XSF logo XSF Discussion - 2014-02-21


  1. ralphm Zash: thanks. Putting that on the reading list for tomorrow
  2. ralphm sleeps
  3. Tobias has left
  4. waqas has left
  5. Maranda DHT..
  6. Maranda suddenly had a chill run up his spine.
  7. stpeter Maranda: ?
  8. stpeter oh, does Tobias mention DHTs in that message?
  9. stpeter I need to read it again
  10. Maranda stpeter, not sure but the whole mention of having a DHT overlay on top of xmpp gives me chills, no trolling intended :) sorry.
  11. stpeter actually I know some people building a DHT-based overlay on the entire Internet ;-)
  12. bear has left
  13. Jef has left
  14. emcho has left
  15. emcho has joined
  16. emcho has left
  17. emcho has joined
  18. Maranda has left
  19. Zash has left
  20. emcho has left
  21. emcho has joined
  22. stpeter has left
  23. waqas has joined
  24. emcho has left
  25. waqas has left
  26. waqas has joined
  27. simon has joined
  28. waqas has left
  29. xnyhps It'd be nice to have a mobile client that gives you a view like WhatsApp (ignoring groups and only showing the list of recent conversations, sorted by recentness)
  30. xnyhps But I don't think you'll be able to do the 0-step setup unless you compromise in some way.
  31. xnyhps It's exactly an example of Zooko's Triangle: you can either have it secure, or decentralized, but not both.
  32. simon xnyhps - I wish Adium gave me the option to sort my chat tabs by recentness too :)
  33. Neustradamus has left
  34. fippo the third edge being usable?
  35. xnyhps Human-meaningful.
  36. xnyhps (Human-meaningful in this context because you're trying to link an existing phone number to an account, not because phone numbers are particularly easy to remember)
  37. fippo the twinlife guys had some interesting idea about giving out personalized addresses to each contact -- http://bloggeek.me/twinlife-webrtc-interview/
  38. fippo but I think that is very far from the human-meaningful edge :-/
  39. fippo i wonder why people still get away with "our webrtc thing works on chrome only" without a decent technical reason...
  40. Alex has joined
  41. xnyhps The page isn't clear to me whether that is decentralized or not.
  42. emcho has joined
  43. emcho has left
  44. emcho has joined
  45. emcho has left
  46. emcho has joined
  47. emcho has left
  48. emcho has joined
  49. emcho has left
  50. Jef has joined
  51. emcho has joined
  52. Ge0rG xnyhps: isn't whatsapp a one-step setup?
  53. Zash has joined
  54. xnyhps What step? Picking a display name?
  55. Zash And phone numbers aren't exactly hard to predict / brute-force
  56. emcho has left
  57. emcho has joined
  58. emcho has left
  59. Ge0rG xnyhps: you have to at least enter / confirm your phone number
  60. xnyhps Pretty sure your phone will know its phone number. :P
  61. Ge0rG xnyhps: pretty sure is not factual knowledge. I know that my phone doesn't know its number
  62. xnyhps Okay, it's clicking "OK" a couple of times, but in a typical setup you wouldn't need to enter anything yourself.
  63. Ge0rG IIRC apple phones are disallowed from getting the phone number at all
  64. xnyhps I know you can setup WhatsApp on a different device, but its not common and probably not something they officially support.
  65. xnyhps Ge0rG: I really doubt that. Don't you mean IMEI?
  66. Ge0rG xnyhps: no, I meant phone number
  67. Zash Are phones really aware of their own phone number?
  68. Ge0rG xnyhps: http://stackoverflow.com/questions/193182/programmatically-get-own-phone-number-in-ios
  69. xnyhps I stand corrected. :)
  70. xnyhps But does it still do the text message activation?
  71. Tobias has joined
  72. Ge0rG xnyhps: yes it does. So I assume you have to enter the phone number
  73. Zash has left
  74. Jef has left
  75. emcho has joined
  76. emcho has left
  77. emcho has joined
  78. Ashley Ward has joined
  79. Ashley Ward has left
  80. Ash has joined
  81. Ash Sorry about wading into a discussion that I know little about, but couldn't an app send a text message to the app provider, which would then reveal the phone number?
