-
ralphm
Zash: thanks. Putting that on the reading list for tomorrow
- ralphm sleeps
-
Maranda
DHT..
- Maranda suddenly had a chill run up his spine.
-
stpeter
Maranda: ?
-
stpeter
oh, does Tobias mention DHTs in that message?
-
stpeter
I need to read it again
-
Maranda
stpeter, not sure but the whole mention of having a DHT overlay on top of xmpp gives me chills, no trolling intended :) sorry.
-
stpeter
actually I know some people building a DHT-based overlay on the entire Internet ;-)
-
xnyhps
It'd be nice to have a mobile client that gives you a view like WhatsApp (ignoring groups and only showing the list of recent conversations, sorted by recentness)
-
xnyhps
But I don't think you'll be able to do the 0-step setup unless you compromise in some way.
-
xnyhps
It's exactly an example of Zooko's Triangle: you can either have it secure, or decentralized, but not both.
-
simon
xnyhps - I wish Adium gave me the option to sort my chat tabs by recentness too :)
-
fippo
the third edge being usable?
-
xnyhps
Human-meaningful.
-
xnyhps
(Human-meaningful in this context because you're trying to link an existing phone number to an account, not because phone numbers are particularly easy to remember)
-
fippo
the twinlife guys had some interesting idea about giving out personalized addresses to each contact -- http://bloggeek.me/twinlife-webrtc-interview/
-
fippo
but I think that is very far from the human-meaningful edge :-/
-
fippo
i wonder why people still get away with "our webrtc thing works on chrome only" without a decent technical reason...
-
xnyhps
The page isn't clear to me whether that is decentralized or not.
-
Ge0rG
xnyhps: isn't whatsapp a one-step setup?
-
xnyhps
What step? Picking a display name?
-
Zash
And phone numbers aren't exactly hard to predict / brute-force
-
Ge0rG
xnyhps: you have to at least enter / confirm your phone number
-
xnyhps
Pretty sure your phone will know its phone number. :P
-
Ge0rG
xnyhps: pretty sure is not factual knowledge. I know that my phone doesn't know its number
-
xnyhps
Okay, it's clicking "OK" a couple of times, but in a typical setup you wouldn't need to enter anything yourself.
-
Ge0rG
IIRC apple phones are disallowed from getting the phone number at all
-
xnyhps
I know you can setup WhatsApp on a different device, but its not common and probably not something they officially support.
-
xnyhps
Ge0rG: I really doubt that. Don't you mean IMEI?
-
Ge0rG
xnyhps: no, I meant phone number
-
Zash
Are phones really aware of their own phone number?
-
Ge0rG
xnyhps: http://stackoverflow.com/questions/193182/programmatically-get-own-phone-number-in-ios
-
xnyhps
I stand corrected. :)
-
xnyhps
But does it still do the text message activation?
-
Ge0rG
xnyhps: yes it does. So I assume you have to enter the phone number
-
Ash
Sorry about wading into a discussion that I know little about, but couldn't an app send a text message to the app provider, which would then reveal the phone number?
-
Kev
No.
-
Kev
Or, rather, yes, they could send a text revealing /a/ phone number, but necessarily their own.
-
Kev
I don't think the phone number on texts is strongly authenticated. I could be wrong.
-
Kev
Although I could easily be wrong, and thinking of something else.
-
fippo
alex: update your email template :-)
-
Alex
ups, ya, that was the wrong one ;-)
-
Ge0rG
Kev, Ash: a phone can not easily fake the sender number when sending an SMS, but there are services that can do that. So you'd have to prevent the original SMS from being sent, and fake it from another SMS source
-
Kev
Ge0rG: Preventing an SMS being sent is fairly easy. Just turn off the mobile network.
-
Ge0rG
Kev: it requirese some sophistication at least
-
Ge0rG
the more important point I see is, many people still have to pay for SMS, so it is better to let the provider send an SMS to the customer
-
Ash
Is it possible for an app to receive an SMS? If so you could have the app send an sms to the app provider, and along another channel (https) send a generated token. The app provider could then send an sms back to the number with the token in. I assume this reply would be far more difficult to subvert?
-
simon
Ash - yes, at least in Android and Symbian you have a receieve priority for inbound SMSs. https://stackoverflow.com/questions/18940286/how-to-make-my-sms-app-is-highest-priority-to-receive-broadcast-receiver
-
dwd
simon, You don't happen to know if the SMS "port number" stuff works in Android, do you?
-
dwd
Oh, turns out it does.
-
dwd
So that might be more reliable than listening to all SMSs.
-
dwd
Done my voting.
-
Kev
Did mine this morning. Not entirely sure how I failed to do it until today.
-
Kev
I typically do it the moment Alex sends the first mail.
-
dwd
Yeah, I confess to being busy. I've tried to be as careful as I can with "yes" votes; to the extent of even voting down people I know quite well, which feels a bit weird.
-
Kev
I applied my normal rules.
-
Kev
significant_contributor_to_the_XSF's_goals() ? yes : no;
-
dwd
Yeah, I just was more struct about XMPP vs XSF this time around.
-
dwd
struct? strict.
-
dwd
Guess what langauge Dave is programming in today.
-
Tobias
COBOL?
-
Tobias
:P
-
Kev
dwd: I'm not sure what the full list of reasons new members get past my filter is. I think it's largely just standards contributions or outreach.
-
Neustradamus
14/02/22: the second security test day: http://xmpp.org/2014/02/second-security-test-day/