Indeed. I had the same issues of "No workey" for my machines as well. It locked up on viewing video status page on all platforms previously.
Im primarily curious if it supports terminating the same data to multiple endpoints. Facebook and other centralized chat servers do that. That functionality guarantees that regardless which machine is logged in, I can get my messages.
I know that recent TOR chat server doesnt. There's a GH issue open to "try to deal with it", with no comments.
I also know that Tox doesn't support the same key with multiple endpoints. That too defeats my purpose of having it on my phone and laptop: I then have to have a new "contact" per device, which easily balloons out of control.
Edit: Am on freenode's irc #ring . They seem asleep. No comments, positive or negative.
First, make sure that you have enabled upnp and nat-pmp on your router and that your machine firewall allows both. The distributed design of ring makes finding peers slow, from 1 to 20 min. Regarding the issues, this is what I've encountered:
1) Text chat works unreliably. Sometimes messages are not delivered even if the other peer was found.
2) Even if upnp and nat-pmp are both working, sometimes you need to open all tcp and udp ports to get ring working.
3) Migration of accounts to ring beta 2 on linux was a total dissaster. It always failed so I had to create a new account.
4) On some computers during a videocall ring makes pulseaudio crash and freeze the system.
Ring has a lot of potential but it's still not ready to replace skype. It works better than qtox though.
Hey, thanks for the response. Upnp is no problem, but my router has no settings for nat-pmp. It does not matter, unreliable chat messages are a dealbreaker, and the same goes for not getting messages sent while the client was offline, as described in a comment above.
I also do not run pulseaudio, if that is a requirement (and it looked like it back then when I looked at it) the linux-client is useless to me.
Pulseaudio is not a requirement, ring can choose ALSA if you prefer.
> but my router has no settings for nat-pmp
Maybe I exagerated a bit. Ring comes by default configured to use TURN and you can also setup STUN. The problem with this is that they are not distributed.
If you want true P2P, you have to use upnp or nat-pmp, Ring can use any of the two. I don't know if it is because I get impatient, but it takes forever to connect. Just upnp should suffice but I get paranoid and think, maybe it's upnp that is not working. Then I enable nat-pmp in the router and open the nat-pmp port in the laptop. Sometimes I get so impatient that I also open (temporarily) every port in the laptop just in case.
> Pulseaudio is not a requirement, ring can choose ALSA if you prefer.
That's great to know :)
I'll keep an eye on Ring. Something like this in a working state would be great, But it should not take forever to connect and should be stable (more or less). According to this thread the project still has a lot to do, and it might be that the p2p approach is just not a good one for the problem at hand. Riot/Matrix looked more promising in that regard.
Ah, thanks I know what happened: I was using an iPhone app to read HN and accessed the link through its built-in browser. I checked again on desktop and you are indeed right, there is info available at the top of the page that I didn't see at first. No digging required.
Unlike so many communication platforms created in this day and age, Ring provides something more than reinventing the wheel and following the latest trends. It is peer-to-peer, which XMPP and Matrix aren't. This is a step forward.
Edit: As some comments note, I previously wrote decentralized while meaning peer-to-peer.
The name registration is done with a blockchain (ring-nameservice) and a DHT (OpenDHT). You can find the information on the wiki in their Tuleap instance.
Seems to be Ethereum... ouch. You'd've hoped people would've come up with a better way of solving Zooko's Triangle than forcing everybody to store an ever-increasing, unprunable amount of data on their devices - that also requires massive amounts of data to be downloaded, wherever you are, even over mobile networks.
In practice, even DNS-based aliases are a better idea, given the tradeoffs.
Ethereum might not have been the best choice, but there are ways they could migrate to another GNU Ring-specific blockchain (therefore a smaller blockchain; there are only so many people who are going to use Ring and they will only want to have so many separate identities) if the Ethereum blockchain really became unmanageably large.
Blockchains grow unmanageably large over time by definition, no matter how application-specific you make them, unfortunately. Ethereum isn't the problem - blockchains are.
That's true, except for the fact that Matrix and XMPP are also distributed. What I really meant is that it uses a DHT for peer discovery and that the peers communicate directly, without using any central server. It is more distributed and more decentralized.
I'm not very familiar with Matrix and new to Ring, but can you explain how Ring is more decentralized than Matrix? I guess Matrix still requires the homeserver, making it somewhat centralized?
Most Matrix users use the matrix.org Synapse installation. If the people running matrix.org decided to stop working with other homeservers, the result would be much the same as what happened when Google and Facebook became less friendly to other XMPP servers and stopped interoperating with them. This is not an issue with Ring.
Respectfully, I disagree slight...while yes most users using matrix DO USE the matrix.org instance, if it does go down, there's nothing stopping users from hosting their own ABCXYZ.org home server - in fact the matrix.org team encourage that. So, there isn't the hard dependency on the matrix.org instance that you might believe.
There would be nothing stopping users from hosting their own homeserver, but there would be something preventing them from communicating with all the users still on matrix.org. And all the users still on matrix.org would stay there because the matrix.org homeserver would provide more value to them, by having more users, than a homeserver that can't communicate with most Matrix users.
Yeah, i see your point...I guess once a popular hub like the matrix.org home server goes "offline", the curve to "re-discover" your colleagues on their own NEW home servers - assuming they even set themselves up on their own self hosted home servers - is a pretty steep curve. Though some users already use their own home servers (like owning their own domain name to use for their email address), plenty of people siomply leverage an account strictly on matrix.org...so yeah, lots of people would "go offline" from the matrix protocol. (I begrudgingly see your point :-)
Matrix is slightly different to XMPP in this respect, as rooms are shared over all participating servers. So if the matrix.org homeserver went down (as it ocassionally does), all the users on other servers continue without impact. As such, it's more like email than XMPP.
Meanwhile we're also working on supporting decentralised accounts in Matrix, so users can pick which set of servers they can use as a homeserver. This then gives the best of both worlds: a simple thinclient protocol that anyone can implement, and knowledge of precisely which servers and devices host your data.
Basically, Ring and Matrix have totally different architectures, and which you use probably depends on what you are optimising for :)
I love P2P but I'm not sure it's the best approach for IM and this kind of application.
In particular it makes difficult to sync message history/contacts, it needs more bandwidth than a client/server application and consequently impacts battery life for mobile devices.
It's not necessary to sync history and contacts between devices in a peer-to-peer way because there is no network externality for synchronizing data. You could use a centralized service to sync the encrypted data. If the centralized service ever does things you don't like, you can change to another centralized service or host your own, and, importantly, you can do so without being affected by what other people do.
Communication platforms provide more value when they have more users, while centralized synchronization services don't provide more value because they have more users. So it's fine for synchronization services to be centralized, while it's not fine for communication platforms to be centralized.
If I own two devices, logged in to a chat service on the same account, and they have different chat histories and contact lists because there's no account sync, I will throw that chat service in the trash can.
I think the best approach is to have a true P2P version for windows and other PC systems and make the mobile client treat your PC as the server, just like WhatsApp web uses your phone to avoid all the syncing.
Take just for example (if it's a feature, I don't know) setting yourself to an away state. In a client-server model you'd just tell the server you're away now with any metadata that goes along with it. Other clients will get that information from the server.
With a p2p model you have to tell every contact's client that you're away and provide any metadata that goes with that information to each individual contact.
To reiterate the away state is just an example off the top of my head, I don't know if this service supports status updates.
I am not sure if P2P is a step forward. P2P is okay when you have a stable connetion, but when it comes to mobile communication you want to have some sort of always-on service to store/buffer your messages.
From the technology perspective I am quite happy with modern XMPP. There are just too few good (up-to-date) clients :-/
For the most part I use 'conversations' and while it is quite a good client for messages, it has no support for calls.
> you want to have some sort of always-on service to store/buffer your messages.
An instance running on a NAS or similar device at home to provide that backlog capability should do the job, no?
I don't know if ring supports that, but the concept is simple and at least as old as bouncers for IRC.
Well, if we take the people who would install ring in the first place and have some tiny server at home that can actually install software I would say the chances go up significantly.
It could use some streamlining, e.g. get it into package managers for whatever distro is running on it, automatic pairing (multicast on the local network), maybe detection of compatible devices.
UX is basically a separate set of problems you have to solve on top of making it work technically.
