[HN Gopher] Germany's national healthcare system adopts Matrix f...
___________________________________________________________________
Germany's national healthcare system adopts Matrix for
communication
Author : Arathorn
Score : 434 points
Date : 2021-07-21 13:57 UTC (9 hours ago)
(HTM) web link (matrix.org)
(TXT) w3m dump (matrix.org)
| kragen wrote:
| This is wonderful! I've been using Matrix for the last several
| months for work, and it's mostly a huge improvement over that
| vile ransomware Slack. Especially Gomuks is a huge improvement.
|
| One drawback I've been suffering is that I can't figure out how
| to keep logs. Our server had a failure and was down for a day, so
| Element on my phone decided it should forget all its keys (and
| also my password). Now I've lost access to all the past channel
| logs on our E2E channels, and it seems like nobody on the channel
| has a version they can usably copy and paste; Element in
| particular doesn't allow you to copy and paste large chunks of
| chat history because, when you scroll back a lot, the chunks that
| are scrolled out of view cease to exist (from the point of view
| of the copy-paste buffer).
|
| Also gomuks deleted all my session information when my local disk
| got full. Maybe I should try Bitlbee?
|
| So, there are still a lot of rough edges! But there's a path to
| getting them fixed, since it's free software and an open protocol
| spec. Hopefully the German government will be a good collaborator
| in contributing improvements!
| Arathorn wrote:
| https://github.com/russelldavies/matrix-archive is your best
| bet for exporting conversations right now. There's a GSoC
| project ongoing to build something like this into Element Web
| too so you can just hit "download" on a room and export it all
| nicely.
| kragen wrote:
| Thank you! Should I report the fact that Element on my phone
| deleted all its session keys due to some kind of server
| hiccup (the server was incorrectly reporting incorrect-
| password stuff, probably because A. was reinstalling it and
| hadn't restored the user database yet) as a bug? Certainly
| deleting all my past conversations and my encryption keys
| when there's a temporary server failure, is not the behavior
| _I_ desire, but maybe it 's by design?
|
| (In that particular case, it resulted in me losing the
| address where I had to go that afternoon, which was in a
| Matrix chat message on my phone, before Element peremptorily
| deleted all my past messages with no confirmation.
| Fortunately I was able to remember enough of the address to
| get close enough...)
| Arathorn wrote:
| I've filed https://github.com/matrix-org/matrix-
| doc/issues/3290; unfortunately this is a spec issue (the
| current spec mandates that any 401 error is treated as the
| server telling the client to do a hard logout. i propose it
| should do a soft logout by default instead, thus preserving
| local data).
| pkulak wrote:
| Why would a server failure 401? The spec seems reasonable
| to me. This looks like some kind of proxy setup mistake,
| maybe?
| kragen wrote:
| I haven't asked A., but as I said, I suspect she was
| reinstalling the server from scratch, and hadn't yet
| gotten to the part where she restored the database from
| backups. So all login attempts were failing. I didn't yet
| realize there was a server problem, myself. I thought
| Element on my phone was failing and that I was
| misremembering the password when I tried to log in from
| the browser.
|
| Generally, though, regardless of how it happened, from my
| perspective it's a security vulnerability if there's
| _anything_ the server can send that will wipe data from
| the client. So the spec doesn 't seem reasonable to me. I
| want to use a client that keeps my data safe from server
| malfunctions, whether accidental or intentional.
| kragen wrote:
| Thanks! Yeah, it was an extremely rude awakening, and
| I've lost months of logs of conversations that I thought
| were securely in my possession. From my point of view, if
| there's _anything the server that can do_ that will cause
| my client to delete data, that 's a security hole in the
| client that should be fixed--I want to run a client that
| is a _user agent_ , serving my interests as a user, not a
| server agent, acting on behalf of the server. It seems
| like the authors of the spec had the opposite perspective
| on this?
|
| Of course a DHTML web page _is_ a server agent; it 's
| just a convenient way for the server to get better
| responsiveness and resilience against network failures.
| It relies on the server completely for its integrity--the
| server can inject whatever code it wants. So the server-
| agent mindset is understandable for a team that started
| out developing a DHTML web page. But a phone or desktop
| app doesn't have to work that way; it can protect the
| user from malicious servers. And, I think, it should.
| stjohnswarts wrote:
| I wished more open source projects used it, everyone and their
| cat is using discord :(
| kragen wrote:
| It's ridiculous! Discord isn't not only non-open-source--you
| can't even run your own server! (They pretend you can, but a
| Discord "server" is really just a virtual server running on
| somebody else's computer.)
| Artistry121 wrote:
| I have been having this issue as well with the exporting of
| data and it looks like it was just solved below. Thanks!
|
| The crazy thing is how happy lots of companies seems to be to
| giving slack access to all of their communication and API
| access to all of their other tools. And I'm very excited for
| when the tool that connects all these tools, which matrix
| should be, can be owned by the people using it rather than the
| company providing the service.
| throawayclose wrote:
| Great! now they only need to fix the problem of doctors giving
| preference to private health insurance vs public health
| insurance. Or the problem of doctors systematically rejecting
| immigrants to be their GP or even giving them an appointment.
| cyberpunk wrote:
| My private healthcare is substantially cheaper than the state
| one my SO has too...
| oaiey wrote:
| Wait till you are older
| johnchristopher wrote:
| Great [0] !
|
| Anyone can comment on how this is going to be used ? What are
| people using matrix for in the German healthcare system context ?
| The full plan document is in German (which I don't speak).
|
| [0] and you can check out my history to see I am not a die hard
| matrix fan, far from it.
