CipherSpeak Research

Jackbox

Active Member
Jan 2, 2016
197
96
74
Firstly, I want to convey the importance of planning and research to deliver superior quality.

For this I will be announcing what TeamSpeak and Discord use:
https://support.discord.com/hc/en-u...744612-Implement-newest-version-of-Opus-v1-3- - at a point Discord had improvements to Opus.
"Enabling the spec fixes in RFC 8251 by default"

"If Discord could transmit in stereo, and at a little higher quality, it would be a FORMIDABLE tool for music producers to work with each other remotely!" - having a music mode may be of use to some folks, even maybe for a charge to unlock that superb level of quality. The steeper bitrates are more taxing after all.

TeamSpeak uses BouncyCastle - https://github.com/bcgit/bc-csharp/tree/1cdf80bc3f540b5531c158dacf4d67976b028fef --- https://www.bouncycastle.org/ .. I think this is overkill and pretty retarded (kindly).

Below quite is sourced from "pretty retarded" href.
Now, I’m not the sort of person to resort to ad-hominem attacks, but when I read an article “Why Do Java Developers Like to Make Things So Hard” (no, I’m not linking, find it yourself) and one of the actual attacks is on myself and my co-developers, well, I feel that deserves a response.
This is what I am pissed about;
Immediately, I ran into the thing I hate most about Java developers. They (as a group) are in love with how clever they can be. The Bouncy Castle code was a morass of Factories, multiple different classes that needed to be configured in order to make everything work right, and even at that I couldn’t get it to work after a day of messing around. The mantra in Java seems to be to never hardwire anything, so that in the hypothetical “someday”, you can rip out class X and put in class Y by just adding a Factory. The end result however, is code that’s confusing to use, hard to maintain, and never seems to be very well documented.
First I’ll share a few things. BouncyCastle is a set of Java cryptographic API’s that implement base algorithms (like AES, DES, MD5) and also includes a bunch of extras like S/MIME and PGP. So, there’s a lot of code there. What’s more it’s been implemented in such a way that the majority of the functionality can run on the J2ME platform as well as be conformant to the Java JCE. And it’s all free. Completely free, more free than the GPL free.
Now, to be completely clear. Fuck you James. We aren’t in love with how clever we are. We do something and give it away so other people can benefit. We do what we do because we enjoy the community and the joy of writing code. Much of the code is a “morass of Factories” because that’s what is required. Using the high level abstractions such as the JCE require that. For our provider to be conformant with the JDK JCE it is required. To get the code to work with the variety of implementations (especially things like IE, Mozilla, PGP, GPG) there needs to be higher levels of abstractions. And the PGP implementation is new, and what’s more the PGP specification is broken and confusing and implemented many different ways. Of course, you don’t care about that. You only care if it worked for you. And what’s more you only care if it worked for you in the time you were willing to spend. Clearly your knowledge of security and crypto is very limited which was also inhibiting your ability to solve your problems. But that didn’t stop you flaunting that ignorance and masking that with an attack.
And onto the specifics. James was trying to use the newly created PGP libraries. Now, we’re the first to admit that we’re not perfect, and the PGP libraries are pretty new and there are bugs in the implementation as we find all the corner cases that exist in the PGP world. However James couldn’t get it to work at all. Now, that’s not a crime as some of this stuff is pretty confusing. So, James asked a question on the mailing list. For 2 days there were responses from the BC developers trying to help James sort out his problem. And then, without a word of thank-you, he’s gone. All of this can be seen in the BC mailing list archives. It turns out it was all too hard for James, so he went and found a Perl library.
As to documentation, well, that’s a perennial problem. One that we’re aware of, but it seems that most people can resolve that issue by themselves without having to attack the project in a public forum. There are examples, but they only cover the most basic operations. Most of the issues on the mailing list have pointed to the difficulty in selecting the correct keys from the PGP keyrings (which appeared to be James’ problem). Interestingly in the latest beta the examples are expanded to show better how to select keys, hopefully that will help people better.
Most of the people who have used the libraries have sorted it out with a minimum of fuss, and not felt the need to have a screaming hissy fit in public about how hard it is. I suppose that says more about the ability of James Turner than it does about the complexity of the libraries, and how certain people feel about taking from an open source project rather than being part of the project. For the benefit of the BC mailing list and the majority of the people who’ve used our libraries, I thank you for your patience, kind words and feedback. You are all the ones that make it worthwhile. I hope that James doesn’t need help from too many other open source projects from here on in, because I’m not sure he’s going to be too welcomed.
I’d be interested to hear from other BC users. Do you all feel the same as James Turner ? Are we nothing more than just a group who are in love with how clever we are ? Or is there some value provided by the project that it’s worth spending some time asking questions on the mailing list, getting help ?

@Splamy made a neat project: https://www.nuget.org/packages/Splamy.TSLib/

... okay enough about all these stupid proprietary apps, onto the true Internet gold:


A lot of neat intel from IETF materials, like this:
Code:
6.1.  Lack of Authentication Can Cause Connection Hijacking

   Applications must use appropriate authentication mechanisms to
   protect their connections from accidental confusion with other
   connections as well as from malicious connection hijacking or
   denial-of-service attacks.  Applications effectively must interact
   with multiple distinct IP address domains, but are not generally
   aware of the exact topology or administrative policies defining these
   address domains.  While attempting to establish connections via
   TCP/UDP hole punching, applications send packets that may frequently
   arrive at an entirely different host than the intended one.

Continuing on to other Internet findings:

Apple
https://developer.apple.com/forums/thread/127317 "I try to build VoIP application on iOS with echo cancellation. For AEC as I understand I need to use Audio Units. The main problem is how to use AVAudioConverter to encode microphone data to Opus?"


Android
https://medium.com/rahasak/opus-codec-for-android-voip-application-7cfe7cd3dd9b (scala and akka)
https://www.zoiper.com/en/support/answer/for/android/15/Audio_codecs - "When the call starts, Zoiper will send its preferred codecs list to the server. The other side will do the same. The first matching codec will be used."

As we can see, there are many ways to work through developing a solution for ICE: STUN/TURN/signaling - WebRTC. So many ways to develop, using SDKs, libraries, frameworks, and various online sources to borrow snippets or use them as encouragement for shaping how you will code a solution.

Long story short, developing software is not hard. It just takes time and deciation!
 

Jackbox

Active Member
Jan 2, 2016
197
96
74
Top