Skip to content

Is Matrix cooked?

Technology
54 27 149
  • how are programs denied that access? how is it that they can't do that?

    with the computers that I know, if I download a program, that'll be able to read, and also modify all the files that I have access to. this includes the ability to read the saved passwords from my browser, and to install browser addons without my consent or knowledge.

    what makes it so that it cannot happen on mainstream desktop computers?

    how are programs denied that access? how is it that they can't do that?

    Apps are typically given their own dedicated storage volume, and access to any other part of the filesystem requires permission from the user.

    this includes the ability to read the saved passwords from my browser, and to install browser addons without my consent or knowledge.

    WTF kind of computers are you using?

  • how are programs denied that access? how is it that they can't do that?

    Apps are typically given their own dedicated storage volume, and access to any other part of the filesystem requires permission from the user.

    this includes the ability to read the saved passwords from my browser, and to install browser addons without my consent or knowledge.

    WTF kind of computers are you using?

    Apps are typically given their own dedicated storage volume, and access to any other part of the filesystem requires permission from the user.

    uh, no? on smartphones, yes, but not on computers.

    and even on smartphones. the chat app does have access to your messages, as I originally said

    WTF kind of computers are you using?

    desktop.. computers? you probably heard about operating systems, like windows, and linux..

  • Apps are typically given their own dedicated storage volume, and access to any other part of the filesystem requires permission from the user.

    uh, no? on smartphones, yes, but not on computers.

    and even on smartphones. the chat app does have access to your messages, as I originally said

    WTF kind of computers are you using?

    desktop.. computers? you probably heard about operating systems, like windows, and linux..

    uh, no?

    Uh, yes.

    the chat app does have access to your messages, as I originally said

    What you originally said was gibberish, but I digress. The chat app is open source, so you can evaluate what it's doing with those messages for yourself.

  • Apps are typically given their own dedicated storage volume, and access to any other part of the filesystem requires permission from the user.

    uh, no? on smartphones, yes, but not on computers.

    and even on smartphones. the chat app does have access to your messages, as I originally said

    WTF kind of computers are you using?

    desktop.. computers? you probably heard about operating systems, like windows, and linux..

    uh, no? on smartphones, yes, but not on computers.

    That's not true. Most operating systems at least have filesystem permissions, and on a lot of Linux distros you additionally get AppArmor or PolKit to further restrict what files a program can read/write.

  • on linux. flatpak. now, how mainstream is that setup exactly? are you saying that the issue I brought up does not apply to most of the people on the internet?

    it does not matter what platform I'm on. what matters is what do most people use. in the world where I live, most people use the windows operating system. there is no such protection at all. except when accounting for sandboxie and other obscure programs virtually no one knows about

    I mentioned Linux specifically because something like this is the hardest to set up on Linux. I (wrongly) assumed that since you were complaining about it not existing, you were on a platform where setting these permissions up isn't straightforward. App-specific file-acess permissions are on MacOS out of the box as a configurable setting for all applications (in the system settings menu), and I'm pretty sure Windows 10/11 has something similar in its settings menu as well.

    Edit:
    Also, if we're being pedantic, this is also a setting on both Android and iOS, with Android displaying the option to change access pretty much every time you pick out a file.

  • Matrix has always been way too bulky for being a simple messenger. Imo their architecture was cooked from the start.

    But its not a simple messenger though. If you want something simple, IRC is always available for use.

  • uh, no?

    Uh, yes.

    the chat app does have access to your messages, as I originally said

    What you originally said was gibberish, but I digress. The chat app is open source, so you can evaluate what it's doing with those messages for yourself.

    What you originally said was gibberish, but I digress.

    I don't agree, and additionally when you say I'm wrong I have to pull the reason out of you with pincers.

    The chat app is open source, so you can evaluate what it's doing with those messages for yourself.

    yeah, evaluate what it does at the time of the audit.

  • uh, no?

    Uh, yes.

    the chat app does have access to your messages, as I originally said

    What you originally said was gibberish, but I digress. The chat app is open source, so you can evaluate what it's doing with those messages for yourself.

    What you originally said was gibberish, but I digress.

    I don't agree, and additionally when you say I'm wrong I have to pull the reason out of you with pincers.

    The chat app is open source, so you can evaluate what it's doing with those messages for yourself.

    yeah, evaluate what it does at the time of the audit.

  • This. I know a lot of folks in the fediverse like Matrix, but the user experience feels like yet another platform that started with the platform architecture, and not the end user’s experience.

    Then it gets adopted by a bunch of people who enjoy installing Hannah Montana Linux distros for fun, and no one else.

    the new apps are great and they've replaced the hot part of the encryption code with one in rust, for use in all clients. the web ui is still clunky but generally fine

  • What you originally said was gibberish, but I digress.

