I THINK THE MATRIX CHAT PROTOCOL SUCKS
Conversation
Notices
-
Embed this notice
Essem :skeeter: (esm@wetdry.world)'s status on Saturday, 23-Dec-2023 23:11:04 JST 
Essem :skeeter:
-
Embed this notice
hexaheximal (hexaheximal@blob.cat)'s status on Saturday, 23-Dec-2023 23:10:47 JST 
hexaheximal
(also, special thanks to @Jain for adding such a large character limit here on blob.cat, hence why I chose to use this account for the reply) :blobcathug: likes this. -
Embed this notice
hexaheximal (hexaheximal@blob.cat)'s status on Saturday, 23-Dec-2023 23:10:49 JST
hexaheximal
@hexaheximal @kkarhan @esm I also forgot about the most obvious thing...
Back in the 90s, Bill Gates infamously decided to kill Netscape. He did it because he knew that web apps would make the operating system irrelevant.
While his solution was wrong, he correctly predicted that web apps were going to take over.
Look at all of the desktop apps which are just Electron wrappers now too. It's very common. (and before you say that electron is bad and discard it, which is likely, https://github.com/nukeop/nuclear/blob/master/docs/electron.md)
> Any #E2EE #Messenger with #SelfCustody of all Keys should be considered security-sensitive and thus should not he used as a #WebApp.
This is irrelevant too. Browsers have really good sandboxing nowadays, and on chromium you can even create multiple profiles within the UI. The reality is that, as long as the client-side code can be trusted (reminder that you can self-host element and/or cinny if you don't trust it - I've done that before) as well as the browser itself, it's about the same in terms of security.
You are fighting against reality. -
Embed this notice
hexaheximal (hexaheximal@wetdry.world)'s status on Saturday, 23-Dec-2023 23:10:55 JST 
hexaheximal
@kkarhan @esm Not all chromeos devices do. (e.g. ones where apps are restricted by management), and there are still other scenarios where a web app is the best/only way to do it. #ArgumentValid
-
Embed this notice
Kevin Karhan :verified: (kkarhan@mstdn.social)'s status on Saturday, 23-Dec-2023 23:10:56 JST 
Kevin Karhan :verified:
Any #E2EE #Messenger with #SelfCustody of all Keys should be considered security-sensitive and thus should not he used as a #WebApp.
Also #ChromeOS supports #Android-Apps and if you don't have administrative privilegues on a machine then consider it insecure and nit trustworthy for yourself as a user!
-
Embed this notice
hexaheximal (hexaheximal@wetdry.world)'s status on Saturday, 23-Dec-2023 23:10:57 JST
hexaheximal
@kkarhan @esm Most people (including me) prefer using those kinds of things in a web browser.
Also, obvious counter-argument for the any platform thing: chromeos
-
Embed this notice
Kevin Karhan :verified: (kkarhan@mstdn.social)'s status on Saturday, 23-Dec-2023 23:10:59 JST
Kevin Karhan :verified:
@hexaheximal @esm Why would anyone want that anyway?
There are native #XMPP+#OMEMO client for literally any relevant platform!
https://mstdn.social/@kkarhan/111404942780525408 -
Embed this notice
Essem :skeeter: (esm@wetdry.world)'s status on Saturday, 23-Dec-2023 23:11:00 JST
Essem :skeeter:
@hexaheximal @kkarhan i already use cinny
-
Embed this notice
hexaheximal (hexaheximal@wetdry.world)'s status on Saturday, 23-Dec-2023 23:11:00 JST
hexaheximal
@esm @kkarhan meanwhile, good lucking finding a good web xmpp client. I tried. didn't go well.
