Zash: thanks. Putting that on the reading list for tomorrow
ralphmsleeps
Tobiashas left
waqashas left
Maranda
DHT..
Marandasuddenly had a chill run up his spine.
stpeter
Maranda: ?
stpeter
oh, does Tobias mention DHTs in that message?
stpeter
I need to read it again
Maranda
stpeter, not sure but the whole mention of having a DHT overlay on top of xmpp gives me chills, no trolling intended :) sorry.
stpeter
actually I know some people building a DHT-based overlay on the entire Internet ;-)
bearhas left
Jefhas left
emchohas left
emchohas joined
emchohas left
emchohas joined
Marandahas left
Zashhas left
emchohas left
emchohas joined
stpeterhas left
waqashas joined
emchohas left
waqashas left
waqashas joined
simonhas joined
waqashas left
xnyhps
It'd be nice to have a mobile client that gives you a view like WhatsApp (ignoring groups and only showing the list of recent conversations, sorted by recentness)
xnyhps
But I don't think you'll be able to do the 0-step setup unless you compromise in some way.
xnyhps
It's exactly an example of Zooko's Triangle: you can either have it secure, or decentralized, but not both.
simon
xnyhps - I wish Adium gave me the option to sort my chat tabs by recentness too :)
Neustradamushas left
fippo
the third edge being usable?
xnyhps
Human-meaningful.
xnyhps
(Human-meaningful in this context because you're trying to link an existing phone number to an account, not because phone numbers are particularly easy to remember)
fippo
the twinlife guys had some interesting idea about giving out personalized addresses to each contact -- http://bloggeek.me/twinlife-webrtc-interview/
fippo
but I think that is very far from the human-meaningful edge :-/
fippo
i wonder why people still get away with "our webrtc thing works on chrome only" without a decent technical reason...
Alexhas joined
xnyhps
The page isn't clear to me whether that is decentralized or not.
emchohas joined
emchohas left
emchohas joined
emchohas left
emchohas joined
emchohas left
emchohas joined
emchohas left
Jefhas joined
emchohas joined
Ge0rG
xnyhps: isn't whatsapp a one-step setup?
Zashhas joined
xnyhps
What step? Picking a display name?
Zash
And phone numbers aren't exactly hard to predict / brute-force
emchohas left
emchohas joined
emchohas left
Ge0rG
xnyhps: you have to at least enter / confirm your phone number
xnyhps
Pretty sure your phone will know its phone number. :P
Ge0rG
xnyhps: pretty sure is not factual knowledge. I know that my phone doesn't know its number
xnyhps
Okay, it's clicking "OK" a couple of times, but in a typical setup you wouldn't need to enter anything yourself.
Ge0rG
IIRC apple phones are disallowed from getting the phone number at all
xnyhps
I know you can setup WhatsApp on a different device, but its not common and probably not something they officially support.
xnyhps
Ge0rG: I really doubt that. Don't you mean IMEI?
Ge0rG
xnyhps: no, I meant phone number
Zash
Are phones really aware of their own phone number?
xnyhps: yes it does. So I assume you have to enter the phone number
Zashhas left
Jefhas left
emchohas joined
emchohas left
emchohas joined
Ashley Wardhas joined
Ashley Wardhas left
Ashhas joined
Ash
Sorry about wading into a discussion that I know little about, but couldn't an app send a text message to the app provider, which would then reveal the phone number?
Kev
No.
Kev
Or, rather, yes, they could send a text revealing /a/ phone number, but necessarily their own.
Kev
I don't think the phone number on texts is strongly authenticated. I could be wrong.
Kev
Although I could easily be wrong, and thinking of something else.
fippo
alex: update your email template :-)
Alex
ups, ya, that was the wrong one ;-)
Ge0rG
Kev, Ash: a phone can not easily fake the sender number when sending an SMS, but there are services that can do that. So you'd have to prevent the original SMS from being sent, and fake it from another SMS source
Kev
Ge0rG: Preventing an SMS being sent is fairly easy. Just turn off the mobile network.
Ge0rG
Kev: it requirese some sophistication at least
Ge0rG
the more important point I see is, many people still have to pay for SMS, so it is better to let the provider send an SMS to the customer
Santiago26has joined
Santiago26has left
Santiago26has joined
emchohas left
emchohas joined
dezanthas left
Marandahas joined
dezanthas joined
dezanthas left
Ash
Is it possible for an app to receive an SMS? If so you could have the app send an sms to the app provider, and along another channel (https) send a generated token. The app provider could then send an sms back to the number with the token in. I assume this reply would be far more difficult to subvert?
Marandahas left
dezanthas joined
dezanthas left
dezanthas joined
Tobiashas joined
Santiago26has left
emchohas left
emchohas joined
simon
Ash - yes, at least in Android and Symbian you have a receieve priority for inbound SMSs. https://stackoverflow.com/questions/18940286/how-to-make-my-sms-app-is-highest-priority-to-receive-broadcast-receiver
dezanthas left
Tobiashas joined
Jefhas joined
emchohas left
emchohas joined
emchohas left
Jefhas left
waqashas joined
dwd
simon, You don't happen to know if the SMS "port number" stuff works in Android, do you?
dwd
Oh, turns out it does.
dwd
So that might be more reliable than listening to all SMSs.
dwd
Done my voting.
Kev
Did mine this morning. Not entirely sure how I failed to do it until today.
Kev
I typically do it the moment Alex sends the first mail.
dwd
Yeah, I confess to being busy. I've tried to be as careful as I can with "yes" votes; to the extent of even voting down people I know quite well, which feels a bit weird.