Skip to content

Is Matrix cooked?

Technology
54 27 152
  • deleted by creator

    The response is less of a response, more of an explanation of their current feelings pertaining to matrix. Seems odd when Matthew made some clear, individual points that could've been addressed.

  • Why would you think a chat app has full write access to your disk?

    Because any programs have that access??

  • deleted by creator

    deleted by creator

  • Because any programs have that access??

    Again, no.

  • Because any programs have that access??

    Not sure what platform you're on but on Linux flatpak can limit access to files, and things like AppArmor can do that for any native app as well (though it can be pretty tedious to configure)

  • Again, no.

    how are programs denied that access? how is it that they can't do that?

    with the computers that I know, if I download a program, that'll be able to read, and also modify all the files that I have access to. this includes the ability to read the saved passwords from my browser, and to install browser addons without my consent or knowledge.

    what makes it so that it cannot happen on mainstream desktop computers?

  • Not sure what platform you're on but on Linux flatpak can limit access to files, and things like AppArmor can do that for any native app as well (though it can be pretty tedious to configure)

    on linux. flatpak. now, how mainstream is that setup exactly? are you saying that the issue I brought up does not apply to most of the people on the internet?

    it does not matter what platform I'm on. what matters is what do most people use. in the world where I live, most people use the windows operating system. there is no such protection at all. except when accounting for sandboxie and other obscure programs virtually no one knows about

  • how are programs denied that access? how is it that they can't do that?

    with the computers that I know, if I download a program, that'll be able to read, and also modify all the files that I have access to. this includes the ability to read the saved passwords from my browser, and to install browser addons without my consent or knowledge.

    what makes it so that it cannot happen on mainstream desktop computers?

    how are programs denied that access? how is it that they can't do that?

    Apps are typically given their own dedicated storage volume, and access to any other part of the filesystem requires permission from the user.

    this includes the ability to read the saved passwords from my browser, and to install browser addons without my consent or knowledge.

    WTF kind of computers are you using?

  • how are programs denied that access? how is it that they can't do that?

    Apps are typically given their own dedicated storage volume, and access to any other part of the filesystem requires permission from the user.

    this includes the ability to read the saved passwords from my browser, and to install browser addons without my consent or knowledge.

    WTF kind of computers are you using?

    Apps are typically given their own dedicated storage volume, and access to any other part of the filesystem requires permission from the user.

    uh, no? on smartphones, yes, but not on computers.

    and even on smartphones. the chat app does have access to your messages, as I originally said

    WTF kind of computers are you using?

    desktop.. computers? you probably heard about operating systems, like windows, and linux..

  • Apps are typically given their own dedicated storage volume, and access to any other part of the filesystem requires permission from the user.

    uh, no? on smartphones, yes, but not on computers.

    and even on smartphones. the chat app does have access to your messages, as I originally said

    WTF kind of computers are you using?

    desktop.. computers? you probably heard about operating systems, like windows, and linux..

    uh, no?

    Uh, yes.

    the chat app does have access to your messages, as I originally said

    What you originally said was gibberish, but I digress. The chat app is open source, so you can evaluate what it's doing with those messages for yourself.

  • Apps are typically given their own dedicated storage volume, and access to any other part of the filesystem requires permission from the user.

    uh, no? on smartphones, yes, but not on computers.

    and even on smartphones. the chat app does have access to your messages, as I originally said

    WTF kind of computers are you using?

    desktop.. computers? you probably heard about operating systems, like windows, and linux..

    uh, no? on smartphones, yes, but not on computers.

    That's not true. Most operating systems at least have filesystem permissions, and on a lot of Linux distros you additionally get AppArmor or PolKit to further restrict what files a program can read/write.

  • on linux. flatpak. now, how mainstream is that setup exactly? are you saying that the issue I brought up does not apply to most of the people on the internet?

    it does not matter what platform I'm on. what matters is what do most people use. in the world where I live, most people use the windows operating system. there is no such protection at all. except when accounting for sandboxie and other obscure programs virtually no one knows about

    I mentioned Linux specifically because something like this is the hardest to set up on Linux. I (wrongly) assumed that since you were complaining about it not existing, you were on a platform where setting these permissions up isn't straightforward. App-specific file-acess permissions are on MacOS out of the box as a configurable setting for all applications (in the system settings menu), and I'm pretty sure Windows 10/11 has something similar in its settings menu as well.

    Edit:
    Also, if we're being pedantic, this is also a setting on both Android and iOS, with Android displaying the option to change access pretty much every time you pick out a file.

  • Matrix has always been way too bulky for being a simple messenger. Imo their architecture was cooked from the start.

    But its not a simple messenger though. If you want something simple, IRC is always available for use.

  • uh, no?

