fsebugoutzone.org:9999

       Post ApabR2hInmJvdWLGMq by Forbearance@mastodon.xyz
 (DIR) More posts by Forbearance@mastodon.xyz
 (DIR) Post #ApaYzPGf5o6JcWZk9o by strypey@mastodon.nzoss.nz
       2024-12-31T01:01:24Z
       
       0 likes, 0 repeats
       
       &quot;Honestly, it is insanely exciting to see Matrix having evolved from the &#39;good enough for enthusiastic geeks&#39; to the &#39;wow, this feels better than Signal&#39; phase that we’re entering now. Meanwhile, matrix-rust-sdk is tracking all the latest Matrix 2.0 work, so any client built on matrix-rust-sdk (Fractal, Element X, iamb, etc) can benefit from it immediately.&quot;@matthew, #JoshSimmons, 2024https://matrix.org/blog/2024/12/25/the-matrix-holiday-special-2024/#continue-reading(1/2)#chat #Matrix #Matrix2
       
 (DIR) Post #ApaZA5iu6C2aBose5Q by Forbearance@mastodon.xyz
       2024-12-31T01:03:23Z
       
       0 likes, 0 repeats
       
       @strypey @matthew have they killed the Library of Olms?An irate blue wolf told me that Matrix was afflicted with a Library of Olms and we shouldn&#39;t use it
       
 (DIR) Post #ApaZGt1ZiA7updr08e by strypey@mastodon.nzoss.nz
       2024-12-31T01:04:36Z
       
       0 likes, 0 repeats
       
       &quot;There’s also some really exciting matrix-rust-sdk improvements on the near horizon in the form of the long-awaited persistent event cache, which will accelerate all event operations enormously by avoiding needless server requests, as well as providing full offline support.&quot;#MatthewHodgson, #JoshSimmons, 2024https://matrix.org/blog/2024/12/25/the-matrix-holiday-special-2024/#continue-reading(2/3)
       
 (DIR) Post #ApaZuaf1PGxnSeEknQ by strypey@mastodon.nzoss.nz
       2024-12-31T01:11:49Z
       
       0 likes, 0 repeats
       
       This is all great news. I&#39;m keen to recruit some locals for head-to-head #testing of decentralised chat, and write up the results. Looking at both performance and UX, on a range of criteria. I&#39;m open to suggestions for evaluation criteria.A logical place to start would be XMPP vs. @matrix. To get a fair comparison, I&#39;m open to suggestions on the best of breed server+app combo for each protocol. For XMPP I&#39;m presuming that&#39;s still @snikket_im, for Matrix presumably Synapse+Element.(3/3)
       
 (DIR) Post #ApaathAtnlE3KSHhOC by Forbearance@mastodon.xyz
       2024-12-31T01:07:16Z
       
       0 likes, 0 repeats
       
       @drwho @strypey @matthew there was an attempt https://matrix.org/blog/2024/08/libolm-deprecation/
       
 (DIR) Post #ApaatiUQucRfPKQoTY by strypey@mastodon.nzoss.nz
       2024-12-31T01:22:50Z
       
       0 likes, 0 repeats
       
       @Forbearance &gt; An irate blue wolf told me that Matrix was afflicted with a Library of Olms and we shouldn&#39;t use itThis person is spreading FUD.&quot;The CVEs have since been edited post-submission to conflate libolm with the Olm protocol itself. A genuine protocol vulnerability would be much more serious so we are working with MITRE to clarify.&quot;https://matrix.org/blog/2024/08/libolm-deprecation/libolm has been formally deprecated in favour of a new Olm library.#Matrix #Olm #LibOlm #vodozemac@drwho @matthew
       
 (DIR) Post #ApabGGmA7PII79TiCW by strypey@mastodon.nzoss.nz
       2024-12-31T01:26:56Z
       
       0 likes, 0 repeats
       
       @drwho &gt; There are any other Matrix clients?So far, a couple of dozen, including Thunderbird, Chatrix for WordPress, and and an official GNOME client (Fractal);https://matrix.org/ecosystem/clients/@matrix
       
 (DIR) Post #ApabR2hInmJvdWLGMq by Forbearance@mastodon.xyz
       2024-12-31T01:28:52Z
       
       0 likes, 0 repeats
       
       @strypey @drwho @matthew ok but the wolf said a bunch of projects haven&#39;t yet bothered to replace the afflicted Library of OlmsI am afraid, uncertain, and doubtful
       
 (DIR) Post #ApabY6pxoDV6VDlMg4 by faoluin@chitter.xyz
       2024-12-31T01:30:09Z
       
       0 likes, 0 repeats
       
       @strypey @drwho @matrix How many of them still use libolm, which has known vulnerabilities? Last I heard, that was everyone except Element.
       