| Semaphor wrote:
| It's a very dense document. But from a quick glance, it's
| eventually (there are 3 levels of functionality that will be
| developed over time) supposed to be an asynchronous version of
| telephone calls between pretty much everyone in health care,
| including patients. Also Broadcasting, secure document sharing,
| and connections to medical devices.
| throwawayboise wrote:
| Wasn't there a city in Germany that to some fanfare moved all of
| their office IT to linux, and then a few years later switched
| back to Windows?
| c-st wrote:
| Yes, that was Munich with its LiMux project.
|
| Incidentally and possibly unrelated, the project was abandoned
| after Microsoft moved their headquarters back into Munich.
| summm wrote:
| It was Munich, the project was called Linux. Their previous
| mayor (Ude, social democrat) started the Linux project. The
| next mayor, Reiter, also a social democrat, even called himself
| a Microsoft fan and cancelled it against all advice. Suddenly
| Microsoft moved their Germany headquarters from a suburb to the
| city, so you go figure. Also, there were some internal power
| struggles between departments and some obvious mismanagement.
| Conservatives always have supported Microsoft, and the G, as
| usual, had no clue about tech and first supported Microsoft,
| but now claim to always have supported open source... Total
| shitshow.
| oaiey wrote:
| Sounds like new CEO comes in and moves IT to his personal
| preference but leaves later before the move finished.
|
| Sounds familiar? ;)
| rjzzleep wrote:
| TI is Telematik Infrastruktur. So TI-Messenger is just a
| messenger running on the VPN used for patient-data.
|
| It's good to see this happening. One of the biggest German
| healthcare contractors - famous for terrible code - had managed
| to creep their S/MIME demo implementation derivative code as a
| standard for secure communication in the healthcare world. With a
| MITM at each Kassenaerztliche Vereinigung(i.e. the people that
| represent the doctors and that charge ~2% per transaction for
| charging the public insurance companies). So it's unaudited "E2E"
| with a MITM by design. Given the complexity of this codebase, I
| do hope that they just use it unmodified.
|
| EDIT: one of the reasons why the KVs rolls/ed their own is
| because of inherent distrust between the physicians or the
| institution representing them and the governments health ministry
| getting that data. They believe that the government is
| incentivizing hospitals to take over physicians share of the
| cake. I wouldn't say that the distrust is misplaced, but
| unfortunately these crappy half baked own solutions born out of
| nepotism don't help their case.
| dmos62 wrote:
| As a sidenote, it's crazy how bad some of the government IT
| projects are. In the country I'm thinking of I'm pretty sure
| corruption plays a big role in it, but even so, you have to be
| very illiterate in IT for it to not be obvious that the
| contractor didn't do their job. I guess a lot of the
| administrators responsible for evaluating the project's status
| are too old to have grown up with internet and computers around
| them.
| rjzzleep wrote:
| I think there's a lot of corruption there, but it goes beyond
| that. Government IT consulting is a very exclusive niche
| that's hard to get into.
|
| None of the managers are willing to risk losing an IT
| contractor/or product no matter how terrible they/it are/is.
| There are basically two IT choices that they do:
|
| 1. Choose a really big expensive company that is in
| Gartner(they do have the best dinners though, also you get to
| travel business class to visit them for seminars).
|
| 2. Choose someone that they know through somebody. It's quite
| amazing that Matrix has managed to get as much government
| traction as it has. I've seen a person not willing to kick
| out a product where I had to walkthrough the creator of it on
| a Teamviewer on how to debug his own app in the web
| inspector, and it was unable to display pdfs if they were in
| landscape(for years). And everyone knew they were bad, the
| managers would joke about it.
|
| As they say, nobody ever got fired for buying IBM. These
| people are absolutely terrified of making a bad decision that
| may cost them a promotion in the future.
| javajosh wrote:
| It's not really corruption. It's moral hazard, and its
| self-reenforcing. The moral hazard is that the people
| paying for the solution don't make it and don't support it.
| They make poor decisions based on what they can _see_ and
| don 't know enough to ask deeper, relevant questions about
| complexity. It's self-reenforcing because the kinds of
| people who _do_ know enough to ask deeper, relevant
| questions usually have little interest the work of keeping
| fundamentally broken systems alive on life support, and
| their thoughtful improvements will go unnoticed or worse,
| taken as evidence of incompetence. (I suppose the value
| proposition of some companies is that they can do both; I
| have doubts that that has ever happened.)
| dmos62 wrote:
| I'm having a hard time understanding this dynamic. I just
| can't imagine a professional environment like this. I feel
| like people involved at all stages should understand that
| they're doing the wrong thing.
| KaoruAoiShiho wrote:
| They don't have the knowledge / skillset to do the right
| thing.
| wil421 wrote:
| Ignorance is bliss in Government IT.
| You-Are-Right wrote:
| Can you please post URL to relevant analysis / sources? Thanks
| very much!
| meibo wrote:
| Happy to hear there apparently are people that can make sensible
| technical decisions in German government.
|
| Realistically there weren't a lot of choices other than Matrix
| though, looking at what the law demands.
| corty wrote:
| Well, they could still have opted for something proprietary,
| weird and broken. See for example the De-Mail desaster[0] and
| the beA desaster[1]. Both supposedly better and secure
| email/messenger replacements with huge problems like lacking
| end-to-end encryption, design problems, laughably lacking
| security, high cost, low adoption (except were required by
| law), no usability, etc.
|
| I'm really glad that at least someone here might have learned
| from those mistakes.
|
| [0] https://de.wikipedia.org/wiki/De-Mail
| https://netzpolitik.org/2015/de-mail-das-tote-pferd-wird-wei...