    I don't agree, and additionally when you say I'm wrong I have to pull the reason out of you with pincers.

    The chat app is open source, so you can evaluate what it's doing with those messages for yourself.

    yeah, evaluate what it does at the time of the audit.

    but even just your chats on the phone

    This is gibberish.

    when you say I'm wrong I have to pull the reason out of you with pincers.

    You don't. I've given it to you in plain English.

    yeah, evaluate what it does at the time of the audit

    ...yes? They've also had several third-party professional audits.

  • uh, no? on smartphones, yes, but not on computers.

    That's not true. Most operating systems at least have filesystem permissions, and on a lot of Linux distros you additionally get AppArmor or PolKit to further restrict what files a program can read/write.

    Most operating systems at least have filesystem permissions,

    which limits access between files of different users, but does not prevent the zoom app to read your documents, or the cracked game you torrented to read the passwords from your web browser.

    and on a lot of Linux distros you additionally get AppArmor or PolKit to further restrict what files a program can read/write

    on lot of linux distributions where apparmor is active, most processes are unconfined, or at best still have broad access, because the distribution does not ship apparmor profiles for each executable that a user may run.

    same with polkit, except that it's use case is not about defining additional limitations, but about defining what is allowed, to build upon other security systems. so to define whe n to prompt the user permission, whether to ask for a password or just a yes-no question, or whether to just allow something that would otherwise be disallowed if polkit was not in place.

    Additionally, on a lot of linux distributions, umask is set by default so that new files are world readable, and so users can read most of each others files.

    this is also at least the 3rd instance I ask this week, but are we really assuming that the common internet user is using linux? what is the case with other operating systems, like windows? yeah users can't read each others profile directory by default, but nothing prevents program A from reading something written by program B when both are running with the privileges of your user account

    so, sorry but to me it seems that

    • on linux it is possible, but in lots of common cases access is not limited
    • on windows it is not possible, without involving probably enterprise level software
  • I mentioned Linux specifically because something like this is the hardest to set up on Linux. I (wrongly) assumed that since you were complaining about it not existing, you were on a platform where setting these permissions up isn't straightforward. App-specific file-acess permissions are on MacOS out of the box as a configurable setting for all applications (in the system settings menu), and I'm pretty sure Windows 10/11 has something similar in its settings menu as well.

    Edit:
    Also, if we're being pedantic, this is also a setting on both Android and iOS, with Android displaying the option to change access pretty much every time you pick out a file.

    App-specific file-acess permissions are on MacOS out of the box as a configurable setting for all applications (in the system settings menu), and I'm pretty sure Windows 10/11 has something similar in its settings menu as well.

    I don't know about macos, but I doubt that it applies to software that was obtained outside of their app store.

    on windows however, those settings only apply to UWP apps. not .exe and .bat and .msi and .ps programs, but .appx packages that you can install from the Microsoft Store. and installing something from the Microsoft Store does not mean that it'll be sandboxed, lots of regular .exe programs are also distributed there.

    Also, if we're being pedantic, this is also a setting on both Android and iOS, with Android displaying the option to change access pretty much every time you pick out a file.

    those are mobile operating systems, they have been designed with this in mind from the beginning. General purpose desktop computers are very different though, for better or worse. and, as I know, desktop computer users are still not a small minority

  • but even just your chats on the phone

    This is gibberish.

    when you say I'm wrong I have to pull the reason out of you with pincers.

    You don't. I've given it to you in plain English.

    yeah, evaluate what it does at the time of the audit

    ...yes? They've also had several third-party professional audits.

    This is gibberish.

    I don't know what this means. you could have just said "fuck you", plainly, and it wouldn't have made less sense.

  • This is gibberish.

    I don't know what this means. you could have just said "fuck you", plainly, and it wouldn't have made less sense.

    you could have just said "fuck you", plainly

    I certainly could have and would have if that's what I wanted to say.

  • I mentioned Linux specifically because something like this is the hardest to set up on Linux. I (wrongly) assumed that since you were complaining about it not existing, you were on a platform where setting these permissions up isn't straightforward. App-specific file-acess permissions are on MacOS out of the box as a configurable setting for all applications (in the system settings menu), and I'm pretty sure Windows 10/11 has something similar in its settings menu as well.

    Edit:
    Also, if we're being pedantic, this is also a setting on both Android and iOS, with Android displaying the option to change access pretty much every time you pick out a file.

    this is also a setting on both Android and iOS, with Android displaying the option to change access pretty much every time you pick out a file.

    For photos at the very least, it's the same on iOS. Haven't tested with files. But anytime I needed to send people photos over FB Messenger, I'd add access to that one specific photo and nothing more. Until I got tired of it and added all photos. Oh well.

