The Matrix.org network has great potential, but after years of dealing with glitches, slow performance, poor UX, and one too many failures, I’m done with it.
  • mat@linux.communityEnglish
    1·
    1 month ago

    I did not enjoy finding out only at the end that the images in this blog post are generated/made using AI.

  • 2910000@lemmy.worldEnglish
    0·
    1 month ago

    I just want a self-hostable open-source alternative to the shitty closed-source IM systems I’m forced to use

    I’m sticking with Matrix for now, hopefully some of the issues I’ve had will get ironed out

    • naht@lemmy.worldEnglish
      0·
      1 month ago

      XMPP works, but there are no video calls. Matrix has those, and they are very good. But since it is not possible there to see the online state of my friends (turned off everywhere due to horrible performance), it defeats the purpose. I want to see if they are at their computer, not if they own a mobile phone. 😉

        • naht@lemmy.worldEnglish
          1·
          25 days ago

          I use them regularly, and switching to another software is a hurdle I would like to avoid. Also I am not happy with existing software (Teams etc.).

  • drkt@scribe.disroot.orgEnglish
    0·
    1 month ago

    The protocol is bloated to hell so third-party clients stand no chance, and the foundation spends more time bikeshedding or pissing away money than they do developing. It’s a doomed project.

      • ProdigalFrog@slrpnk.netEnglish
        0·
        1 month ago

        Slrpnk hosts an XMPP/Jabber for our users, mods and admins to communicate. Its worked pretty darn well for the past couple years, with very low resource needs.

        The clients are pretty slick now too, such as Cheogram or Monocles for mobile, and movim is an excellent web app with support for group calls.

        I’d certainly recommend it over Matrix/element.

          • poVoq@slrpnk.netEnglish
            0·
            1 month ago

            Significant improvements to certificate pinning and validation have been added to all major XMPP clients as a result of this incident, but it should also be clear that hosting a server on infrastructure under control by an antagonist government (see also Signal) is a very bad idea and hard to mitigate against.

            • moonpiedumplings@programming.devEnglish
              0·
              1 month ago

              So Signal does not have reproducible builds, which are very concerning securitywise. I talk about it in this comment: https://programming.dev/post/33557941/18030327 . The TLDR is that no reproducible builds = impossible to detect if you are getting an unmodified version of the client.

              Centralized servers compound these security issues and make it worse. If the client is vulnerable to some form of replacement attack, then they could use a much more subtle, difficult to detect backdoor, like a weaker crypto implementation, which leaks meta/userdata.

              With decentralized/federated services, if a client is using other servers other than the “main” one, you either have to compromise both the client and the server, or compromise the client in a very obvious way that causes the client to send extra data to server’s it shouldn’t be sending data too.

              A big part of the problem comes with what Github calls “bugdoors”. These are “accidental” bugs that are backdoors. With a centralized service, it becomes much easier to introduce “bugdoors” because all the data routes through one service, which could then silently take advantage of this bug on their own servers.

              This is my concern with Signal being centralized. But mostly I’d say don’t worry about it, threat model and all that.

              I’m just gonna @ everybody who was in the conversation. I posted this top level for visibility.

              @Ulrich@feddit.org @rottingleaf@lemmy.world @jet@hackertalks.com @eleitl@lemmy.world @Damage@feddit.it

              EDIT: elsewhere in the thread it is talked about what is probably a nation state wiretapping attempt on an XMPP service: https://www.devever.net/~hl/xmpp-incident

              For a similar threat model, signal is simply not adequate for reasons I mentioned above, and that’s probably what poqVoq was referring to when he mentioned how it was discussed here.

              The only timestamps shared are when they signed up and when they last connected. This is well established by court documents that Signal themselves share publicly.

              This of course, assumes I trust the courts. But if I am seeking maximum privacy/security, I should not have to do that.