|
| [1]
| https://de.wikipedia.org/wiki/Besonderes_elektronisches_Anwa...
| GoblinSlayer wrote:
| Didn't they force a backdoor on tutanota e2ee? Why do they
| suddenly allow matrix?
| corty wrote:
| E2EE isn't forbidden per se. But if you are a public
| communication provider over a certain size you need to
| provide access upon request if technically possible. It
| isn't really clear even in the case of Tutanota if they
| fall into that regulation, however, they had to
| preliminarily comply anyways:
| https://www.heise.de/news/Gericht-zwingt-Mailprovider-
| Tutano...
|
| Healthcare providers operating a Matrix server won't be
| communication providers to the public, and if they aren't
| using a web client or some similar crap, breaking E2EE
| won't be possible. Webmail providers claiming E2EE like
| Tutanota are imho liars anyways, because Javascript on a
| website isn't a secure "end" for the encryption.
|
| So use client software that isn't attacker controlled
| easily, keep your keys private, only encrypt to trustworthy
| keys and you'll be fine. Matrix ticks all those boxes if
| you don't use the web client. And the only legal way in for
| German law enforcement would be to infect your device with
| some trojan ("Bundestrojaner", like e.g. NSO Pegasus).
| germanier wrote:
| German government IT is far removed from being a monolithic
| entity. There are a lot of different actors involved with
| different priorities.
|
| In this case law enforcement can simply request the data
| (as long as such a request is legal) at either end. No need
| to attack the connection in between.
| vaylian wrote:
| I wouldn't be surprised if this flew under the radar of the
| people at the top.
|
| > Secretary: "IT said we should use matrix".
|
| > Minister: "Whatever. I'm busy with other things. Do I need to
| sign something?"
| Arathorn wrote:
| It's the opposite, actually - it seems to be the Ministers
| and establishment pushing it. e.g:
|
| > [Bundesdatenschutzbeauftragte Ulrich] Kelber verweist auf
| die Entwicklungen in Frankreich. Dort wird eine
| Whatsappalternative auf Basis des Open-Source-Team-Messengers
| Matrix und dessen Client Riot entwickelt. In Frankreich "geht
| man aktuell einen hervorragenden Weg, um sich aus der
| faktisch in weiten Bereichen der Verwaltung bestehenden
| Abhangigkeit von Produkten grosser amerikanischer IT-Firmen
| zu losen", sagte Kleber.
|
| or in English:
|
| > Federal Data Protection Officer, Ulrich Kelber refers to
| the developments in France. A Whatsapp alternative based on
| the open source team messenger Matrix and its client Riot is
| being developed there. In France, "there is currently an
| excellent way to free oneself from the fact that many areas
| of administration are actually dependent on the products of
| large American IT companies," said Kleber.
|
| from https://www.golem.de/news/whatsapp-matrix-oder-xmpp-bmi-
| such...
| solarkraft wrote:
| Ulrich Kelber may be the coolest higher german official,
| but he keeps complaining about not being listened to (on
| Mastodon, in meme form).
|
| I tend to think the political machinery isn't afraid of
| proprietary/monopoly dependency in general, the issue is
| rather with those companies not being domestic.
| germanier wrote:
| A shift to open source is sanctioned from the very top. For
| example, in the area of OZG (broad digital access to public
| services, coming soon) the explicit decision is (my
| translation):
|
| > _Open standards must be used in the implementation and
| operation of digital offerings. The source code from the
| realization of digital offerings by the administration (in-
| house development) is made available as open source, i.e., in
| reusable form, wherever possible._ https://www.it-
| planungsrat.de/fileadmin/beschluesse/2020/Bes...
|
| They are also starting a project to host public, open source
| code which is backed by the federal CIO and many state and
| local governments: https://www.cio.bund.de/SharedDocs/Kurzmel
| dungen/DE/2021/pm_...
|
| This is not something sneaked in by some techies. Every
| decision maker is probably aware by now what "open source"
| means.
| hans1729 wrote:
| For what its worth, open source is en vogue in german
| government IT at the moment. "Dataport", a government-owned IT-
| company, has an open-source based project "Phoenix", as a first
| step in this shift of paradigm. This is interesting because
| Dataport used to be pretty much a windows-shop; despite old and
| established hierarchies and its special place in the public
| domain, change is happening.
|
| (Source: I'm working in that project as a consultant)
| meibo wrote:
| Please keep it that way! We need open source in government -
| it's the only way to hold people accountable and make sure
| that citizens aren't being shafted :)
|
| Thanks for your work!
| ltultraweight wrote:
| Isn't Phoenix merely rebranding already existing projects
| like Jitsi Meet and matrix.org?
|
| If not, where can this project be publicly inspected?
| hans1729 wrote:
| This is why I made the distinction "open-source based". The
| project isn't simply rebranding though, it builds solutions
| for customers based on open source components (which is a
| step in the correct direction). I would like all the
| repositories to be public, too, but we're not there yet.
| ltultraweight wrote:
| I saw on phoenix-werkstatt.de that there are actual
| contributions back upstream. Even if it appears to not be
| a Dataport employee, at least some of the funds of the
| government are going towards improving the projects for
| everyone. Good stuff.
| germanier wrote:
| Unfortunately, at the moment even code access for other
| public institutions is buried behind many layers of
| bureaucracy but I have been promised they will start to
| open up soon enough.