Well, buffering that kind of stuff, is one of the more complex parts of an XMPP server (XEP-0013, XEP-0160, XEP-0280, XEP-0313). AFAIK IRC bouncers tunnel all the traffic and are not mobile aware. So to reduce battery usage, XMPP has some functionality within the protocol (XEP-0198, XEP-0352). So after optimizing your bouncer approach you will probably come up with what XMPP does (more or less, maybe with a few minor exceptions).
XMPP also knows how to do P2P connections (that is what 'jingle' is actually about, not just calls), but I think that the problems of P2P are actually the reason why there are still so many problems with XMPP calls. I mean if you want to build P2P that 'just-works' you will need STUN/TURN servers and while XMPP servers like ejabberd bring them with a standard installation, TURN servers require a lot of ressources (bandwith). At the same time the others parts of a XMPP server are very lightweight so that the TURN server causes scaling issues.
I don't know about it, but I speak a little VOIP Buzzword, so I'll do my best to explain.
Essentially it's a SIP phone. SIP is a protocol that is used to initiate sessions. So if I want to talk to you (usually using Voice Over Internet Protocol), I can use the Signal Initiation Protocol to send a message saying that I want to talk to you. You respond by saying that you would like to talk to. SIP then sends some configuration information about how we're going to talk than then hands everything over to another protocol (usually something called RTP).
Now, one of the problems with SIP is that while it is peer to peer, you have no real way of discovering your peers. Enter Distributed Hash Tables (DHT). I don't really know how this works, apart from it's how bittorrent clients discover each other without a centralised tracker. But essentially, I think you ping out to the internet saying "I want to talk to X". Someone near to you sees it and says, "I'm not X, but I can get you one step closer to X. Talk to my friend Y". And so you repeat that process until your discover where X is.
Another problem with SIP lies in the peer to peer nature. Normally we don't put out computers right on the internet. For one thing it's really hard to get IPV4 addresses any more. So nobody can actually talk directly to you. Instead we are behind routers that have an external address on the internet and map requests to an internal address on your local network. This is called Network Address Translation (NAT).
So, when we are trying to discover where our friend is, not only do we need to use DHT to inch our way towards them, but we have to traverse NAT as well (what the person thinks their address is, is not the address we see because of NAT). Not only that, but we usually add firewalls on our routers because we don't want just anybody to send traffic on our local area networks.
ICE, STUN, and TURN are ways for a client to discover their external address on the internet as well as the port you need to use to talk to them (the port is the most difficult part to figure out). Once they do that, when they send a request to you, they can tell you what address and port to reply to. In many cases this won't work (and I'm informed by very reputable people that this is because router manufacturers fail to follow the specs... I believe this). So instead of jumping through hoops to discover the port that you need to talk to, there are some standards in place that allow a client to talk to the router and say "I'm expecting my buddy to talk to me on this port. Would you please open a big gaping hole and let the traffic through. I promise I know what I'm doing." Now, sensible people do not allow their routers to do this kind of crazy thing because malware is really good at sending requests to routers and promising to be good. So basically, if you know what you are doing, and have control of your router, you can poke holes in it and make this work. If not, then there is a good chance that you won't be able to communicate to people. This is why all the VOIP services out there use a centralised server (because if you carry all the traffic with a centralised server, both ends can contact the server and it can act as a mediator... the downside is that the server has to physically move all the traffic to ensure that it works).
Now what they are saying is that they have hacked the SIP protocol to discover the other peer using DHT. This is possible because SIP is the most under-defined protocol in the world, except for perhaps HTTP (on which is is based). So you can add whatever the heck extensions you like, and nobody cares. Then they use their NAT traversal techniques (which will work most of the time if you know what you are doing and have control of your equipment) to get to the other side.
I am imagining that for messaging they are simply using one of the many SIP messaging extensions (or they have made their own ... wh...
Yeah, also I realised that I didn't talk about encryption and TLS. I suppose I can say that it sets up a secure connection in the same way that HTTPS does ;-)
> Please note that you shouldn't forget your password as long as you are using the current account. If your forget it, you won't be able to change it or get another one.
I can already see it being mass-adopted by non-tech users. /s
Is "mass adoption by non-tech users" the goal? There are plenty of FOSS projects out there, like Apache, GCC, etc. which are presumably unusable for non-tech users (by definition: if you can use Apache and GCC, you probably count as technical). It doesn't hinder those projects at all, and there are also a bunch of "user friendly" projects which rely on those as key pieces of infrastructure (e.g. many Web sites, and many native executables like games).
Also, as always, the nice thing about FOSS is that anyone is Free to contribute or fork/contribute their own improvements and services, either within the project or alongside, either to scratch an itch or to commercially exploit a niche.
Sure, definition of "social network" is vague enough to allow for semantic massaging into any form anyone wants. The point is that this is not a necessarily a tool to keep up with your social network, but rather a work/collaboration tool. And there is very little competition among those.
I don't need to keep up with my "friends" and their statuses/photos/events/feeds, or "IM" back and forth with someone using cutesy emojis. I need to be able to hold conference calls with presentations displayed to all participants, or shared whiteboard to discuss some design. Stuff like that. And I want to be able to host all this outside of dirty paws of third party corporations and governments.
I'm of course disregarding the abysmal quality and stability of Ring, so all this is just academic anyway. :)
I would surely hope so. Why bother with installing another "universal communication platform" if you will be only able to communicate with a small subset of your contacts. (And all of them will by on skype/whatsapp/whatever-else anyways, since that's where majority of their contacts are as well.)
> Why bother with installing another "universal communication platform"
I haven't installed Skype, WhatsApp, Facebook, Snapchat, Instagram, Telegram, etc. precisely because they're proprietary (the client and/or server). Hence I'm already only able to communicate with a small subset of my contacts. Ring looks rather nice as a fancy way to communicate with people, which previously I've been unable to do whilst preserving my freedom (and I prefer freedom over fancy communication tools). Being p2p also makes it more appealing to me than client/server systems, federated or not (which is why I never got around to setting up matrix, for example).
In that sense, this is rather like GNU being "yet another Unix".
> The JSON byte-stream is compressed using gzip algorithm.
> Then the gzip-stream is encrypted using AES-GCM-256 symmetric cipher with a 256-bits key.
Does this compress-then-encrypt combination introduce a security weakness? It's certainly a problem on the Web, since attackers can learn what's in an encrypted response by getting the server to insert their own strings; e.g. trying the same request many times with different query strings, and seeing which ones result in smaller responses, indicating that the given query string matches somewhere in the document.
It would require the attacker to be able to get their own strings in the payload, but since this JSON contains things like contact info that might be possible.
I'm not completely sure, since "Contact Request" is currently listed as TBD on the wiki, but since the JSON data is apparently limited to trusted user contacts, I assume that they have to be manually confirmed, which would limit the bandwidth of an attack. If the export also requires manual initiation (as the part about manually copying the PIN seems to suggest), this is likely not an issue.
Every time I see "GNU" I fear that it'll be more about "freedom" than actual functionality. Is the product actually any good (or at least on par with Skype, Hangouts, etc) or is this just something for free software fans to brag about with no productive use-case?
The long user ID is a side effect of how (I assume) the protocol works - essentially the user ID is a public key.
However they can easily fix this by offering an official "directory" which allows you to sign up by email/username and stores the username->user ID mapping. It'll allow people who want UX to use this while leaving the use of raw user IDs if people don't want to depend on a central directory server.
For the other issues it's very surprising that Skype (which used to be a P2P protocol) managed to solve them like 10 years ago and yet the Ring people still can't (or don't want to) solve those issues. But hey, freedom is more important than UX so screw it.
The problem is, there's little market for "unbreakable privacy" and that market is already taken by Signal, Threema, etc.. - however since Skype turned to shit there's been a huge market for an easy to use and ubiquitous chat solution. For now the only thing that comes close to that is iMessage but it's Mac-only.
Facebook has video chat and lots of nontechnical people get how to use it. Google has had one for a while but the name keeps changing and they'll likely kill off whatever the latest one is in a year (and it probably works better on android somehow)
Sucks that we can't just revive the design of classic Skype (but open source) before MS ruined it (not that it didn't have wiretapping capabilities before as well: https://en.m.wikipedia.org/wiki/Skype_security ). I guess the linked project is the closest thing to that.
