 Good morning. Welcome to stage C. Before we start, I would like to remind you this is entirely run by volunteers and we need volunteers most notably for running the audio and video system. We also need people to run the bar, to run the car park and all kind of stuff. So yeah, if you have not volunteered for shifts yet, you should really go to volunteer.emfchem.org. It's crazy, you can sign up and look for shifts that work for you and just sign up and show up at the volunteer tent. But for now, I'll leave you with Sam Machin who is going to talk to you about SMSs. Yes. Right, good morning. My name is Sam Machin, or Machin for those of you who are French. Yes, I know it's comical, Sam's thingy. It's fine. So I work for Nexmo right now. We're a sponsor, and I should say this is kind of a sponsor talk, but I have one slide that just keeps the sales guys a little bit happy. I'm going to try and talk about some technical stuff. So I apologize for the salesy slide, you'll see it. So yeah, my talk today is SMS can do what? We are an SMS API provider platform and voice and other numbers and telecoms-y things. But I'm going to go through some of the kind of more interesting, weirdy little things, clever things you can possibly do in SMS depending on your phone and your carrier a little bit. And it's kind of an interactive demo. So if you've got a phone, get it out and you can play along as we go. I've got numbers for a few countries. So if you're not UK, I've covered a few. And I'm sorry if there aren't the others, but come and see me afterwards and I'll point a number in your country if we've got one and you can play with it later. So this is me, my job title developer advocate. So I supposedly do this stuff for a living now, badly. My email, my Twitter is at sammachin. Everything is at sammachin. I'll put the slides and the code and whatnot online afterwards. Okay, so a little bit of history. SMS, the first text message was sent just before or around Christmas early December 1992. Does anybody know what it said? No, well actually probably when they say this is the first public announced one, I'm sure ones were sent in labs when they were making sure it worked. Merry Christmas, yeah. I think we've got a merry or happy Christmas. It was the irony it was sent to some Vodafone executive at the Vodafone Christmas party because they just got it working. So, you know, the executives are all at the Christmas party getting drunk and the techies are in the lab desperately trying to get the SMS service working for launch, I guess, on 1st of January. So he sent Merry Christmas to his, like, VP's phone. And that was the phone he was carrying at the time. An orbital 901. Battery life, I think, was around 8 to 10 hours. And, you know, there's the handset and then the rest of that was the battery and you kind of had a sling. But the executive probably had somebody to carry his phone around for him. You know, if he needs to come here, I want to make a phone call. Pick it up. At first it was mobile terminated only. So you could only receive messages on handsets. If at my first phone in 98 still, which shows my kind of age, could only receive text messages. I remember getting quite excited when I upgraded to one that I could also send text messages. What was going on? You couldn't send in the UK, at least, across networks. So if you were on Vodafone and somebody else was on Orange, you couldn't send between you until 1998 in the UK. I'm not sure about other countries. But that was kind of a big deal. You had to be on the same network as a friend to send a text message to them. And less like me, you spent New Year's Eve 97, I think it was, working through an entire list of SMS centre numbers, I downloaded off probably a bulletin board, maybe not even the web at the time, reconfiguring my phone so that me and my mate on Vodafone and one-to-one could send messages between each other. We routed our messages to a gateway in South Africa, which meant we could send across network. And it was free. And this was like incredibly cool. I was a very geeky child. But yeah, that was kind of some, you know, some, I've been hacking SMS for quite a while. So probably teaching you guys to suck eggs here, but what is SMS or text messaging as they like to brand it? The short message service is the thing. It's a 140-byte payload sent between a mobile station and a short message service centre. So I'm going to get into all telco talk now. A mobile station is the standard's name for your phone. The short message service centre is a mostly Unix box, somewhere inside your mobile operator's network. There are some out there that still run on VMS as well, which, you know, is a little bit old-school. I think, well, the company that made the VMS-based one has now been merged in with other companies that was Logica. But I'm pretty sure, as of a couple of years ago, certainly there were still carriers running VMS ones. They don't like upgrading stuff very often. They like banks. It uses the telecom's network signalling system, SS7, which Hadley asked me if I was going to talk about SS7 at the beginning of this, and I'm not going to talk much about it. SS7, yeah, it's become quite interesting in recent years. I've kind of, maybe that's the same for years and gone, this is really boring and horrible. This is how telecom's network signal to each other. But there's some really interesting vulnerabilities. The Chaos Computer Club talks last, Christmas before last, had a whole bunch of vulnerabilities. It turns out that basically, if you can connect to the SS7 network, you can pretty much do anything. Because it assumed that only trusted people could connect, and if you connected, you