As part of Thali we need to enable iOS and Android devices to communicate to each other just using local radios. For reasons explained below the only way we can figure out how to do this involves security issues and user intervention on the iOS side. If anyone has any better way to make this work I’m all ears!Continue reading Android/iOS Local Radio Interop – Oy
Thali uses GitHub’s PRs for code reviews and the UX is not up to the job. There is no good way to track which comments are and are not resolved. There is no good way to see comments when the file they are on has changed. I don’t need much, but I really need that. To solve this problem we want a GitHub based code review tool that is hosted. To this end I reviewed five possibilities, none where great and none really solves the problem. But we’ll at least try out codereviewhub.com.Continue reading A frustrating attempt to improve on GitHub code review
As part of developing Thali we have a series of stories. One of our stories is -1 whose goal is to enable the native discovery and high bandwidth P2P frameworks we have on iOS and Android to successfully work with JXCore’s implementation of Node.js on those platforms. We originally had intended to start with story 0 but we have had enough challenges at the native layer that it made sense for us to just break out a simpler story using TCP/IP sockets rather than the full PouchDB stack as our first baby step. This article explains the simplification.Continue reading Thali’s Story -1 – Getting Node.js and Local P2P to play well
As part of the Thali project we are working on using BLE and Wi-Fi Direct to provide for local discovery. That is, the ability to discover who is around you using BLE/Bluetooth/Wi-Fi. This feature has enormous implications for people’s fundamental rights to privacy as well as personal security. So in this article I try to enumerate what rights I believe users of local presence software must have for such software to be considered ethical. I built these rights based on Kim Cameron’s Laws of Identity.Continue reading A user’s bill of rights for Thali local discovery
As part of Thali we are trying to enable people to easily build peer to peer apps on mobile devices using PouchDB. A problem we have run into is how to implement ACLs in a way that doesn’t cause developers writing on our platform to tear their hair out. I make a proposal below but I have to admit that I have no idea if it’s right or sensible. But I figure we have to start some place. What do you think? You can share your ideas on this blog or better yet, on Thali's mailing list!Continue reading Peer to Peer, ACLs and PouchDB
Three weeks ago I got my sit-stand-walking desk put together (see here for the gory details of how I picked the equipment). In this article I examine my experience. Over all I would say it’s pretty positive. I absolutely can code and walk without serious problem. Typing is actually a genuine joy while walking thanks to iMovR’s Omega keyboard tray. Seriously, it rocks! Mousing is still a bit tricky but it’s honestly not that big of deal. Motion sickness was a bit of a problem early on but I found a way to deal with it. The biggest problem is probably moving my monitors around, the Ergotron arms, especially the one with the iMac, are not fully up to the job. But all things considered the whole setup works and I’m happy.Continue reading Three weeks of walking
Awhile back I ran an analysis to pick a backlog manager for Thali. My winner was Pivotal Tracker and I really like it. It’s super slick. But as an open source project we need to run our backlog out of our GitHub issues so we can manage everything in one place. While Pivotal Tracker has an add-on that provides GitHub issues integration, it’s clearly an afterthought. So I’m back to look at backlog managers that run straight out of GitHub. My winner this time is WaffleContinue reading Picking another backlog manager for Thali
Asking about a system’s performance is usually an invitation to a fight, not to useful data. But I did want some idea of how JXCore, a fork of node.js that runs on mobile OS’s, performed on iOS and Android. See here for more info on JXCore. Since the work I’m doing heavily involves PouchDB I decided to take the PouchDB performance tests and run them in six different environments and compare the results. Over all, one should expect node.js on a modern phone (Android or iOS) to be around 10x slower than on a PC. Which honestly, isn’t that bad when you think about it. I want to give a shout out to Brian Lambert for making the iOS tests happen and to Oguz Bastemur from Nubisa for helping us past various bugs. Oguz was very patient with Brian and I and we really appreciate it.Continue reading Looking at JXCore’s perf
In Thali identities are public keys. But typing in a 4 Kb RSA key or even a 512 bit EC key isn’t exactly easy. So how do users securely exchange their keys? Our original approach was using QRCodes. But lining up the phones, scanning the values, etc. is all a serious pain. So if ultimate security isn’t a requirement our backup plan is to use a variant of Bluetooth’s secure simple pairing with numeric comparison which itself is just an implementation of a coin-flip or commitment protocol. The main downside of this approach is that it provides a 1:1,000,000 chance of an attack succeeding.
[Updated on 3/9/2015 with a new appendix, the last two questions at the end are new.]Continue reading How do we exchange identities in Thali without making our users hate us?