A decentralized key-value store that is tolerant to an active adversary is not a "very simple problem". A block-chain is actually a reasonable solution for this, see [1].
To by-pass the 40 char ID you can use the name registration system offered by Ring and register a username as you like.
The option is available at the account creation and in the settings. you can also use a QRcode on android
> We haven't had time to add contact managing features (adding, editing, etc.) to Ring yet as its not the priority in the alpha stage
The contacts are are present as an internal funtion in Ring, only external sources of contacts are not supported yet.
> The Ring OpenDHT network is new and it may take up to a few minutes to discover Ring nodes around and reach your partner's machine.
It is a worst case scenario, usually takes 10 seconds
> Ring can usually reach computers behind a NAT provided that you have checked the Allow UPnP setting
It also works without uPnP but with less quality (using STUN or TURN)
Fair enough, I didn't get that far. I saw the RingID part of the FAQ and backed out of giving it a go thinking ICQ and that sort of user interaction died in the early 2000s
re: your edit - if there are answers to these problems the FAQ really could do with an update
>> Dust off the old rolodex for those 40 character strings, there's no way to save your contacts.
This has me thinking that IDs could be images. And by images I mean QR codes, or better yet something like the little symbols used on stack overflow. In fact, how about a QR code that is your public key? Now you can send someone your key via a single image rather than copy/pasting a bunch of gibberish. The key image could also contain a fancy border or an actual photo above the QR of the key. So then if you text someone your image/QR and they add that to their contacts, any app that can access the contact info can also get your public key.
Just thinking out loud, er... in text.
And more thinking.. This does not address management of your private key at all.
Facebook messenger has a round profile photo with some kind of circle with a coded pattern in it around the photo. I never tried to scan one but I assume you can.
We can't escape this because the canonical user ID is a public key (IMHO, that's a good thing) however there are some ways to transfer this information easily among users -- copy and paste is trivial and so are QR-codes (which are also nice for face-to-face authentication, but making them obligatory as in Brian is counter-productive).
Tox solved this by having an optional DNS-based username registration system. Not completely distributed, but decentralized and no harder to use than an email address -- with a bonus that it may be an actual email address for people and organizations with their own domain.
Is somewhat sad Tox didn't got used, it was pretty advanced even years ago.
Indeed was expecting to see Tox moving forward. Instead, we see yet another decentralized messenger that will end up repeating the same as the former. Rinse and repeat in a couple of years.. :(
Odd, that's not my experience with GNU software. On a regular basis I use GNU Emacs, GNU R, gimp, and gcc, among other things, and while all have flaws, I don't feel that they're just things for free software fans to brag about without having productive use cases. I certainly use them to get real work done.
You are a technical user and most of those products are aimed at technical users so that's fine - even in the proprietary world I don't expect a tech app to be easy to use.
However here we're talking about a chat client - something that should be easy to use by anyone, including your grandma. And so far, GNU and similar free software projects have failed to ship anything usable by a non-technical user.
Finally, GCC or GIMP doesn't fail because not many people use it whereas a chat client fades into irrelevance if nobody uses it, so even the tech people will abandon it.
Take a look at Mozilla - despite being free and open source they nailed their UX. Go to https://www.mozilla.org/en-GB/firefox/new/ and notice how there's no mention of "open source" nor "mailing list" nor "./configure && make". Instead there's a list of reasons an average user would like to use it and a download button that gives you a ready to use binary.
Voilà. I think a big problem in software dev is that technical people struggle to think like non-technical people. They can't put themselves in the shoes of their grandma or "Joe Six Pack".
I mean, just look at the download page for Spotify on Linux. "repository signing keys", "keyserver", "sudo apt-get". I can see a non-technical person thinking: "WTF is that? Where's the installer? Where's the DMG file?"
I remember an argument with someone on IRC about Linux and the person actually said that everybody should learn commands and those who don't are simply lazy and dumb.
This mentality is problematic and toxic for the cause of FOSS.
Yeah I think that's true, but doesn't have much to do with what the grandparent was complaining about, which is that he/she think the FSF focuses too much on software freedom. Imo what you talk about is true of any software made by technical people who are mostly making it for themselves in their free time, and is seen regardless of the devs' opinion on software licensing. You find it in GNU software, in BSD software, and even in the Windows shareware/freeware scene. More or less, stuff made by power users for power users.
I've been testing it out, and it does not seem like an 1.0 release by any stretch of imagination.
- On a mac, the client crashes regularly. I've been able to register an account and make a video call, but there are several GUI issues (cut labels, missing text fields, etc.) and the name registration didn't seem to work.
- On android, the client acted really weirdly in the beginning. After a while it seems to have stabilized a bit, and I've been able to make a video call (to a mac). The video quality was fine, but the client did not handle screen orientation changes well (my own video feed ended up distorted).
- On linux I haven't been able to make a call, even though text chat worked. It may have been because I don't have a webcam...
All in all, the experience was far from what you would expect from an 1.0 release nowadays. It had major warts on all platforms I tested.
Also, if anyone is curious, you can login with the same account from several devices at the same time. Calls ring on all devices, but text messages are less reliable (they don't always reach all devices). Also, off line devices do not get the messages they missed when you fire the client later on.
I would love and push hard to replace skype/xmpp with a solution of this kind, but I just cannot in the current state of affairs :(
Funny but I last tried it in november of 2016 and I had the same issues as you describe in points 1 and 3. I only tested on Mac and Linux. Wasn't aware of an android version.
Right, this is a very nice project, but obviously not ready for a 1.0 release.
I am frustrated by the lack of technical documentation. For this kind of decentralized projects, full transparency is required.
It took some time before I understood the foundation blocks of the Ring network, using [0] and [1], and yet I'm quite unhappy:
* Many items are very lightly documented, or even "to be disclosed" ;
* The main website does not provide any insight about Ring's internals ;
* Especially, the name registration service is quite obscure and currently not decentralized according to the doc [0].
Yeah I wasn't impressed either, unfortunately it seemed like a combination of cool ideas but lacked any sort of network effect. I mean even an app like Duo by Google is pretty functionless if you don't know anyone using it. This is the primary problem with communication technologies. How do you convince your friends to use it. The other option would be some sort of friend-making mechanism. This is where even marginal social networks can be functional because you can at least see the other people using them.
Also the UI and layout left quite a bit to be desired. Mainly I didn't like how it just ran seemingly crashing in the background occasionally and I never had anyone to talk to one it.
There is a big difference needed when designing free software for individual productivity vs. social software where the usefulness depends upon other people using it and a lot of projects don't get past the cool prototype faze. Since they aren't likely to be seeking VC money to monetize it, then it will probably remain a cool demo for some time. At least the Signal people have tried to make a product that is fully usable by anyone who can install an app.
There is a need for skype replacement, as Microsoft is actively killing it.
What people use skype for:
* chat (many alternatives)
* video calls (many alternatives)
* PSTN gateway (SIP is an alternative. It is handy sometimes, but loosing relevance as IP connectivity is becoming more global)
* conferencing (no good known alternative, which is as simple, ad-hoc)
* screen sharing (many alternatives, but it is ad-hoc, simple.)
* simple file sharing (many alternatives)
Now screen sharing and ad-hoc conferences are very powerful combo, and I'm looking for alternatives, as I'm afraid skype will be totally useless for me in a year or so, if the current trends hold on.
Maybe we have a very different definition of conferencing, but I don't consider skype capable of conferencing. It can't record conferences (including what is presented), it can't pre-share a link to a planned conference to participants, it can't have the organizer mute/unmute others and grant presenter status (critical for larger-scale online conferences), etc...
I use gotomeeting for conferencing. For an ad-hoc conference I just create a meeting and share the link to it across mail/skype/... to all participants.
I said simple ad-hoc conference calls. Like a phone conference, even more simply: just drag and drop some contacts to a call, and they all can participate. (It worked like a charm in skype. you can even share a screen and files and chat with the conference call)
No conference link, no recording, no fancy web-ex like stuff.