    Uh, yes.

    the chat app does have access to your messages, as I originally said

    What you originally said was gibberish, but I digress. The chat app is open source, so you can evaluate what it's doing with those messages for yourself.

    What you originally said was gibberish, but I digress.

    I don't agree, and additionally when you say I'm wrong I have to pull the reason out of you with pincers.

    The chat app is open source, so you can evaluate what it's doing with those messages for yourself.

    yeah, evaluate what it does at the time of the audit.

  • uh, no?

    Uh, yes.

    the chat app does have access to your messages, as I originally said

    What you originally said was gibberish, but I digress. The chat app is open source, so you can evaluate what it's doing with those messages for yourself.

    What you originally said was gibberish, but I digress.

    I don't agree, and additionally when you say I'm wrong I have to pull the reason out of you with pincers.

    The chat app is open source, so you can evaluate what it's doing with those messages for yourself.

    yeah, evaluate what it does at the time of the audit.

  • This. I know a lot of folks in the fediverse like Matrix, but the user experience feels like yet another platform that started with the platform architecture, and not the end user’s experience.

    Then it gets adopted by a bunch of people who enjoy installing Hannah Montana Linux distros for fun, and no one else.

    the new apps are great and they've replaced the hot part of the encryption code with one in rust, for use in all clients. the web ui is still clunky but generally fine

  • What you originally said was gibberish, but I digress.

    I don't agree, and additionally when you say I'm wrong I have to pull the reason out of you with pincers.

    The chat app is open source, so you can evaluate what it's doing with those messages for yourself.

    yeah, evaluate what it does at the time of the audit.

    but even just your chats on the phone

    This is gibberish.

    when you say I'm wrong I have to pull the reason out of you with pincers.

    You don't. I've given it to you in plain English.

    yeah, evaluate what it does at the time of the audit

    ...yes? They've also had several third-party professional audits.

  • uh, no? on smartphones, yes, but not on computers.

    That's not true. Most operating systems at least have filesystem permissions, and on a lot of Linux distros you additionally get AppArmor or PolKit to further restrict what files a program can read/write.

    Most operating systems at least have filesystem permissions,

    which limits access between files of different users, but does not prevent the zoom app to read your documents, or the cracked game you torrented to read the passwords from your web browser.

    and on a lot of Linux distros you additionally get AppArmor or PolKit to further restrict what files a program can read/write

    on lot of linux distributions where apparmor is active, most processes are unconfined, or at best still have broad access, because the distribution does not ship apparmor profiles for each executable that a user may run.

    same with polkit, except that it's use case is not about defining additional limitations, but about defining what is allowed, to build upon other security systems. so to define whe n to prompt the user permission, whether to ask for a password or just a yes-no question, or whether to just allow something that would otherwise be disallowed if polkit was not in place.

    Additionally, on a lot of linux distributions, umask is set by default so that new files are world readable, and so users can read most of each others files.

    this is also at least the 3rd instance I ask this week, but are we really assuming that the common internet user is using linux? what is the case with other operating systems, like windows? yeah users can't read each others profile directory by default, but nothing prevents program A from reading something written by program B when both are running with the privileges of your user account

    so, sorry but to me it seems that

    • on linux it is possible, but in lots of common cases access is not limited
    • on windows it is not possible, without involving probably enterprise level software
  • I mentioned Linux specifically because something like this is the hardest to set up on Linux. I (wrongly) assumed that since you were complaining about it not existing, you were on a platform where setting these permissions up isn't straightforward. App-specific file-acess permissions are on MacOS out of the box as a configurable setting for all applications (in the system settings menu), and I'm pretty sure Windows 10/11 has something similar in its settings menu as well.

    Edit:
    Also, if we're being pedantic, this is also a setting on both Android and iOS, with Android displaying the option to change access pretty much every time you pick out a file.

    App-specific file-acess permissions are on MacOS out of the box as a configurable setting for all applications (in the system settings menu), and I'm pretty sure Windows 10/11 has something similar in its settings menu as well.

    I don't know about macos, but I doubt that it applies to software that was obtained outside of their app store.

    on windows however, those settings only apply to UWP apps. not .exe and .bat and .msi and .ps programs, but .appx packages that you can install from the Microsoft Store. and installing something from the Microsoft Store does not mean that it'll be sandboxed, lots of regular .exe programs are also distributed there.

    Also, if we're being pedantic, this is also a setting on both Android and iOS, with Android displaying the option to change access pretty much every time you pick out a file.

    those are mobile operating systems, they have been designed with this in mind from the beginning. General purpose desktop computers are very different though, for better or worse. and, as I know, desktop computer users are still not a small minority

  • but even just your chats on the phone

    This is gibberish.

    when you say I'm wrong I have to pull the reason out of you with pincers.

