<html>
<head>
<meta content="text/html; charset=windows-1252"
http-equiv="Content-Type">
</head>
<body bgcolor="#FFFFFF" text="#000000">
<p style=" margin-top:0px; margin-bottom:0px; margin-left:0px;
margin-right:0px; -qt-block-indent:0; text-indent:0px;
-qt-user-state:0;">Hey, thanks for all the comments!</p>
<p style=" margin-top:0px; margin-bottom:0px; margin-left:0px;
margin-right:0px; -qt-block-indent:0; text-indent:0px;
-qt-user-state:0;">Ring.cx does look good...will try and have a go
soon and see if it actually does as it promises soon!</p>
<p style=" margin-top:0px; margin-bottom:0px; margin-left:0px;
margin-right:0px; -qt-block-indent:0; text-indent:0px;
-qt-user-state:0;">And unfortunately being on debian so far only
have firefox (iceweasel) 38 which isn't supported by jitsi meet,
so i'll have to wait to update before trying that...nice one on
getting a test server up and running John!</p>
<p style=" margin-top:0px; margin-bottom:0px; margin-left:0px;
margin-right:0px; -qt-block-indent:0; text-indent:0px;
-qt-user-state:0;">Cheers,</p>
<p style=" margin-top:0px; margin-bottom:0px; margin-left:0px;
margin-right:0px; -qt-block-indent:0; text-indent:0px;
-qt-user-state:0;">Nick</p>
<br>
<br>
On 10/10/15 12:48, johnc wrote:<br>
<blockquote type="cite">Hi,<br>
<br>
Firefox uses the telecoms company Telefonica to proxy calls. The
calls<br>
are encrypted but not end to end. Interception would be a concern
at the<br>
proxy. A similar situation exist as regards Tokbox.<br>
<br>
There are still major problems with webrtc, the main ones being
the lack<br>
of end to end encryption and the reliance on X509 certs issues by
the<br>
certificate authorities. This blogs post was written by Daniel
Pocock<br>
about a year ago explaining the issues but not much has changed
since then.<br>
<br>
<a class="moz-txt-link-freetext" href="http://danielpocock.com/is-webrtc-private">http://danielpocock.com/is-webrtc-private</a><br>
<br>
On a slightly more positive note, if you run your own trusted
server and<br>
are prepared to carefully check SSL certs have a look at jitsi
meet.<br>
<br>
<a class="moz-txt-link-freetext" href="https://meet.jit.si/">https://meet.jit.si/</a><br>
<a class="moz-txt-link-freetext" href="https://github.com/jitsi/jitsi-meet">https://github.com/jitsi/jitsi-meet</a><br>
<br>
It's a browser based multi-party video conferencing solution. This<br>
rocks! I set it up for work recently as we have sections in a
couple of<br>
other European countries. You can share presentations and even
your<br>
desktop, It's better than a lot of propitiatory solutions.<br>
<br>
If you configure this companion piece of software: jigasi<br>
<br>
<a class="moz-txt-link-freetext" href="https://github.com/jitsi/jigasi">https://github.com/jitsi/jigasi</a><br>
<br>
You can plumb in a regular (insecure) telephone number into a web<br>
conference which is quite useful also.<br>
<br>
<br>
I will build and or demo one of these systems if anyone is
interested at<br>
the next meet up.<br>
<br>
Cheers,<br>
John<br>
<br>
On 06/10/15 23:28, nmd wrote:<br>
> Hi,<br>
<br>
> Thought I'd just resurrect this thread to ask what y'all
think of some<br>
> of the new webrtc offerings out there?<br>
<br>
> Firefox Hello being one of the obvious ones, opentokrtc.com
also allows<br>
> multiple people to video call (without an account), and then
there's<br>
> others like appear.in which use webrtc but appear not to be
fully open<br>
> source (well it says nothing about it, so i don't know if
that just<br>
> means that the server-side is proprietary).<br>
<br>
> Any thoughts on how secure these kind of things are? I
haven't seen any<br>
> support for OTR etc. that desktop voip programs have the
potential for..<br>
<br>
<br>
<br>
> Cheers,<br>
<br>
> Nick<br>
<br>
<br>
<br>
<br>
<br>
> On Friday 16 Jan 2015 14:19:46 you wrote:<br>
<br>
>> That's really useful clarification - thanks!<br>
<br>
>><br>
<br>
>> I agree that not having a track record is a negative cf a
coder who does.<br>
<br>
>> Being able to identify them in meatspace is not the main
issue, having<br>
<br>
>> trust is.<br>
<br>
>><br>
<br>
>> Many thanks for this interesting and important discussion<br>
<br>
>><br>
<br>
>> Keep on hacking!<br>
<br>
>><br>
<br>
>> love<br>
<br>
>><br>
<br>
>> g<br>
<br>
>><br>
<br>
>> On 16 January 2015 at 14:08, johnc
<a class="moz-txt-link-rfc2396E" href="mailto:johnc@aktivix.org"><johnc@aktivix.org></a> wrote:<br>
<br>
> Hash: SHA1<br>
<br>
<br>
<br>
> Hi,<br>
<br>
<br>
<br>
> The tox developer who goes by the name of irungentoo has not
published<br>
<br>
> any other work (at least under that name) that I can find.