If you take a look at recent success stories many had a success through simplicity. Startups, ordinary people, small business don't want the enterprisey complicated stuff where a complete IT department is needed to set up a conference. They like simple stuff that works, and are willing to give up some expectations due to limitations of a tool. (I had to give up far more expectations for enterprisey stuff for consumer stuff)
This could make for a good use of this software. The biggest issue free software such as this have is still adoption by less technically inclined people and a steep learning curve for techies. More effort needs to be put into cognitive reasoning and user planning but these skills aren't typically focused on by computer scientists. Whereas something like this absolutely needs to just work for it to gain traction and be useful for anyone other than niche teams capable of designating it as the defacto tool. If there are obstacles people will usually switch to the lowest common denominator like Google Hangouts or whatever they can use without installing something. It could be a good Skype replacement but the challenge is focusing on usability in conjunction with functionality.
This has been my experience with most of the GNU/Free projects. They suffer from terrible UI/UX although they solve the core problem (P2P for example).
Imo, this is why private startups can out compete those free projects. The private startups focus on delivering a great UI/UX and this matters most to customers/users. Most users don't care privacy anyway. Usability comes first.
I did not understand the joke. I suppose it goes with the view that outside the USA there are no good software developers, well, because these are all second-class countries.
My friends (most of them are French) and I often joke about French people, how they dislike law and order, how they think their country is the best and the worst at the same time, etc. They're often boastful or xenophobic, but I can't see how they are different on programming, computer science or technology. BTW, the usual "joke" portrait of an American is a fat, uneducated and religious guns-lover. Please don't feel offended if you are from the USA; of course, this is far from the individual reality, but each feature is (statistically) over represented in this country, so joking about it make sense.
You shouldn't assume everyone online is American. csomar is from Tunisia [0]—a country which was, for what it's worth, colonized and exploited by the French until 1956. I imagine that might color perceptions.
I stand corrected. That machine is built to resist without doubt. :-)
Was referring to the Peugeot generation that came afterwards around '97 or so. My family had Peugeot on those days and each model they got was problematic. On the other hand, Renault was generally seen in Portugal as more stable and cheaper to repair.
I see some truth in your comment, but then I personally used Skype on Linux and honestly could not conduct a single meeting without 10 times of disconnections... its low quality was another thing.... I am hoping Ring 1.0 live up to high standards and provide a real solution to this Skype mess on Linux!
Yeah, two serious hangs and a crash while making an account on Windows. By the behaviour (seems to be associated with checking for username conflicts), I suspect the issue is latency while half the planet hammer their services making accounts. Needed much better stress testing.
Looks like a Skype clone from 10 years ago to me.
I cannot see this working in the long run. Many people naively think that Skype switched from full p2p to partially p2p to server centric because of some evil plot designed by Microsoft. This is all wrong. Skype abandonned full peer to peer because it does not work if you want something fast, reliable, and feature rich.
1. Asking users to enable upnp is a joke. I would never do that, and anyone doing so should consider the security implications of doing so. Unfortunately, since they want to stay pure p2p they have no other possibility to solve the "both clients behind a NAT router" problem. This is why Skype relies on STUN like protocols => not possible in pure p2p.
2. Peer discovery in pure p2p is SLOW. Skype understood that and switched to hosted "supernodes" with their IPs hard-coded in the client. It's the only way to have reliable peers to introduce you to the network.
3. You WANT dedicated peers with good connection and 100% uptime.
4. You cannot efficiently have shared states in pure p2p without an identity server. That would require the clients to bring their keys with them on every device, not very practical.
5. In case the network collapses, there is no way for it to go up again without supernodes.
You can automatically promote real servers with good uplink and public IPs to be supernodes. This eliminates the whole NAT penetration brain damage (going IPv6 is a possible workaround).
Skype did that, Windows (lol) nodes with good up times and bandwidth were autopromoted as supernodes. This makes the network unfair tho, and encourages these users to use alternatives clients to prevent being a supernode (wasted bandwidth and cpu: who wants this?)
That's exactly what got Skype banned on our university's network back when it still used to do that, because otherwise supernode traffic would have taken a significant portion of the uplink bandwdith.
> Looks like a Skype clone from 10 years ago to me. I cannot see this working in the long run. Many people naively think that Skype switched from full p2p to partially p2p to server centric because of some evil plot designed by Microsoft. This is all wrong. Skype abandonned full peer to peer because it does not work if you want something fast, reliable, and feature rich.
Frankly my experience of Skype now is that I long for Skype from 10 years ago. Purely from a user perspective so I cannot comment on improvements to the backend infrastructure, but these days I find Skype takes up more of my machines resources, runs slower and is less reliable than it has ever been.
> 4. You cannot efficiently have shared states in pure p2p without an identity server. That would require the clients to bring their keys with them on every device, not very practical.
Not sure I understood it correctly, but don't they want to solve this with a blockchain?
Exactly what I mean. Either you have a central server, or you use some kind of distributed store among the peers, but then every client needs to bring his private key on every device. You cannot check your messages on a friend's computer, on your tablet or whatever.
No, you could also store the private key encrypted with the users password in the blockchain. The only difference to a central server is that you lose the ability to regain access to your account if you lose your pw.
10 years ago we didn't have gigabit connections in our homes, and or at our offices. Now that many of us do, P2P is not only viable, but likely better in many cases than supernode based architecture. Ring will likely be around longer than Skype. As long as it is distributed by Linux distros' package managers, it will remain usable. Skype will eventually be shuttered.
While your argument is quite strong, I wouldn't completely dismiss proprietary software such as Skype. Initial Skype release: 2003, so 14 years ago. It has staying power.
This is why I really like the federated client-server model. It's a pretty good compromise between centralized and peer-to-peer. Much easier to wrap your head around than p2p, while only a little more complicated than something centralized.
> This is why Skype relies on STUN like protocols => not possible in pure p2p.
You can have rendezvous servers for holepunching on p2p networks. It doesn't solve the case of unpunchable NATs, but I think if one is aiming for pure P2P then it would be sufficient to inform the user about it that it is "blocked by the network" or something like that.
> 2. Peer discovery in pure p2p is SLOW.
I can do random lookups on the bittorrent DHT (6-8M reachable nodes) that yield their first result in 600ms and returned the bulk of the results in 1500ms. Those queries can be run in parallel without significantly impacting latency.
The only limit are shoddy NAT devices that have their tracking tables saturated by the traffic.
> 4. You cannot efficiently have shared states in pure p2p without an identity server. That would require the clients to bring their keys with them on every device, not very practical.
Pair devices over local wifi/bluetooth/scanning QR code from screen to camera?
Or generate cryptographic identities in a deterministic way from hashed passphrase? I believe ed25519 keys can be created this way.
> 5. In case the network collapses, there is no way for it to go up again without supernodes.
You need bootstrap nodes that can be contacted when the client has no local list of reachable contacts, that's not the same as supernodes.
> Skype abandonned full peer to peer because it does not work if you want something fast, reliable, and feature rich.
Each of those things is a continuum. Yes, certain tradeoffs have to be made if you want a decentralized application. But you're omitting being decentralized and not under control of a single entity as a goal itself.
Bleep, BitTorrent Inc's p2p messaging client, already does a lot of this. It uses the bittorrent DHT for fast peer discovery and does device pairing via QR codes, including p2p state synchronization. We do use a central server for identity lookup based on email/phone number, because squaring Zooko's triangle seemed a bit too ambitious. We also use relay servers to get around NAT so uPnP is typically needed for true p2p operation, but the client still functions just fine without it.
The client itself is closed source, but we have open sourced a key portion of the code which deals with the DHT. https://github.com/bittorrent/scout
The bleep app description says "Bleep is a fun and easy instant messaging app that is completely private."
I find it hard to believe that without audited available source code. A quick search turned up this thread: https://forum.bittorrent.com/topic/30924-open-source/ which seems to indicate that back in 2014, it was unclear if it was going to be open source, and it was thought to be a Skype competitor. The current state of affairs seems to be text and images only, marketing it similar to Snapchat with disappearing messages and claims of privacy (but similarly no way to verify this), and it's the second hit in the iOS App Store for "bleep", having less reviews (at 8) than the top hit, "Bleep!", which is a big red button which presumably makes noise when tapped.
"Each of those things is a continuum. Yes, certain tradeoffs have to be made if you want a decentralized application. But you're omitting being decentralized and not under control of a single entity as a goal itself."
Probably because the top goal, above whatever else they want to do, is that it has to work to let people talk to each other, and work reliably.
