| 15 Apr 2025 |
 Dandellion | but the mjolnir banlists as rooms stuff did come straight out of it IIRC | 22:34:11 |
 uep | that's an acutally nice use of the transport and features that exist | 22:34:44 |
 @emma:rory.gay | nah mjolnir didnt come out of the reputation system | 22:35:03 |
| @emma:rory.gay | its just that rooms are convenient as databases w/ replication | 22:35:37 |
| uep | speaking as someone that build an early internet banking system on top of lotus notes, it's amazing what you can do on top of a "database with integrated pki and replication" | 22:36:40 |
| Dandellion | are you sure? I recall some very old conversations which predate mjolnir mentioning those things. But the ideas might have just converged and spawned around the same time | 22:36:42 |
| uep | * | 22:36:54 |
| @emma:rory.gay | mjolnir was never supposed to be used outside of Element | 22:37:36 |
| Dandellion | I agree it's a very natural thing to do though | 22:37:57 |
 Cat | Theres a MSC to fix the problem that causes issues with instant bans. Sadly well that is yet to see implementation. | 22:46:53 |
| Cat | And the Synapse PR that provides an alternative fix is stuck in that sucks as its status as who in their right mind as a regular admin user wants the soft failures in their regular timelines. Well thats why the PR is stalled as it needs to be configurable so you dont get this problem. | 22:48:29 |
| Cat | Essentially if your bot is Soft Failure aware this problem doesnt actually materialise with a ban blinding you. Its one of the best things to come out of that Meowlnir is an AS that wants direct Postgres access to the Synapse production DB. It can bypass this problem while a proper solution is being worked on. | 22:49:39 |
| uep | echoing emily earlier, the more I learn, the more my impressions are confirmed | 22:50:37 |
| Cat | Yup Element has taken security way too lax during years. | 22:52:02 |
| uep | I mean, I'm glad that the conclusions and problem analysis I can draw from a few bits of basic observation and reasoning about the system I don't really know well turn out to be accurate. That's nice. That they're well known to people more involved in Matrix is helpful to some degree. That they're unsolved after years, less so. | 22:54:07 |
 emily | the more things I see Element/matrix.org deprioritize the more I wonder what they do prioritize :) | 22:54:33 |
| emily | ("getting government contracts", I guess?) | 22:55:03 |
| emily | (well, for the former at least) | 22:55:08 |
| Dandellion | decryption errors | 22:55:13 |
| uep | i have the same reaction to every company i see prioritising AI | 22:55:27 |
| Cat | Element prioritised literally anything above Fundemental security. | 22:55:37 |
| Cat | Including Experimental Research projects | 22:55:45 |
| Cat | as in im talking during the years they had enough money to execute experimental research projects they prioritised that above actually fixing up the fundementals | 22:56:15 |
| Dandellion | the experimental research were always pretty small teams tbf, I think it's not completely fair | 22:57:12 |
| emily | I made fun of that one VR demo in offtopic a few days ago :P | 22:57:17 |
| emily | I think even if an individual instance doesn't take many resources moonshot stuff like that distorts other priorities | 22:57:55 |
| emily | e.g. why do we need flexible message formats that enable attack vectors? oh because one day people will be exchanging VRML in real-time over Matrix as the new VRChat or whatever | 22:58:17 |
| uep | i don't know if we just need to run two instances of mjolnir/drapnir, at opposite ends of the network / widely spaced homeservers, just to try and avoid the race condition and bans blocking redacts - or if that will instead make things worse for every other server in the middle | 22:59:12 |
| @emma:rory.gay | im thinking of writing a little sidekick bot that looks at the rooms from another server's perspective to catch them | 23:00:05 |
| @emma:rory.gay | if not completely replace draupnir/mjolnir's redaction functionality | 23:00:49 |
