| 15 Apr 2025 |
 Cat | Theres a MSC to fix the problem that causes issues with instant bans. Sadly well that is yet to see implementation. | 22:46:53 |
| Cat | And the Synapse PR that provides an alternative fix is stuck in that sucks as its status as who in their right mind as a regular admin user wants the soft failures in their regular timelines. Well thats why the PR is stalled as it needs to be configurable so you dont get this problem. | 22:48:29 |
| Cat | Essentially if your bot is Soft Failure aware this problem doesnt actually materialise with a ban blinding you. Its one of the best things to come out of that Meowlnir is an AS that wants direct Postgres access to the Synapse production DB. It can bypass this problem while a proper solution is being worked on. | 22:49:39 |
 uep | echoing emily earlier, the more I learn, the more my impressions are confirmed | 22:50:37 |
| Cat | Yup Element has taken security way too lax during years. | 22:52:02 |
| uep | I mean, I'm glad that the conclusions and problem analysis I can draw from a few bits of basic observation and reasoning about the system I don't really know well turn out to be accurate. That's nice. That they're well known to people more involved in Matrix is helpful to some degree. That they're unsolved after years, less so. | 22:54:07 |
 emily | the more things I see Element/matrix.org deprioritize the more I wonder what they do prioritize :) | 22:54:33 |
| emily | ("getting government contracts", I guess?) | 22:55:03 |
| emily | (well, for the former at least) | 22:55:08 |
 Dandellion | decryption errors | 22:55:13 |
| uep | i have the same reaction to every company i see prioritising AI | 22:55:27 |
| Cat | Element prioritised literally anything above Fundemental security. | 22:55:37 |
| Cat | Including Experimental Research projects | 22:55:45 |
| Cat | as in im talking during the years they had enough money to execute experimental research projects they prioritised that above actually fixing up the fundementals | 22:56:15 |
| Dandellion | the experimental research were always pretty small teams tbf, I think it's not completely fair | 22:57:12 |
| emily | I made fun of that one VR demo in offtopic a few days ago :P | 22:57:17 |
| emily | I think even if an individual instance doesn't take many resources moonshot stuff like that distorts other priorities | 22:57:55 |
| emily | e.g. why do we need flexible message formats that enable attack vectors? oh because one day people will be exchanging VRML in real-time over Matrix as the new VRChat or whatever | 22:58:17 |
| uep | i don't know if we just need to run two instances of mjolnir/drapnir, at opposite ends of the network / widely spaced homeservers, just to try and avoid the race condition and bans blocking redacts - or if that will instead make things worse for every other server in the middle | 22:59:12 |
 @emma:rory.gay | im thinking of writing a little sidekick bot that looks at the rooms from another server's perspective to catch them | 23:00:05 |
| @emma:rory.gay | if not completely replace draupnir/mjolnir's redaction functionality | 23:00:49 |
| @emma:rory.gay | * if not completely replace draupnir/mjolnir's redaction functionality with something that is capable of using synapse workers | 23:01:05 |
| uep | * | 23:01:23 |
| emily | it seems like the fundamental problem is that we want nixos.org to be a blocking, authoritative, single point of failure for message delivery, for moderation reasons. we suffer from not having it and also basically don't benefit in almost any way from avoiding it | 23:01:44 |
| emily | but that's fundamentally antithetical to Matrix's architecture | 23:01:53 |
| emily | that's not even about federated identity per se, it's about rooms themselves being distributed/leaderless | 23:02:11 |
| uep | not really, but almost | 23:02:16 |
| emily | e.g. I don't think XMPP groups work like that? | 23:02:18 |
| Dandellion | you're right | 23:02:24 |
| @emma:rory.gay | xmpp groups are fully centralsied with decentralised IDs | 23:02:41 |