| Arathorn wrote:
| Independently of gematik's work, Phoenix also uses Matrix as
| its communication backplane (source: the Matrix team is also
| consulting on it :)
| hans1729 wrote:
| I've had the pleasure of working with Ben for a while,
| cheers from team mav! Wearing my matrix hoodie writing this
| :)
| toomuchtodo wrote:
| Can you get a Matrix hoodie without working on Matrix? :D
| Arathorn wrote:
| https://shop.matrix.org :D
|
| (and yay for Ben - he gets everywhere!)
| toomuchtodo wrote:
| Thank you so much!
| Andrew_nenakhov wrote:
| they could have opted for XMPP, which is clearly a better and
| more mature alternative.
| upofadown wrote:
| It sounds like they are going to end up with their own
| standard starting from Matrix as a base that will do more
| than just messaging.
|
| If they had of just set up XMPP as a messaging system we
| would of never heard of it. It would of been an entirely
| routine thing to do.
| solarkraft wrote:
| Hey, why not IRC?
| zaik wrote:
| It's also the IETF Internet standard and does not collect
| venture capital.
| Arathorn wrote:
| Matrix is looked after the Matrix.org Foundation which is
| non-profit and doesn't collect venture capital either:
| https://matrix.org/foundation.
|
| (It's true that many contributions to Matrix come from
| Element, though, the VC-funded for-profit founded by the
| original Matrix team in order to pay for us to keep the
| lights on and keep working on Matrix. Just as VC-funded
| Jabber Inc contributed massively to XMPP, back in the day).
| Artistry121 wrote:
| I'm working on a project management app for small
| businesses using Matrix. I've been inspired by your work
| and the transparency with which the team operates and the
| business model you have pursued and succeeded at. I'm
| also stunned by the technology recently being deployed in
| Dendrite.
|
| Is one of the best ways to support Matrix and grow the
| influence to hire Element's team as consultants to build
| custom implementations and use cases?
| unethical_ban wrote:
| What experience in the field do you have implementing or
| managing Matrix or XMPP solutions?
| mike-cardwell wrote:
| I used to run an XMPP server (Prosody). I now run a Matrix
| server (Synapse - the one everyone uses).
|
| Synapse feels like a bloated monster that I'm afraid to
| touch in case it goes bang and I can't recover.
|
| Prosody felt like a simple light weight service that I
| could easily recover no matter how much I broke it.
| GekkePrutser wrote:
| Synapse is indeed very bad but it should by replaced
| soonish
| Andrew_nenakhov wrote:
| Does the development of an XMPP client with a few million
| downloads count as sufficient experience in the field?
| deuill wrote:
| This isn't necessarily an endorsement of one
| protocol/ecosystem over the other, nor do I have direct
| experience with integrating Matrix or XMPP (though I run
| the latter on my home-server for family), but XMPP has seen
| a few large deployments, including in healthcare (in the
| UK)[0][1] and in Germany[2].
|
| The consumer-facing client ecosystem for XMPP has indeed
| seen less rapid development than Matrix (the latter
| probably benefits from a more cohesive approach), but the
| server ecosystem for XMPP is very mature, and servers such
| as Ejabberd are known to scale to hundreds of thousands of
| connections on a single, modest host[3]. Obviously, that's
| only one part of the puzzle, hence why Matrix was chosen
| here.
|
| Still, it'd be interesting to see how the two evolve and
| compare down the line.
|
| [0]: https://www.erlang-solutions.com/case-studies/pando-
| health-c... [1]: https://medium.com/miquido/successful-
| migration-to-a-custom-... [2]:
| https://twitter.com/iNPUTmice/status/1203611711967813633
| [3]: https://www.process-one.net/blog/ejabberd-nintendo-
| switch-np...
| javajosh wrote:
| Cool. Does anyone have a paper comparing all the neu-fangled IM
| tech? I find myself a bit confused.
|
| BTW my favorite Matrix feature from the concept paper:
| "Integritat dank hohem Out-of-the-box-Sicherheitsniveau" - dank,
| hohem out-of-the-box Sicherheitsniveau sounds pretty great.
| (Wonder why they didn't say "aus der Box"?)
| MrsPeaches wrote:
| Personal favourite Neudeutsch phrase, I heard a while back:
|
| "Mein Schedule ist arsch-tight"
| mgerullis wrote:
| I'm imagining this with an Austrian dialect right now lmao
| 271828182846 wrote:
| In some regions "[arsch] eng" might well be used ... funny
| thing is it means more or less the same as "ass tight" but
| [arsch] would be dialect for "arg" which can be roughly
| translated to "almost a bit too much".
| gliptic wrote:
| When English idioms are translated to other languages it's
| often cringe-inducing. I can't imagine someone seriously saying
| "ut ur ladan" or something in Swedish.
| raxxorrax wrote:
| At some point you tend to forget what idioms belong to which
| language and you can greatly confuse people. But Holla the
| wood fairy.
| gliptic wrote:
| Yeah, no danger on the roof, eh?
| geff82 wrote:
| Because we adopted that word.
| nosianu wrote:
| And anyway, it all comes full circle, because "out" and "of"
| both have Germanic roots (google "etymology some-word" and
| you don't even have to go to any specific website, Google
| already showing a nice graph). Box has Greek/Latin roots, and
| German has plenty of those too (List of German words with
| Latin roots:
| https://de.wikipedia.org/wiki/Liste_lateinischer_Lehn-
| _und_F...).
| burundi_coffee wrote:
| Because that phrase doesn't exist in German like that. They
| could have used "standardmassig" but out-of-the box is more
| widely used when talking about software and tech.
| zapnuk wrote:
| Well we do have "von Haus aus" but it's less formal and can't
| be used as a 1:1 replacement because of the grammar.
| kleiba wrote:
| You could say _a priori_ but then you 're just exchanging
| English for Latin.
