me using my Google Talk ID only — they can send straight to my JID on my Jabber server.
In the early days of Google Talk, Google had not enabled the “server-to-server” functionality that allowed this kind of communication to happen. Google Talk worked just like MSN, Yahoo! or AIM — you had to have a Google Talk account to chat with anyone on Google Talk. While this was the case, folks were looking making a Jabber-Jabber transport for connecting Jabber servers to Google Talk. At some point, though, Google opened the connectivity paths that allowed Google Talk to exist on the open Jabber network (I’ve tested this for myself). Once this happened, the need for a ”Google Talk Transport” for Jabber evaporated in most people’s minds.
The solution nowadays is to use a client that supports multiple connections, and connect to your Jabber and Google Talk accounts at the same time. It works of course, but you don’t get the nice benefits that a transport provides — the main one being access to all your IM services and accounts from a single server connection.
So now, having resigned myself to not being able to bring my home JID and Google Talk ID together, the question arose: do I still need my own Jabber server? My current fave mobile IM client only connects to Google Talk… Could I get by just using the Google Talk service? Find out in Part two!
Never thought I could get this excited about something to do with a Windows server! But there it is — one of my SLES 9 test servers is now supporting logons from a user account stored in Active Directory, with no Samba in sight!
Before you say ANYTHING, this is not an indication that the Crossed Wires campus is switching to the evil side. Any experienced Linux sysadmin will tell you that working with Windows systems can’t be avoided — and in some cases, welcomed (after all it’s better to have one or two Linux boxes in a sea of Windows than no Linux boxes at all). My main customer at work is essentially a Windows shop, but their main file servers are Linux on zSeries, which means that me as a Linux guy needs to know more than I thought I would want to know about bringing Linux and Windows together.
So they are doing a migration to Microsoft Active Directory, and the Linux systems need to be integrated into the AD setup. To our architects, Linux Windows integration equals Samba — they never bothered to look at making use of AD’s LDAP component to create a model that Linux can handle natively, instead of the (to me) less-than-optimal Winbind (don’t get me wrong, Winbind works, it just imposes some operational issues that I’d sooner do without, like SID-[UG]ID mapping, for instance).
So I proposed that the solution be updated to utilise LDAP, through the use of Microsoft’s own Services for Unix (SFU). I was told “yeah, dunno why it wasn’t designed that way, would be the best way to do it, but no”. Sigh.
So I decided to stick to my guns and set up something to show that it would work exactly as I said it would. And I have! I’ve worked around some inaccurate information on the ‘Net, some incomplete documentation from Microsoft, and some finger-checks on my part, to be able to show The Right Way to anyone who cares… Yep, sometimes the useless thing is just worth doing. :)
DandyID
Delicious
Disqus
Dopplr
Facebook
Google Reader
last.fm
Linkedin
Twitter
Flickr
gowalla
Facebook Pages
deviantART
Plaxo
1113