I'm not a physicist either. As a student, some years ago I asked my physics teacher if this conception was right, but I only got pretty elusive answers. It turns out that general relativity and quantum mechanics are not 100% coherent on this point. I suggest you to read this short, a-bit-technical-but-not-too-much essay on the problem: http://quasars.org/photon.txt
Just yesterday I was trying to get a bot working on the TextSecure platform. A vastly disappointing experience: almost not existing libraries, sparse and incomplete documentation, unstable protocol breaking without any kind of notice (https://github.com/JavaJens/TextSecure/issues/6, for example). And still no way to register without a phone, which would be amazing for this kind of project: https://github.com/WhisperSystems/TextSecure/issues/1085
I think Telegram is succeeding in what TextSecure is failing: attracting a widespread community of developers. This is only a confirmation, in my opinion.
EDIT: and, by the way, while Telegram security is no good, I wonder why we cannot have both (security & developer-friendliness)
Try using libtextsecure instead of interacting with websockets directly. We publish artifacts, and while the API might change over time, if you stick with a versioned artifact you'll be good. http://open-whisper-systems.readme.io/v1.0/docs/textsecure-j...
We have a few bots in production that use libtextsecure and have been running fine for almost a year without any maintenance.
Last year I wanted to help out with the TextSecure browser (chrome extension) project and had a similar experience as the OP.
I was a bit at loss about where to begin, as I couldn't find documentation about getting the extension setup for dev/testing. Specifically I couldn't get past the QR-code auth screen as I seemed to be missing some special configuration to connect with the servers.
I just assumed it wasn't really ready for outside devs yet.
I'm happy to see WhisperSystems making contributing more accessible. I probably could have learned this stuff by asking the devs, but I didn't want to bother them, I much prefer reading docs and playing with it myself first.
My language of choice for the bot was Clojure. I was interfacing with libaxolotl-java and basically rebuilding libtextsecure in Clojure (that was months ago).
Yesterday, when I discovered libtextsecure-java (while exploring Github repositories, by the way, I didn't notice your website had been updated in the meantime), I started a rewrite, using README as my primary source of documentation (the only piece of doc I could find, actually).
Ok, so what's this `KeyHelper`? Ok, I'll search on Github. Fine, it's actually `org.whispersystems.libaxolotl.util.KeyHelper` - luckily I knew it was in a completely different project. The same goes for `AxolotlStore`, which is actually `org.whispersystems.libaxolotl.state.AxolotlStore`, and it's not even mentioned on libaxolotl-java README because the latter is outdated.
Then: what is `TrustStore`? Good luck finding out that! Basically it is a wrapper around a binary file - which I had to download from TextSecure source repo without knowing what there was inside, and which by the way is encrypted with the password whisper (documentation: nowhere - thank you @AsamK for your textsecure-cli sources on github).
Ok, and finally figuring out - turning to TextSecure-Server docs - what is a signaling key, what are the specifics for the client-generated password (which by the way is sent over SSL via Basic authentication - probably not the most secure method ever, but probably there are many reason for that) and what is an install ID, I finally had the opportunity to debug obscure security problems on Java and to meet in person a Fedora bug https://bugzilla.redhat.com/show_bug.cgi?id=1167153). Not to mention the fact that apparently libtextsecure-java doesn't work over websockets but only over GCM (https://github.com/WhisperSystems/libtextsecure-java/pull/5) - however I won't be surprised if it did.
A really nightmarish experience. Maybe this summer I'll try to reimplement libtextsecure in another language and then document thoroughly my efforts. Who knows.
Any chance of providing an api that is more friendly to be used from other languages? Java is not the easiest thing to work with.
Also, does this library work on other systems besides android? I've noticed `android` appearing multiple places and google specific api (`GoogleCloudMessaging`).
I'm using Cyanogenmod and I wanted to try TextSecure. There is a version for SMS pre-installed, but I'm not a fan of paying money for 128 bytes of data.
I don't have any Google Services installed.