| solarkraft wrote:
| Perhaps more fitting would be _ab Werk_ , (out of the
| factory), but either put the focus on the wrong situation.
| jjkaczor wrote:
| https://xkcd.com/1810/
| javajosh wrote:
| yes, each tech is an edge in the hypergraph[1] connecting all
| humans.
|
| [1] https://en.wikipedia.org/wiki/Hypergraph
| Arathorn wrote:
| https://matrix.org/blog/2017/03/11/how-do-i-bridge-thee-
| let-... :P
| rjzzleep wrote:
| Ironically when I was working there, they would translate a lot
| of English words into German because most of the people in
| those institutions have been working there for 30+ years and
| don't have any exposure to English terminology. When they used
| Jira "Todo" was a term that needed to be translated.
| asddubs wrote:
| I wonder if it would have been less confusing as to-do
| stuartbman wrote:
| This is a much better system. In the UK we've gone from using
| pagers (I still use one) to proprietary systems which don't talk
| to one another (Medic Bleep, NerveCentre) in order to meet the
| ISO standard.
| kken wrote:
| That sounds a lot like IRC
|
| https://matrix.org/docs/guides/introduction
| corty wrote:
| Well, yes. Matrix is a federated protocol like IRC,
| XMPP/Jabber, IRCv3 and a few other less known ones. Being
| federated is basically what made Email so widespread, and I
| guess in the long run that model of doing things will be the
| only viable one. For most people, states, companies and
| organisations, using a centralized foreign service, no matter
| how trustworthy it were said to be, isn't an option.
| dividedbyzero wrote:
| I think it shares lots of the core ideas behind IRC, but it
| thankfully incorporates a lot of progress made since IRC. You
| get creature comforts like Slack and the like (depending on the
| client), but it's still decentralized (even the Gematik setup,
| apparently!) and it you can make it very secure.
| preya2k wrote:
| Similar, but different: IRC is decentralized (you connect to a
| certain server, and you can interact with users/rooms on this
| server). Matrix is federated (you connect to a certain server,
| but you can interact with users/rooms on every other server -
| much like you can write E-Mails to anyone who has an E-Mail
| address, no matter if its Gmail or Yahoo).
|
| So when you want to compare it to anything else: it's much
| rather like XMPP than it is like IRC.
| q3k wrote:
| It goes even further than XMPP, as rooms in Matrix are fully
| distributed, with no single server owning them. Names like
| #foo:example.com are aliases, and aliases can be added under
| other homserver domains, too.
|
| XMPP MUC rooms are, IIRC, dependent on the server hosting
| them and generally coordinating exchange.
| jsmsmsj wrote:
| So if #foo:example.com is in use in a cluster of servers
| and there's a netsplit for some reason and servers in group
| A lose connection with group B but both groups continue
| using the channel, what happens to the message history when
| the netsplit is resolved?
| q3k wrote:
| All room events (ie. messages) are part of a DAG, with
| each message indicating the most recent causality source,
| eg. another message that the client saw when sending this
| one. Think vector clocks, but more explicit. Any time an
| event arrives referencing some other missing event,
| servers and clients can act on that knowing that there's
| some kind of split happening.
|
| Each event is also signed by the homeserver of the
| originator of the messages, so missing messages (due to
| partial netsplits) can be routed through third-parties,
| around the netsplit.
|
| For full split-brain scenerios, after a merge, the two
| DAGs get joined and the effective room state is
| reconciled.
|
| The big picture is that Matrix rooms are best seen as
| eventually-consisted distributed event log . :)
| https://matrix.org/docs/spec/#event-graphs
| Arathorn wrote:
| The scrollback ends up syncing up after the netsplit on
| both sides of the partition - you see a flood of messages
| come in from the other side of the split. In the
| relatively near future the remote side of the split will
| shown as a thread (if your client supports threads).
|
| Technically, every message you send in Matrix is a mini-
| netsplit which then resolves as soon as it's received by
| the other server(s). So you don't tend to notice
| partitions, unless they go on for minutes on end and
| disrupt the conversation, but even then the history syncs
| up afterwards.
| ryukafalz wrote:
| From the server's perspective, the graph of conversation
| history from group A and group B merge. From the client's
| perspective... depends on the client I think, but most
| seem to display the messages from the other side of the
| split all at once when they're first received.
|
| Clients don't currently make it clear when messages came
| from the other side of a long netsplit, but the data is
| there on the server so in principle they could. I think
| the client API might need some changes before that'd be
| possible though.
| ndndjfj wrote:
| Except XMPP uses DNS for message routing from a human
| readable handle, user@host.com, but Matrix uses a central
| database "identity server" operated by Matrix.org and
| federation fails if this service goes down.
|
| So Matrix is like XMPP, except that XMPP is really federated,
| but Matrix's "federation" is partial and therefore it's
| mostly marketing.
|
| Matrix is really mostly marketing overall. That's part of why
| it's so popular here; HNers love shiny bullshit. Honestly
| XMPP is a better protocol, it's even still being updated and
| has many more server and client implementations, including
| modern ones, but Matrix has great PR.
| q3k wrote:
| > but Matrix uses a central database "identity server"
| operated by Matrix.org and federation fails if this service
| goes down.
|
| It doesn't. Matrix identities (like @q3k:hackerspace.pl)
| are resolved to homeserver instances via DNS or HTTPS
| .well-known requests. $ curl
| https://hackerspace.pl/.well-known/matrix/server {"
| m.homeserver":{"base_url":"https://matrix.hackerspace.pl"},
| "m.server":"matrix.hackerspace.pl:443"}
|
| or $ dig +short SRV _matrix._tcp.asra.gr
| 10 0 443 synapse.asra.gr.
