[Oberon] S3: Multiple incompatibilities with ISPs

eas-lab at absamail.co.za eas-lab at absamail.co.za
Sat Oct 19 16:31:14 CEST 2002 

I had originally started this thread in newsgroup: comp.lang.oberon
to get input from a wider audience.  This SERIOUS matter concerns
not specifically Sys3, nor any specific language/OS, but rather the
internet protocol.   Now I'm bringing the thread back to the n-o
mailing-list to get some FOCUS.

eas-lab at absamail.co.za wrote in message news:
> > That few readers/contributers to this forum actually use Sys3 to
> > access the internet is perhaps for good reason ?
> > 
> > NetSystem.Def expects the syntax:
> >      ":" ["//"] [ user [ ":" password ] "@" ] host [ "/" ].
> > 
> > So "@" is the delimiter between the 'user-token' and the 'host-token'.
> > 
> > When my ISP (apparently merged with another and) changed my
> > 'user-token' to include the "@" char, this broke the expected syntax
> > for NetSystem.Mod.

jmdrake_98 at yahoo.com (jmdrake) wrote:
> Say what?  Your user id has an "@" in it?  That breaks every convention
> I've ever seen.  How do you receive email?  user at name@hostname.com?
> I'm very confused.
...... big snip ...

> eas-lab at absamail.co.za wrote
> > I don't see it that way.
> > The loop is merely a 'tokenizer', with token separators {" ",":","@","/"}
> > Which corresponds to the code's comment:
> > (** Command NetSystem.SetUser { service ":" ["//"] [ user [ ":" password ] "
> 
> jmdrake wrote:
> Correct.  But it's a tokenizer based on the RFC.

I believe the tokeniser should not be based on the internet protocol:
* the RFC refers to internet protocol.
* the S3 'tokeniser' needs to extract the <loginUserName> and 
   <loginPaswrd> which does NOT comply with internet protocol.
* by CONVENTION the <loginUserName> was 'mostly' a user-chosen
     name, with mnemonic value and without any embedded "@" char.
*  these days <loginUserName> is often allocated by the ISP and may
    have an embedded "@" char.
 
----------------------

I took the query to other 'network-centered' newsgroups for an opinion
and got:--

Subject: Is "@" a valid char for <LoginUserName>  ?

> > >   My theory is that the login procedure for BBSs was taken over by ISPs.
> > > Ie. a name selected by the user was allowed as his <LoginUserName>,
> > > unless this <LoginUserName> had already been allocated.
> > > 
> > > These days ISP users often have 4 different strings:
> > > 1.  <LoginUserName>
> > > 2. <LoginPaswrd>
> > > 3. <emailUserName>
> > > 4. <emailPaswrd>
> > 
1st reply wrote:
> > No, this is not true. Thers is no "email user name" separate from the login 
> > name, no email password separate from the login password, and the email 
> > address is constructed, not entered. There is no flexibility about it. An 
> > email address consists of login name + "@" + hostname.
> 

2nd reply wrote:
> You are incorrect. There is no requirement to have a correlation between
> email addresses and login names.
> 
> Software that doesn't believe that '@' can be in a username is broken.

> > > Whereas the RFC clearly states that "@" has a special meaning for
> > > URLs, ie. for the <emailUserName>, it does not deal with the
> > > logingIn procedure.
> > > 
> > > Ie. "john at ibi.co.za" would be a permitted <LoginUserName>
> > > 
> > > The OS which I use assumes that "@" will never be in the 
> > > <LoginUserName>, and uses it the separate the <LoginUserName>.
> > > 
> > > My latest ISP allocated a <LoginUserName> with "@" in it, so
> > > this breaks the OS. 

3rd reply wrote (contradicting 1st reply)
Paul, you might stop being so argumentative. It is entirely possible 
that his ISP _did_ assign him logon username with an imbedded @ sign. 
For that matter, one of my past ISPs did the same to me.

> > Are you in favor of, or against, the use of "@" in login names? If the 
> > former, how do you propose that an e-mail address be shaped automatically 
> > out of a login name and a hostname (a requirement)?
> 
> Again, this is not a requirement. It is a convention on many Unix
> systems, but even on Unix, there are plenty of counter examples.
> 
> For instance on an installation that runs the Cyrus IMAP server, there
> is no correlation between usernames found in /etc/passwd and Cyrus
> mailbox names, and no correlation between passwords in /etc/passwd and
> the authentication credentials used by Cyrus. In fact, I have run mail
> servers for hundreds of IMAP users, and the only entries in /etc/passwd
> were system accounts (root, bin, daemon, etc.).
----------------------

So, I've twice, from 2 different ISPs had "@" in my <LoginUserName>.
And we have reports of others.
The existing code {dated from 1996/7} makes a previously mostly valid
assumption/simplification.    I expect this assumption to be increasingly 
invalidated as internet usage increases.

An author from newsgroup:c.l.o suggested that I 'fix it'. This won't happen !
I've made a 'work-around' to allow me to login {and my email is also
half crippled}, but the update needs to be done correctly:
1. understand the applicable (if any) RFC.
2. publicly/open state the policy.
3. iterate a sequence of modify-test runs over several ISPs.

On the principle of successive refinement: if you can't agree on the 
ISP login protocol, I won't bring up (yet) the email handling, which
I believe is also 'out of spec'.

Are we going to fix it, or are we all going to migrate to M$ ?

-- Chris Glur.

Summary:
* the existing code doesn't handle <LoginUserName> which has an 
    embedded "@".
* I have evidence of several independant valid <LoginUserName>s which 
      have an embedded "@".
* I believe that future <LoginUserName> will increasingly have embedded 
    "@"  s.
*   I also suspect that the email fetching, makes some assumption(s) 
    which are not valid.  We must distinguish between convention and rule.

More information about the Oberon mailing list