XMPP is quite power hungry, keeping an open TCP connection, otherwise it's a good protocol, but Facebook has implemented it with quite a number of ugly bugs that can make it really hard to use a decent XMPP client.
You know, that IO stands for Input-Output, output is quite decent on mobile phones (for a chat), keyboards are flaky, but swipe-type ones are quite OK for operating with one hand while walking or standing.
>> privacy (all sms is logged) >> and per-msg charges from providers makes it about the least desirable option.
You seem to think that all chats are SMS. Let me tell you about this wonderful thing, called internet, that has been used to send instant messages without charge for a couple of decades now (ICQ, Odigo, MSN, IRC). Using adequate encryption scheme you can even take back your privacy.
Yeah, because hiding that behaviour and pretending to be an adult is so much healthier. People should evolve, not blame the tools that let them show who they really are.
>> end-all-be-all messaging and communication platform
You mean like Skype, Viber, Line and not so long ago MSN and ICQ. FFS, just turn on the goddamn federation. I don't care for client-server protocol, but just let people from different networks talk to each other.
Well, luckily for MS, google never released source code for their proprietary apps. All in all I see this as a positive thing. Google has been tightening it's grip on android ecosystem, trying to absorb as much of basic APIs into it's proprietary GoogleServices as possible. Maybe this will force them to open up again at least a little bit.
I think open ebook community should thank Adobe for demonstating (at the cost of their reputation and revenues) to everyone who ever did something as stupid as buying a book with Adobe's DRM, what't it's all about and all the dangers of having someone else manage your access to the content you bought right to access. Only through these actions will people learn, as they only listen when they've been hit in their wallet. Luckily, ebook reader (hardware) manufacurers will also learn the hard way, that implementing an obscure DRM scheme is more expensive in the long run (and more damaging to the brand and sales) than partnering up with a shop that not only allows you to buy the books, but even keep them after it changes the technolgy (or goes down in flames) without taking all the books with them.
All that aside - those who suffer from it, deserve it. Hopefully this lesson will be painful enough to remember not to mess with DRMed content any more.
Everybody has a right to decide. It's forcing your decision on others where we draw the line. Everyone can share their opinion regarding other people. Heck, that's called free speech (yeah, I know, you don't have that in US anymore), but stop with the attitude, please. From perspective on a global scale, from humanity as a whole to a local community - it truly is a time wasted and that could have been spent better, from individual perspective, some, I'm sure, would also agree they wasted their time, others will say they had the best time and consider it a time well spent. And yet still everyone is entitled to their opinion and it's expression.
>> Also anything that uses a public key exchange is only secure because certain reversals of transformation are 'hard'. Nope, it's also only secure as long as you verify that the key you have in front of your eyes corresponds to the person you want it correspond to.
>> There is no universality to hard, what is hard for me may not be hard for you..
Actually you might want to refresh your memory a little bit about cryptography. To crack a decent asymmetric cypher it would take more than visible universe working as a computer for time longer than said universe exists. So, there is universality to hard.
>> I support the sentiment of these guys but your code is going to be running on a platform that is largely exploitable by most English speaking foreign governments and possibly well funded crooks.
I don't support their sentiment. If they really wanted to create a secure platform - they could. I'm pretty sure that it's not that hard to check out best practices and analyze the situation before coming up with solutions. a) The only good security - is end-to-end (i.e. data is only unencrypted on endpoints and only people wielding the keys are on the endpoints) b) You verify the keys via a secure channel to prevent tampering (I'm quite convinced NSA is not good enough to fake a live video stream with you holding up a QR code in real time and on a mass scale) c) you should be able to host your own server and have access to both client and server (because otherwise the software might actually be leaking the information).
So, with all that in mind we have people who just want to cash in a check on public outcry about privacy violation and make a quick buck exploiting mass hysteria. For example The Guardian Project are actually doing a secure open source IM, with code available for audit and allowing for end-to-end perfect-forward-secrecy (OTR) encryption and key verification. Now that is the right direction, not cloning yet another IM and telling everyone "Trust us, we're the good guys, we'll protect your privacy, unlike those other guys".
My though exactly. Even if third-party researchers cannot find any vulnerability in the protocol itself, who says there isn't a backdoor in the server part, that will reduce security to 0? Pretty sure they won't open the server part to scrutinity (even if they do, how do we verify that it's the same version running on the actual server?)
