XMPP Service Operators - 2020-11-14

Hi furthermore can anyone tell me is there an advantage using OLM compared to OMEMO?

Arne: on xmpp?

One just said Matrix has OLM and XMPP only OMEMO which is less secure. I was a bit confused

Arne: who said is "less" and how did the explain the whys?

It was a Matrix user for sure: > XMPP is probably better as it has more lightweight servers - currently, as this may change over time, and anyway, XMPP has some severe disadvantages. > Architectural/standard disadvantages. It’s based on XML, it has weaker E2EE (afaik, OLM is stronger than OMEMO), and it only keeps messages on one server for each room, making it not really decentralized and easy to censor. I don't say a name

I had many arguements against this. Like the advantages of XML , the security of PGP , the (insecurity and) resource consumption of Matrix brigdes rooms and server ✏

Arne: there was no argument, just that they know wrong? Mmmkay Based on XML should mean something? :)) Keeping on one server, yes...that's true. Standard what? XMPP is an actual IETF standard, right? Matrix too? No? Architectural? Which part? Yes, throw several sentences....you're done...the age of discourse

They both have good and bad parts, but matrix fanbois just regurgitate whatever FUD Matthew said once on HN.

Oh yes, obscurantism from the matrix came to the chat of XMPP operators.

Arne, There is currently no way for the Matrix Protocol to support federated networking

Arne, encryption in the matrix (OLM) is ​​weaker than in XMPP (PGP,OTR, OMEMO)

OLM encryption vulnerabilities in group chats raises many questions

Also, a significant part of the Matrix network is located in the web client, which allows you to make global attacks on the entire network by replacing js code. e2e encryption to the server sounds like a bad joke, but this is the practical essence of securing most of the entire matrix network

Mozila is on the verge of bankruptcy. This is not surprising after they chose the Matrix. This speaks of the extreme wastefulness of the Mozilla's management, since now the costs of XMPP are a hundred times cheaper.

404.city: > Mozila is on the verge of bankruptcy. This is not surprising after they chose the Matrix. This speaks of the extreme wastefulness of the Mozilla's management, since now the costs of XMPP are a hundred times cheaper. The oddest argument, against Mozilla, or Matrix :))

Thanks for this informations!

Licaon_Kter, Matrix hosting doesn't pay off with donations. For public servers and or ​​ for any non-profit organization is not profitable. Big servers important to have a balance between hosting costs and donations. Let's be honest, the enthusiasm ends sooner or later, and not everyone will be ready to pay hundreds of dollars matrix fee out of their own pockets. The main server has a lot of sponsors, including governments. Others are born to freeze or die. ✏

404.city: that's the plan, they sell the Slack killer, just host with modular.im or element.im or whatever is the name du jour ✏

I have a suspicion that the developers of the matrix don't understand what federation is at all. They represent a federation, as a federation of a couple of hundred servers connected to each other, without spam, without flooding, without ddos ​​attacks, without Indian bots with blockchain, without various incompatible clients and private protocol forks. The Matrix is ​​like a utopia with pink unicorns in a golden garden. They imagine federation as one matrix.org server with small satilets servers for 10 people.

Real federation means millions of servers and very different network loads.

So, a communication network without a healthy degree of mutation, which results in a lack of flexibility characteristic of proprietary networks.

pintosesk: it's pretty flexible, they are at roomversion what? 6? So monolithic in specs that no client besides the VC funded one in ever on...spec.

E2E? In some clients? Maybe...flexible af

Okay, so it's a controlled mutation.

Is it backwards-compatible with previous room versions?

I like the fact that XMPP is described through XEPs. Does Matrix do something similar to this?

In my opinion, the matrix uses the federated part as an advertising feature, but in reality it provides extremely stripped down federation features.

Mutation control will only work as long as the network is small and everything is in one center. XMPP extensions appeared as a necessity, not as a feature. Google, Facebook and other big companies wanted to add their own features, and so extensions appeared. It makes more sense to do protocol extensions than to do dozens of forks.

It's a pity that they block me in the Matrix, I would have arranged for them there to analyze the misconceptions about xmpp. They seriously believe that xmpp still lacks encryption, file transfers, and video calls.

JSON chauvinism

pintosesk: > I like the fact that XMPP is described through XEPs. Does Matrix do something similar to this? Does it matter if they call them "protocol updates" or XEPs? If it fits the purpose...

> Is it backwards-compatible with previous room versions? Yes, until you can't join if your client doesn't support the new version

Monolithic means,...it is already done. Matrix does MSCs to modify it.

Hm.

» <404.city> Mutation control will only work as long as the network is small and everything is in one center. Which is funny now that you mention it. All the matrix users seemed centralized on one big server, matrix.org. And the tiny instances that DO exist, there's no variety in implementation at all. It's all just Synapse

I'm a little bit skeptical of their federation claims too, since doing service discovery on the matrix domain results in my client giving me WARNING XML NOT WELL-FORMED errors and sometimes seizing up

No other compliant xmpp server has done this

So, Licaon_Kter, what you're saying is that old rooms are 'supported' by new rooms, in the form of, 'you're too old, come back updated' support.

Which is to say, the two can't express common features or reconciliate.

