XSF Discussion - 2014-02-21


  1. ralphm

    Zash: thanks. Putting that on the reading list for tomorrow

  2. ralphm sleeps

  3. Maranda

    DHT..

  4. Maranda suddenly had a chill run up his spine.

  5. stpeter

    Maranda: ?

  6. stpeter

    oh, does Tobias mention DHTs in that message?

  7. stpeter

    I need to read it again

  8. Maranda

    stpeter, not sure but the whole mention of having a DHT overlay on top of xmpp gives me chills, no trolling intended :) sorry.

  9. stpeter

    actually I know some people building a DHT-based overlay on the entire Internet ;-)

  10. xnyhps

    It'd be nice to have a mobile client that gives you a view like WhatsApp (ignoring groups and only showing the list of recent conversations, sorted by recentness)

  11. xnyhps

    But I don't think you'll be able to do the 0-step setup unless you compromise in some way.

  12. xnyhps

    It's exactly an example of Zooko's Triangle: you can either have it secure, or decentralized, but not both.

  13. simon

    xnyhps - I wish Adium gave me the option to sort my chat tabs by recentness too :)

  14. fippo

    the third edge being usable?

  15. xnyhps

    Human-meaningful.

  16. xnyhps

    (Human-meaningful in this context because you're trying to link an existing phone number to an account, not because phone numbers are particularly easy to remember)

  17. fippo

    the twinlife guys had some interesting idea about giving out personalized addresses to each contact -- http://bloggeek.me/twinlife-webrtc-interview/

  18. fippo

    but I think that is very far from the human-meaningful edge :-/

  19. fippo

    i wonder why people still get away with "our webrtc thing works on chrome only" without a decent technical reason...

  20. xnyhps

    The page isn't clear to me whether that is decentralized or not.

  21. Ge0rG

    xnyhps: isn't whatsapp a one-step setup?

  22. xnyhps

    What step? Picking a display name?

  23. Zash

    And phone numbers aren't exactly hard to predict / brute-force

  24. Ge0rG

    xnyhps: you have to at least enter / confirm your phone number

  25. xnyhps

    Pretty sure your phone will know its phone number. :P

  26. Ge0rG

    xnyhps: pretty sure is not factual knowledge. I know that my phone doesn't know its number

  27. xnyhps

    Okay, it's clicking "OK" a couple of times, but in a typical setup you wouldn't need to enter anything yourself.

  28. Ge0rG

    IIRC apple phones are disallowed from getting the phone number at all

  29. xnyhps

    I know you can setup WhatsApp on a different device, but its not common and probably not something they officially support.

  30. xnyhps

    Ge0rG: I really doubt that. Don't you mean IMEI?

  31. Ge0rG

    xnyhps: no, I meant phone number

  32. Zash

    Are phones really aware of their own phone number?

  33. Ge0rG

    xnyhps: http://stackoverflow.com/questions/193182/programmatically-get-own-phone-number-in-ios

  34. xnyhps

    I stand corrected. :)

  35. xnyhps

    But does it still do the text message activation?

  36. Ge0rG

    xnyhps: yes it does. So I assume you have to enter the phone number

  37. Ash

    Sorry about wading into a discussion that I know little about, but couldn't an app send a text message to the app provider, which would then reveal the phone number?

  38. Kev

    No.

  39. Kev

    Or, rather, yes, they could send a text revealing /a/ phone number, but necessarily their own.

  40. Kev

    I don't think the phone number on texts is strongly authenticated. I could be wrong.

  41. Kev

    Although I could easily be wrong, and thinking of something else.

  42. fippo

    alex: update your email template :-)

  43. Alex

    ups, ya, that was the wrong one ;-)

  44. Ge0rG

    Kev, Ash: a phone can not easily fake the sender number when sending an SMS, but there are services that can do that. So you'd have to prevent the original SMS from being sent, and fake it from another SMS source

  45. Kev

    Ge0rG: Preventing an SMS being sent is fairly easy. Just turn off the mobile network.

  46. Ge0rG

    Kev: it requirese some sophistication at least

  47. Ge0rG

    the more important point I see is, many people still have to pay for SMS, so it is better to let the provider send an SMS to the customer

  48. Ash

    Is it possible for an app to receive an SMS? If so you could have the app send an sms to the app provider, and along another channel (https) send a generated token. The app provider could then send an sms back to the number with the token in. I assume this reply would be far more difficult to subvert?

  49. simon

    Ash - yes, at least in Android and Symbian you have a receieve priority for inbound SMSs. https://stackoverflow.com/questions/18940286/how-to-make-my-sms-app-is-highest-priority-to-receive-broadcast-receiver

  50. dwd

    simon, You don't happen to know if the SMS "port number" stuff works in Android, do you?

  51. dwd

    Oh, turns out it does.

  52. dwd

    So that might be more reliable than listening to all SMSs.

  53. dwd

    Done my voting.

  54. Kev

    Did mine this morning. Not entirely sure how I failed to do it until today.

  55. Kev

    I typically do it the moment Alex sends the first mail.

  56. dwd

    Yeah, I confess to being busy. I've tried to be as careful as I can with "yes" votes; to the extent of even voting down people I know quite well, which feels a bit weird.

  57. Kev

    I applied my normal rules.

  58. Kev

    significant_contributor_to_the_XSF's_goals() ? yes : no;

  59. dwd

    Yeah, I just was more struct about XMPP vs XSF this time around.

  60. dwd

    struct? strict.

  61. dwd

    Guess what langauge Dave is programming in today.

  62. Tobias

    COBOL?

  63. Tobias

    :P

  64. Kev

    dwd: I'm not sure what the full list of reasons new members get past my filter is. I think it's largely just standards contributions or outreach.

  65. Neustradamus

    14/02/22: the second security test day: http://xmpp.org/2014/02/second-security-test-day/