XMPP Service Operators - 2020-11-14


  1. Arne

    Hi furthermore can anyone tell me is there an advantage using OLM compared to OMEMO?

  2. Licaon_Kter

    Arne: on xmpp?

  3. Arne

    One just said Matrix has OLM and XMPP only OMEMO which is less secure. I was a bit confused

  4. Licaon_Kter

    Arne: who said is "less" and how did the explain the whys?

  5. Arne

    It was a Matrix user for sure: > XMPP is probably better as it has more lightweight servers - currently, as this may change over time, and anyway, XMPP has some severe disadvantages. > Architectural/standard disadvantages. It’s based on XML, it has weaker E2EE (afaik, OLM is stronger than OMEMO), and it only keeps messages on one server for each room, making it not really decentralized and easy to censor. I don't say a name

  6. Arne

    I had many arguements against this. Like the advantages of XML , the security of PGP , the insecurity and resource consumption of Matrix brigdes rooms and server

  7. Arne

    I had many arguements against this. Like the advantages of XML , the security of PGP , the (insecurity and) resource consumption of Matrix brigdes rooms and server

  8. Licaon_Kter

    Arne: there was no argument, just that they know wrong? Mmmkay Based on XML should mean something? :)) Keeping on one server, yes...that's true. Standard what? XMPP is an actual IETF standard, right? Matrix too? No? Architectural? Which part? Yes, throw several sentences....you're done...the age of discourse

  9. Licaon_Kter

    They both have good and bad parts, but matrix fanbois just regurgitate whatever FUD Matthew said once on HN.

  10. 404.city

    Oh yes, obscurantism from the matrix came to the chat of XMPP operators.

  11. 404.city

    Arne, There is currently no way for the Matrix Protocol to support federated networking

  12. 404.city

    Arne, encryption in the matrix (OLM) is ​​weaker than in XMPP (PGP,OTR, OMEMO)

  13. 404.city

    OLM encryption vulnerabilities in group chats raises many questions

  14. 404.city

    Also, a significant part of the Matrix network is located in the web client, which allows you to make global attacks on the entire network by replacing js code. e2e encryption to the server sounds like a bad joke, but this is the practical essence of securing most of the entire matrix network

  15. 404.city

    Mozila is on the verge of bankruptcy. This is not surprising after they chose the Matrix. This speaks of the extreme wastefulness of the Mozilla's management, since now the costs of XMPP are a hundred times cheaper.

  16. Licaon_Kter

    404.city: > Mozila is on the verge of bankruptcy. This is not surprising after they chose the Matrix. This speaks of the extreme wastefulness of the Mozilla's management, since now the costs of XMPP are a hundred times cheaper. The oddest argument, against Mozilla, or Matrix :))

  17. Arne

    Thanks for this informations!

  18. 404.city

    Licaon_Kter, Matrix hosting doesn't pay off with donations. For public servers and or ​​ for any non-profit organization is not profitable. Big servers important to have a balance between hosting costs and donations. Let's be honest, the enthusiasm ends sooner or later, and not everyone will be ready to pay hundreds of dollars matrix fee out of their own pockets. The main server has a lot of controversy, including governments. Others are born to freeze or die.

  19. 404.city

    Licaon_Kter, Matrix hosting doesn't pay off with donations. For public servers and or ​​ for any non-profit organization is not profitable. Big servers important to have a balance between hosting costs and donations. Let's be honest, the enthusiasm ends sooner or later, and not everyone will be ready to pay hundreds of dollars matrix fee out of their own pockets. The main server has a lot of sponsors, including governments. Others are born to freeze or die.

  20. Licaon_Kter

    404.city: that's the plan, they sell the Slack killer, just hot with modular.im or element.im or whatever is the name du jour

  21. Licaon_Kter

    404.city: that's the plan, they sell the Slack killer, just host with modular.im or element.im or whatever is the name du jour

  22. 404.city

    I have a suspicion that the developers of the matrix don't understand what federation is at all. They represent a federation, as a federation of a couple of hundred servers connected to each other, without spam, without flooding, without ddos ​​attacks, without Indian bots with blockchain, without various incompatible clients and private protocol forks. The Matrix is ​​like a utopia with pink unicorns in a golden garden. They imagine federation as one matrix.org server with small satilets servers for 10 people.

  23. 404.city

    Real federation means millions of servers and very different network loads.

  24. pintosesk

    So, a communication network without a healthy degree of mutation, which results in a lack of flexibility characteristic of proprietary networks.

  25. Licaon_Kter

    pintosesk: it's pretty flexible, they are at roomversion what? 6? So monolithic in specs that no client besides the VC funded one in ever on...spec.