» <404.city> » It's a pity that they block me in the Matrix, I would have arranged for them there to analyze the misconceptions about xmpp. They seriously believe that xmpp still lacks encryption, file transfers, and video calls. Where can I read more about this?

» <Licaon_Kter> pintosesk: it's pretty flexible, they are at roomversion what? 6? So monolithic in specs that no client besides the VC funded one in ever on...spec. Wow, 6 versions already? Reminds me of post-whatwg web browsers

The difference between a "protocol update" and an XEP is that one's an optional extension, and the other is a mandatory, potentially breaking change.

If I understand correctly, that is.

I'm now under the impression that matrix is a 'vanilla' protocol with no optional modules, where all the new features become part of the main protocol as it updates.

for me Matrix is just a marketing trend thing with no advantages.

» <Arne> I had many arguements against this. Like the advantages of XML , the security of PGP , the (insecurity and) resource consumption of Matrix brigdes rooms and server The XML vs JSON vs serialization method of the day has been done to death and at best it's bikeshedding, but there is this linked on the XSF's website if you really care about XML vs JSON https://www.balisage.net/Proceedings/vol10/html/Lee01/BalisageVol10-Lee01.html from https://xmpp.org/about/myths.html. Regarding PGP yes PGP isn't the end all be all of encryption, and it has it's strongsuites and cons in each use case, but usually I've found when someone is knocking PGP (or GnuPG specifically) they either are ignorant about it's uses and subkeys or are trying to sell you something

But we'll see how it developes. I heard behind Matrix is a company and it is also working together with UK and France Gouvernements. This were enough arguments for me not to use it. But I want to end this discussion now. Yes PGP especially with twofish algorithm is really good and actually unbeatable ✏

https://xmpp.404.city:5280/usershare/6d33720a4a94189f7b96d206ee5f6128196decf2/46jl131DniMgtMdf2OM50355cDD02HpJyMuMB4oD/123_Ew8sO9Oo__1_.jpg

404.city: maybe they want it for themselves, but without the backdoors :)

mjk: but but they said to backdoor everything, right? Or only the peons?

Well clearly there could be no terrorists and child molesters among the government

So no-one needs to watch the watchers :) ✏

Not to jump into the conversation but, the one thing I've found with matrix vs xmpp (and this is more of an iOS issue I believe), on matrix I can place a call to someone with their app in background and it goes through. On xmpp their app needs to be in the foreground. Other than that, I prefer xmpp.

argon3771, well that's a fairly trivial bug (in terms of implementing a fix, not in terms of user experience)

So if that's all that lies between XMPP and success... :)

argon3771: there's same Tigase XEPs to be put forward and that will be fixed

Licaon_Kter: thanks. Didn't know that. That would be great. Most of the people I talk with have ios devices. That was always one of the biggest complaints I've heard from them (casual users, your every day non-techie).

argon3771, XMPP has poor client financing, IOS support is expected in a few years. Conversations and Xabber clients want to port to IOS

How much money is needed for a working IOS and mac client? ✏

Arne, ask the SiskinIM people I guess?

probably a month or two of developer time

and I’m afraid the requirements stretch beyond purely the client side

From the state the clients actually are. But it would be great using something like flutter. I just know a bit android programming so far ✏

and I tried flutter but I hate using Google stuff xD

Arne, I'm currently tracking ~€7k of important Siskin issues

I think I would try to collect some money for it

Everything helps :)

but siskin im is opensource right

Arne: developers need to eat, what's your point with the "but"?

Yes, it's open-source

Licaon_Kter the but means I prefer to support developers who are making opensource software. If it is selled in IOS store it's totally ok. But I would like to take a look in the code too.

I have a friend programming for IOS so maybe I can convince him helping

https://github.com/tigase/siskin-im

Arne: it's free there and open-source, yes

thanks MattJ Licaon_Kter

Licaon_Kter, then they must ask for food.

» <argon3771> Not to jump into the conversation but, the one thing I've found with matrix vs xmpp (and this is more of an iOS issue I believe), on matrix I can place a call to someone with their app in background and it goes through. On xmpp their app needs to be in the foreground. Other than that, I prefer xmpp. That's not XMPP's fault. That's Apple ios's fault. I've heard ios doesn't let you have persistent TCP connections open for background apps, probably because they don't want anything competing with facetime. Being able to handle a long standing TCP connection is a basic feature of any unix like operating system, even darwin since idk, late 70s or 80s?

If someone was to build an XMPP client for ios and apple still had these anti-competitive artificial restrictions it would probably only be available to jailbroken users

Better to tell users not to put themselves in a jail in the first place than to tell them to jailbreak

Also your restricted to only using apple's own special programming languages when programming for apple products. Something I think is just too much of a ask for a community development effort

People who are skilled enough to program probably aren't going to be using apple products anyways, let alone waste their time learning a language that is only useful for programming apple products, and after they /allow/ you to host your ""app"" on their ""appstore""

Keep in mind some of the requirements of the apple appstore may be in conflict with the GPL license, if which you'd need to get permission from all your devs to dual license

tom: I know its apples issue, I was just pointing out a complaint I've heard about xmpp vs matrix on iOS, since matrix was a topic earlier.

apple push notifications are actually based on xmpp, making it even more maddening

their official reason for not allowing 3rd party background processes is battery life

but really, they want everyone to go through APN i think

which is also bad for decentralized systems