| ryukafalz wrote:
| > Except XMPP uses DNS for message routing from a human
| readable handle, user@host.com, but Matrix uses a central
| database "identity server" operated by Matrix.org and
| federation fails if this service goes down.
|
| Uh, no? Federation certainly does not fail if the identity
| server goes down. You won't be able to invite someone to a
| room by email address or phone number if whatever identity
| server you're using goes down, but it's nowhere near the
| critical path for federation.
| stryan wrote:
| > Except XMPP uses DNS for message routing from a human
| readable handle, user@host.com, but Matrix uses a central
| database "identity server" operated by Matrix.org and
| federation fails if this service goes down.
|
| This statement is almost entirely wrong. The identity
| server is A) only for mapping 3PID (3rd Party Identities,
| i.e. email addresses or phone numbers) to matrix usernames,
| B) can be self-hosted, and C) not required at all for
| federation. Federation does not in anyway require services
| provided by Matrix.org
| Arathorn wrote:
| > Matrix uses a central database "identity server" operated
| by Matrix.org and federation fails if this service goes
| down.
|
| This is completely and utterly false.
|
| The identity server is a completely optional directory
| service used to resolve email addresses and phone numbers
| to matrix IDs.
|
| Honestly, I wish we'd never bothered with them - they are
| rarely used today, and cause more confusion than they add
| value.
| ptman wrote:
| Matrix is open federation, like Email. IRC is closed
| federation, more like a database cluster or some other
| distributed service where all components are run by a single
| team.
| cbmuser wrote:
| Since when does Germany have a national health care system?
|
| Germany has health insurances, both private and public but there
| is not one unified system really.
|
| I can go to a doctor and pay the bill on my own without getting
| in touch with any government organization.
|
| Gematik also is a private company according to their website. So
| nothing that is associated with the government.
| Barrin92 wrote:
| We don't have a centralized healthcare system but that doesn't
| mean there's no need for interoperability because healthcare
| institutions constantly exchange information.
|
| When you go to the doctor you are presumably insured. So your
| doctor needs to communicate with your insurance. Insurers might
| need to communicate with government agencies and regulatory
| bodies, and so on. If you've seen Covid data in Germany, that
| data comes from every corner in Germany, and all those
| institutions need to be able to talk toe each other.
| hdkrgr wrote:
| To be fair: As a patient, except for them scanning my
| insurance card, I see very little evidence that would suggest
| that most of data exchange isn't being done via fax, snail-
| mail, or people talking into phones.
|
| Why in the world do I get a piece of paper from my doctor
| that I'm supposed to mail to my insurance provider (or scan
| and upload if you're lucky) when I'm being diagnosed with
| something?
|
| Doctor's offices are the least digitized businesses around.
|
| There's first signs of this getting better, but I can't wait
| for things to change...
| TMWNN wrote:
| >Why in the world do I get a piece of paper from my doctor
| that I'm supposed to mail to my insurance provider (or scan
| and upload if you're lucky) when I'm being diagnosed with
| something?
|
| >Doctor's offices are the least digitized businesses
| around.
|
| Oh? Here in the US I can't remember the last time I had to
| take a prescription on paper from a doctor. Whether CVS,
| Walgreens, or Amazon PillPack, when my doctor prescribes
| medication, the pharmacy receives it very quickly,
| sometimes within minutes. Same with lab work; whether my
| health system's own labs or a third party like LabCorp or
| Quest, it's all electronic.
|
| (The process is not all electronic. When a prescription
| expires, if I request that the pharmacy renews it (as
| opposed to requesting a renewal from the prescribing
| doctor), I believe the pharmacy calls the doctor. But
| either way, I don't otherwise get involved other than, in
| both cases, requesting it via a website.)
| germanier wrote:
| The current plan is to get rid of that piece of paper by
| the same time next year.
| odiroot wrote:
| > Germany has health insurances, both private and public but
| there is not one unified system really.
|
| The "public" is private anyway, as the Krankenkassen are all
| private companies (although strictly regulated by BMG).
|
| But yes, there's concept of public (statutory) and private
| (voluntary) insurance plans.
|
| On top of that, as you said, most (all?) Arztpraxen are also
| private entities. Same goes for hospitals (I guess excluding
| places like universities and Bundeswehr).
| germanier wrote:
| Statutory health insurances are Korperschaften des
| offentlichen Rechts, which (as the name implies) are public
| institutions and very much not private companies. They have
| the right to bear seals, can issue titles to collect missing
| payments, are bound to administration law, etc. It's the same
| legal designation as e.g. the city of Munich which hopefully
| nobody calls a "private company". It's really just their
| marketing which looks more corporate than what we are used to
| from most other public institutions.
|
| Many hospitals are part of a municipality or a university
| (again, established by public law), many others are organized
| as private companies (either publicly or privately owned).
| Non-hospital doctors are almost completely private entities.
| odiroot wrote:
| > Statutory health insurances are Korperschaften des
| offentlichen Rechts, which (as the name implies) are public
| institutions and very much not private companies.
|
| This is not so clear-cut as in other countries.
|
| Translated from Wiki:
|
| > As a public corporation with self-administration, a
| health insurance fund regulates its budget on its own
| responsibility. In doing so, it must fulfil legislative
| performance requirements (compulsory benefits) and may in
| some cases go beyond this (statutory benefits). According
| to SS 260 para. 2 SGB V, its operating funds should not
| exceed one monthly expenditure.
| germanier wrote:
| Not sure what point you are trying to make. It's not a
| "private company" (not even a closely regulated one) in
| any sense of the word "private" no matter where in the
| world that word it is used.