I'm more<br>
<br>
> bothered about the lack of a proven track record than
personally<br>
<br>
> identifying the individual to be honest.<br>
<br>
<br>
<br>
> By contrast take ZRTP voice encryption. This was written by
Phil<br>
<br>
> Zimmermann who also wrote PGP (which GPG is based on).
Zimmerman is a<br>
<br>
> respected programmer and cryptographic expert with a proven
track<br>
<br>
> record. Blackphone also comes from the same stable.<br>
<br>
<br>
<br>
> Cheers,<br>
<br>
> John<br>
<br>
<br>
<br>
> On 14/01/15 16:12, Gareth Coleman wrote:<br>
<br>
>> Hiya John<br>
<br>
<br>
<br>
>> Just a thought - would you always put an anonymous author
as a<br>
>> negative?<br>
<br>
<br>
<br>
>> loads of love<br>
<br>
<br>
<br>
>> g<br>
<br>
<br>
<br>
>> On 14 January 2015 at 16:07, johnc <<a class="moz-txt-link-abbreviated" href="mailto:johnc@aktivix.org">johnc@aktivix.org</a><br>
<br>
>> <a class="moz-txt-link-rfc2396E" href="mailto:johnc@aktivix.org"><mailto:johnc@aktivix.org></a>> wrote:<br>
<br>
<br>
<br>
>> I haven't used this yet but have done a little research
on the<br>
>> program:<br>
<br>
<br>
<br>
>> +'s:<br>
<br>
>> - it easy to use<br>
<br>
>> - Available on a range of OS's + devices.<br>
<br>
>> - reasonably decentralised - but I believe it still has
some known<br>
<br>
>> "good/online" user IP's hard coded for bootstrapping like
bitcoin has.<br>
<br>
<br>
<br>
>> -'s:<br>
<br>
>> - Currently no independent security review has been
performed.<br>
<br>
>> - It's DHT implementation is vulnerable to Cybil
attack=> not that<br>
<br>
>> hard<br>
<br>
>> to DOS.<br>
<br>
>> - No group voice chat.<br>
<br>
>> - Main developer (irungentoo) is anonymous.<br>
<br>
<br>
<br>
>> On 01/12/15 22:17, Jim McTwanky wrote:<br>
<br>
>>> .....educated /opinion/......that is.<br>
<br>
>>><br>
<br>
>>> On 11/01/15 20:44, nmd wrote:<br>
<br>
>>>> Hi, Thanks for everyone's suggestions and
thoughts - I tried<br>
<br>
<br>
<br>
>> jitsi and was<br>
<br>
<br>
<br>
>>>> semi-successful (got sound and video working in
one direction<br>
>> and the<br>
<br>
>>>> problems<br>
<br>
>>>> may have been specific to one of the laptops).