  82. Kev No.
  83. Kev Or, rather, yes, they could send a text revealing /a/ phone number, but necessarily their own.
  84. Kev I don't think the phone number on texts is strongly authenticated. I could be wrong.
  85. Kev Although I could easily be wrong, and thinking of something else.
  86. fippo alex: update your email template :-)
  87. Alex ups, ya, that was the wrong one ;-)
  88. Ge0rG Kev, Ash: a phone can not easily fake the sender number when sending an SMS, but there are services that can do that. So you'd have to prevent the original SMS from being sent, and fake it from another SMS source
  89. Kev Ge0rG: Preventing an SMS being sent is fairly easy. Just turn off the mobile network.
  90. Ge0rG Kev: it requirese some sophistication at least
  91. Ge0rG the more important point I see is, many people still have to pay for SMS, so it is better to let the provider send an SMS to the customer
  92. Santiago26 has joined
  93. Santiago26 has left
  94. Santiago26 has joined
  95. emcho has left
  96. emcho has joined
  97. dezant has left
  98. Maranda has joined
  99. dezant has joined
  100. dezant has left
  101. Ash Is it possible for an app to receive an SMS? If so you could have the app send an sms to the app provider, and along another channel (https) send a generated token. The app provider could then send an sms back to the number with the token in. I assume this reply would be far more difficult to subvert?
  102. Maranda has left
  103. dezant has joined
  104. dezant has left
  105. dezant has joined
  106. Tobias has joined
  107. Santiago26 has left
  108. emcho has left
  109. emcho has joined
  110. simon Ash - yes, at least in Android and Symbian you have a receieve priority for inbound SMSs. https://stackoverflow.com/questions/18940286/how-to-make-my-sms-app-is-highest-priority-to-receive-broadcast-receiver
  111. dezant has left
  112. Tobias has joined
  113. Jef has joined
  114. emcho has left
  115. emcho has joined
  116. emcho has left
  117. Jef has left
  118. waqas has joined
  119. dwd simon, You don't happen to know if the SMS "port number" stuff works in Android, do you?
  120. dwd Oh, turns out it does.
  121. dwd So that might be more reliable than listening to all SMSs.
  122. dwd Done my voting.
  123. Kev Did mine this morning. Not entirely sure how I failed to do it until today.
  124. Kev I typically do it the moment Alex sends the first mail.
  125. dwd Yeah, I confess to being busy. I've tried to be as careful as I can with "yes" votes; to the extent of even voting down people I know quite well, which feels a bit weird.
  126. Kev I applied my normal rules.
  127. Kev significant_contributor_to_the_XSF's_goals() ? yes : no;
  128. dwd Yeah, I just was more struct about XMPP vs XSF this time around.
  129. dwd struct? strict.
  130. dwd Guess what langauge Dave is programming in today.
  131. Tobias COBOL?
  132. Tobias :P
  133. Kev dwd: I'm not sure what the full list of reasons new members get past my filter is. I think it's largely just standards contributions or outreach.
  134. emcho has joined
  135. waqas has left
  136. Lloyd has joined
  137. Jef has joined
  138. Jef has left
  139. Zash has joined
  140. waqas has joined
  141. emcho has left
  142. emcho has joined
  143. emcho has left
  144. emcho has joined
  145. emcho has left
  146. emcho has joined
  147. waqas has left
  148. Lloyd has left
  149. waqas has joined
  150. emcho has left
  151. waqas has left
  152. simon has left
  153. bear has joined
  154. dezant has joined
  155. Tobias has joined
  156. Jef has joined
  157. waqas has joined
  158. fsteinel has joined
  159. Tobias has joined
  160. waqas has left
  161. waqas has joined
  162. fsteinel has left
  163. Neustradamus has joined
  164. Zash has joined
  165. emcho has joined
  166. SouL has joined
  167. emcho has left
  168. emcho has joined
  169. bear has left
  170. Alex has left
  171. Tobias has joined
  172. waqas has left
  173. waqas has joined
  174. Alex has joined
  175. Jef has left
  176. ralphm has left
  177. waqas has left
  178. waqas has joined
  179. Neustradamus 14/02/22: the second security test day: http://xmpp.org/2014/02/second-security-test-day/
  180. Tobias has joined
  181. Tobias has left
  182. Ash has left
  183. intosi has left
  184. intosi has joined
  185. Ge0rG has joined
  186. Ge0rG has joined
  187. Alex has left
  188. SouL has left
  189. dwd has joined
  190. Alex has left
  191. waqas has left
  192. waqas has joined
  193. Tobias has joined
  194. emcho has left
  195. emcho has joined
  196. intosi has left
  197. Jef has joined
  198. Tobias has left