-
Embed this notice
Essem :skeeter: (esm@wetdry.world)'s status on Saturday, 23-Dec-2023 23:11:02 JST
Essem :skeeter:
@kkarhan xmpp has almost no good clients and yet the ux is still better with it compared to element or any other matrix client
-
Embed this notice
hexaheximal (hexaheximal@wetdry.world)'s status on Saturday, 23-Dec-2023 23:11:02 JST
hexaheximal
-
Embed this notice
Kevin Karhan :verified: (kkarhan@mstdn.social)'s status on Saturday, 23-Dec-2023 23:11:03 JST
Kevin Karhan :verified:
@esm indeed it does - espechally compared to #XMPP & #Zulip!
-
Embed this notice
:blobcathug: (jain@blob.cat)'s status on Sunday, 24-Dec-2023 01:03:58 JST 
:blobcathug:
@kkarhan @hexaheximal
Ok, the Gaslighting seems to be a issue of the federation...
On our server it looks like the order is: Posted, Edited, Answered.
But that doesnt mean that its the same Order for mstdn.social or even in both of your clients.
I know you both wont agree and you dont need to agree, thats fine. I rather suggest to both of you that you keep in mind that Federation has latency, Edits could easily missed and also certain Clients dont display Threads in a intuitive way.
And just to mention, even if it is Gaslighting, it needs more than just once in a heated discussion so that i take actions. -
Embed this notice
Kevin Karhan :verified: (kkarhan@mstdn.social)'s status on Sunday, 24-Dec-2023 01:03:59 JST
Kevin Karhan :verified:
Also I've reported this as the #Gaslighting you committed!
https://blob.cat/objects/b5d3d551-cddd-4d13-ba7b-a4571aa6b2cd -
Embed this notice
Kevin Karhan :verified: (kkarhan@mstdn.social)'s status on Sunday, 24-Dec-2023 01:04:00 JST
Kevin Karhan :verified:
4. It's easier to audit a small, native app and even sandbox it into a single user that has literally 0 privilegues because a higher layer that doesn't allow said user to interact with it constricts it.
[Thats's literally done with #Webservers and #Databases where they're run as dedicaded users which have no privilegues excpet their own use-cases
-
Embed this notice
Kevin Karhan :verified: (kkarhan@mstdn.social)'s status on Sunday, 24-Dec-2023 01:04:01 JST
Kevin Karhan :verified:
@hexaheximal@blob.cat @protonmail @esm @hexaheximal
3. Why would I want to self-host #Matrix when it doesn't provide me with any convincing benefits compared to #Zulip, #XMPP+#OMEMO or even #IRC.
-
Embed this notice
Kevin Karhan :verified: (kkarhan@mstdn.social)'s status on Sunday, 24-Dec-2023 01:04:03 JST
Kevin Karhan :verified:
@hexaheximal@blob.cat @protonmail @esm @hexaheximal@wetdry.world
YOU LITERALLY EDITEC THAT POST AFTER I REPLIED TO YOU!
Now fuck off asshole!
https://blob.cat/objects/571db7e3-9625-431c-bdd1-22c3d71a7726
-
Embed this notice
hexaheximal (hexaheximal@blob.cat)'s status on Sunday, 24-Dec-2023 01:04:04 JST
hexaheximal
@kkarhan @protonmail @esm @hexaheximal the fact that you avoided responding to points 3 and 4 really says a lot. -
Embed this notice
Kevin Karhan :verified: (kkarhan@mstdn.social)'s status on Sunday, 24-Dec-2023 01:04:05 JST
Kevin Karhan :verified:
@hexaheximal@blob.cat @protonmail @esm @hexaheximal@wetdry.world
1. People said the same about #CryptoAG...
And sadly my gut feeling and the Intel I get is way more reliable than marketing lies.
Let's just say if I was wrong I'd already be dead a dozen times...