    You don't. I've given it to you in plain English.

    yeah, evaluate what it does at the time of the audit

    ...yes? They've also had several third-party professional audits.

    This is gibberish.

    I don't know what this means. you could have just said "fuck you", plainly, and it wouldn't have made less sense.

  • What is this new Bitchat scam that crypto-bros think is good?

    Technology technology
    6
    7 Stimmen
    6 Beiträge
    0 Aufrufe
    I
    It's fully Bluetooth, so it's not exactly the same as the internet messaging apps
  • 184 Stimmen
    9 Beiträge
    37 Aufrufe
    G
    i used to work for secretary of state police and driver privacy was taken deathly seriously. glad to see alexi’s keeping up the good work.
  • 84 Stimmen
    13 Beiträge
    33 Aufrufe
    M
    It's a bit of a sticking point in Australia which is becoming more and more of a 'two-speed' society. Foxtel is for the rich classes, it caters to the right wing. Sky News is on Foxtel. These eSafety directives killing access to youtube won't affect those rich kids so much, but for everyone else it's going to be a nightmare. My only possible hope out of this is that maybe, Parliament and ACMA (Australian Communications and Media Authority, TV standards) decide that since we need a greater media landscape for kids and they can't be allowed to have it online, that maybe more than 3 major broadcasters could be allowed. It's not a lack of will that stops anyone else making a new free-to-air network, it's legislation, there are only allowed to be 3 commercial FTA broadcasters in any area. I don't love Youtube or the kids watching it, it's that the alternatives are almost objectively worse. 10 and 7 and garbage 24/7 and 9 is basically a right-wing hugbox too.
  • 53 Stimmen
    3 Beiträge
    20 Aufrufe
    B
    There is nothing open about openai, and that was obvious way before they released chatgpt.
  • An earnest question about the AI/LLM hate

    Technology technology
    57
    73 Stimmen
    57 Beiträge
    187 Aufrufe
    ineedmana@lemmy.worldI
    It might be interesting to cross-post this question to !fuck_ai@lemmy.world but brace for impact
  • Mega-BUNDLE Offer

    Technology technology
    2
    2
    0 Stimmen
    2 Beiträge
    19 Aufrufe
    T
    Unlock the ultimate toolkit for entrepreneurs, marketers, and content creators with the AISellers Mega-BUNDLE! This all-in-one package is packed with cutting-edge AI tools, templates, and automation workflows designed to skyrocket your productivity, simplify your sales funnel, and grow your online business—faster than ever before.
  • uBlockOrigin is porting uBOL to iOS and macOS

    Technology technology
    30
    325 Stimmen
    30 Beiträge
    119 Aufrufe
    C
    Will never happen unfortunately
  • Microsoft's AI Secretly Copying All Your Private Messages

    Technology technology
    4
    1
    0 Stimmen
    4 Beiträge
    25 Aufrufe
    S
    Forgive me for not explaining better. Here are the terms potentially needing explanation. Provisioning in this case is initial system setup, the kind of stuff you would do manually after a fresh install, but usually implies a regimented and repeatable process. Virtual Machine (VM) snapshots are like a save state in a game, and are often used to reset a virtual machine to a particular known-working condition. Preboot Execution Environment (PXE, aka ‘network boot’) is a network adapter feature that lets you boot a physical machine from a hosted network image rather than the usual installation on locally attached storage. It’s probably tucked away in your BIOS settings, but many computers have the feature since it’s a common requirement in commercial deployments. As with the VM snapshot described above, a PXE image is typically a known-working state that resets on each boot. Non-virtualized means not using hardware virtualization, and I meant specifically not running inside a virtual machine. Local-only means without a network or just not booting from a network-hosted image. Telemetry refers to data collecting functionality. Most software has it. Windows has a lot. Telemetry isn’t necessarily bad since it can, for example, help reveal and resolve bugs and usability problems, but it is easily (and has often been) abused by data-hungry corporations like MS, so disabling it is an advisable precaution. MS = Microsoft OSS = Open Source Software Group policies are administrative settings in Windows that control standards (for stuff like security, power management, licensing, file system and settings access, etc.) for user groups on a machine or network. Most users stick with the defaults but you can edit these yourself for a greater degree of control. Docker lets you run software inside “containers” to isolate them from the rest of the environment, exposing and/or virtualizing just the resources they need to run, and Compose is a related tool for defining one or more of these containers, how they interact, etc. To my knowledge there is no one-to-one equivalent for Windows. Obviously, many of these concepts relate to IT work, as are the use-cases I had in mind, but the software is simple enough for the average user if you just pick one of the premade playbooks. (The Atlas playbook is popular among gamers, for example.) Edit: added explanations for docker and telemetry