must be a good guy. That worked really well until they started privatizing telcos. Back when telcos were basically governments, it was like, oh no, we can trust each other, we're just governments. And now there are a lot more of them. So I'm not going to really touch on the SS7 side of stuff in this talk, because yes, you can do really cool stuff, but it's still fairly hard to get a connection. This is kind of stuff you can do with your laptop and a little bit of Python and our API. And also probably my bosses wouldn't particularly like it if I talked too much about SS7 hacking. We're not really at that level. Messages, they're stored forward in the message center. So actually, when you send a message, you're not really sending it directly to a phone, you're submitting it to the message center, it's generally traditionally storing it in a database, then looking up where the recipient is and delivering it to them. Kind of like SMTP, I guess. So it is a stored forward-based protocol, which is possibly where some of the delays can come in. So how does SMS work? This is awkward because I can't point at the screen, but if you look on the left, we'll start off here, you have your mobile station down there. The BSS is basically the radio network, base station subsystem. A whole bunch of stuff, towers and controllers and things that makes up the radio network. The MSC mobile switching center is, so there's loads of TLA's in telecoms, three-letter acronyms. The mobile switching center, you submit your messages through there, that's kind of the phone exchange, basically, that's serving your area, your city, typically. So you submit the message through the MSC to the SMSC. So in your phone, somewhere, it's configured an SMSC address, it'll look like a phone number. Normally, it's sort of on the SIM, iPhones do it a little bit differently, but the phone knows where to send it. That was the thing I was changing numbers of back in the 90s, via the ways. So you submit it to your SMSC, your SMSC goes off and looks up in the HLR home location register to say where is this recipient? So it looks like you've sent the number, it says where is this person? It gets back an MSC address for that person and then sends it down back the same kind of way to their MSC. Fairly simple. These little MOFSMs, these are the kind of SS7 messages, mobile originated forward short message. SRISM is send rooting info for short message. So that's the interesting one that you can exploit for all kinds of stuff at SRISM for kind of finding location because basically you can just ask a network which MSC, which often tell you at least which city is this phone in and it'll say, oh, they're here. So you can, banks use it now to tell if you're roaming for card lookups and stuff. So some of your bank, maybe if you've got your mobile number might be querying the location of your phone to find out certainly which country you're in because, you know, if you suddenly spring up and start making transactions in Thailand or something and your phone still says it's in the UK, that's a fraud indicator. And then MTFSM mobile terminated. So I'm going to skip through some of this because it's fairly boring to most of us. The other interesting thing just to point out is when you're sending it cross network, so if I'm sending from 3 to EE, I would always use my home short message center. So the person that's originating it submits the message to there. But that short message center takes care of delivering it directly over the recipient network's mobile center, mobile switching station. So it doesn't kind of route through message centers in your recipient's network. Traditionally, there are then sort of hacks, evolutions that carriers have put in this to sometimes kind of trick it. They know how to route it to a database where we can do filtering and spam and that kind of stuff on there. But this is the sort of standard way of SMS working. Okay, so on to the slightly more next moment stuff. How do companies like us connect? So we're an SMS API so we're doing the badge SMS stuff which I can talk on later if we've got time. But we don't obviously have bunches of handsets sending it. It's not like we've got rows and rows of old Nokia phones with serial cables plugged in and when you submit to our API we're just picking one of those. There are some providers out there that do things like that particularly the sort of spammy ones and stuff but that really doesn't scale to the kind of quantities. So there is another piece in the network called application originated. So we, this circle logo is next to me. We connect into SMSCs basically to carriers around the world via a kind of a whole cell type connection, this SMPP protocol. So now we're back into sort of IP and stuff that's a little bit more web friendly. It's kind of a, well at least internet friendly. So we have these sort of socket connections and these kind of connections that take like six months to get from a carrier and connect up and agree stuff and sign contracts and have 37 conference calls and all that kind of thing. And it's, you know, it's painful. But so we submit messages into a carrier's SMSC which is then delivered to the handset. So we have to kind of take care of knowing which SMSC we're going to send it to. So we typically do that on number ranges. Some countries we look up carriers provide us kind of proprietary APIs, databases to say oh this is where, you know, we give them a number and go is this number yours and they go this number belongs to a Vodafone or something. So we then go okay we'll deliver it to Vodafone. In the UK we just do it on number range. So we'd send to whichever originally your number was on. So