How AOL Beat Microsoft: Messenger Wars!

Video Statistics and Information

Video

Captions Word Cloud

Reddit Comments

Another great video! I always find it crazy to think that all AIM and MSN messengers had to do to become myspace or FB was to create a simple customizable home page for their users! I wonder why they didn't, since they already had a huge user base and this simple move could have changed so many things.

Also, thanks for pushing the camera back far enough so that you cant tell that you are reading a screen.

👍︎︎ 2 👤︎︎ u/MrKino 📅︎︎ Aug 24 2021 🗫︎ replies

Captions

you've got mail email nobody cares man emails for the old people kids today only care about instant messaging and who do they trust the number one provider on the world wide web today aol instant messenger oh wait did i mention this story takes place back when i was at microsoft in the good old 1990s that's when aol went to war with microsoft and they made microsoft cry uncle they had to do some pretty clever and yet arguably sketchy stuff to do it though and that's coming from somebody who's saying some things i mean i've personally had sony root kit my code so it takes a lot to get me worked up but that's a story for another day did aol really exploit a buffer overrun security hole in their own product just a frustrated competitor well let's not get ahead of ourselves i need to set the stage first before i can tell you the whole story but yes [Music] hey i'm dave welcome to my shop i'm dave plummer a retired operating systems engineer from microsoft going back to the ms dawson windows 95 days and today's tale is one of corporate intrigue fake identities digital fingerprints and buffer overflows it's the story of the messenger wars between microsoft and aol the year was 1999. i'd been at microsoft since the early 90s and along the way we'd already managed to ship ms-dos windows 95 98 three versions of windows nt and i was coding pretty much all my wicking hours on what would become windows 2000 i say pretty much because nobody worked on thursday nights back then i mean with friends seinfeld and er back to back in their original debuts and jennifer aniston still in her early 20s nobody really got much work done until the next morning by 99 the web was officially a big thing but it was still very very early especially for the apps and the technologies involved firefox safari and chrome were all still years away so you really had the choice of netscape or internet explorer the biggest difference however is that you must remember that this was pretty much the top of the internet title wave even before the first dot com crashes that means nobody was truly sure where the money was to be found yet they were reasonably confident that it would involve customers somehow or at least eyeballs had to be looking at things that was apparently very important and for how long they were looking they knew that much click rate and cost per acquisition were big as was the lifetime value of a customer but not much more than that was really certain it was understood that the golden prizes back then were your browser your home page your email provider and your instant messenger client and back in 1999 there were really two types of people there were isp people and then there was everybody else for example i wasn't all about simple dial-up i used a dual isdn setup with 264 kilobit channels bonded together i positively cringed at the possibility of a faith of going back to something like a 28 modem or worse i'd already done my time as far as i was concerned but speaking of modems and dial-up here's a random story i'm a software guy who's actually decided from several generations of hardware guys by which i mean small town hardware stores my father grandfather and great grandfather all owned and operated plumber's hardware stores of their own i worked there as a kid and by the early 1980s my dad's wholesale supplier switched from paper order sheets to a digital box known as a tells on a dedicated unit like a small shoebox with a tiny led display you'd enter your product upc codes and the quantity desired and then you'd upload your order to their mainframe and the next week a truck from winnipeg would show up with all your inventory my dad wasn't thrilled about this early adoption of computer tech in part because he had some cerebral palsy that made it difficult to enter orders on a small keypad but also because if he made a mistake he always had to start over from the beginning i'm sure that was probably avoidable somehow but that's how he did it back then and if he made a mistake and the truck showed up with 20 bouncy houses instead of 20 hammers because a number had been keyed in wrong somewhere then that's just also how it worked back then but how does this all relate to modems well once you had entered your order you would connect the box to your phone using an acoustic coupler that's a little unit made up of a speaker and a microphone and inside each one there's rubber cups and you attach it to the handset of the telephone the speaker part goes on the telephone mouthpiece and makes the beeps and boots needed to send the ones and zeros down your audiophone line the microphone ad goes on the earpiece and listens to the beeps and boops sent by the computer on the other end of the call the part that makes the