The login infrastructure uses a standard auth service, but once that gets going, seems like traffic goes directly from client to client. Avoids the peer discovery but once both (or more) clients know where everyone is, the transport is from client to client (at least it looks that way from tcpdump).
Like FaceTime, Skype abandoned peer to peer connections (via secondary hosts for NAT traversal) because there is a ridiculous patent on that when used for voice or video connections. It worked fine.
The old Fasttrack of Kazaa, which Skype was originally based on, already had static servers for getting the supernode list.
Since the supernodes were just regular customer machines and the system 'borrowed' their bandwidth under the covers it's not a big surprise they switched to hosting them themselves when they switched from illegal file sharing to legal communication. Hosting became cheap anyway.
There is a GNU cryptocurrency project that aims to give the State the power to tax the users of the currency. How can you trust anything with the GNU label after that?
? What does that have to do with anything? The idea behind Taler is that unlike bitcoin, it doesn't try to fly under the radar of the authorities. That makes it a lot more palatable for regular people and greatly curtails the amount of undesirable elements using it that are associated with Bitcoin.
Most people don't go out of their way to be tax cheats.
Bitcoin doesn't try to fly under the radar of the authorities - it just doesn't give backdoors for authorities.
Building currency taxable-first is like building messenger invigilation-first or building social-media censorship-first. Do you imagine Skype selling their software with main feature being that every conversation you have is being sent to authorities "for your protection" or "to fight terrorists"?
Mass surveillance is also the accepted law of the land.
I know you haven't accepted it, but the government you appear to endorse has, and apparently that's all that matters, because I haven't accepted taxation in any form, nor have I accepted the form of law making that creates the power to tax, but I'm taxed anyway.
I'd really rather not relitigate the legitimacy of taxes on HN, but the reason why the currency was created in the way it was has been explained. If it truly bothers you that badly, there are many others.
If taxation was "the price you pay for government services" then people should be taxed in proportion of the total of government services they use -- that's exactly what "the law of the law" says businesses should do when they elaborate their pricing.
GNU Talor is not a cryptocurrency. It's value is entirely derived from the mint (which operates as an exchange for other currencies). You can use it with BTC, USD or sheep.
> aims to give the State the power to tax the users of the currency
Just like ... any other currency? Seriously though, what's your argument? That nobody should be taxed? That BTC should be used for tax evasion?
Also, you're not correct. Only vendors are taxable and auditable under this system. As a business owner this should be seen as a benefit -- you have cryptographic proof of income which can be used if you ever get audited. If you're a business owner who avoids taxes, then it's entirely your own fault.
> How can you trust anything with the GNU label after that?
GNU projects are maintained separately and have wildly different views. The requirements to be part of GNU are mainly related to how you treat users on GNU platforms and probably some management-related things. Emacs is not going to tax you just because Talor is also under the GNU umbrella.
The Mac version warns me that I won't be able to run Ring because of my security settings and directs me to the Mac App Store to look for a newer version. Quite literally rolling on the floor laughing! (No, not literally)
In the Finder, locate the app you want to open. Press the Control key and click the app icon, then choose Open from the shortcut menu. Click Open. I have never seen any Mac app for which I have ever needed to do this. Apple thinks it should warn me that I might have downloaded malware.
Does this mean that GNU did not pay the Apple tax?
Ok but why does nobody want to name any other specific one app that does this?
I feel like I was justified in calling this out, because nobody will actually name an app that does this.
It looks wholly unprofessional to release a 1.0 with this identity warning, unless you're GNU! Then it's fashionable and people will come to your defense, for sticking to free software and libre as in freedom only, like the great St. Ignucius intended. :-)
> Does this mean that GNU did not pay the Apple tax?
GNU or rather, the FSF doesn't generally do releases of GNU software. That's left to the maintainers.
Even if the FSF were willing to pay Apple to sign things, and if it were possible using only free tools, it would be difficult to coordinate with all the maintainers.
This is the brainchild of one the the founders of Savoir-Faire Linux. I was an employee of theirs and had to use this software for internal communications. It rarely works, crashes a lot and employees would crack jokes everytime we were told to use it. The idea is good. The current state of the app is barely useable. They just fired around a third of their employees (after promising to double in size).
I was an employee there too. They have really low salary standard and say that "you get to do open source so it's fine". The best programmers get out of there quick and that's why you don't get high quality software from them.
Their business model is based on using people with temporary work permit (coming from out of Canada, mostly France) who are stuck with them if they don't want to go through the process of obtaining another work permit and have to go back to their country in the meantime.
Its not there yet, but seeing that skype is repositioning itself as a shitty wanabe snapchat/instagram, instead of the conferencing and telephony app, I hope it will mature and become a thing. (Hey microsoft, what will the office365 customers do with skype minutes, when you finish the repositioning?)
They could sell SIP minutes and make it simple to set up, and that could provide a revenue for them.
Love these guys! They're based in Montreal, definitely the biggest Linux-only player I know around here.
> Liberté, Égalité, Fraternité
That's a really bad name for a release. I speak French natively but... Nah.
The criticisms about missing features seem pretty reasonable as well, BUT I'm not afraid of this project being more ideological than practical. For one thing, SFL is in the money business, they are not a charity. For another, sometimes it takes someone to take the extreme "free" approach for someone else to approach the middle ground of "maybe not that free but still distributed".
For something that's free and not foisted upon anyone, there seems to be a lot of negativity here. Okay, so it's not as good as you want it to be. Roll up your sleeves and make it happen.
This idea that open source is somehow immune from criticism is old and tired. If they want to pretend like they're targeting normal people, they need to act like it. This means putting work into things like UX.
How's that stance been working for you? Still waiting to see a single instance of Linux on the desktop of a non-programmer. 99% of people, HN users included, just want something that works. Few people have time to go much around and fix some messaging app when they could simply download a better alternative.
I am unable to create a public account. I get a spinning wheel when I input a public name, and it doesn't do anything else. The create button is disabled until (seemingly) I get a response back telling me my chosen name is okay or not.
Unfortunately, their Web site didn't seem to have any clear way to register an account.
Another point is that searching for contacts only works if you type in their last name. If you try searching for a contact by first name, then they won't show up.
Seeing this makes me really want to add video support to my Firestr (http://firestr.com) project. Also a DHT so I can store public keys and have shorter payloads to share. Alas I am only one man.
190 comments
[ 3.1 ms ] story [ 239 ms ] threadYou can add users on other instances and initiate WebRTC video calls in the chat view.
Im primarily curious if it supports terminating the same data to multiple endpoints. Facebook and other centralized chat servers do that. That functionality guarantees that regardless which machine is logged in, I can get my messages.
I know that recent TOR chat server doesnt. There's a GH issue open to "try to deal with it", with no comments.
I also know that Tox doesn't support the same key with multiple endpoints. That too defeats my purpose of having it on my phone and laptop: I then have to have a new "contact" per device, which easily balloons out of control.
Edit: Am on freenode's irc #ring . They seem asleep. No comments, positive or negative.
All you need to do, is to export the profile and import it, so all devices share the same profile.
Just confirmed from one of the devs!
1) Text chat works unreliably. Sometimes messages are not delivered even if the other peer was found.
2) Even if upnp and nat-pmp are both working, sometimes you need to open all tcp and udp ports to get ring working.
3) Migration of accounts to ring beta 2 on linux was a total dissaster. It always failed so I had to create a new account.
4) On some computers during a videocall ring makes pulseaudio crash and freeze the system.
Ring has a lot of potential but it's still not ready to replace skype. It works better than qtox though.
EDIT: It was ring beta 2, not ring 2
I also do not run pulseaudio, if that is a requirement (and it looked like it back then when I looked at it) the linux-client is useless to me.
Pulseaudio is not a requirement, ring can choose ALSA if you prefer.
> but my router has no settings for nat-pmp
Maybe I exagerated a bit. Ring comes by default configured to use TURN and you can also setup STUN. The problem with this is that they are not distributed.
If you want true P2P, you have to use upnp or nat-pmp, Ring can use any of the two. I don't know if it is because I get impatient, but it takes forever to connect. Just upnp should suffice but I get paranoid and think, maybe it's upnp that is not working. Then I enable nat-pmp in the router and open the nat-pmp port in the laptop. Sometimes I get so impatient that I also open (temporarily) every port in the laptop just in case.
