Skip to main content

This is a new website theme. Help me improve it and give your feedback (opens in a new tab).

Telephony

Mastodon + XMPP + SIP

This is an idea. I haven’t looked at actually doing it yet, but I might.

Mastodon needs complimentary instant messaging and I’ve been thinking about how this might be achieved. XMPP and SIP are great federated protocols and it’s possible to use the same domain used for Mastodon for these through SRV records.

Authentication for XMPP and SIP is based on passwords. Mastodon could be extended to write out password hashes to a database to have one password for each service per device. You could then have those servers query the database and check password hashes. I’m not sure what the security properties of this would be compared to OAuth, but I think it’s similar just without the in-band setup.

Talking to Hackers

Yesterday Ana finished setting up FreePBX for our house, and revived the Cisco SIP phones to make them useful again. Eventphone provides SIP, DECT, GSM and other telephony technologies at hacker events like CCC and also runs a long-running SIP service, known as EPVPN to connect hackerspaces and hackers between events.

We set up our extension as a trunk in FreePBX and could easily test outbound calls, but it was a little more difficult to test inbound calls. There was no system to queue up a test call (at least that I could find) so we needed to find someone to call back manually.

SMS Verification

I’ve received an email today from Barclaycard with the following:

“From time to time, to make sure it’s you who’s using your Barclaycard online, we’ll send you a text with a verification code for you to use on the Verified by Visa screen that’ll pop up on your payment page.”

The proprietary nature of mobile phones with the hardware specifications and the software being closed off from inspection or audit and considered to be trade secrets make my phone and my tablet the least trusted devices I own and use.