sound is called the modulator and the part that listens is the demodulator combine them and they form a modulator demodulator better known as a codem but my dad's inventory setup was so basic and cost saving that it only connected to the mouthpiece there was therefore no earpiece connection and thus it could not and did not acknowledge or confirm your order in any way you just dialed the long distance phone number listen for the carrier tone and push the button to send it all in one big shot and then the delivery truck either showed up or it didn't my point as i noted is that the word modem specifically means modulator demodulator precisely one of each if you only have the modulator part then you don't have a modem you've just got a mode and so now when i'm at those dinner parties where ancient programmers compete at being the oldest and brag about having used 300 baud modems to call into their favorite bbs and so on i just casually drop when i was a kid we didn't even have a modem we just had a mo and we were glad to have it too true story my fancy bonded isdn was an anomaly however as that's not how most people got their internet back then most people use the cd from a service like msn or more commonly aol for most people in fact aol was simply synonymous with the internet the web the internet aol even email and chat all blended together in the minds of most consumers into an imaginary place and product simply known as the world wide web and to sign up for the web you needed a cd and a modem the modem for obvious reasons and the cd for the software to get you all connected after all the base 195 system didn't even include the tcp ip networking required to connect to the internet so the cd is served as something of a turnkey solution to update your networking connect your modem find the closest telephone number for a local point of presence or pop and they also need to provide some kind of dial up connection manager and then pull it all together in a browser of some sort add some cheezy 90 sound effects and you're pretty much ready now to find an aolcd all you really had to do was try to set your coffee down somewhere and you usually had to push a few out of the way every time that's because the world was pretty much blanketed with aol cds back then they'd fall out of every magazine they'd come with every piece of software they'd come in the mail they'd be free in the supermarket checkout aisle as annoying and wasteful as they were you've got to give some credit to whoever owned that bid of marketing at aol they certainly made aol accessible to say the least now if only they had used rewritable cds we would have had access to infinite storage or maybe that's a terrible idea now that i think about it because aol used to be known as quantum link you're gonna get two modem stories for the price of one today because back in 1986 i actually bought a modem for my commodore 64 that came with their free quantum link floppy disk which was the forerunner to what became the aol cd i entered my credit card information and used it once or twice but came away kind of unimpressed and then forgot about it but then eventually the modem went bad and i returned it not knowing any better i included the floppy and the cables and everything that came with it but that floppy little to my knowledge contained all my connection credentials so whoever bought my freshly refurbished modem a few months later also got that quantum link floppy which in turn included unlimited connection time at my expense by virtue of the cashed account credentials i was still a student and that was 500 bucks i really couldn't afford it so in other words if you happen to know steve case tell him i'm still a little better about it and that he owes me 500 bucks how big did aol eventually get back then at least 35 million people relied on aol for their internet connection up until 1996 or so aol charged by the hour but ultimately switched to a flat monthly fee of 1995. when they did so however they simply lacked the capacity to serve that many users and their users wound up cancelling out a frustration with busy signals and let me tell you you haven't lived until you've used autodial to get around a busy signal as you compete for a line even get yourself connected to the dial-up internet told you i'd seen some strange times in any event aol's two major communications offerings were email and instant messenger their im product was known as aol instant messenger or more frequently by the acronym aim often pronounced as aim it competed primarily with yahoo messenger msn messenger and a windows app known as icq which by 1998 aol had acquired leaving just the big three of which msn was likely the smallest the msn messenger team decided that it would be a great idea to be compatible with aol's messenger so that their users could log into both servers and even exchange messages back and forth between them aol being the dominant player in the market apparently had little interest in playing nice with this small player in the messenger space named microsoft now i get that there's no small irony in the fact that microsoft perhaps used to being the 800-pound gorilla by then found itself in the position of facing an encapsulated market leader but i'm a developer not a politician or executive so i didn't care about that