2. It's not dead, because I can just open it, even on Mobile. -
Embed this notice
hexaheximal (hexaheximal@blob.cat)'s status on Sunday, 24-Dec-2023 01:04:06 JST
hexaheximal
@kkarhan @esm @hexaheximal @protonmail
1. ProtonMail is not a honeypot. No idea where you got that from.
2. Dead onion link. I actually went out of my way to try it but it lead to nowhere.
3. I already told you that you can simply self-host Element and Cinny.
4. Now, consider, what if a native app does something malicious that's not possible in a browser sandbox. ;) -
Embed this notice
Kevin Karhan :verified: (kkarhan@mstdn.social)'s status on Sunday, 24-Dec-2023 01:04:08 JST
Kevin Karhan :verified:
@hexaheximal@blob.cat @esm @hexaheximal@wetdry.world
So yeah, don't trust any #WebApp where it's trivial to siphon away credentials.
And don't trust any #Service, because they WILL LIE TO YOU just like the #Honeypots of #ANØM and @protonmail did/still do.
Keep your keys in self-custody and encryption as well as decryption locally or don't even bother at all!
And I'd certainly not do critical comms from an insecure device where I don't have full control!
http://dreadytofatroptsdj6io7l3xptbet6onoyno2yv7jicoxknyazubrad.onion/post/547af5650b3853a3b24e
-
Embed this notice
Kevin Karhan :verified: (kkarhan@mstdn.social)'s status on Sunday, 24-Dec-2023 01:04:09 JST
Kevin Karhan :verified:
@hexaheximal@blob.cat @esm @hexaheximal@wetdry.world Like #Atlassian & #Adobe & #Autofesk before them, #Microsoft is working hard to forcibly #Subscription-ize & #Cloud-ify (aka. #Enshittify) their products and subsequently cancel any #OneTimePurcase, #OnPremise / #SelfHosting and #LocalInstall options until there's only #Microsoft365 / #Office365 as a #WebApp with no control over anything whatsoever...
And OFC that'll be weaponized against anyone and everyone!
https://twitter.com/frank_rieger/status/999319383917957121 -
Embed this notice
Kevin Karhan :verified: (kkarhan@mstdn.social)'s status on Sunday, 24-Dec-2023 01:04:10 JST
Kevin Karhan :verified:
@hexaheximal@blob.cat @esm @hexaheximal@wetdry.world Shit like #Discord is an abomination and #Microsoft only won because regulators are systematically dysfunctional, corrupt and staffed with #TechIlliterates, otherwise all the #GAFAMs, #Adobe and #Autodesk among others would've been forcibly disbanded the same way #StandardOil was.
Microsoft feared #Linux but nowadays they basically gave up on #Desktop and #Server OSes since #Xbox, #Office365 & #Azure make the real profits & margins!
https://blob.cat/objects/29e2ce65-026f-4fb6-aa2a-2de2c1ebe4c5
-
Embed this notice
Kevin Karhan :verified: (kkarhan@mstdn.social)'s status on Sunday, 24-Dec-2023 01:04:11 JST
Kevin Karhan :verified:
@hexaheximal@blob.cat @esm @hexaheximal@wetdry.world ...and even if we think local #WebApps are a legitimate way to handle sensitive comms - they ain't but let's just assume they are for the sake of argument - WHY would you do anything beyond a .desktop file that includes startup parameters for #Firefox (or even #Chrome if you're that kind of Cyber-Masochist!) that specify the browser, and the file to load.
Because any good #WebApp should be reduceable as #HTML5 + #JS6 + #CSS3 and measured in kB or maybe a few MB.
-
Embed this notice
Kevin Karhan :verified: (kkarhan@mstdn.social)'s status on Sunday, 24-Dec-2023 01:04:12 JST
Kevin Karhan :verified:
@hexaheximal@blob.cat @esm @hexaheximal@wetdry.world
You may call me a #minimalism evangelist buteverytime something that could've been barely Megabytes as an #AppImage, #FlatPak, #Snap or Kilobytes as a #CLI tool instead shoves yet another entire half gig copy of the #Bloatware-#Browser that is #Chromium onto the Desktop despite using not even 0,1% of it's featureset
I call this a systemic failure in Software Architecture.
Browsers are the most attacked applications on #Linux beyond CMSes and Webservers...
-
Embed this notice
All GNU social JP content and data are available under the