I don't think this is that terrible of an idea, actually. Before PyPI disabled searching, I'd say that the value of centralization was from that, and possibly due to security, but I think any claim of security from a central repo is deluding ourselves these days. There are so many opportunities for supply chain attacks that maybe this isn't actually worse. Requiring pip to refer to a github owner/repo might eliminate some of the squatter problems we have, too.
Neutrinos are generally expected to travel a tiny bit slower than the speed of light. Nobody really expects them to travel at the speed of light even if we are currently unable to measure the tiny difference.
I was a physics student in 1987, when neutrinos were captured from a far-away supernova. I rushed into my professor's office and asked breathlessly: "Does the timing of the observations give us a limit on the mass of the neutrino?"
He calmly replied: Sorry, kid. Somebody already submitted a paper on that.
That raises an interesting thought: Does interstellar space have a non-unity refractive index? If there's any kind of matter out there, then I suppose the answer has to be yes. But I wonder if it's quantifiable.
The term 'speed of light' is somewhat confusing. Just to clarify: there's the universal maximum speed, c; this is the speed with which light travels in the vacuum; in a medium light happens to slow down, while neutrinos do not, the result of which is their moving not slower, but even "faster than light."
the speed of light is based on two specific values of the medium in which the photons are travelling. The permeability and the permittivity, one affects the magnetic the other affects the electric.
Hence by the change of these two values, the speed of light (magnitude) changes. Hence, if we are able to create media in which these values are appropriately specified, we can create media in which the specific speed of light is less than c0 or greater than c0.
It, therefore, may be possible to create a medium in which light will pass through faster than a vacuum.
Sure, push notification needs a central server. But guys, we so badly need a mobile IM that meets similar security standards as this project. Do it, and the world will honor you.
Should the central server be the only missing component of a reliable, secure-paranoid, mobile IM system, I would be happy donating some dollars.
Soon I'll be resuming work on a privacy-conscious push server design, originally intended to enhance the poor user experience of the existing ChatSecure iOS client (OTR/XMPP/Tor).
The general idea is that you'd fetch tokens from the server that allow people to send pushes to you, then distribute them to trusted contacts over an secure channel. Contacts would then be able to send you pushes from any endpoint of choice. Somewhat less metadata than existing solutions, and an opportunity for client diversity.
Actually I myself cloned ChatSecure iOS, built it, and played it for a while. It's a nice app with elegant interface yet lacks push notification. If you plan to improve it, I would be happy to be a beta tester :-)
p.s.
So honest is this app to explicitly state that I need to keep it foreground to receive new message from XMPP server.
Does push "need" a central server? I connect to my IMAP server from K-9 Mail on my OnePlus One running Android using a Tor hidden service. And I have IMAP IDLE turned on, so a persistent connection is maintained. So as soon as an email arrives, it is pushed to my phone and I am notified. With no third party push service involved. And my phones battery still lasts about one and a half to two days.
What about Telegram? Seems to work well for me, and a key thing is it has a desktop client. The thing which annoys me about it though is by default it isn't client-to-client encrypted. When you create a "secret chat" which is fully encrypted, it doesn't work on all your devices.
Telegram's crypto is probably broken - they are using weird 90's and unproven crypto modes instead of normal stuff, and their "crypto challenge" is bogus, if you are to believe tptacek.
They also have attitude of "oh we are smart, you just don't get it", which is not the way anyone should think about cryptography.
Github provides much better integrated experience: source code, issues, docs, etc.
reply