stuff then and i don't care about it now what i do care about because i think it's fascinating is that aol and msn developers then went to virtual war with one another in a continually escalating arms race of reverse engineering each other's technologies microsoft dead set on making amazon messenger completely indistinguishable from the aim client and aol doing everything in its power to detect and block that sinister msn client now why did amazon want its client to be able to masquerade as aol's client because that would allow them to take advantage of the huge installed user base and if nothing else allow msn users to exchange messages with aol users but there was zero chance that aol was going to open up its platform to microsoft so the only way it was going to work was if the msn messenger were 100 compatible with aim the prospects of aol documenting its messenger protocol were equally dim so microsoft was left to figure it out on its own long nights of reverse engineering would lead to an update or a fix in the msn client to make it all work and then aol would change something in the protocol and it would break the msn client and the msn people would have to debug it to figure out what had changed update the msn client software and push out an update it could have been coincidence but these updates to the aol client that would break everything seem to come about at the most inconvenient times like after work on a friday running more than a few weekends around redmond i'm sure after discovering a truly surprising escalation on aol's part someone at microsoft took it upon themselves to inform a well-known security expert of what was going on presumably that would look suspicious coming from a competitor such as microsoft so they decided to write under the pseudonym of phil bucking now maybe this is also a convenience but you can rearrange the lead phonemes there for a bit of a laugh if you like but i'll leave that one to the viewer as an exercise the emails were sent to one richard m smith who was president of farlab software and a well-regarded expert on internet security the thing is if you're going to fake an email to an internet security expert you should probably be more careful than sending it from work it turns out the smith quickly noted that although the email headers had been forged to show a yahoo return address the email had clearly been delivered by a microsoft proxy server a microsoft spokesman later said that the employee who was never identified had been reprimanded it's hard to know precisely what the intent was perhaps mr phil was trying to tip off a security expert so that it would make it to the press once the public knew what was going on they'd be outraged and apply public pressure to aol to stop the monkey business aol would then be forced to play nicely and the msn messenger client could be fully compatible with aol's aim but what exactly was aol doing to prevent it that bothered microsoft so much remember that the goal on microsoft's part was to impersonate the aim client so that they could be compatible with and interoperate with the aim user base aol's mission was to prevent microsoft from doing so at any cost as they had no intent of sharing their user base with microsoft thus while microsoft was doing everything they could to make sure they were speaking the correct protocols and so on aol was doing everything in their power to detect when the client was actually an msn user and shut them down initially just the fact that aim used its own proprietary binary protocol was enough but microsoft had some talented folks who sorted it all out in quick order once they had perfected their impersonation of aim aol had to resort to other means of detecting when it was an msn interloper what phil bucking reported to richard smith was nothing short of shocking aol had discovered a buffer overrun exploit in their own aim client and they were taking advantage of it to best understand how i have a complete episode on buffer over runs and how one was used to construct the code red worm so you should probably check out that fascinating story next for now though what's important here is that this exploit allowed aol to attack their own client and inject new code into it from the server once they had loaded their exploit payload into their customers machines they would be able to run arbitrary code whenever they wanted what he claimed they did next was both clever and sinister they used the exploit to hack their own customers whenever they connected to the am servers and used that hack to deliver a payload that could read arbitrary bytes back out of memory that means they could retrieve detailed information about the binary program that was currently running they would then use that information to help discern whose client program msn's or aols was running from there they could block msn at will the implications were far-reaching what they had done was deliver a payload that exposed the weakness in the aim client so severe that it allowed for arbitrary code injection back in 1999 everybody still ran as full administrator so it really meant that they had delivered a trojan horse capable of doing literally almost anything on your machine up to including reading and transmitting all of your personal information or worse it's not that the aim client actually