I'm pretty sure they omitted the part where users have to exchange keys over trusted channel (or at least a channel that prevents or makes it really hard to tamper with it). And this allows for a mitm attack, so all that fancy encryption is absolutely useless, since the attacker will have both keys and total control. What we need right now is not a gazillion of apps that create the illusion of privacy, but a protocol and a set of standards for federated communication channel (pretty much what XMPP is). Since many claim XMPP is not suitable for modern-day communications I would like to see more effort toward improving it (or creating something from a scratch, if it's so flawed). Because right now the only universal and secure way of communication is email with GPG or SMIME encryption slapped on top of it.
Maybe it would, but those backdoors are worth much more to NSA unpublished. As well as all the data that passes through the vulnerable services. So should you scenario come to life, it would be huge success for endusers, as many vulnerabilities would be closed.
Regarding the article: talk is cheap, show me the code. And let me host this server myself, with inter-server communication. Otherwise it's no better than hangouts, iMessage, Whatsapp, Viber and whatnot else is now trying to be the one and only messaging service. You can't even begin speaking of security if a) you can't audit the code b) you can't control the data.
Very little incentive. Which is a good thing. I don't want crappy free games, that nag me to buy content on every corner. I want the full package for the full price. Current in-app purchase business model hides all the costs in extra items so in total the price comes up to a rather high number. Can't wait till writers implement something like that. "to read how our hero defeated the magic dragon please buy this 5-page abstract". "to get a clue about how the villain tricked the police, please buy this 2-page abstract".
It's a thing that will suck up all of the good google's services to fail miserably, as userbase that is OK with G+ is much smaller that YouTube's and GMail's userbase. And we've already got one facebook, who needs another one, google flavour? It's development is dead in the water after the launch.
But that's the problem. G+ is just fine. Even if it's better than Facebook (look the same to me) then it's not better by a much. Not better enough for others to switch. Why would you switch, if they are pretty much freaking clones.
And shoving G+ down users throats is causing gag reflex, so sad to see company that used to win users by being the best in the field (GMail, Search, YouTube) is down to such cheap promotion methods.
I kind of like G+ at first, but when all this nonsence started with killing off GTalk and replacing it with Hangouts (super-tightly tied into G+), then even stock Gallery on Android is biting the dust, being replaced by G+ Photos (Picasa was shot in the head much earlier). I came to pretty much hate G+, because Google does everything so force me there, sacrificing good projects so this DOA project can sustain some kind of existence.
Content providers pay for connection and bandwidth on their own end. We pay on our end. AT&T is trying to grab cache from both ends at once using extortion tactics: "pay for the content you provide that people want to watch or you'll be screwed royally".
Office 2013 is an abomination and I'd rather it ran off a cliff. The font anti-aliasing and hinting have been broken and make my eyes bleed, the interface is worse than in 2010, less function more showing off. The typing animation, that draws symbols on screen with a second or so delay is even worse (yeah, I understand it's for tablet users, so they don't feel like they're painfully slow when typing, but you could at least disable it on desktops, where it creates the impression of deadly slow computer).
It's journalism of today - throw as many unsupported sensationalist statements out there as possible, try to induce fear, anger or any other emotions, any at all, because this is what sells the papers or gets views for the ads.
Wait, wait, wait. If they federate with some other service, why not federate it with XMPP networks? AFAIK TextSecure uses OTR or some variation of it. And if you make it talk to other xmpp servers out there it's not yet another messenger, it's a step towards future.
Yeah. MS does that - they lose huge market without hope of ever setting foot there again. But still, better to make it quick, then prolong the agony with Windows 8.
>> one that turns out to be the old-generation of the windows logo Well, that is another modifier key, called super in nix type OSes. Quite handy, in fact, if you need to use a lot of keyboard shortcuts.
>> one that engages the right click on the mouse (why?) That brings up a context menu, making keyboard-only navigation in many apps quite fast and convenient (eg. text processor, file manager
>> and one called Alt-Gr That is a very useful key, that allows printing extra characters on standard 101 key keyboards. Quite a handful of EU languages use those on daily basis, not to mention people who know the difference between m-, n- dashes, minus-dash and are not afraid of using other typographic symbols.
But I guess you are one of those kids that think that keyboard could use less keys. I mean who uses all the function keys anyway, right? Then all the other keys, just leave the alphanumeric and you should be set.
Every single messenger is encrypted in the way BBM is encrypted. (at least I hope everyone's learned how to use SSL). The protocol is proprietary, that means there's going to be some hassle to implement OTR for it (you know, the only true encryption - end-to-end).
Slashdot Mirror
XMPP is quite power hungry, keeping an open TCP connection, otherwise it's a good protocol, but Facebook has implemented it with quite a number of ugly bugs that can make it really hard to use a decent XMPP client.