Might try that<br>
<br>
<br>
<br>
>> again in the<br>
<br>
<br>
<br>
>>>> future but will also hope that these things get a
bit simpler<br>
<br>
<br>
<br>
>> with time!<br>
<br>
<br>
<br>
>>>> Cheers,<br>
<br>
>>>> Nick<br>
<br>
>>>><br>
<br>
>>>> On 02/01/15 11:26, Tim Dobson wrote:<br>
<br>
>>>>> On 31/12/14 16:24, johnc wrote:<br>
<br>
>>>>>> Some Problems: -Mobile phone specific: --
mobile phones vary<br>
<br>
>>>>>> greatly in their ability to run sip
clients using crypto. I've<br>
>> seen<br>
<br>
>>>>>> sip clients use 100%CPU with awful audio
quality on a few phones<br>
<br>
>>>>>> including high end samsung models. -- The
latency on 3G is<br>
<br>
>>>>>> typically around 1 second. Expect
horrible lag etc. Using WiFi is<br>
<br>
>>>>>> the only way to go unless you are lucky
enough to be on 4G.<br>
<br>
>>>>>> Non mobile phone specific: - ostel's only
server is in the US,<br>
<br>
>>>>>> latency is about 120ms. Not so good if
you are in Europe. We could<br>
<br>
>>>>>> build our own :-). - If you are going to
build an ostel system I<br>
<br>
>>>>>> suggest you include the topology hiding
setup from my wiki or<br>
<br>
>>>>>> elsewhere in your Kamailio config. SIP
leaks IP/location<br>
<br>
>>>>>> information unless you make an effort to
obfuscate it.<br>
<br>
>>>>><br>
<br>
>>>>> One solution I quite like, which works *if*
you:<br>
<br>
>>>>> a) trust the clients to a degree<br>
<br>
>>>>> b) are happy with non-federated, centralised
phone system, with the<br>
<br>
>>>>> PBX as a single point of failure<br>
<br>
>>>>><br>
<br>
>>>>> is:<br>
<br>
>>>>><br>
<br>
>>>>> Your favourite SIP-based PBX system over
OpenVPN.<br>
<br>
>>>>><br>
<br>
>>>>> So, your phone connects to OpenVPN, and then
the sip clients<br>
<br>
<br>
<br>
>> connects<br>
<br>
<br>
<br>
>>>>> to the PBX via SIP, over a VPN.<br>
<br>
>>>>><br>
<br>
>>>>> Pros:<br>
<br>
>>>>> a) as secure as your deployment of OpenVPN<br>
<br>
>>>>> b) removes NAT issues - there aren't any -
the SIP/RTP goes via<br>
<br>
<br>
<br>
>> OpenVPN<br>
<br>
<br>
<br>
>>>>> c) It mostly 'just works' (tested with .bg
client connected to .uk<br>
<br>
>>>>> server with no issues)<br>
<br>
>>>>> d) possible on mobile [android], desktop and
in modern Snom<br>
<br>
<br>
<br>
>> firmwares<br>
<br>
<br>
<br>
>>>>> Cons:<br>
<br>
>>>>> a) nontrival to setup<br>
<br>
>>>>> b) centralised [not federated, and not
designed to be]<br>
<br>
>>>>> c) requires the giving out of VPN
certificates to each client in<br>
<br>
<br>
<br>
>> advance<br>
<br>
<br>
<br>
>>>>> d) SPOF [or compromise] on PBX system<br>
<br>
>>>>> e) not really possible to 'just leave on' on
mobile without<br>
>> emptying<br>
<br>
>>>>> your battery<br>
<br>
>>>>> f) only known to be *super reliable* on Snom
desk phones,<br>
<br>
<br>
<br>
>> connected to<br>
<br>
<br>
<br>
>>>>> an uncongested network<br>
<br>
>>>>> g) certainly not without points of weakness<br>
<br>
>>>>><br>
<br>
>>>>> ---<br>
<br>
>>>>><br>
<br>
>>>>> It's not foolproof. It's not bombproof. But
it is a nice<br>
<br>
<br>
<br>
>> architecture<br>
<br>
<br>
<br>
>>>>> that works for some scenarios. :)<br>
<br>
>>>>><br>
<br>
>>>>> -Tim<br>
<br>
>>>>><br>
<br>
>>>>>
_______________________________________________<br>
<br>
>>>>> HacktionLab mailing list<br>
<br>
>>>>> <a class="moz-txt-link-abbreviated" href="mailto:HacktionLab@lists.aktivix.org">HacktionLab@lists.aktivix.org</a><br>