|
| Health care might be organized differently than in most
| other countries but that does not imply that those
| institution are private.
|
| Is the City of Munich also a private company? It has
| self-administration, is responsible for its own budget
| which can't be negative, has to operate within
| legislative bounds including giving compulsory benefits
| to its residents (which are exactly the criteria you
| quote). Of course not, that's a city. What about the
| Technical University of Munich? They even have "members"
| instead of residents in addition to the things above.
| It's all the exact same kind of legal entity. Saying one
| is public and the other one private doesn't make any
| sense. What's the difference between those in your eyes?
| germanier wrote:
| Having the possibility to pay for a doctor on your own or there
| being multiple actors does not stop having a "national
| healthcare system" which the GKV-system can fairly be
| recognized as given how much formalized and standardized it is.
|
| Gematik is completely owned by public institutions (including
| medical self-governing institutions) except for a very minor
| stake of the PKV-Verband.
| Arathorn wrote:
| The second paragraph of https://de.wikipedia.org/wiki/Gematik
| spells out that gematik is majority owned by the government
| (BMG, and a bunch of other ministries). So while there isn't
| one unified system, gematik seems to exist to provide
| interoperability between the myriad different factions. Hence,
| pushing Matrix to do so.
| TMWNN wrote:
| >Since when does Germany have a national health care system?
|
| >Germany has health insurances, both private and public but
| there is not one unified system really.
|
| Correct. Far too often, people in the US and UK think that
|
| 1) every developed country other than the US has "national
| health care" or "universal health care"
|
| 2) every such country does it like the UK, a monolithic system
| in which the government owns both the biller (single payer) and
| provider (hospitals)
|
| Regarding 2), the UK system is unusual in being so monolithic.
| Canada has single payer but neither the national nor local
| government owns and operate all hospitals. Australia's system
| puts significant emphasis on private insurance as the
| alternative or preferred option to public insurance. Germany,
| Switzerland, Austria, and others have a variety of private and
| public insurance companies and hospitals, typically
| differentiated by income level or profession. France's system
| is somewhere in the middle.
|
| Regarding 1), since Obamacare there is essentially no
| difference between the US's system and Germany's or
| Switzerland's. The US has always had a mix of public
| (Medicare/Medicaid, military, VA, IHS), nonprofit (Kaiser), and
| for-profit (Anthem) insurance providers, as well as public
| (military, VA, and various state- and local government-owned),
| nonprofit (Kaiser again, university hospitals), and for-profit
| (various hospital chains) deliverers. Obamacare merely mandated
| that the 15%[1] of Americans pre-Obamacare that did not have
| health insurance get it or pay a penalty. The figure is 8% now.
|
| And before you say "Well, that's not 100%", while the penalty
| for Obamacare noncompliance is not high enough, 92% of
| Americans having health insurance is not very far from the
| 95-97% elsewhere. There are always people who fall between the
| cracks, whether a German who neglects to sign up for a new
| sickness fund after changing jobs, or a Canadian who neglects
| to sign up for a new provincial health care card after moving.
| The only way to get actual 100% coverage is to use the UK NHS
| model of having no membership card at all.
|
| [1] Yes, 85% of Americans before Obamacare had health
| insurance. How many of you non-Americans (heck, many Americans)
| thought that "0% of Americans have healthcare" before or after
| Obamacare? It's OK; you're not alone in believing everything
| you read on Reddit.
| MayeulC wrote:
| It looks like a private federation though, so while it's great
| that Matrix gets adopted more, it seems like every big entity
| they quote federate privately. Imagine e-mail but only being able
| to contact your company! It's a bit restrictive...
| Arathorn wrote:
| In practice, what we see happen with the big private Matrix
| federations is that the users start demanding being able to
| talk with users on other private federations, and/or the public
| Matrix network - and threaten to otherwise start using WhatsApp
| or Telegram or whatever for these sensitive but external
| conversations. So there is a huge incentive to actually
| federate properly, and we're talking to pretty much all of them
| on figuring out how to do so.
| oaiey wrote:
| Well, they have very sensitive data they do not want to bleed
| outside of their controlled bubble (see GDPR). So this
| gateways will be very interesting :)
| oaiey wrote:
| Yeah, but the fact you can do that is a big sales point for
| matrix. This concrete system is intentionally restricted to
| avoid the risk of data loss.
| deadalus wrote:
| Digital Communications Protocols (comparison) :
|
| https://docs.google.com/spreadsheets/d/1-UlA4-tslROBDS9IqHal...
| ChrisArchitect wrote:
| curious about the process to get this accepted behind the scenes.
| Some IT team convincing higher ups, trendy open source, coupled
| with standard/growing German disdain for anything US/foreign, and
| weird obsession with privacy ideals
| nimbius wrote:
| curious to know if matrix ever resolved their "federated"
| authentication problem. Can I finally host my own node completely
| separate from the matrix? this always made portability somewhat
| of a dicey situation.
| q3k wrote:
| What do you mean by federated authentication?
|
| If you just want to have your own homeserver, and users there
| to be identified as @whoever:example.com, then this just works,
| is fully federated, and has been like this since forever.
|
| The only unfederated part is, from what I know, the Identity
| Server, which is run by Vector.im to allow discovering Matrix
| identities by phone number or email addresses.
| egberts wrote:
| Now why would anyone want to peg phone number or account
| number to Matrix ID?
|
| You best make a separate ID for mapping your users to Matrix.
| And don't show it to the user nor use it for anything else,
| also stay unfederated.