if you've got like an orange number that you've now ported to O2 we would send it to orange and they just take care of sending it over the radio network because it's cheaper that way and it kind of balances out. They charge you to look up where the number is and they charge you more to find out what network the number's on than just to transit a message for somebody else. What kind of quirk of pricing. In France I think we have a live database. So yeah that's kind of it. This is the salesy slide. So this is why Nexmo is kind of good. We have lots of connections. Basically we try and be as close to the carriers and stuff as we can. We don't go through. A lot of this industry kind of works on this idea of aggregators and tiers. So traditionally it was set up that if you were like a little hobby developer or small side project and you wanted to maybe spend $20 a year on text messaging and put some credit on with PayPal and send your messages you'd be dealing with a company sort of down at the third or fourth tier and the companies that were connected to the mobile operators were at tier one and there was a kind of aggregation wholesale arrangement but you would actually forward. So you would send your message but it might be forwarded through three or four other companies before it got to the mobile network because mobile networks won't deal with you unless you're going to send them 10,000 messages a month say or something. So then somebody gets that connection and they send them a thousand messages a month and they split it out to 100 messages a month and so on. One of the things we kind of went to do differently was to try and flatten that model and say we'll get all the direct connections and we'll do big fat high volume customers but also we'll have a product that will extend right down to the long tail. So yeah, we have a whole bunch of connections. The interesting thing is that we can deliver to messages to all the three countries in the world. North Korea, strangely enough Svalbard in the Arctic because there's no mobile networks there and somewhere in Western Africa again because there's no mobile networks there. So we pretty much have global reach. We can even deliver to sort of places like Iran and stuff like that. Sometimes do a kind of local partnership but that's our strong point. And we have numbers in about 80 countries right now. So I'll come on to that. Cool. Okay, so that's kind of the sales background. So I should have asked as well but how many people had heard of Nexmo before this talk? One, two, three, four. Okay, that's good. Less is good because then I can kind of say look, I've told all these people about it and I get more brownie points. So I'm going to do some demos. I'll put the number for the UK on all my slides but if you're in Belgium, the Netherlands and Germany I've just literally, I was doing before I started I've also set up numbers in those countries on Nexmo that will work for the demos. So if you've got one of those phones and you'd rather send, don't ask me about roaming costs and if it's expensive and things like that but generally I'm pretty sure even if you're roaming it's cheaper to send a message to your home country than to send an international one because it'll probably come out of your minutes. Standard disclaimers, please phone your carriers, customer services and ask them how much it would be to send a message to this number when you're in the UK. We'll stop for about half an hour now while you're sitting in a queue and wait for them to answer you if you're lucky. And the UK number down the bottom there for 07520619007. Okay. So start off with something really basic. Basic SMS. So we can send 160 characters of text. I said before it was 140 byte payload in SMS but we get 160 characters in that. That's because SMS uses a weird thing called the 7-bit alphabet. So we don't use the standard 8-bit ASCII type alphabet. We use a subset of that, or it does, which is 7-bit. So half the characters basically in ASCII are kind of not supported. Occasionally if you've ever seen a message which has like, replaces often with a question mark on most phones because of a strange character that hasn't come through your phone that's because somebody's sort of not got the encoding quite right and they've tried to use a strange apostrophe or an accent or something like that that hasn't worked. Most of the European characters are certainly supported in the 7-bit alphabet. GSM was a kind of European standard. So they did at least do that. It wasn't just the North American set but so most of the common Grave and, you know, so I guess I'm going to switch to, you know, French, German and Scandinavian certainly have little accenty characters are supported. But yeah, so we send that. 160 characters, you do a weird nibble-swapping, converting 7-bit to 8-bit will just make your brain hurt. I was trying to do this at six o'clock this morning which really wasn't a good idea. So if you want to send hello to that number, you'll just get back a hello world response. This is pretty boring one. But this kind of shows the stuff. So this is then using next to my base. So a virtual mobile number, that 07520 is a number that next to my have and we, I've pointed that at some code that I've got running on Hiroku which just responds based on the word you've sent. So if you just, it doesn't matter if I sort that out, but just send a message saying hello, you should get back hello world. Have somebody done that and got a response? Please wave if I know it's working, that's good. Always a risk. Deploy code half an hour before talk. Okay, so Unicode, or Unicorns. Again, we have 140 bytes but Unicode is a 16-bit encoding character