That's great to know :)
I'll keep an eye on Ring. Something like this in a working state would be great, But it should not take forever to connect and should be stable (more or less). According to this thread the project still has a lot to do, and it might be that the p2p approach is just not a good one for the problem at hand. Riot/Matrix looked more promising in that regard.
Edit: As some comments note, I previously wrote decentralized while meaning peer-to-peer.
Is Ring the latter? The 'Discover' and 'FAQ' sections of the website don't seem to answer that question.
In practice, even DNS-based aliases are a better idea, given the tradeoffs.
- "Peer-to-peer" (Ring, Bleep/BittorentChat) and
- "Federated" (Email, Matrix, XMPP/Jabber)
...would be a better way to convey that distinction.
> Secure Connection Failed
> The connection to the server was reset while the page was loading.
> The page you are trying to view cannot be shown because the authenticity of the received data could not be verified.
Most Matrix users use the matrix.org Synapse installation. If the people running matrix.org decided to stop working with other homeservers, the result would be much the same as what happened when Google and Facebook became less friendly to other XMPP servers and stopped interoperating with them. This is not an issue with Ring.
Meanwhile we're also working on supporting decentralised accounts in Matrix, so users can pick which set of servers they can use as a homeserver. This then gives the best of both worlds: a simple thinclient protocol that anyone can implement, and knowledge of precisely which servers and devices host your data.
Basically, Ring and Matrix have totally different architectures, and which you use probably depends on what you are optimising for :)
Communication platforms provide more value when they have more users, while centralized synchronization services don't provide more value because they have more users. So it's fine for synchronization services to be centralized, while it's not fine for communication platforms to be centralized.
With a p2p model you have to tell every contact's client that you're away and provide any metadata that goes with that information to each individual contact.
To reiterate the away state is just an example off the top of my head, I don't know if this service supports status updates.
From the technology perspective I am quite happy with modern XMPP. There are just too few good (up-to-date) clients :-/
For the most part I use 'conversations' and while it is quite a good client for messages, it has no support for calls.
An instance running on a NAS or similar device at home to provide that backlog capability should do the job, no? I don't know if ring supports that, but the concept is simple and at least as old as bouncers for IRC.
Do you really think 99% people care enough to do this?
It could use some streamlining, e.g. get it into package managers for whatever distro is running on it, automatic pairing (multicast on the local network), maybe detection of compatible devices.
UX is basically a separate set of problems you have to solve on top of making it work technically.
XMPP also knows how to do P2P connections (that is what 'jingle' is actually about, not just calls), but I think that the problems of P2P are actually the reason why there are still so many problems with XMPP calls. I mean if you want to build P2P that 'just-works' you will need STUN/TURN servers and while XMPP servers like ejabberd bring them with a standard installation, TURN servers require a lot of ressources (bandwith). At the same time the others parts of a XMPP server are very lightweight so that the TURN server causes scaling issues.
For anyone interessted in the matter I highly recommend taking a look at the 'conversations' website (https://conversations.im/#optimizations).
https://tuleap.ring.cx/plugins/mediawiki/wiki/ring/index.php...
Essentially it's a SIP phone. SIP is a protocol that is used to initiate sessions. So if I want to talk to you (usually using Voice Over Internet Protocol), I can use the Signal Initiation Protocol to send a message saying that I want to talk to you. You respond by saying that you would like to talk to. SIP then sends some configuration information about how we're going to talk than then hands everything over to another protocol (usually something called RTP).
Now, one of the problems with SIP is that while it is peer to peer, you have no real way of discovering your peers. Enter Distributed Hash Tables (DHT). I don't really know how this works, apart from it's how bittorrent clients discover each other without a centralised tracker. But essentially, I think you ping out to the internet saying "I want to talk to X". Someone near to you sees it and says, "I'm not X, but I can get you one step closer to X. Talk to my friend Y". And so you repeat that process until your discover where X is.
Another problem with SIP lies in the peer to peer nature. Normally we don't put out computers right on the internet. For one thing it's really hard to get IPV4 addresses any more. So nobody can actually talk directly to you. Instead we are behind routers that have an external address on the internet and map requests to an internal address on your local network. This is called Network Address Translation (NAT).
So, when we are trying to discover where our friend is, not only do we need to use DHT to inch our way towards them, but we have to traverse NAT as well (what the person thinks their address is, is not the address we see because of NAT). Not only that, but we usually add firewalls on our routers because we don't want just anybody to send traffic on our local area networks.
ICE, STUN, and TURN are ways for a client to discover their external address on the internet as well as the port you need to use to talk to them (the port is the most difficult part to figure out). Once they do that, when they send a request to you, they can tell you what address and port to reply to. In many cases this won't work (and I'm informed by very reputable people that this is because router manufacturers fail to follow the specs... I believe this). So instead of jumping through hoops to discover the port that you need to talk to, there are some standards in place that allow a client to talk to the router and say "I'm expecting my buddy to talk to me on this port. Would you please open a big gaping hole and let the traffic through. I promise I know what I'm doing." Now, sensible people do not allow their routers to do this kind of crazy thing because malware is really good at sending requests to routers and promising to be good. So basically, if you know what you are doing, and have control of your router, you can poke holes in it and make this work. If not, then there is a good chance that you won't be able to communicate to people. This is why all the VOIP services out there use a centralised server (because if you carry all the traffic with a centralised server, both ends can contact the server and it can act as a mediator... the downside is that the server has to physically move all the traffic to ensure that it works).
Now what they are saying is that they have hacked the SIP protocol to discover the other peer using DHT. This is possible because SIP is the most under-defined protocol in the world, except for perhaps HTTP (on which is is based). So you can add whatever the heck extensions you like, and nobody cares. Then they use their NAT traversal techniques (which will work most of the time if you know what you are doing and have control of your equipment) to get to the other side.
I am imagining that for messaging they are simply using one of the many SIP messaging extensions (or they have made their own ... wh...
> Please note that you shouldn't forget your password as long as you are using the current account. If your forget it, you won't be able to change it or get another one.
I can already see it being mass-adopted by non-tech users. /s
Also, as always, the nice thing about FOSS is that anyone is Free to contribute or fork/contribute their own improvements and services, either within the project or alongside, either to scratch an itch or to commercially exploit a niche.
It's hard enough to get people in your network to switch to a _polished_ platform (like Telegram), let alone a mess like this one.
I don't need to keep up with my "friends" and their statuses/photos/events/feeds, or "IM" back and forth with someone using cutesy emojis. I need to be able to hold conference calls with presentations displayed to all participants, or shared whiteboard to discuss some design. Stuff like that. And I want to be able to host all this outside of dirty paws of third party corporations and governments.
I'm of course disregarding the abysmal quality and stability of Ring, so all this is just academic anyway. :)
I would surely hope so. Why bother with installing another "universal communication platform" if you will be only able to communicate with a small subset of your contacts. (And all of them will by on skype/whatsapp/whatever-else anyways, since that's where majority of their contacts are as well.)
I haven't installed Skype, WhatsApp, Facebook, Snapchat, Instagram, Telegram, etc. precisely because they're proprietary (the client and/or server). Hence I'm already only able to communicate with a small subset of my contacts. Ring looks rather nice as a fancy way to communicate with people, which previously I've been unable to do whilst preserving my freedom (and I prefer freedom over fancy communication tools). Being p2p also makes it more appealing to me than client/server systems, federated or not (which is why I never got around to setting up matrix, for example).
In that sense, this is rather like GNU being "yet another Unix".
These don't have to be mutually exclusive.
"Hey, this is John, I forgot my pass again, so I had to recreate the account, again. Add me, plz?"
> Contains private account data.
> It's a JSON compressed and encrypted file.
> The JSON byte-stream is compressed using gzip algorithm.
> Then the gzip-stream is encrypted using AES-GCM-256 symmetric cipher with a 256-bits key.
Does this compress-then-encrypt combination introduce a security weakness? It's certainly a problem on the Web, since attackers can learn what's in an encrypted response by getting the server to insert their own strings; e.g. trying the same request many times with different query strings, and seeing which ones result in smaller responses, indicating that the given query string matches somewhere in the document.
It would require the attacker to be able to get their own strings in the payload, but since this JSON contains things like contact info that might be possible.