  26. Licaon_Kter

    E2E? In some clients? Maybe...flexible af

  27. pintosesk

    Okay, so it's a controlled mutation.

  28. pintosesk

    Is it backwards-compatible with previous room versions?

  29. pintosesk

    I like the fact that XMPP is described through XEPs. Does Matrix do something similar to this?

  30. 404.city

    In my opinion, the matrix uses the federated part as an advertising feature, but in reality it provides extremely stripped down federation features.

  31. 404.city

    Mutation control will only work as long as the network is small and everything is in one center. XMPP extensions appeared as a necessity, not as a feature. Google, Facebook and other big companies wanted to add their own features, and so extensions appeared. It makes more sense to do protocol extensions than to do dozens of forks.

  32. 404.city

    It's a pity that they block me in the Matrix, I would have arranged for them there to analyze the misconceptions about xmpp. They seriously believe that xmpp still lacks encryption, file transfers, and video calls.

  33. 404.city

    JSON chauvinism

  34. Licaon_Kter

    pintosesk: > I like the fact that XMPP is described through XEPs. Does Matrix do something similar to this? Does it matter if they call them "protocol updates" or XEPs? If it fits the purpose...

  35. Licaon_Kter

    > Is it backwards-compatible with previous room versions? Yes, until you can't join if your client doesn't support the new version

  36. Licaon_Kter

    Monolithic means,...it is already done. Matrix does MSCs to modify it.

  37. pintosesk

    Hm.

  38. tom

    » <404.city> Mutation control will only work as long as the network is small and everything is in one center. Which is funny now that you mention it. All the matrix users seemed centralized on one big server, matrix.org. And the tiny instances that DO exist, there's no variety in implementation at all. It's all just Synapse

  39. tom

    I'm a little bit skeptical of their federation claims too, since doing service discovery on the matrix domain results in my client giving me WARNING XML NOT WELL-FORMED errors and sometimes seizing up

  40. tom

    No other compliant xmpp server has done this

  41. pintosesk

    So, Licaon_Kter, what you're saying is that old rooms are 'supported' by new rooms, in the form of, 'you're too old, come back updated' support.

  42. pintosesk

    Which is to say, the two can't express common features or reconciliate.

  43. tom

    » <404.city> » It's a pity that they block me in the Matrix, I would have arranged for them there to analyze the misconceptions about xmpp. They seriously believe that xmpp still lacks encryption, file transfers, and video calls. Where can I read more about this?

  44. tom

    » <Licaon_Kter> pintosesk: it's pretty flexible, they are at roomversion what? 6? So monolithic in specs that no client besides the VC funded one in ever on...spec. Wow, 6 versions already? Reminds me of post-whatwg web browsers

  45. pintosesk

    The difference between a "protocol update" and an XEP is that one's an optional extension, and the other is a mandatory, potentially breaking change.

  46. pintosesk

    If I understand correctly, that is.

  47. pintosesk

    I'm now under the impression that matrix is a 'vanilla' protocol with no optional modules, where all the new features become part of the main protocol as it updates.

  48. Arne

    for me Matrix is just a marketing trend thing with no advantages.

  49. tom

    » <Arne> I had many arguements against this. Like the advantages of XML , the security of PGP , the (insecurity and) resource consumption of Matrix brigdes rooms and server The XML vs JSON vs serialization method of the day has been done to death and at best it's bikeshedding, but there is this linked on the XSF's website if you really care about XML vs JSON https://www.balisage.net/Proceedings/vol10/html/Lee01/BalisageVol10-Lee01.html from https://xmpp.org/about/myths.html. Regarding PGP yes PGP isn't the end all be all of encryption, and it has it's strongsuites and cons in each use case, but usually I've found when someone is knocking PGP (or GnuPG specifically) they either are ignorant about it's uses and subkeys or are trying to sell you something

  50. Arne

    But we'll see how it developes. I heard behind Matrix is a company and it is also working together with UK and France Gouvernements. This were enough arguments for me not to use it. But I want to end this discussion now. Yes PGP especially with twofish algorithm is really and actually unbeatable

  51. Arne

    But we'll see how it developes. I heard behind Matrix is a company and it is also working together with UK and France Gouvernements. This were enough arguments for me not to use it. But I want to end this discussion now. Yes PGP especially with twofish algorithm is really good and actually unbeatable

  52. 404.city

    https://xmpp.404.city:5280/usershare/6d33720a4a94189f7b96d206ee5f6128196decf2/46jl131DniMgtMdf2OM50355cDD02HpJyMuMB4oD/123_Ew8sO9Oo__1_.jpg

  53. mjk

    404.city: maybe they want it for themselves, but without the backdoors :)

  54. Licaon_Kter

    mjk: but but they said to backdoor everything, right? Or only the peons?