set. So you can send a message as Unicode on most modern handsets now. Certainly iPhone, Android, Windows Phone, that kind of stuff. What that means is you actually only get 70 characters in an SMS instead of the original 140. So if you send emoji, for example, you'll get back a Unicode message which has an emoji in it. If you send emoji. So this is kind of an interesting one to watch out for if you're building stuff and doing things with messaging where you're paying per message. Because if you set Unicode because you're sending emoji or Japanese characters or even some of the extended European character sets and stuff you're limited to 70 or you'll be charged per 70 characters. Our API supports longer messaging but we chunk it up and charge you per 70 characters. The thing that often gets people here is as soon as you put one Unicode character in the message the whole message becomes Unicode. So people are like, oh, I've got my message and I've got one character and now it's costing me twice as much. You've gone to a Unicode character for some internationalization and now you're in 16-bit and trying to explain this in support tickets or even worse over Twitter is not easy. I think I'm just going to slip that bit of the talk and put it on YouTube and send people the link. So yeah, emoji, did that work for anybody? If you do it and it works just wave, shout something. We'll probably want to have questions at the end so yeah, emoji or generally all the Unicode characters support that on the API. Long messages so concatenation. You can obviously send 160 characters of text in a message but within the signaling protocol you can actually say this is part one of up to 255. APIs will support different ones. I believe ours is 10 for most countries but you can join together messages. So if you send long you'll get back a four part SMS but on your hands it'll look like one. This is Bacon Ipsum by the way which is just I believe Dan Nell's prayer he says every night before he goes to bed. So yeah, what you'll find as well is that this will probably take a little bit longer to respond because actually we send four messages back and the network sends those four messages to your phone but your phone will only alert you when it's got all the parts of the message. So the response takes a little bit longer. If you send 255 part message it can take a long time and then it really fills the screen up but it's a great way to kind of spam someone's inbox. So yeah, all messages. At this point you actually have 153 characters per message because it's 134 octets of data in seven bit and you lose six octets for sending the kind of header that says this is a multi-part message part one of X. So it's sliced up slightly less but that response you get back is four sms's, 556 characters and a wave working wow loads of messages. I'm not going to do anything with the numbers by the way at the end of this I don't think I'm even logging the mother than probably the log on my OOG box but I'll bug the code so don't worry I won't be spamming you we don't like spam. Okay flash messaging this is kind of a bit more of an obscure one that people might not have heard of these are kind of, so this is definitely one which may or may not work on every handset on every carrier. Certainly everything I've tested it on in the UK so most iPhone it works fine and on most of the Android handsets but if you just send a flash this is what's sometimes called a class 0 message so the idea of these messages is if you send flash and then lock your phone or go back to the home screen it appears on the home screen of the phone as a pop-up but doesn't save to the inbox or anything by default Android now lets you save the message which is kind of on the iPhone you can't actually save that message and generally the sender ID isn't visible either I forgot to put a message the demo in here but it will just appear and disappear so it's kind of one-time notifications that kind of thing and this message will self-destruct again it was great before Android allowed you to save them you didn't want people to be able to kind of send or you know there were various positive and probably negative uses for that I should buy we do have an acceptable use policy and if you're using it for spam or spoofing or fraud or anything like that we will kind of block you and ban your accounts and stuff so please don't interesting the iPhone now has a little thing at the bottom this is why did I receive that message which now links to a kind of a page on the Apple support thing that says this is a flash sms and kind of explains a little bit of yes it's a text message it's probably spam I think is what they say but you know there are some interesting I'm sure people here will find interesting legitimate uses for it and less legitimate OK so voicemail indicator this is kind of a fun one but the message waiting into it so the way your voicemail system says to your phone you have messages or the little spool indicator as it's sometimes called is actually sent as an sms as a carrier and you can set the number of messages that you have up to 255 messages waiting so if you've got anybody that's really really obsessive about inbox zero and you just want to kind of wind them up a bit so I think I I said 99 in hex which is why it's 153 here but if you get that you should find your message waiting indicator is now saying you have 153 voicemails waiting and you can clear it should I tell yeah OK or we could just ruin your inbox if you send clear I'll reset it, we'd like to set it to zero so I apologize if you did have messages waiting I should have said that at the beginning before you sent it but if you send clear basically