matrix-doc
Synapse
matrix-doc | Synapse | |
---|---|---|
2 | 367 | |
5 | 11,720 | |
- | - | |
0.0 | 9.8 | |
17 days ago | 5 months ago | |
HTML | Python | |
Apache License 2.0 | Apache License 2.0 |
Stars - the number of stars that a project has on GitHub. Growth - month over month growth in stars.
Activity is a relative number indicating how actively a project is being developed. Recent commits have higher weight than older ones.
For example, an activity of 9.0 indicates that a project is amongst the top 10% of the most actively developed projects that we are tracking.
matrix-doc
-
When I invite a new user remotely, I do not verify those people. Is that bad?
There is a "read the QR code visible on the other user's device" method for verifying (technical stuff).
-
E2EE vulnerability in multiple Matrix clients
This is a great example of why key-sharing exists today... and why it shouldn't. In theory, you should be able to pick up and old client and decrypt new messages and history on it absolutely fine. However, in practice, Matrix's E2EE publishes 100 one-time keys (OTKs) on your server to let other devices establish secure 1:1 channels with you if you're offline - and if you go offline and that pool of OTKs exhausts, then new sessions won't get set up and you won't receive keys for new messages... giving the misbehaviour you're seeing.
Now, you're right that key-sharing is a useful way to fudge around that failure mode.
But an even better way to fix it would be to find a way to stop the OTK pool exhausting - and that's precisely what MSC2732 is: https://github.com/uhoreg/matrix-doc/blob/fallback_keys/prop.... This provides a last-ditch key which can be used to set up 1:1 sessions even if you run out of OTKs, which is marginally inferior to using a different OTK every time, but in practice really isn't a disaster (see the MSC for details).
However, fallback keys are relatively new and aren't implemented on all clients yet (matrix-js-sdk has them, but matrix-ios-sdk is implementing this coincidentally this week)... and so until they land, we still need keyshare requests to paper over this limitation.
But in future, hopefully it will be almost unheard-of to need a keyshare request, and we can change them to be an entirely manual or out-of-hand mechanism of some kind, and avoid classes of bugs like the vuln in question here in future.
Synapse
-
Organizing OpenStreetMap Mapping Parties
What are you thinking of here? Synapse has supported purging room history since 2016: https://github.com/matrix-org/synapse/pull/911, and configurable data retention since 2019: https://github.com/matrix-org/synapse/pull/5815.
Meanwhile, Matrix has never needed the full room history to be synchronised - when a server joins a room, it typically only grabs the last 20 messages. (It does needs to grab all the key-value state about the room, although these days that happens gradually in the background).
If you're wondering why Matrix implementations are often greedy on disk space, it's because they typically cache the key-value state aggressively (storing a snapshot of it for the room on a regular basis). However, that's just an implementation quirk; folks could absolutely come up with fancier datastructures to store it more efficiently; it's just not got to the top of anyone's todo list yet - things like performance and UX are considered much more important than disk usage right now.
-
GrapheneOS is moving off Matrix
some context re the Matrix isses, long history apparently: https://github.com/matrix-org/synapse/issues/14481#issuecomm...
-
Non-profit Matrix.org Foundation seems to be moving funds to for-profit Element
Why not Matrix? Here's one reason: it has incredibly hard-to-debug edge cases, and plenty of bugs. One of my favourites is the one where people are kicked out of your room at random, which was reported a year ago[0]. It wasn't fixed, however, because the head of the Matrix foundation (Matthew) presumably didn't like the issue being posted on Twitter.
This is honestly really disappointing behaviour from a platform owner.
[0]: https://github.com/matrix-org/synapse/issues/14481
-
The Future of Synapse and Dendrite
> That doesn't make this situation any less bad to the rest of the community.
How is the community suffering here? Let's say Element adds a bunch of baller stuff to their versions over the next few months and then closes the source. Can't the community just fork the last AGPL version? You might say, "well then no one can take the AGPL fork and make their own closed-source business", but do you want them to? Even if you do, they still can with the existing Apache-licensed version, just like Element is doing right now.
You're arguing that Element will lose a lot of contributions, but TFA points out that despite being super open, the vast majority of contributions are still made by Element employees (which seems to be true [0]). It's not the case that Element is looking to monetize the (small) contributions of others, it is the case that others are looking to monetize the (huge) contributions of Element.
And besides, aren't the MSCs the core of Matrix? It's already super possible to build your own compliant client and server.
The situation is that Element needs money to keep developing the ecosystem. It would be cool if there were a big network of donors and contributions, but there isn't. You're essentially saying, "that's fine, go out of business then, and the community will keep developing the ecosystem", but that's not happening now, and it can still happen anyway with the Apache-licensed versions, which again people can still contribute to.
[0]: https://github.com/matrix-org/synapse/graphs/contributors
- Synapse v1.95.0 Released
- Matrix Synapse how use python scripts?
- Synapse v1.91.2 Released
- Synapse v1.89.0 is out
- Synapse v1.88.0 is out
- Synapse v1.87.0 (Matrix Server) Released
What are some alternatives?
conduit
dendrite - Dendrite is a second-generation Matrix homeserver written in Go!
NewPipe - A libre lightweight streaming front-end for Android.
sydent - Sydent: Reference Matrix Identity Server
Rocket.Chat - The communications platform that puts data protection first.
Jitsi Meet - Jitsi Meet - Secure, Simple and Scalable Video Conferences that you use as a standalone app or embed in your web application.
Mattermost - Mattermost is an open source platform for secure collaboration across the entire software development lifecycle..
matrix-docker-ansible-deploy - 🐳 Matrix (An open network for secure, decentralized communication) server setup using Ansible and Docker
Nextcloud - ☁️ Nextcloud server, a safe home for all your data
fluffychat
fosscord - 📬 Spacebar is a free open source selfhostable discord compatible communication platform [Moved to: https://github.com/spacebarchat/spacebarchat]