  55. mjk

    Well clearly there could be no terrorists and child molesters among the government

  56. mjk

    So no-one need to watch the watchers :)

  57. mjk

    So no-one needs to watch the watchers :)

  58. argon3771

    Not to jump into the conversation but, the one thing I've found with matrix vs xmpp (and this is more of an iOS issue I believe), on matrix I can place a call to someone with their app in background and it goes through. On xmpp their app needs to be in the foreground. Other than that, I prefer xmpp.

  59. MattJ

    argon3771, well that's a fairly trivial bug (in terms of implementing a fix, not in terms of user experience)

  60. MattJ

    So if that's all that lies between XMPP and success... :)

  61. Licaon_Kter

    argon3771: there's same Tigase XEPs to be put forward and that will be fixed

  62. argon3771

    Licaon_Kter: thanks. Didn't know that. That would be great. Most of the people I talk with have ios devices. That was always one of the biggest complaints I've heard from them (casual users, your every day non-techie).

  63. 404.city

    argon3771, XMPP has poor client financing, IOS support is expected in a few years. Conversations and Xabber clients want to port to IOS

  64. Arne

    How much money is needed for a working IOS and mac client??

  65. Arne

    How much money is needed for a working IOS and mac client?

  66. Link Mauve

    Arne, ask the SiskinIM people I guess?

  67. jonas’

    probably a month or two of developer time

  68. jonas’

    and I’m afraid the requirements stretch beyond purely the client side

  69. Arne

    From the state the clients actually are. But it would be great using something like flutter. I just know Android so far

  70. Arne

    From the state the clients actually are. But it would be great using something like flutter. I just know a bit android programming so far

  71. Arne

    and I tried flutter but I hate using Google stuff xD

  72. MattJ

    Arne, I'm currently tracking ~€7k of important Siskin issues

  73. Arne

    I think I would try to collect some money for it

  74. MattJ

    Everything helps :)

  75. Arne

    but siskin im is opensource right

  76. Licaon_Kter

    Arne: developers need to eat, what's your point with the "but"?

  77. MattJ

    Yes, it's open-source

  78. Arne

    Licaon_Kter the but means I prefer to support developers who are making opensource software. If it is selled in IOS store it's totally ok. But I would like to take a look in the code too.

  79. Arne

    I have a friend programming for IOS so maybe I can convince him helping

  80. MattJ

    https://github.com/tigase/siskin-im

  81. Licaon_Kter

    Arne: it's free there and open-source, yes

  82. Arne

    thanks MattJ Licaon_Kter

  83. christian

    Licaon_Kter, then they must ask for food.

  84. tom

    » <argon3771> Not to jump into the conversation but, the one thing I've found with matrix vs xmpp (and this is more of an iOS issue I believe), on matrix I can place a call to someone with their app in background and it goes through. On xmpp their app needs to be in the foreground. Other than that, I prefer xmpp. That's not XMPP's fault. That's Apple ios's fault. I've heard ios doesn't let you have persistent TCP connections open for background apps, probably because they don't want anything competing with facetime. Being able to handle a long standing TCP connection is a basic feature of any unix like operating system, even darwin since idk, late 70s or 80s?

  85. tom

    If someone was to build an XMPP client for ios and apple still had these anti-competitive artificial restrictions it would probably only be available to jailbroken users

  86. tom

    Better to tell users not to put themselves in a jail in the first place than to tell them to jailbreak

  87. tom

    Also your restricted to only using apple's own special programming languages when programming for apple products. Something I think is just too much of a ask for a community development effort

  88. tom

    People who are skilled enough to program probably aren't going to be using apple products anyways, let alone waste their time learning a language that is only useful for programming apple products, and after they /allow/ you to host your ""app"" on their ""appstore""

  89. tom

    Keep in mind some of the requirements of the apple appstore may be in conflict with the GPL license, if which you'd need to get permission from all your devs to dual license

  90. argon3771

    tom: I know its apples issue, I was just pointing out a complaint I've heard about xmpp vs matrix on iOS, since matrix was a topic earlier.

  91. raucao

    apple push notifications are actually based on xmpp, making it even more maddening

  92. raucao

    their official reason for not allowing 3rd party background processes is battery life

  93. raucao

    but really, they want everyone to go through APN i think

  94. raucao

    which is also bad for decentralized systems