markpasc (markpasc) wrote,
markpasc
markpasc

  • Mood:
  • Music:

quixotic crackrabbit

- the idea
    - "moblogging" service
        - more people are more places, still want to publicthink on the web
        - would like to post from work, friend's w/o special software
        - posts to many multifarious blogging services/hosts (though only one per)
    - operates by email
        - standardish on phones
            - ...isn't it?
        - Blackberry, PalmOS etc
            - special software probably better where possible
                - unfortunately outside our purview
        - maybe even just 'cause someone prefers eir email client!
            - might prefer the HTML editor to whatever they get on the web
            - easiest path to Outlook Express integration of weblog posting, heh
    - ties an "@service.com" email alias to your account
    - when email arrives @service.com
        - check for identifying data (mainly Message-ID, From)
            - stop if doesn't match
        - upload any attachments to user's web host
            - FTP, SFTP, scp, WebDAV, ...?
            - pictures from camera phones
            - mp3s/audio if/when phones can record and email
        - post the text component to weblog
            - Blogger, MetaWeblog, MT, LJ, Blogger 2?, FTP/Blosxom?, ...?
            - links to attachments
            - strip HTML down to a vaguely post-shaped wad
    - could expand to other modes (SMS) later

- user stories
    - Alice is a user of the service; wants to post to her weblog
        - emails text and a picture from her cell phone to alice@example.com
        - email processor fetches Alice's email auth data from db
        - compares auth data against Alice's mail
            - doesn't match? file mail as failure and quit
        - fetches Alice's attachment storage data from db
        - uploads picture to Alice's third-party web hosting
        - fetches Alice's weblog login data
        - posts text of mail plus link to picture on web host to weblog
            - HTML is reduced to a post-shaped blob
                - ie, only things that go in the body
            - standard "-- " signature is stripped
        - discard mail
        - Alice's friend Carol can see Alice's weblog has updated
    - Bob wants to sign up for the service
        - visits web site
        - clicks "sign up"
        - Bob enters
            - username and password for this service
                - try again if username is taken/password isn't acceptable for whatever reason
            - his email address
            - his weblog URL
        - Bob is prompted to mail the username@service.com account from his phone/sending account
            - service automatically figures the proper From and Message-ID
            - Bob is meanwhile annoyed by "we haven't gotten your email yet" message
            - if mail isn't received after some period (hour?)
                - try again?
                - guess his service won't work =/
                - that's why we do this first, to make sure it works before user invests time in setting up account
        - Bob is prompted to enter his weblog's posting data
            - service checks Bob's weblog URL for RSD file; if so, prefills these options
        - Bob is prompted to, if he likes, enter his web host data for attachment hosting
            - doesn't have to, but then service will discard attachments instead of uploading them
    - Carol is a user of the service; she recently changed phone service and didn't add an identity for that mail
        - sends email with JPEG attachment to carol@service.com
        - service mails Carol at home that her account received unauthorized mail
        - later, Carol logs into service.com web site
        - goes to "pending mail" page
        - finds her mail in the list, selects "authorize this sender" option
        - the Message-ID/From on that mail is added as an identity
        - that mail is posted as normal
            - uses mail's date if blog server supports arbitrary timestamps
            - service kept the attachment along with the mail
    - Dan is a user of the service
        - sends email with JPEG attachment to dan@service.com
        - service mails Dan at home that it couldn't send attachment to his web host
            - "I got this error trying to save your picture: Quota exceeded" or whatever
        - Dan fixes the outstanding problem with his web host
        - visits the "pending mail" page of the site
        - finds his mail in the list, selects "post" option
        - mail is posted as normal
    - Mallory wants to post to Alice's weblog/web host
        - tries sending email to alice@example.com
        - service runs; marks Mallory's mail for having wrong Message-ID and From
            - no message sent to Mallory
        - Alice receives email from service that an unauthorized post was attempted
            - can log in and ban/add that mail's Message-ID/From
        - Mallory tries again, faking Message-ID and From like
            - Alice's phone
                - Mallory must know what service Alice uses
                    - assume easy to discover
            - Alice's home email, if authorized
            - Alice's work email, if authorized
            - Alice's friends' emails, if authorized
        - succeeds?!
            - without requiring password in mail, Message-ID and From must be secret
    - Steve is a spammer; inadvertently mails world+dog@service.com
        - sends really, REALLY obnoxious spam
        - Message-ID/From does not match world+dog@service.com's
        - SpamAssassin/popfile/etc analyzes Steve's mail
        - definitely, definitely spam (10+ SA score?)
        - mail is deleted outright
    - Sally is a spammer; inadvertently mails world+dog@service.com
        - sends rather calm, moblog-entry-like spam
        - Message-ID/From does not watch world+dog@service.com's
        - SA analyzes Sally's mail, does not call it spam
        - mail is put in world+dog's pending mail
        - world+dog is sent mail; the game is over; we have lost

- concerns
    - the hacker issue (ie THE BIG GAPING HOLE IN THE PLAN)
        - I wouldn't want to type a password whenever I blog from phone
        - "secret subject"
            - Radio uses this
            - it's a password
        - special software on the phone/client to do special auth
            - immediately limits potential customers
            - PGP or other public key auth
        - perfection is not an option
            - any password can be sniffed, period
    - we're keeping folks' blog/web hosting passwords
        - any host for the service will be some vulnerable to cracking, pw theft
        - we can't use "transparent database"/hashed passwords
            - we have to present user's credentials to the remote site
            - remote site could use hashed pw but we can't
            - requiring login/pw from the user at time of mail would be onerous from a phone
                - plus sent in plaintext through several mail servers
            - I haven't read the book so maybe I'm wrong about "transparent databases"
        - suggest users set up a second blog/blog account with limited permission
            - not helpful enough to all users to bother with
    - who exactly will pay for this and how much? (ie business concerns)
        - fantasies of reinvestment into service
            - nice web design
            - nice illustrated icons
            - real database
                - MySQL costs extra on Cornerhost
            - nice nice nice etc
        - however I'd like to actually recoup for my time-energy
            - otherwise I need to cancel my phone/internet
            - can upgrade service after it's explosively popular
                - but won't it need upgraded to draw more customers?
        - me running a business
            - BWAHAHAHAHA, that's a good one, tell me another
    - spam
        - users have no legitimate need to post these addresses
            - only they need to know them
        - still, usernames might be bruted/guessed
        - use Spam Assassin, popfile, etc to rate spam
            - only check at all after auth check
                - no chance of user's legitimate mail getting dumped as spam
            - discard outright if definitely spam (SA score 10+)
            - SA: disable/rescore rules penalizing moblog-like mail
    - implementation
        - Python
        - SQLite
            - plan for transition to a real database later when possible/necessary
        - unit tests

- data model: an account
    - has username (also mail alias)
    - has service password
    - has 1+ email identities
        - Message-ID domain/pattern
        - From
        - secret subject?
    - has weblog login data
        - protocol
        - username, password
    - has attachment storage data
        - protocol
        - username, password
    - has default entry data
        - default title/subject
        - template?
    - has 0+ pending mail (text blobs)
Subscribe
  • Post a new comment

    Error

    Anonymous comments are disabled in this journal

    default userpic

    Your reply will be screened

  • 5 comments