  • Also there are not many competitors to Matrix. Just XMPP for the most part.
    SimpleX and Signal are not good at supporting chat rooms with large amounts of people. Telegram does it okay but isn’t decentralized.

    Telegram also don't have E2E encryption on groups

  • App-specific file-acess permissions are on MacOS out of the box as a configurable setting for all applications (in the system settings menu), and I'm pretty sure Windows 10/11 has something similar in its settings menu as well.

    I don't know about macos, but I doubt that it applies to software that was obtained outside of their app store.

    on windows however, those settings only apply to UWP apps. not .exe and .bat and .msi and .ps programs, but .appx packages that you can install from the Microsoft Store. and installing something from the Microsoft Store does not mean that it'll be sandboxed, lots of regular .exe programs are also distributed there.

    Also, if we're being pedantic, this is also a setting on both Android and iOS, with Android displaying the option to change access pretty much every time you pick out a file.

    those are mobile operating systems, they have been designed with this in mind from the beginning. General purpose desktop computers are very different though, for better or worse. and, as I know, desktop computer users are still not a small minority

    Didn't know it only applied to UWP apps on Windows. That does seem like a pretty big problem then.

    I don't still have a Mac readily available to test with but afaik it is any application that uses Apple's packaging format. It could also be that it needs to be in the "Applications" folder, but I'm almost certain it isn't an App Store exclusive feature.

  • Sidenote, the modern web is so fucked because how am I supposed to teach a kid that I would trust the random website "paper.wtf" I have never seen before with literally "meow" randomly above their article MORE than businessinsider.com which is like at the top of every search result

    The most skibidiest of websites is also the most trustworthy.

  • In today's episode of Kill The Messenger, Matrix co-founder Matthew Hodgson reveals how full of bullshit is the writer of the original article.

    The messages were published in the Office of the Matrix.org Foundation room: https://matrix.to/#%2F!sWpnrYUMmaBrlqfRdn%3Amatrix.org%2F%24XpQe-vmtB7j0Uy1TPCvMVCSCW63Xxw_jwy3fflw7EMQ%3Fvia=matrix.org&via=element.io

    https://paper.wf/alexia/matrix-is-cooked is fascinatingly incorrect

    Until the 6th of November 2023 when they—in their words—moved to a different repository and to the AGPL license. In reality, the Foundation did not know this was coming, and a huge support net was pulled away under their feet.

    fwiw, the Foundation had a front-row seat in the fact that Element (as incorporated by the folks who created Matrix) had donated $$M to the Foundation over the years, but wasn't going to survive if it kept giving all its work away as apache-licensed code - which in turn would have been catastrophic for the Foundation.

    Yes, the high expenses for the Matrix.org homeserver are largely because they are still managed by Element, just not as donated work but instead like with any other customer.

    nope, Element passes the hardware costs (and a fraction of the people costs) of running the matrix.org server to the Foundation without any overheads or markup at all.

    Either way it shows that Element is seemingly cashing in on selling ,Matrix to governments and B2B as a SaaS solution without it going back to the foundation

    Element has literally put tens of millions into the foundation, and is continuing to do so - while some of the costs get passed to the Foundation, Element donates a bunch too (e.g. by funding a large chunk of the Matrix conference as the anchor sponsor, and by donating time all over the place to help support trust & safety etc)

    At the same time I can't help but think that this could have been prevented. Even Matthew himself recognizes that putting the future on Matrix on the line with VC funding and alike was not the best idea for the health of Matrix.

    No, even Matthew knows that Matrix would never have been funded without routing the VC funding from Element into... building Matrix. We tried to fund it originally purely as a non-profit, but failed (just as it's a nightmare to raise non-profit for the Foundation today even now that Matrix exists and is successful!). If you need to raise serious $ for an ambitious project, you either need to get lucky with a billionaire (as Signal did with Brian Acton) or you have to raise on the for-profit side. Perhaps it would have have been best for Matrix to grow organically, but I suspect that if it did, it would have failed miserably - instead, it succeeded because we already had a team of ~12 people who could crack on and jump-start it if they could work on it as their dayjob; the team who subsequently founded Element.

    Ultimately, for-profit companies will do what makes them profit, not what's the best option. Unless the best option happens to coincide with making the most profit.

    No, Element is not profitable. Nor is it trying to maximise profit. Right now it's trying to survive and get sustainable and profit-neutral (i.e. break-even) - while doing everything it can to help keep Matrix healthy and successful too (given if Matrix fails, Element fails too).

    Unfortunately, supporting the foundation through anything more than “in spirit” and a platinum membership is out of their budget, apparently. I think that morally they owe a lot more than that.

    wow.

    the FUD level is absolutely astonishing, and I really wonder what the genesis of this is

    so, absolutely, spectacularly, depressing

    this, my friends, is why we can't have nice things.