did any of that malicious tom flurry it's merely that they delivered an infrastructure that allowed for it their actual use of it was allegedly pretty simple they used it to create a read arbitrary byte from memory function in so doing they're able to read binary bytes back out of memory to confirm the identity of the client program and if it wasn't aol as a real client then the user would be kicked from the server microsoft's natural response would of course be to emulate even that behavior tedusa would require a copy of the aim binaries however that way they could satisfy the read arbitrary byte at least for code it operated essentially as a dna test for the software that can be used to verify its identity authoritatively but what if aol then escalated things one step further reading bytes from the running state of the application memory the only way to make that work would be to run the aim binaries in a simulator or perhaps like a bad case of software ratatouille and the msn client could silently drive and control the aim client in the background or off screen at that point comrade has prevailed at microsoft this is going to end badly for somebody and the odds were it was going to be the customer that's what microsoft ultimately capitulated and the msn developers accepted their fate aol's messenger would be a closed ecosystem and msn was definitely not being invited over to play in it in the end it meant that aim users and msn users could not exchange instant messages at all if you're thinking that this situation is somewhat reminiscent of the iphone ecosystem with its special blue eye messages remember that an iphone can still exchange messages with the folks that we call green bubblers iphone and android can at least interoperate nicely whereas aol messenger was completely closed you couldn't send an iem into or out of it the closest parallels i could think of today would be systems like facebook messenger and whatsapp where you're completely dependent on the other person having the app in question and likely an account in order to receive a message the key difference i suppose is that the users now don't have to pay 20 bucks a month in order to be able to receive the message perhaps if everyone had come together and standardized on an interchange format things would have turned out differently if nothing else it would have provided a smoother glide path for the aim users that were effectively abandoned when aol pulled the plug on the system in 2017. after all there were still 500 000 people using it if you can believe it and i'd wager if you were still using aim in 2017 you're likely not somebody who embraces change readily if you enjoyed today's little blast from my digital past please drop me a like on the video and do consider subscribing that way i'll know that this is the kind of content that you appreciate and i'll make more like it win win don't forget to stop by the dave's garage channel store and grab yourself a classic dave's garage mug head to the channel homepage and click on the store tab where you can select from four different colors or collect the whole set after all any and all channel profits in 2021 will be donated to the uw autism center when you know that every sip literally helps a kid with special needs somehow your coffee just tastes a little better thanks for joining me out here in the shop today in the meantime in between time hope to see you next time right here in dave's garage as such i bet that the aim shutdown was actually something harder now my fancy bonded isdn was an anomaly anomaly anomaly said it wrong to find an aol cd all you had to do hmm whomever bought my freshly refurbished modem a few months later also got that quantum link floppy which in turn included unlimited connection time at the expense at my expense not the expense my expense up until about 1996 aol charged by the hour but ultimately switched to babuba when they did so ever firefox safari and chrome were all still years away so you really had the choice of netscape or internet explorer i think i should reread that because it sounded like i was mad at internet explorer when they did no i got a it competed primarily with yahoo messenger msn messenger and a windows app known as icq but i'm a developer i'm not a politician or executive so i don't care about that kind of stuff then and i don't care about it now bad grammar could have been coincidence but these updates to the aol client that seem to break everything maybe this is also a coincidence but you can rearrange the lead phonemes for a bit of laugh ah bit of a laugh if you like aol's mission was to once they had loaded their exploit playload once they had loaded their exploit exploit that's two exploits in a whole man whoa whoa too many exploits

Info

Channel: Dave's Garage

Views: 33,532

Rating: 4.9788513 out of 5

Keywords: microsoft vs aol, aol vs microsoft, messenger client, messenger, microsoft, daves garage, aol, war, reverse engineering, aol aim, davepl, aol instant messenger, instant messenger, msn messenger, windows nostalgia, america online, aim, msn, hacking, 1990s, sounds, Nostalgia, bill gates, windows live messenger, windows sounds, modem, acoustic coupler, bbs, aol youve got mail

Id: w-7PjunSxLU

Channel Id: undefined

Length: 17min 57sec (1077 seconds)

Published: Tue Aug 24 2021