Not a chat client. An instant messaging service with several million users. They are what gives it value, not the client or servers or anything else.
>> The lack of reasonable IO (keyboard)
You know, that IO stands for Input-Output, output is quite decent on mobile phones (for a chat), keyboards are flaky, but swipe-type ones are quite OK for operating with one hand while walking or standing.
>> privacy (all sms is logged)
>> and per-msg charges from providers makes it about the least desirable option.
You seem to think that all chats are SMS. Let me tell you about this wonderful thing, called internet, that has been used to send instant messages without charge for a couple of decades now (ICQ, Odigo, MSN, IRC). Using adequate encryption scheme you can even take back your privacy.
Yeah, because hiding that behaviour and pretending to be an adult is so much healthier. People should evolve, not blame the tools that let them show who they really are.
>> end-all-be-all messaging and communication platform
You mean like Skype, Viber, Line and not so long ago MSN and ICQ. FFS, just turn on the goddamn federation. I don't care for client-server protocol, but just let people from different networks talk to each other.
Well, luckily for MS, google never released source code for their proprietary apps. All in all I see this as a positive thing. Google has been tightening it's grip on android ecosystem, trying to absorb as much of basic APIs into it's proprietary GoogleServices as possible. Maybe this will force them to open up again at least a little bit.
I think open ebook community should thank Adobe for demonstating (at the cost of their reputation and revenues) to everyone who ever did something as stupid as buying a book with Adobe's DRM, what't it's all about and all the dangers of having someone else manage your access to the content you bought right to access. Only through these actions will people learn, as they only listen when they've been hit in their wallet. Luckily, ebook reader (hardware) manufacurers will also learn the hard way, that implementing an obscure DRM scheme is more expensive in the long run (and more damaging to the brand and sales) than partnering up with a shop that not only allows you to buy the books, but even keep them after it changes the technolgy (or goes down in flames) without taking all the books with them.
All that aside - those who suffer from it, deserve it. Hopefully this lesson will be painful enough to remember not to mess with DRMed content any more.
Everybody has a right to decide. It's forcing your decision on others where we draw the line. Everyone can share their opinion regarding other people. Heck, that's called free speech (yeah, I know, you don't have that in US anymore), but stop with the attitude, please. From perspective on a global scale, from humanity as a whole to a local community - it truly is a time wasted and that could have been spent better, from individual perspective, some, I'm sure, would also agree they wasted their time, others will say they had the best time and consider it a time well spent. And yet still everyone is entitled to their opinion and it's expression.
Maybe they should have avoided lying in the first place instead of avoiding to call it what it is now?
>> Also anything that uses a public key exchange is only secure because certain reversals of transformation are 'hard'.
Nope, it's also only secure as long as you verify that the key you have in front of your eyes corresponds to the person you want it correspond to.
>> There is no universality to hard, what is hard for me may not be hard for you..
Actually you might want to refresh your memory a little bit about cryptography. To crack a decent asymmetric cypher it would take more than visible universe working as a computer for time longer than said universe exists. So, there is universality to hard.
>> I support the sentiment of these guys but your code is going to be running on a platform that is largely exploitable by most English speaking foreign governments and possibly well funded crooks.
I don't support their sentiment. If they really wanted to create a secure platform - they could. I'm pretty sure that it's not that hard to check out best practices and analyze the situation before coming up with solutions. a) The only good security - is end-to-end (i.e. data is only unencrypted on endpoints and only people wielding the keys are on the endpoints) b) You verify the keys via a secure channel to prevent tampering (I'm quite convinced NSA is not good enough to fake a live video stream with you holding up a QR code in real time and on a mass scale) c) you should be able to host your own server and have access to both client and server (because otherwise the software might actually be leaking the information).
So, with all that in mind we have people who just want to cash in a check on public outcry about privacy violation and make a quick buck exploiting mass hysteria. For example The Guardian Project are actually doing a secure open source IM, with code available for audit and allowing for end-to-end perfect-forward-secrecy (OTR) encryption and key verification. Now that is the right direction, not cloning yet another IM and telling everyone "Trust us, we're the good guys, we'll protect your privacy, unlike those other guys".
My though exactly. Even if third-party researchers cannot find any vulnerability in the protocol itself, who says there isn't a backdoor in the server part, that will reduce security to 0? Pretty sure they won't open the server part to scrutinity (even if they do, how do we verify that it's the same version running on the actual server?)