    In response to an other person suggesting that the publisher is also known as a reasonable person on the platform:

    Interesting, the matrix handle that seems behind this blog seems always to have been quite a reasonable person

    somewhat why i’m wondering what the backstory is, and whether this is an unfortunate example of spicy lies outpacing the boring truth

    You know the system is fucked when people who seek to maximize profit for themselves while making everyone else's life worse is rewarded, whereas projects like Matrix, which is clearly a public good that benefits the society, struggles to get funding.

  • it's ... not ... a simple messenger, if that helps?

    What is it then? A complicated messenger?

  • 1 Stimmen
    1 Beiträge
    3 Aufrufe
    Niemand hat geantwortet
  • 272 Stimmen
    41 Beiträge
    24 Aufrufe
    tonytins@pawb.socialT
    It was a failed attempt. I get that. You can drop it now.
  • 90 Stimmen
    20 Beiträge
    12 Aufrufe
    W
    At least with AI it's easy to see how shitty it gets as the codebase grows working on even a toy project over a week. Then again, if you have no frame of reference maybe that doesn't feel as awful as it should.
  • 35 Stimmen
    1 Beiträge
    10 Aufrufe
    Niemand hat geantwortet
  • Why doesn't Nvidia have more competition?

    Technology technology
    22
    1
    33 Stimmen
    22 Beiträge
    81 Aufrufe
    B
    It’s funny how the article asks the question, but completely fails to answer it. About 15 years ago, Nvidia discovered there was a demand for compute in datacenters that could be met with powerful GPU’s, and they were quick to respond to it, and they had the resources to focus on it strongly, because of their huge success and high profitability in the GPU market. AMD also saw the market, and wanted to pursue it, but just over a decade ago where it began to clearly show the high potential for profitability, AMD was near bankrupt, and was very hard pressed to finance developments on GPU and compute in datacenters. AMD really tried the best they could, and was moderately successful from a technology perspective, but Nvidia already had a head start, and the proprietary development system CUDA was already an established standard that was very hard to penetrate. Intel simply fumbled the ball from start to finish. After a decade of trying to push ARM down from having the mobile crown by far, investing billions or actually the equivalent of ARM’s total revenue. They never managed to catch up to ARM despite they had the better production process at the time. This was the main focus of Intel, and Intel believed that GPU would never be more than a niche product. So when intel tried to compete on compute for datacenters, they tried to do it with X86 chips, One of their most bold efforts was to build a monstrosity of a cluster of Celeron chips, which of course performed laughably bad compared to Nvidia! Because as it turns out, the way forward at least for now, is indeed the massively parralel compute capability of a GPU, which Nvidia has refined for decades, only with (inferior) competition from AMD. But despite the lack of competition, Nvidia did not slow down, in fact with increased profits, they only grew bolder in their efforts. Making it even harder to catch up. Now AMD has had more money to compete for a while, and they do have some decent compute units, but Nvidia remains ahead and the CUDA problem is still there, so for AMD to really compete with Nvidia, they have to be better to attract customers. That’s a very tall order against Nvidia that simply seems to never stop progressing. So the only other option for AMD is to sell a bit cheaper. Which I suppose they have to. AMD and Intel were the obvious competitors, everybody else is coming from even further behind. But if I had to make a bet, it would be on Huawei. Huawei has some crazy good developers, and Trump is basically forcing them to figure it out themselves, because he is blocking Huawei and China in general from using both AMD and Nvidia AI chips. And the chips will probably be made by Chinese SMIC, because they are also prevented from using advanced production in the west, most notably TSMC. China will prevail, because it’s become a national project, of both prestige and necessity, and they have a massive talent mass and resources, so nothing can stop it now. IMO USA would clearly have been better off allowing China to use American chips. Now China will soon compete directly on both production and design too.
  • 0 Stimmen
    17 Beiträge
    64 Aufrufe
    F
    You seem to think we disagree on creation of a police state or massive surveillance system being a bad thing for some reason. None of which are stopped with regulations by the states that are funding and building said things ...
  • 0 Stimmen
    2 Beiträge
    19 Aufrufe
    G
    Wow... Just learned about that NOW. I wanted to play some games today and wondered why my account doesnt work nor the "forgot password"-Function... Fuck Meta. Fuck Oculus... Fuck this whole Enshittification that is going on lately... Is there ANY Way, to get my CV1 to run Without an account?!
  • 0 Stimmen
    2 Beiträge
    6 Aufrufe
    T
    Wow, that's really concerning! It's crazy how these breaches can lead to such massive losses. If anyone's dealing with crypto fraud, I’ve heard Segev LLP is a solid firm that helps people and companies navigate these situations. Stay safe, everyone!