The CRL also seems like it might be possible to at least pivot off of, at least if the signing wasn't checked when writing the archive.
> Each RingID has 40 characters
picture an md5 string but with 40chrs to imagine what your userid looks like. Yes, you need to supply this userid to others for them to contact you.
> We haven't had time to add contact managing features (adding, editing, etc.) to Ring yet as its not the priority in the alpha stage
Dust off the old rolodex for those 40 character strings, there's no way to save your contacts.
> The Ring OpenDHT network is new and it may take up to a few minutes to discover Ring nodes around and reach your partner's machine.
It can take minutes to set up a call. Long distance phonecalls in the 80s were faster
> Ring can usually reach computers behind a NAT provided that you have checked the Allow UPnP setting
So no corporate use then.
However they can easily fix this by offering an official "directory" which allows you to sign up by email/username and stores the username->user ID mapping. It'll allow people who want UX to use this while leaving the use of raw user IDs if people don't want to depend on a central directory server.
For the other issues it's very surprising that Skype (which used to be a P2P protocol) managed to solve them like 10 years ago and yet the Ring people still can't (or don't want to) solve those issues. But hey, freedom is more important than UX so screw it.
Sucks that we can't just revive the design of classic Skype (but open source) before MS ruined it (not that it didn't have wiretapping capabilities before as well: https://en.m.wikipedia.org/wiki/Skype_security ). I guess the linked project is the closest thing to that.
This is already the case, you can associate your ID with a user name. Perhaps their FAQ should be updated.
EDIT: It's mentioned in the announcement:
> Support of an Ethereum blockchain as a distributed public user database
Will I have to pay with ETH to have an username linked to my ID?
Not to say it's perfect, for sure.
[1]: http://blog.printf.net/articles/2015/05/29/announcing-gittor...
To by-pass the 40 char ID you can use the name registration system offered by Ring and register a username as you like. The option is available at the account creation and in the settings. you can also use a QRcode on android
> We haven't had time to add contact managing features (adding, editing, etc.) to Ring yet as its not the priority in the alpha stage
The contacts are are present as an internal funtion in Ring, only external sources of contacts are not supported yet.
> The Ring OpenDHT network is new and it may take up to a few minutes to discover Ring nodes around and reach your partner's machine.
It is a worst case scenario, usually takes 10 seconds
> Ring can usually reach computers behind a NAT provided that you have checked the Allow UPnP setting
It also works without uPnP but with less quality (using STUN or TURN)
re: your edit - if there are answers to these problems the FAQ really could do with an update
This has me thinking that IDs could be images. And by images I mean QR codes, or better yet something like the little symbols used on stack overflow. In fact, how about a QR code that is your public key? Now you can send someone your key via a single image rather than copy/pasting a bunch of gibberish. The key image could also contain a fancy border or an actual photo above the QR of the key. So then if you text someone your image/QR and they add that to their contacts, any app that can access the contact info can also get your public key.
Just thinking out loud, er... in text.
And more thinking.. This does not address management of your private key at all.
We can't escape this because the canonical user ID is a public key (IMHO, that's a good thing) however there are some ways to transfer this information easily among users -- copy and paste is trivial and so are QR-codes (which are also nice for face-to-face authentication, but making them obligatory as in Brian is counter-productive).
Tox solved this by having an optional DNS-based username registration system. Not completely distributed, but decentralized and no harder to use than an email address -- with a bonus that it may be an actual email address for people and organizations with their own domain.
Is somewhat sad Tox didn't got used, it was pretty advanced even years ago.
However here we're talking about a chat client - something that should be easy to use by anyone, including your grandma. And so far, GNU and similar free software projects have failed to ship anything usable by a non-technical user.
Finally, GCC or GIMP doesn't fail because not many people use it whereas a chat client fades into irrelevance if nobody uses it, so even the tech people will abandon it.
Take a look at Mozilla - despite being free and open source they nailed their UX. Go to https://www.mozilla.org/en-GB/firefox/new/ and notice how there's no mention of "open source" nor "mailing list" nor "./configure && make". Instead there's a list of reasons an average user would like to use it and a download button that gives you a ready to use binary.
I mean, just look at the download page for Spotify on Linux. "repository signing keys", "keyserver", "sudo apt-get". I can see a non-technical person thinking: "WTF is that? Where's the installer? Where's the DMG file?"
I remember an argument with someone on IRC about Linux and the person actually said that everybody should learn commands and those who don't are simply lazy and dumb.
This mentality is problematic and toxic for the cause of FOSS.
- On a mac, the client crashes regularly. I've been able to register an account and make a video call, but there are several GUI issues (cut labels, missing text fields, etc.) and the name registration didn't seem to work.
- On android, the client acted really weirdly in the beginning. After a while it seems to have stabilized a bit, and I've been able to make a video call (to a mac). The video quality was fine, but the client did not handle screen orientation changes well (my own video feed ended up distorted).
- On linux I haven't been able to make a call, even though text chat worked. It may have been because I don't have a webcam...
All in all, the experience was far from what you would expect from an 1.0 release nowadays. It had major warts on all platforms I tested.
Also, if anyone is curious, you can login with the same account from several devices at the same time. Calls ring on all devices, but text messages are less reliable (they don't always reach all devices). Also, off line devices do not get the messages they missed when you fire the client later on.
I would love and push hard to replace skype/xmpp with a solution of this kind, but I just cannot in the current state of affairs :(
It took some time before I understood the foundation blocks of the Ring network, using [0] and [1], and yet I'm quite unhappy:
* Many items are very lightly documented, or even "to be disclosed" ;
* The main website does not provide any insight about Ring's internals ;
* Especially, the name registration service is quite obscure and currently not decentralized according to the doc [0].
Thanks for the project though, and good luck!
[0]: https://tuleap.ring.cx/plugins/mediawiki/wiki/ring/index.php...
[1]: https://tuleap.ring.cx/plugins/mediawiki/wiki/ring/index.php...
Also the UI and layout left quite a bit to be desired. Mainly I didn't like how it just ran seemingly crashing in the background occasionally and I never had anyone to talk to one it.
There is a big difference needed when designing free software for individual productivity vs. social software where the usefulness depends upon other people using it and a lot of projects don't get past the cool prototype faze. Since they aren't likely to be seeking VC money to monetize it, then it will probably remain a cool demo for some time. At least the Signal people have tried to make a product that is fully usable by anyone who can install an app.
What people use skype for:
* chat (many alternatives)
* video calls (many alternatives)
* PSTN gateway (SIP is an alternative. It is handy sometimes, but loosing relevance as IP connectivity is becoming more global)
* conferencing (no good known alternative, which is as simple, ad-hoc)
* screen sharing (many alternatives, but it is ad-hoc, simple.)
* simple file sharing (many alternatives)
Now screen sharing and ad-hoc conferences are very powerful combo, and I'm looking for alternatives, as I'm afraid skype will be totally useless for me in a year or so, if the current trends hold on.
I use gotomeeting for conferencing. For an ad-hoc conference I just create a meeting and share the link to it across mail/skype/... to all participants.
No conference link, no recording, no fancy web-ex like stuff.
If you take a look at recent success stories many had a success through simplicity. Startups, ordinary people, small business don't want the enterprisey complicated stuff where a complete IT department is needed to set up a conference. They like simple stuff that works, and are willing to give up some expectations due to limitations of a tool. (I had to give up far more expectations for enterprisey stuff for consumer stuff)
This has been my experience with most of the GNU/Free projects. They suffer from terrible UI/UX although they solve the core problem (P2P for example).
Imo, this is why private startups can out compete those free projects. The private startups focus on delivering a great UI/UX and this matters most to customers/users. Most users don't care privacy anyway. Usability comes first.
I did not understand the joke. I suppose it goes with the view that outside the USA there are no good software developers, well, because these are all second-class countries.
My friends (most of them are French) and I often joke about French people, how they dislike law and order, how they think their country is the best and the worst at the same time, etc. They're often boastful or xenophobic, but I can't see how they are different on programming, computer science or technology. BTW, the usual "joke" portrait of an American is a fat, uneducated and religious guns-lover. Please don't feel offended if you are from the USA; of course, this is far from the individual reality, but each feature is (statistically) over represented in this country, so joking about it make sense.
