it wasn't perfect anyway because if the owner sent the 1 GBP payment and I returned the 1 GBP to a different account, i wouldn't know the difference
but at least it would still prove the owner had access to the bank acct, sortof
now we use Equifax's advanced BACS check service
it has about a 60% pass rate
in the remaining 40% cases i ask for a hires pic of the debit card
showing the sort/acct, or alternatively a cheque book
in hungary, when you receive the payment you see the sender's full name and bank account number, so you can always return it without depending on them
in the UK, you see a name fragment and that's it
(except danske bank, they give you the sort/acct mostly, but that's the only one bank)
also, there's a bank that allows the bank account owner to set any remitter name (!)
so you could open your bank statement and see 'BILL GATES'
and sometimes we do get funny payments like this
I've begged the bank to stop doing this, it's like the wonder tool for scammers
they don't care.
waxwing
is it easy to get xchat to notify you when someone comes online?
oakpacific
BB-Martino: thanks very much
waxwing: the channel box will change color whenever someone changes his status
but not very conspicuous
waxwing
yeah but like the kind of update you get when your name is mentioned. never mind.
oakpacific
BB-Martino: maybe TLSNotary can be helpful in this case?
waxwing
i think for SWIFT you should always get full details of your payment (if from you). If you receive SWIFT, I have had a case with my own bank where they refused to give the account details of the sending party. It's insane.
oakpacific
waxwing: sorry MH?
oh
right
sorry
waxwing
yeah beta release today
oakpacific
waxwing: 1 minute into the video and after seeing the "smart home" slide, I had a strong impulse to close the tab :)
waxwing
yeah. if it was just IoT stuff i wouldn't be recommending it..
BB-Martino
oakpacific: for tlsnotary both parties have to be online at the same time, yes?
waxwing
yes, auditor and auditee
oakpacific
BB-Martino: yes, but i think the auditor side can be automated
because the auditee can just submit the page, you can choose to look at it whenever you want
BB-Martino
is there a cli version?
something to just accept the audit deposits?
oakpacific
yeah, the key exchange has to be automated as well waxwing
but for a marketplace, the pubkey can stay the same though
BB-Martino
the point is, i wouldn't want to run a virtualmachine just to run a firefox
some cli magic would be great
i can change the IRC network, right?
oakpacific
BB-Martino: yes, it's implemented
BB-Martino
it may not be a good idea to force the users to log in and share the IP publicly just to verify a bank acct
so i'd use one with host masking
waxwing
BB-Martino: if you go into 'Advanced' in the browser page, you can change irc server, port.
BB-Martino
k
waxwing
BB-Martino: also, i'd recommend reading (although boring) the auditor guide in detail
it goes into how to set up your own irc channel, and much more important: how to verify the certificate at the end of the audit process.
BB-Martino
if the decrypted text looks fine, i only have to check that the cert is the same as on the website, right?
waxwing
essentially, yes. but there are some slight foibles in that. but yeah that's the basic point.
we did our best to make it easy to do and watertight
BB-Martino
k will read anyway
waxwing
but on the auditor side it does require going through a set of steps
BB-Martino: i like your host masking point. also all data on irc is RSA encrypted.
BB-Martino
the problem is, i'd have to explain to the auditee to also choose the same IRC server
any chance to make it default to a masked network?
waxwing
BB-Martino: feel free to advise us on that. i myself don't know how that works. i'm guessing dansmith_btc does.
a good idea might be to raise it as an issue on github and write the details there.
BB-Martino
you change the IRC server to something different, that's how it works :)
i didn't say set up a custom IRC server
waxwing
oh you just mean a different server. I see.
BB-Martino
one wiht masking, yes
*th
waxwing
Still, I think an issue on github would be a great way to raise it so we don't forget. and put any detailed suggestions there.
and any other security measures you think of, as well as host masking.
or .. anything else :)
BB-Martino
not sure if i even have a github acct :)
(a giant roadblock that keeps back me from submitting an issue as well as zombies)
waxwing
BB-Martino: ah ok. well no biggie.
BB-Martino: i notice you were asking about cli versions.
we don't have that but we do have the somewhat obscurely placed src/shared/tlsnotary.ini with config variables. mostly not that interesting.
apart from those parameters, not sure if it's worth thinking about having the auditor work via command line. maybe we should.
BB-Martino
well, whatever that allows me not to have a server running an auditor, and people being able to just submit their stuff
waxwing
yeah, come to think of it, we should have set that up.
BB-Martino
without running firefox in a vm
waxwing
yes, yes, i see what you mean.
there isn't anything that you should need to do. please open an issue .. oops :)
no problem, i'll do it. just a bit busy today.
dansmith_btc
hi all, we have a --daemon switch for auditor which allows running it in python only without starting up Firefox.
BB-Martino
sweet.
what about concurrency?
dansmith_btc
you'll have to run a separate auditor instance for each audit session though.
waxwing
dansmith_btc: ah thanks. forgot totally... of course we couldn't do the test suite otherwise. doh!
dansmith_btc
no, we are not that advanced yet - no concurrency yet
BB-Martino
what happens if two auditees try to use it?
say i run a --daemon
and two people decide to do bank verification with it nearly the same time?
dansmith_btc
BB-Martino, that'll work. Each instance of auditor has a unique auditee's key assigned to it. The auditor will only audit someone who presents that key.
So you can have two auditor instances at the same time each expecting a certain customer.
oakpacific
waxwing: ಠ_ಠ
BB-Martino
oh, so i have to launch an instance per audit session specifically
that's doable
dansmith_btc
yes, one instance per session
waxwing
dansmith_btc: are you sure there's no problems there if the auditor is using the same key? i think the handshakes will get confused
hmm maybe it's ok, yeah
auditee is only going to pay attention to messages *he* can decrypt
dansmith_btc
we never tried this in practice, in theory it should work well.
waxwing
right, right
dansmith_btc
we never tried this in practice, in theory it should work well.
The alternative would be to have the auditor always online and ready to process multiple auditees. But that would add complexity.
On of the reason that Python is successful is because it uses GIL which makes it easy to maintain and add new features.
in the same vein, it's best to keep tlsn as single-threaded as possible
oakpacific
waxwing: is that how an aws oracle is exactly going to work?
waxwing
oakpacific: i'm trying to drag myself away from the chan, got stuff to do. maybe dansmith_btc can answer better than me anyway :)
oakpacific
waxwing: np, nothing i ask is of any urgency :)
dansmith_btc
oakpacific, not sure what u asking here. pls define *that*
oakpacific
dansmith_btc: well, that's because it's related to waxwing 's proposal of setting up a tlsntoary aws oracle
dansmith_btc
BB-Martino, if u first run python src/auditor/tlsnotary-auditor.py daemon genkey - you'll get the key which you have to pass onto your auditees
oakpacific
i was really trying to know if the daemon mode was what he had in mind for that
dansmith_btc
BB-Martino, after that you can start a per-auditee instance with python src/auditor/tlsnotary-auditor.py daemon hiskey=<his long key here>
oakpacific, daemon mode was exactly for cases when auditor wants to run on a GUI-less server