So I tried finding it on F-Droid, but it wasn't there. I found out there has been a lot of discussion about this. [0][1]
I decided to compile it on my own. That requires to use use Google Libraries, oh well. I managed to get that done and was disappointed when I tried to use it. It also requires to have Google Services installed on your phone for push notifications. I don't have that.
I tried finding a solution, and other people complained about this and there was the idea to use websockets instead of google push notifications [3]. Someone forked TextSecure and started working on it [4].
Unfortunately that fork isn't stable yet, and it doesn't communicate with 'producion' users of TextSecure [5].
This is where I gave up. It shouldn't be so hard to install a free app on a free system.
I had the same experience. I am using CyanogenMod as well and as much as I dislike Google I did install the Play services. I can't even remember why but I think I needed it to use the google voice app.
Anyway, google play apparently tried to auto-update and bricked itself; now it just says "no connection" when I launch the play store.
Last week I tried to install TestSecure but it would not run. It just gave an error message about needing to update play services.
I ended up installing the Telegram app in F-Droid.
What are you saying the comment parent should have bought? TextSecure is free-libre-open-source software, it isn't sold anywhere. It depends on the Google Play Services, and cannot be run effectively if the framework is not installed on the device.
> There is a version for SMS pre-installed, but I'm not a fan of paying money for 128 bytes of data.
I think I misread this as saying there was a paid-for version available for install, but I have no idea how I got that, since it's clear that it's the SMS charge he doesn't want to pay for.
My TextSecure Golang package has a command line client with a simple echo-bot mode included. While the API is far from finished or very clean, it can be used for making simple bots.
Disabling the user-agent breaks quite a few websites as of today, but I agree, it's a good way forward to break the hegemony of certain websites and browsers.
It makes me remember John Locke's An Essay Concerning Humane Understanding[0]
> The Indian before mentioned [...], saying that the world was supported by a great elephant, was asked what the elephant rested on; to which his answer was—a great tortoise: but being again pressed to know what gave support to the broad-backed tortoise, replied—SOMETHING, HE KNEW NOT WHAT
A well-known scientist (some say it was Bertrand Russell) once gave a public lecture on astronomy. He described how the earth orbits around the sun and how the sun, in turn, orbits around the center of a vast collection of stars called our galaxy. At the end of the lecture, a little old lady at the back of the room got up and said: "What you have told us is rubbish. The world is really a flat plate supported on the back of a giant tortoise." The scientist gave a superior smile before replying, "What is the tortoise standing on?" "You're very clever, young man, very clever," said the old lady. "But it's turtles all the way down!"
You're not the only one; this is also my experience. However, I'm prepared to believe others' claims that there are drawbacks involved with doing this on "large" apps. I wonder whether they mostly value this "all routes in one place" technique for the purpose of documentation, and perhaps a simple Flask helper function that printed out all registered routes would be just as useful for them?
It already exists. app.url_map contains the mappings from paths to endpoints.
Personally I treat the flask web as a really thin layer around my other more complex libraries (the core of the application). I use blueprints to group things together but I still try to make sure each of those is very simple, say - routing, data marshalling and session management - but anything more complex lives somewhere else.
Each function inside your views just gets a little data together and proxies it down to the real application.
As you say, maybe it gets more complex as the app grows in size, but to me that sounds like the app is trying to do too much. Over time I've learnt that thinking of your app as a 'flask application' (django, rails, whatever) means that it will grow in a way that's hard to maintain later.
Nope, same here! I personally prefer the routes being near the views as they belong together and most times I can't be bothered looking the route up in a different file like in Django or Rails even. But I guess it all comes down to personal preferences.
For small apps, urls should definitely be defined near views. For larger apps, I would have to disagree. Here's why:
Django's url routing system might be cumbersome when you just want to get going with a few routes. However, it acts as an "index" for all your app's urls when you've got tens (or hundreds) of route definitions. So, instead of opening every view file, you can "tree search" for a specific url path. It is very flexible (which can be a plus and a minus).
Thanks for sharing! Unfortunately, bytes representations are wrong.
As you may now, there is a difference between kilobytes (KB) and kibibytes (KiB), megabytes (MB) and mibibytes (MiB) et cetera. 1 KiB = 1024 bytes = 1.024 KB.