[0] https://web.archive.org/web/20160626074252/https://omarabid....
Who even does that?
On the other hand, that does apply to older Peugeot cars. Can only think on Alfa Romeo as worse car brand to get fixed by commoners.
you mean like the Peugeot 504 http://europe.autonews.com/article/20131204/ANE/131209940/pe... ?
Was referring to the Peugeot generation that came afterwards around '97 or so. My family had Peugeot on those days and each model they got was problematic. On the other hand, Renault was generally seen in Portugal as more stable and cheaper to repair.
[0] https://news.ycombinator.com/item?id=14875272
Contact me using 'gilani' on the Ring distributed communication platform: https://ring.cx
BTW, on Android, I had to setup my username after creating my account.
Looks like a Skype clone from 10 years ago to me. I cannot see this working in the long run. Many people naively think that Skype switched from full p2p to partially p2p to server centric because of some evil plot designed by Microsoft. This is all wrong. Skype abandonned full peer to peer because it does not work if you want something fast, reliable, and feature rich.
1. Asking users to enable upnp is a joke. I would never do that, and anyone doing so should consider the security implications of doing so. Unfortunately, since they want to stay pure p2p they have no other possibility to solve the "both clients behind a NAT router" problem. This is why Skype relies on STUN like protocols => not possible in pure p2p.
2. Peer discovery in pure p2p is SLOW. Skype understood that and switched to hosted "supernodes" with their IPs hard-coded in the client. It's the only way to have reliable peers to introduce you to the network.
3. You WANT dedicated peers with good connection and 100% uptime.
4. You cannot efficiently have shared states in pure p2p without an identity server. That would require the clients to bring their keys with them on every device, not very practical.
5. In case the network collapses, there is no way for it to go up again without supernodes.
Tor has the same problem; it solves it partially by hardcoding directory authorities, and partially with bridges that are distributed offline.
Frankly my experience of Skype now is that I long for Skype from 10 years ago. Purely from a user perspective so I cannot comment on improvements to the backend infrastructure, but these days I find Skype takes up more of my machines resources, runs slower and is less reliable than it has ever been.
Not sure I understood it correctly, but don't they want to solve this with a blockchain?
Heck, Yahoo messenger (1998, 19 years ago), ICQ (1996, 21 years ago) and even AIM (1997, 20 years ago) are still around. And Skype has higher usage than those did: http://www.whoishostingthis.com/blog/2014/10/22/instant-mess...
You can have rendezvous servers for holepunching on p2p networks. It doesn't solve the case of unpunchable NATs, but I think if one is aiming for pure P2P then it would be sufficient to inform the user about it that it is "blocked by the network" or something like that.
> 2. Peer discovery in pure p2p is SLOW.
I can do random lookups on the bittorrent DHT (6-8M reachable nodes) that yield their first result in 600ms and returned the bulk of the results in 1500ms. Those queries can be run in parallel without significantly impacting latency. The only limit are shoddy NAT devices that have their tracking tables saturated by the traffic.
> 4. You cannot efficiently have shared states in pure p2p without an identity server. That would require the clients to bring their keys with them on every device, not very practical.
Pair devices over local wifi/bluetooth/scanning QR code from screen to camera? Or generate cryptographic identities in a deterministic way from hashed passphrase? I believe ed25519 keys can be created this way.
> 5. In case the network collapses, there is no way for it to go up again without supernodes.
You need bootstrap nodes that can be contacted when the client has no local list of reachable contacts, that's not the same as supernodes.
> Skype abandonned full peer to peer because it does not work if you want something fast, reliable, and feature rich.
Each of those things is a continuum. Yes, certain tradeoffs have to be made if you want a decentralized application. But you're omitting being decentralized and not under control of a single entity as a goal itself.
The client itself is closed source, but we have open sourced a key portion of the code which deals with the DHT. https://github.com/bittorrent/scout
I find it hard to believe that without audited available source code. A quick search turned up this thread: https://forum.bittorrent.com/topic/30924-open-source/ which seems to indicate that back in 2014, it was unclear if it was going to be open source, and it was thought to be a Skype competitor. The current state of affairs seems to be text and images only, marketing it similar to Snapchat with disappearing messages and claims of privacy (but similarly no way to verify this), and it's the second hit in the iOS App Store for "bleep", having less reviews (at 8) than the top hit, "Bleep!", which is a big red button which presumably makes noise when tapped.
Probably because the top goal, above whatever else they want to do, is that it has to work to let people talk to each other, and work reliably.
https://app.zyptonite.com/
The login infrastructure uses a standard auth service, but once that gets going, seems like traffic goes directly from client to client. Avoids the peer discovery but once both (or more) clients know where everyone is, the transport is from client to client (at least it looks that way from tcpdump).
The old Fasttrack of Kazaa, which Skype was originally based on, already had static servers for getting the supernode list.
Since the supernodes were just regular customer machines and the system 'borrowed' their bandwidth under the covers it's not a big surprise they switched to hosting them themselves when they switched from illegal file sharing to legal communication. Hosting became cheap anyway.
Stallman wouldn't say open source. But here's his plan: https://www.gnu.org/philosophy/government-free-software.en.h...
Most people don't go out of their way to be tax cheats.
Building currency taxable-first is like building messenger invigilation-first or building social-media censorship-first. Do you imagine Skype selling their software with main feature being that every conversation you have is being sent to authorities "for your protection" or "to fight terrorists"?
There's no good way to tax bitcoin given how it works.
I know you haven't accepted it, but the government you appear to endorse has, and apparently that's all that matters, because I haven't accepted taxation in any form, nor have I accepted the form of law making that creates the power to tax, but I'm taxed anyway.
GNU Talor is not a cryptocurrency. It's value is entirely derived from the mint (which operates as an exchange for other currencies). You can use it with BTC, USD or sheep.
> aims to give the State the power to tax the users of the currency
Just like ... any other currency? Seriously though, what's your argument? That nobody should be taxed? That BTC should be used for tax evasion?
Also, you're not correct. Only vendors are taxable and auditable under this system. As a business owner this should be seen as a benefit -- you have cryptographic proof of income which can be used if you ever get audited. If you're a business owner who avoids taxes, then it's entirely your own fault.
> How can you trust anything with the GNU label after that?
GNU projects are maintained separately and have wildly different views. The requirements to be part of GNU are mainly related to how you treat users on GNU platforms and probably some management-related things. Emacs is not going to tax you just because Talor is also under the GNU umbrella.
Stop spreading FUD.
In the Finder, locate the app you want to open. Press the Control key and click the app icon, then choose Open from the shortcut menu. Click Open. I have never seen any Mac app for which I have ever needed to do this. Apple thinks it should warn me that I might have downloaded malware.
Does this mean that GNU did not pay the Apple tax?
Really? Everyone I know with a Mac (even the non technical people who don't code/do any professional work on their Mac) know how to do this.
I may do it more than weekly, even.
I feel like I was justified in calling this out, because nobody will actually name an app that does this.
It looks wholly unprofessional to release a 1.0 with this identity warning, unless you're GNU! Then it's fashionable and people will come to your defense, for sticking to free software and libre as in freedom only, like the great St. Ignucius intended. :-)
GNU or rather, the FSF doesn't generally do releases of GNU software. That's left to the maintainers.
Even if the FSF were willing to pay Apple to sign things, and if it were possible using only free tools, it would be difficult to coordinate with all the maintainers.
Their business model is based on using people with temporary work permit (coming from out of Canada, mostly France) who are stuck with them if they don't want to go through the process of obtaining another work permit and have to go back to their country in the meantime.
They could sell SIP minutes and make it simple to set up, and that could provide a revenue for them.
Love these guys! They're based in Montreal, definitely the biggest Linux-only player I know around here.
> Liberté, Égalité, Fraternité
That's a really bad name for a release. I speak French natively but... Nah.
The criticisms about missing features seem pretty reasonable as well, BUT I'm not afraid of this project being more ideological than practical. For one thing, SFL is in the money business, they are not a charity. For another, sometimes it takes someone to take the extreme "free" approach for someone else to approach the middle ground of "maybe not that free but still distributed".
Unfortunately, their Web site didn't seem to have any clear way to register an account.
Another point is that searching for contacts only works if you type in their last name. If you try searching for a contact by first name, then they won't show up.