 (DIR) Post #Apac7lAFrgsJi8Fm88 by strypey@mastodon.nzoss.nz
       2024-12-31T01:36:38Z
       
       0 likes, 0 repeats
       
       @Forbearance &gt; I am afraid, uncertain, and doubtfulThen the FUD has given you its mindworms. The cure is education. Read the linked blog post, which explains the situation is more detail.&gt; a bunch of projects haven&#39;t yet bothered to replace the afflicted Library of Olms&quot;all versions of Element, Element X, Fractal, iamb and other matrix-rust-sdk based clients and their forks already use vodozemac, and platforms using matrix-js-sdk can also use vodozemac instead of libolm&quot;@drwho @matthew
       
 (DIR) Post #ApacE5QnQV1gIx0WKu by strypey@mastodon.nzoss.nz
       2024-12-31T01:37:47Z
       
       0 likes, 0 repeats
       
       @faoluin &gt; How many of them still use libolm, which has known vulnerabilities? Last I heard, that was everyone except ElementSee;https://mastodon.nzoss.nz/@strypey/113744871328491500Or read the full explainer here;https://matrix.org/blog/2024/08/libolm-deprecation/
       
 (DIR) Post #ApadKZxYw28Qg8zdtw by Forbearance@mastodon.xyz
       2024-12-31T01:50:06Z
       
       0 likes, 0 repeats
       
       @strypey @drwho @matthew Hooray!
       
 (DIR) Post #ApagR6Y6yrX7LxtN0C by faoluin@chitter.xyz
       2024-12-31T02:24:51Z
       
       0 likes, 0 repeats
       
       @strypey So a few more than what I heard last, but certainly not all of the ones listed on the clients page, not even a majority.
       
 (DIR) Post #Apahm6FbNyOGSkoFay by strypey@mastodon.nzoss.nz
       2024-12-31T02:39:57Z
       
       0 likes, 0 repeats
       
       (1/2)@faoluin &gt; certainly not all of the ones listed on the clients page, not even a majorityAre you sure? I presume that the majority of clients, including those listed on the Matrix Foundation website, use either matrix-rust-sdk or matrix-js-sdk+vodozemac as their Matrix library, not libolm.
       
 (DIR) Post #ApahoeUH480XE0tCOu by strypey@mastodon.nzoss.nz
       2024-12-31T02:40:18Z
       
       0 likes, 0 repeats
       
       (2/2)But I admit I haven&#39;t looked into that in detail, since given the full context the whole thing seems like a storm in a teacup;&quot;... in the context of Matrix, libolm is currently safe to use in a practical sense (with the above caveats). However, we strongly encourage all app developers to chart a path away from libolm in favour of vodozemac.&quot;
       
 (DIR) Post #ApahzoXk1BxHb9pjsW by strypey@mastodon.nzoss.nz
       2024-12-31T02:42:26Z
       
       0 likes, 0 repeats
       
       (2/2)I admit I haven&#39;t looked in detail, since given the full context, the whole thing seems like a storm in a teacup;&quot;... in the context of Matrix, libolm is currently safe to use in a practical sense (with the above caveats). However, we strongly encourage all app developers to chart a path away from libolm in favour of vodozemac.&quot;In summary, the security issues are theoretical more than practical, the solution is to switch to a supported library, and the most popular apps already have.
       
 (DIR) Post #ApbWjDqNnEMoo3OmIq by faoluin@chitter.xyz
       2024-12-31T12:10:41Z
       
       0 likes, 0 repeats
       
       @strypey Of the five recommended clients listed on here:https://matrix.org/ecosystem/clients/✅ Element✅ Element X❌ Fluffy Chat❌ Nheko❌ CinnyI haven&#39;t checked the others, but my guess is that most of them are still using libolm because most are not as well-resourced as the Matrix team and have yet to convert their apps over.