XSF Discussion - 2014-02-21

  1. ralphm

    Zash: thanks. Putting that on the reading list for tomorrow

  2. ralphm sleeps

  3. Tobias has left

  4. waqas has left

  5. Maranda


  6. Maranda suddenly had a chill run up his spine.

  7. stpeter

    Maranda: ?

  8. stpeter

    oh, does Tobias mention DHTs in that message?

  9. stpeter

    I need to read it again

  10. Maranda

    stpeter, not sure but the whole mention of having a DHT overlay on top of xmpp gives me chills, no trolling intended :) sorry.

  11. stpeter

    actually I know some people building a DHT-based overlay on the entire Internet ;-)

  12. bear has left

  13. Jef has left

  14. emcho has left

  15. emcho has joined

  16. emcho has left

  17. emcho has joined

  18. Maranda has left

  19. Zash has left

  20. emcho has left

  21. emcho has joined

  22. stpeter has left

  23. waqas has joined

  24. emcho has left

  25. waqas has left

  26. waqas has joined

  27. simon has joined

  28. waqas has left

  29. xnyhps

    It'd be nice to have a mobile client that gives you a view like WhatsApp (ignoring groups and only showing the list of recent conversations, sorted by recentness)

  30. xnyhps

    But I don't think you'll be able to do the 0-step setup unless you compromise in some way.

  31. xnyhps

    It's exactly an example of Zooko's Triangle: you can either have it secure, or decentralized, but not both.

  32. simon

    xnyhps - I wish Adium gave me the option to sort my chat tabs by recentness too :)

  33. Neustradamus has left

  34. fippo

    the third edge being usable?

  35. xnyhps


  36. xnyhps

    (Human-meaningful in this context because you're trying to link an existing phone number to an account, not because phone numbers are particularly easy to remember)

  37. fippo

    the twinlife guys had some interesting idea about giving out personalized addresses to each contact -- http://bloggeek.me/twinlife-webrtc-interview/

  38. fippo

    but I think that is very far from the human-meaningful edge :-/

  39. fippo

    i wonder why people still get away with "our webrtc thing works on chrome only" without a decent technical reason...

  40. Alex has joined

  41. xnyhps

    The page isn't clear to me whether that is decentralized or not.

  42. emcho has joined

  43. emcho has left

  44. emcho has joined

  45. emcho has left

  46. emcho has joined

  47. emcho has left

  48. emcho has joined

  49. emcho has left

  50. Jef has joined

  51. emcho has joined

  52. Ge0rG

    xnyhps: isn't whatsapp a one-step setup?

  53. Zash has joined

  54. xnyhps

    What step? Picking a display name?

  55. Zash

    And phone numbers aren't exactly hard to predict / brute-force

  56. emcho has left

  57. emcho has joined

  58. emcho has left

  59. Ge0rG

    xnyhps: you have to at least enter / confirm your phone number

  60. xnyhps

    Pretty sure your phone will know its phone number. :P

  61. Ge0rG

    xnyhps: pretty sure is not factual knowledge. I know that my phone doesn't know its number

  62. xnyhps

    Okay, it's clicking "OK" a couple of times, but in a typical setup you wouldn't need to enter anything yourself.

  63. Ge0rG

    IIRC apple phones are disallowed from getting the phone number at all

  64. xnyhps

    I know you can setup WhatsApp on a different device, but its not common and probably not something they officially support.

  65. xnyhps

    Ge0rG: I really doubt that. Don't you mean IMEI?

  66. Ge0rG

    xnyhps: no, I meant phone number

  67. Zash

    Are phones really aware of their own phone number?

  68. Ge0rG

    xnyhps: http://stackoverflow.com/questions/193182/programmatically-get-own-phone-number-in-ios

  69. xnyhps

    I stand corrected. :)

  70. xnyhps

    But does it still do the text message activation?

  71. Tobias has joined

  72. Ge0rG

    xnyhps: yes it does. So I assume you have to enter the phone number

  73. Zash has left

  74. Jef has left

  75. emcho has joined

  76. emcho has left

  77. emcho has joined

  78. Ashley Ward has joined

  79. Ashley Ward has left

  80. Ash has joined

  81. Ash

    Sorry about wading into a discussion that I know little about, but couldn't an app send a text message to the app provider, which would then reveal the phone number?

  82. Kev


  83. Kev

    Or, rather, yes, they could send a text revealing /a/ phone number, but necessarily their own.

  84. Kev

    I don't think the phone number on texts is strongly authenticated. I could be wrong.