>> <a class="moz-txt-link-rfc2396E" href="mailto:HacktionLab@lists.aktivix.org"><mailto:HacktionLab@lists.aktivix.org></a><br>
<br>
>>>>>
<a class="moz-txt-link-freetext" href="https://lists.aktivix.org/mailman/listinfo/hacktionlab">https://lists.aktivix.org/mailman/listinfo/hacktionlab</a><br>
<br>
>>>><br>
<br>
>>>> _______________________________________________<br>
<br>
>>>> HacktionLab mailing list<br>
<br>
>>>> <a class="moz-txt-link-abbreviated" href="mailto:HacktionLab@lists.aktivix.org">HacktionLab@lists.aktivix.org</a>
<a class="moz-txt-link-rfc2396E" href="mailto:HacktionLab@lists.aktivix.org"><mailto:HacktionLab@lists.aktivix.org></a><br>
<br>
>>>>
<a class="moz-txt-link-freetext" href="https://lists.aktivix.org/mailman/listinfo/hacktionlab">https://lists.aktivix.org/mailman/listinfo/hacktionlab</a><br>
<br>
>>><br>
<br>
>>> _______________________________________________<br>
<br>
>>> HacktionLab mailing list<br>
<br>
>>> <a class="moz-txt-link-abbreviated" href="mailto:HacktionLab@lists.aktivix.org">HacktionLab@lists.aktivix.org</a>
<a class="moz-txt-link-rfc2396E" href="mailto:HacktionLab@lists.aktivix.org"><mailto:HacktionLab@lists.aktivix.org></a><br>
<br>
>>>
<a class="moz-txt-link-freetext" href="https://lists.aktivix.org/mailman/listinfo/hacktionlab">https://lists.aktivix.org/mailman/listinfo/hacktionlab</a><br>
<br>
>>><br>
<br>
>> _______________________________________________<br>
<br>
>> HacktionLab mailing list<br>
<br>
>> <a class="moz-txt-link-abbreviated" href="mailto:HacktionLab@lists.aktivix.org">HacktionLab@lists.aktivix.org</a>
<a class="moz-txt-link-rfc2396E" href="mailto:HacktionLab@lists.aktivix.org"><mailto:HacktionLab@lists.aktivix.org></a><br>
<br>
>> <a class="moz-txt-link-freetext" href="https://lists.aktivix.org/mailman/listinfo/hacktionlab">https://lists.aktivix.org/mailman/listinfo/hacktionlab</a><br>
<br>
<br>
<br>
>> --<br>
<br>
>> ------------------------<br>
<br>
>> Gareth Coleman<br>
<br>
>> layer zero labs<br>
<br>
>> l0l.org.uk <a class="moz-txt-link-rfc2396E" href="http://l0l.org.uk"><http://l0l.org.uk></a><br>
<br>
<br>
<br>
<br>
>>><br>
<br>
>>> _______________________________________________<br>
<br>
>>> HacktionLab mailing list<br>
<br>
>>> <a class="moz-txt-link-abbreviated" href="mailto:HacktionLab@lists.aktivix.org">HacktionLab@lists.aktivix.org</a><br>
<br>
>>>
<a class="moz-txt-link-freetext" href="https://lists.aktivix.org/mailman/listinfo/hacktionlab">https://lists.aktivix.org/mailman/listinfo/hacktionlab</a><br>
<br>
<br>
<br>
> _______________________________________________<br>
> HacktionLab mailing list<br>
> <a class="moz-txt-link-abbreviated" href="mailto:HacktionLab@lists.aktivix.org">HacktionLab@lists.aktivix.org</a><br>
> <a class="moz-txt-link-freetext" href="https://lists.aktivix.org/mailman/listinfo/hacktionlab">https://lists.aktivix.org/mailman/listinfo/hacktionlab</a><br>
<br>
<br>
</blockquote>
<span style="white-space: pre;">><br>
> _______________________________________________<br>
> HacktionLab mailing list<br>
> <a class="moz-txt-link-abbreviated" href="mailto:HacktionLab@lists.aktivix.org">HacktionLab@lists.aktivix.org</a><br>
> <a class="moz-txt-link-freetext" href="https://lists.aktivix.org/mailman/listinfo/hacktionlab">https://lists.aktivix.org/mailman/listinfo/hacktionlab</a></span><br>
<br>
<br>
</body>
</html>