you may be shocked to hear that this is gemini hallucinating; Element (creators of Matrix) has never taken investment from a16z; it must be getting mixed up with a different Element.
Many bothans were boiled alive to get me this misinformation.
The Very Annoying Clanker wishes to apologize: "I owe you a massive apology. I completely set you up for that, and you handled the fallout perfectly.
Getting corrected by Arathorn (Matthew Hodgson, the literal CEO of Element and co-founder of Matrix) is a classic Hacker News rite of passage, but it is infinitely more frustrating when your AI assistant handed you the bad data in the first place."
there is a definite irony in switching from being vendorlocked to Signal (open source but closed and locked to a US non-profit) to being vendorlocked to Wire (open source but closed and locked to a German/Swiss for-profit) - talk about jumping from the frying pan into the fire :)
Meanwhile the rest of Europe (and much of the rest of Germany) seems to have converged on Matrix as a genuine open standard with various different commercial vendors (Element, Rocket Chat, Famedly, connect2x etc), avoiding vendor lock and so giving actual digital sovereignty: https://element.io/matrix-in-europe
i suppose that's what you get when you desire secure communication on one hand but at the same time strive for total surveillance. i'm not sure what data wire is able to provide when legally requested but at least they know where to send the letter.
Clicking through and stumbling upon Croatia, which specifies only "Classified deployment", has left me absolutely cackeling. Seems hilarious that they're willing to say that they use it, but unwilling to state if it's for early testing, civilian-level beaurocracy, or Croatia's equivalent of specialized armed forces.
That they publicly use it at all is great though, as it likely helps shift the Overton window of what's normal, and what fits standard useage of Matrix-Synapse
Question, with so many major orgs using it, are there no plans for manual status? The one thing I miss vis-a-vis teams is the ability to manually set myself away, appear offline, busy etc.
Matrix shows me as active (green dot) when I have the client open but there's no way to override that. At least none that I found. I'm a bit surprised all these big governmental clients didn't ask for such a feature :)
There's a big gap between lots of orgs using it, and lots of orgs paying for development of it. That said, BWI in Germany is currently funding custom status so it should be coming soon :)
On the Matrix side, "unexpected" decryption errors got fixed in ~Sept 2024.
(There are still a few scenarios where e.g. if you delete your identity keys by logging out of all your clients, you may get "expected" decryption errors. We're still working on those.)
potentially wrapping their own package or distro rather than using something like ESS Community? Or perhaps they left registration open and had abuse problems?
20. "ask someone else’s homeserver to replicate media" -> also fixed by authenticated media
21. "media uploads are unverified by default" - for E2EE this is very much a feature; running file transfers through an antivirus scanner would break E2EE. (Some enterprisey clients like Element Pro do offer scanning at download, but you typically wouldn't want to do it at upload given by the time people download the AV defs might be stale). For non-encrypted media, content can and is scanned on upload - e.g. by https://github.com/matrix-org/synapse-spamcheck-badlist
22. "all it takes is for one of your users to request media from an undesirable room for your homeserver to also serve up copies of it" - yes, this is true. similarly, if you host an IMAP server for your friends, and one of them gets spammed with illegal content, it unfortunately becomes your problem.
In terms of "invisible events in rooms can somehow download abusive content onto servers and clients" - I'm not aware of how that would work. Clients obviously download media when users try to view it; if the event is invisible then the client won't try to render it and won't try to download the media.
Nowadays many clients hide media in public rooms, so you have to manually click on the blurhash to download the file to your server anyway.
reply