  85. Kev

    Although I could easily be wrong, and thinking of something else.

  86. fippo

    alex: update your email template :-)

  87. Alex

    ups, ya, that was the wrong one ;-)

  88. Ge0rG

    Kev, Ash: a phone can not easily fake the sender number when sending an SMS, but there are services that can do that. So you'd have to prevent the original SMS from being sent, and fake it from another SMS source

  89. Kev

    Ge0rG: Preventing an SMS being sent is fairly easy. Just turn off the mobile network.

  90. Ge0rG

    Kev: it requirese some sophistication at least

  91. Ge0rG

    the more important point I see is, many people still have to pay for SMS, so it is better to let the provider send an SMS to the customer

  92. Santiago26 has joined

  93. Santiago26 has left

  94. Santiago26 has joined

  95. emcho has left

  96. emcho has joined

  97. dezant has left

  98. Maranda has joined

  99. dezant has joined

  100. dezant has left

  101. Ash

    Is it possible for an app to receive an SMS? If so you could have the app send an sms to the app provider, and along another channel (https) send a generated token. The app provider could then send an sms back to the number with the token in. I assume this reply would be far more difficult to subvert?

  102. Maranda has left

  103. dezant has joined

  104. dezant has left

  105. dezant has joined

  106. Tobias has joined

  107. Santiago26 has left

  108. emcho has left

  109. emcho has joined

  110. simon

    Ash - yes, at least in Android and Symbian you have a receieve priority for inbound SMSs. https://stackoverflow.com/questions/18940286/how-to-make-my-sms-app-is-highest-priority-to-receive-broadcast-receiver

  111. dezant has left

  112. Tobias has joined

  113. Jef has joined

  114. emcho has left

  115. emcho has joined

  116. emcho has left

  117. Jef has left

  118. waqas has joined

  119. dwd

    simon, You don't happen to know if the SMS "port number" stuff works in Android, do you?

  120. dwd

    Oh, turns out it does.

  121. dwd

    So that might be more reliable than listening to all SMSs.

  122. dwd

    Done my voting.

  123. Kev

    Did mine this morning. Not entirely sure how I failed to do it until today.

  124. Kev

    I typically do it the moment Alex sends the first mail.

  125. dwd

    Yeah, I confess to being busy. I've tried to be as careful as I can with "yes" votes; to the extent of even voting down people I know quite well, which feels a bit weird.

  126. Kev

    I applied my normal rules.

  127. Kev

    significant_contributor_to_the_XSF's_goals() ? yes : no;

  128. dwd

    Yeah, I just was more struct about XMPP vs XSF this time around.

  129. dwd

    struct? strict.

  130. dwd

    Guess what langauge Dave is programming in today.

  131. Tobias


  132. Tobias


  133. Kev

    dwd: I'm not sure what the full list of reasons new members get past my filter is. I think it's largely just standards contributions or outreach.

  134. emcho has joined

  135. waqas has left

  136. Lloyd has joined

  137. Jef has joined

  138. Jef has left

  139. Zash has joined

  140. waqas has joined

  141. emcho has left

  142. emcho has joined

  143. emcho has left

  144. emcho has joined

  145. emcho has left

  146. emcho has joined

  147. waqas has left

  148. Lloyd has left

  149. waqas has joined

  150. emcho has left

  151. waqas has left

  152. simon has left

  153. bear has joined

  154. dezant has joined

  155. Tobias has joined

  156. Jef has joined

  157. waqas has joined

  158. fsteinel has joined

  159. Tobias has joined

  160. waqas has left

  161. waqas has joined

  162. fsteinel has left

  163. Neustradamus has joined

  164. Zash has joined

  165. emcho has joined

  166. SouL has joined

  167. emcho has left

  168. emcho has joined

  169. bear has left

  170. Alex has left

  171. Tobias has joined

  172. waqas has left

  173. waqas has joined

  174. Alex has joined

  175. Jef has left

  176. ralphm has left

  177. waqas has left

  178. waqas has joined

  179. Neustradamus

    14/02/22: the second security test day: http://xmpp.org/2014/02/second-security-test-day/

  180. Tobias has joined

  181. Tobias has left

  182. Ash has left

  183. intosi has left

  184. intosi has joined

  185. Ge0rG has joined

  186. Ge0rG has joined

  187. Alex has left

  188. SouL has left

  189. dwd has joined

  190. Alex has left

  191. waqas has left

  192. waqas has joined

  193. Tobias has joined

  194. emcho has left

  195. emcho has joined

  196. intosi has left

  197. Jef has joined

  198. Tobias has left