[dl-ticket-service] Re: New Android client for DL available

2017-09-23 Thread Amen em hat Ankh 
ok what about that...Idea
---
Frank just installed PokeDL in his mobile device and scans a barcode or QR Code
generated on the his own users page at DL Server or where ever else with the
following data:
{oW97seXRWJGudREl8TQUhYma3Zb8ntSJNoJY2cdsjTu6tFeb6Y9Wmidq7D9RMA2E}
which gets decrypted and translated from PokeDl as
---
server: https://dl.server.com
usertoken: WKNL-4JP7-ER3T-TP8C
timestamp: 20170923184552100
---
PokeDl adds this server to the serverlist.
and confirms at the given server url by sending an encrypted data:
{nzMz8oKrYcMLWmYclRne4iccvXhkWxPLq4QLhfyhZIhtJa77ooFFynpsrdeMmnYy}

within the next, lets say 60 seconds or even less, including the 
-usertoken 
-unique id generated from the hardware id of his mobile device the IMEI
-and his timestamp
just to make the data sent look always different.
---

Frank wants to connect to the server at a given time
PokeDl makes an internal call to:
https://dl.server.yo/GateWatcher.php?data={w7aByYV0nBGiCNbdebNaadDNhsg90LtAm4yTQfQzFBdeghmMOkzQfuqzoTvygvDj}
to get a session permission.
---
the data sent is encrypted information consisting of the Franks 
-usertoken 
-current datetime
-and something else if you want to make it harder...
---
-if Frank registered before:
which he is, his mobile device gets a session permission to down or upload data
-if frank uses different mobile devices his 2'nd or 3'rd IMEI would be
different, and to gain access Frank only needs to scann again for the new
device and confirm the registration like described before.
---
in that constellation Frank would never deal with URLs, usernames or
passwords and no private data is transfered through the net when he down or
uploads stuff, except the the one and only time when he registeres a new device.
---
I wonder if this can be made on android and with php on server of course...
GDay to all...

# # # # # # # # # # # # # # # # # # # # # # # # # #
# ORIGINAL MESSAGE IS FOLLOWING
# # # # # # # # # # # # # # # # # # # # # # # # # #
MsgID: 87efs21t78@wavexx.thregr.org
From: Yuri D'Elia 
Date: Wed, 23 Aug 2017 12:20:27 +0200
Subject: Re: New Android client for DL available

> On Tue, Aug 22 2017, Daniel Berteaud wrote:
> > Those who will configure the software: yes, most likely. But not
> > necessarily those who will use it. What this means is that a advanced
> > user can install and configure the app initially with no issue, and
> > then has this dilemma. He can either uncheck the "unknown sources"
> > checkbox, which will prevent any further update of the app, or let the
> > checkbox, and expose non experienced users to more risks.
> 
> Is it actually possible for android devices to be somehow setup or
> managed by an institution in bulk?
> 
> For example, even if PokeDL was available in the Play Store, do you know
> if there's a way to preset the app settings for you server directly
> during install?
> 
> 
>

Re: [dl-ticket-service] New Android client for DL available

2017-08-22 Thread Amen em hat Ankh 
G'Day to all,
F-Droid should be more than fine. By the way i see a lot of apk urls at GIT. A
hint for the user to download the software from an url and enabling the
checkbox "unknown sources, Allow installation of apps from unknown sources" in
Android settings should do the job fine. Most users who will use the software
will understand whats ment... 

# # # # # # # # # # # # # # # # # # # # # # # # # #
# ORIGINAL MESSAGE IS FOLLOWING
# # # # # # # # # # # # # # # # # # # # # # # # # #
MsgID: cf7adfe5-7ee7-8ab9-3a0a-5836d8efb...@firewall-services.com
From: Daniel Berteaud 
Date: Tue, 22 Aug 2017 15:20:23 +0200
Subject: Re: [dl-ticket-service] New Android client for DL available

> Le 22/08/2017 à 15:10, Yuri D'Elia a écrit :
> > I'm personally opposed to the Play Store, and to the entire
> > Google/PlayStore ecosystem in general.
> >
> > However, if some other Android developer that has already experience
> > with the play store wants to step in and help us, I will not oppose it.
> > I understand the convenience.
> 
> I unfortunately have no experience with this. It's just that asking 
> users to allow unsigned apps to get this is not very appealing, and not 
> something I'd recommend to non experienced users.
> 
> ++
> 
> -- 
> 
> Logo FWS
> 
>   *Daniel Berteaud*
> 
> FIREWALL-SERVICES SAS.
> Société de Services en Logiciels Libres
> Tel : 05 56 64 15 32 
> Visio : http://vroom.fws.fr/dani
> /www.firewall-services.com/
>