I'm pretty sure they omitted the part where users have to exchange keys over trusted channel (or at least a channel that prevents or makes it really hard to tamper with it). And this allows for a mitm attack, so all that fancy encryption is absolutely useless, since the attacker will have both keys and total control. What we need right now is not a gazillion of apps that create the illusion of privacy, but a protocol and a set of standards for federated communication channel (pretty much what XMPP is). Since many claim XMPP is not suitable for modern-day communications I would like to see more effort toward improving it (or creating something from a scratch, if it's so flawed). Because right now the only universal and secure way of communication is email with GPG or SMIME encryption slapped on top of it.
Maybe it would, but those backdoors are worth much more to NSA unpublished. As well as all the data that passes through the vulnerable services. So should you scenario come to life, it would be huge success for endusers, as many vulnerabilities would be closed.
Regarding the article: talk is cheap, show me the code. And let me host this server myself, with inter-server communication. Otherwise it's no better than hangouts, iMessage, Whatsapp, Viber and whatnot else is now trying to be the one and only messaging service. You can't even begin speaking of security if a) you can't audit the code b) you can't control the data.
Very little incentive. Which is a good thing. I don't want crappy free games, that nag me to buy content on every corner. I want the full package for the full price. Current in-app purchase business model hides all the costs in extra items so in total the price comes up to a rather high number.
Can't wait till writers implement something like that. "to read how our hero defeated the magic dragon please buy this 5-page abstract". "to get a clue about how the villain tricked the police, please buy this 2-page abstract".
It's a thing that will suck up all of the good google's services to fail miserably, as userbase that is OK with G+ is much smaller that YouTube's and GMail's userbase. And we've already got one facebook, who needs another one, google flavour? It's development is dead in the water after the launch.
But that's the problem. G+ is just fine. Even if it's better than Facebook (look the same to me) then it's not better by a much. Not better enough for others to switch. Why would you switch, if they are pretty much freaking clones.
And shoving G+ down users throats is causing gag reflex, so sad to see company that used to win users by being the best in the field (GMail, Search, YouTube) is down to such cheap promotion methods.
I kind of like G+ at first, but when all this nonsence started with killing off GTalk and replacing it with Hangouts (super-tightly tied into G+), then even stock Gallery on Android is biting the dust, being replaced by G+ Photos (Picasa was shot in the head much earlier). I came to pretty much hate G+, because Google does everything so force me there, sacrificing good projects so this DOA project can sustain some kind of existence.
Content providers pay for connection and bandwidth on their own end. We pay on our end. AT&T is trying to grab cache from both ends at once using extortion tactics: "pay for the content you provide that people want to watch or you'll be screwed royally".
Office 2013 is an abomination and I'd rather it ran off a cliff. The font anti-aliasing and hinting have been broken and make my eyes bleed, the interface is worse than in 2010, less function more showing off.
The typing animation, that draws symbols on screen with a second or so delay is even worse (yeah, I understand it's for tablet users, so they don't feel like they're painfully slow when typing, but you could at least disable it on desktops, where it creates the impression of deadly slow computer).
Declare open season on PETA drones.
If you don't want to admit you already live in this world, it's fine by me. But please stop trying to pull the blanket over everyone's else eyes.
It's journalism of today - throw as many unsupported sensationalist statements out there as possible, try to induce fear, anger or any other emotions, any at all, because this is what sells the papers or gets views for the ads.
Wait, wait, wait. If they federate with some other service, why not federate it with XMPP networks? AFAIK TextSecure uses OTR or some variation of it. And if you make it talk to other xmpp servers out there it's not yet another messenger, it's a step towards future.
Yeah. MS does that - they lose huge market without hope of ever setting foot there again. But still, better to make it quick, then prolong the agony with Windows 8.
>> one that turns out to be the old-generation of the windows logo
Well, that is another modifier key, called super in nix type OSes. Quite handy, in fact, if you need to use a lot of keyboard shortcuts.
>> one that engages the right click on the mouse (why?)
That brings up a context menu, making keyboard-only navigation in many apps quite fast and convenient (eg. text processor, file manager
>> and one called Alt-Gr
That is a very useful key, that allows printing extra characters on standard 101 key keyboards. Quite a handful of EU languages use those on daily basis, not to mention people who know the difference between m-, n- dashes, minus-dash and are not afraid of using other typographic symbols.
But I guess you are one of those kids that think that keyboard could use less keys. I mean who uses all the function keys anyway, right? Then all the other keys, just leave the alphanumeric and you should be set.
Every single messenger is encrypted in the way BBM is encrypted. (at least I hope everyone's learned how to use SSL). The protocol is proprietary, that means there's going to be some hassle to implement OTR for it (you know, the only true encryption - end-to-end).