| piaste wrote:
| > Now why would anyone want to peg phone number or account
| number to Matrix ID?
|
| Say you're running Matrix for any kind of official or
| business purpose. You still want privacy, security, and
| ownership of your data. But you also actively DON'T want
| anonymity, instead you want publicly-verifiable user
| identities, linked to public information like company email
| addresses and company phone numbers.
| egberts wrote:
| Then keep them detached with the Matrix ID <-> Custom ID
| <-> Phone, in DB relationship parlance.
| antihero wrote:
| Is there a way to run a homeserver on mydomain.com but also
| serve a website from that?
| z3t4 wrote:
| This is a good question, as historically different
| protocols used different ports to communicate, meaning you
| could have many services on the same domain/IP, but
| recently many new protocols run over HTTP port 443... And I
| think Matrix is one of them, so the answer is no, you
| cannot host both a website and a matrix server on the same
| domain name. Happy to be corrected if I'm wrong.
| 9000 wrote:
| Actually, it uses port 8448 for federation [0], which is
| unlikely to conflict with other services. But, even if it
| does, there are ways to specify a different port or
| subdomain [1].
|
| [0] https://matrix-
| org.github.io/synapse/latest/federate.html
|
| [1] https://matrix-
| org.github.io/synapse/latest/delegate.html
| rakoo wrote:
| No, you can have both. All you need to do is proxy a few
| paths to the running instance of Matrix. Those paths are
| matrix-specific and won't interfere with anything else.
| I've been running on this configuration for some time
| now.
|
| More details here: https://matrix-
| org.github.io/synapse/latest/reverse_proxy.ht...
| q3k wrote:
| You don't even need to do that.
|
| Either add an DNS SRV record to example.com pointing
| matrix to matrix.example.com, or server a single JSON
| under .well-known pointing matrix to matrix.example.com.
|
| https://matrix.org/docs/spec/server_server/latest#resolvi
| ng-...
| hellcow wrote:
| Yes, this is what I do. You just set a DNS record on a
| subdomain, e.g. matrix.mydomain.com, and use that as your
| home server. Your username can still be @me:mydomain.com
| with this setup.
| q3k wrote:
| Yes.
|
| Matrix uses SRV records and .well-known for discovering the
| homeserver for a domain.
|
| https://matrix.org/docs/spec/server_server/latest#resolving
| -...
| sneak wrote:
| Matrix installations by default (even on your own server)
| have all users phoning back home to the Vector identity
| stuff.
|
| Same goes for the push service for the iOS app, but that
| isn't really their fault as Apple makes it impossible for
| federated systems to do push without each homeserver having
| their own app. All notifications for a single app need to
| come from one centralized push certificate holder.
| Arathorn wrote:
| There's no "phoning home". What I think you're talking
| about is that Element Web's default config specifies the
| identity lookup server at vector.im:
| https://github.com/vector-im/element-
| web/blob/develop/config.... The identity server is
| optional, and just used for looking up matrix IDs based on
| email address or phone number. When Element Web launches is
| currently checks if your config is valid (i.e. do these
| URLs actually point to valid servers?). If you're running
| your own deployment with your own server, then you'd point
| the config to whatever identity server you wanted, or just
| remove it entirely - just as you'd point the config to
| default to your own homeserver.
|
| We have a separate bug to defer the server validation check
| until the user actually tries to talk to the identity (or
| home) server, but it hasn't got to the top of the todo list
| yet; patches welcome!
|
| Edit: To clarify: this behaviour only occurs with Element
| Web (rather than Matrix clients or servers in general)
| sneak wrote:
| The Element Messenger in the iOS app store also has an
| appalling privacy label, considering it's a client for an
| ostensibly selfhostable service.
|
| I don't use Matrix because I have not seen anything that
| suggests that you or the dev team are interested in
| building software that maintains end user privacy.
|
| All of it phones home by default.
|
| Everyone I have seen try to set up a selfhosted
| homeserver ends up with a config that has users phoning
| home back to Vector. At some point the "you can configure
| it however you want!" line to dodge this issue doesn't
| hold up.
|
| Defaults matter. Your ignoring this means that the
| software is, in my view, insecure out of the box.
| [deleted]
| pkulak wrote:
| I've been doing it for about a year now, and have never heard
| of it not working.
| Arathorn wrote:
| You've always been able to run a Matrix server completely
| separately from the wider federation, and there are loads of
| them out there (we estimate around 35,000). Unsure what
| "federated" authentication problem you're thinking of.
|
| The only thing I can think that you're referring to is the
| question of how you track the keys used by servers to sign the
| events they send. If the server is offline, and you've never
| heard of it before, you still need a way to check their key. We
| don't currently use CAs for this, but instead you grab a cached
| copy of the key from a trusted server:
| https://github.com/matrix-
| org/synapse/blob/a743bf46949e851c9.... This is a bit of an edge
| case, as in general servers whose events you care about will
| typically still be online - or you'll know their signing key
| back from when they were on line.
|
| The longer term solution for this is https://github.com/matrix-
| org/matrix-doc/blob/rav/proposal/r... which includes the
| sender's public key in the event (by making it the sender's
| identity) - and we're working on this as part of P2P Matrix
| currently.
| Evergreen1234 wrote:
| German doctor here. I want this! How does this relate to KIM
| (Kommunikation in der Medizin) a kind of secure e-mail as far as
| i understand, wich is sold to us now as the future standard of
| communication in healthcare?
| ArmandGrillet wrote:
| Gematik (the company mentioned in the post) is also behind KIM:
| https://www.gematik.de/anwendungen/kim/
___________________________________________________________________
(page generated 2021-07-21 23:01 UTC)