So I’m out in Florida for ApacheCon, and it’s been a really fun and useful trip so far. But it got off to a shaky start. After over 8 hours in a tin box flying from London, we get to the hotel in Miami, check in – mercifully brief – and do our best to stay awake until 10pm local time before crashing out. We arrived a couple of days before the conference proper, so plenty of time to adjust.
Picture the scene: 4.30AM local time, the rasping sound of someone sawing wood as I adjust to Florida time.
> Bzzzzzzzzzzz < > Bzzzzzzzzzzzzzzzzz <
Hello, sir. Are you aware your credit card was used in America?
Would that be the same “America” that I filled in the “notify overseas travel” form on your website for a week ago?
At the end of this three minute conversation, I was £3 poorer. Thanks EE.
The truly tragic thing about this exchange (apart from HSBC’s inability to interface with their own systems) is that, back when I was at school (over 10 years ago), I remember reading a piece in PC Pro by Jon Honeyball about this exact situation. He talked about wanting a phone system smart enough to look up his diary in Outlook and tell the caller “it’s 4.30 AM local time where David is, press 1 to wake him up if it’s desperately urgent, but beware of his reaction”. Ten. Years. Ago.
What’s even worse is that this almost exists. Andrews and Arnold have some really cool products including the ability to port your 07 UK mobile number to their VOIP service, which includes the fabled time zone announce feature. OK, so it doesn’t integrate with my calendar, but I’d be quite happy to script that or just set it manually for trips like this one.
So why haven’t I ported my mobile number to their service? It would allow me to use SIP to pick up and make calls over the internet when abroad (this works surprisingly well using WhatsApp, so the bandwidth does exist), cutting out horrendous roaming charges, as well as having the time zone announce and other features.
Unfortunately, there is one crucial piece of the puzzle missing which makes me reluctant to go VOIP+Sip2Sim for my mobile: by default, SIP sends passwords in plain text (updated after twitter conversation with RevK) using a challenge-response and a digest, which feels more vulnerable than simply using TLS on the signalling. This is just about bearable on a fixed-line home or work internet link, but feels risky on a semi-public WiFi network like the conference one here (especially considering the potential financial consequences of a leaked set of VoIP credentials).
AAISP, please fix it so I can drag my mobile number into the 21st century.