sending what you actually do is you don't really clear the message waiting indicator you just say zero messages and the phone kind of sets that back to zero there were a couple of other ones which don't work on the iPhone and a lot of androids but there is within the spec fax waiting indicator as well so instead of a spool you get a little fax icon and email which is only an at and I believe video and I think telex as well so you can set these message there's loads of telex stuff in the sms protocol for some reason I've never seen anybody use it but yeah it's so you know if you want to really wonder why have I got one new fax waiting in my mailbox to somebody you need to find out which handset certainly this was all kind of originally written for the old Nokia's and Ericsson's excuse me which you know did this and I believe actually orange we did even use the fax waiting indicator we did like a fax mailbox on the voicemail thing years ago as everybody's cleared their voicemails that they're not stuck with a massive inbox thing wave if you've got problems and I'll have to come and figure out how to fix it all these words and codes are up now so you can use it later cool okay five minutes this is good okay this this is kind of the last one of the demo there's one other actually I forgot to talk about I mentioned the sender IDs when in numbers you can also send alphanumeric sender IDs so you see sometimes when it's a string of text you can't reply to them but you can set 11 characters so we can set like often you know your bank might use that or the network and something to say from Lloyd's bank and you know there's no verification we do have a kind of block list of if you try and spoof those we have like a black list of numbers you can't you can't set on our network but you could set EMF camp or you know I often send my demos from Sam Machen or Nexmo I think Nexmo's on the block list other than my account actually but yeah you can also set text sorry no because space isn't supported on alphanumeric sender IDs actually it's I believe it's literally it's a very limited character set it's 11 characters and you can't set space and it will get dropped so yeah you can't you could probably do like Leet's beat you know Barclays with a 5 or something like that quite a lot of occasionally seen how these phishing things in the paper you know my elderly mother received a legitimate text message in the same app on her phone and it's like no there's no such thing as a legitimate text message just don't trust text messaging it's a brilliant thing it's really useful but you know don't rely on the sender ID sender IDs can be spoofed very very easily if you had a sender ID as can call an ID which is another whole fun thing to talk about anyway replacement SMS so this is kind of cool this has some really interesting legitimate uses the one we suddenly thought was the kind of two-factor auth sending kind of passwords things like that you can overwrite a message that you've previously sent someone's phone and replace it which you know is cool and also you can really freak people out so right now if you send the only the kind of limitation of this is you have to the first message you send you have to say this is one I'm going to I want to be overwriteable so if you sent a message to somebody last night because you were drunk and you really really want to get rid of that message don't come and ask me to replace it it's too late that's gone but you know if you'd sent it before maybe an app someone wants to build for their phone that you know switches on replacement SMS as soon as they start texting after 10 at night or something would be really handy the morning after would you like to revoke this message genius but yeah so you send a message there's actually 10 replacement or nine replacement slots one to nine you can set so you can say replace message one so you could replace in the last ten only from the same sender via the same message center on the phone so you know you can't overwrite other people's messages possibly if you fake the sender ID but it's not guaranteed it kind of has to be a repeat via the same pipe so we sent show and you guys have all got win so you know you're all winners and now if you send replace it should change some Android phones we found if you're in the inbox and you don't come out and go back it shows them both and as soon as you exit back from the messaging app and back to it it has gone but you can make a message disappear have a wave if that's somebody's had a message disappear and it now all says you've lost isn't it that's kind of cool and that's about it so yeah that's me we've got not really enough time for questions I have about one minute but I should do this one so we have a Nexmo tent down by stage B a little marquee and some blue flags I've got some swag some camping mugs and blankets come and ask me questions come and talk stuff we've also done the messaging app on the badge which hopefully you guys are getting probably now which I think we're giving out a ten so I'm putting out a whole blacker thing cool so there's I'm not sure it's pre-installed or in the App Store you can download the messages app and we'll allocate your phone number if you want to keep that phone number on a Nexmo account after the event sign up for an account come and see me with your account API key username or just the email address and I'll chuck a load of credit on there for you and transfer that number on so you've got the kind of you can keep this stuff running or you can play with this the code and the slides will be online it's a Python Heroku app that's just sending these types of messages from our API thank you very much