@r3pek get ready for the "noisy by nature" hit single: 4Mbs covert channel!

@thegibson that's a shame, I hear their product is pretty legit

Synapse is soooo much better than Dendrite. Users can register, save keys, etc. Installation was also easier, automatic updates are practical.

The difference between the two is like night and day. I haven't set up federation with other servers yet, but that will come after I set up a publicly accessible web client.

@furmans Show people that Kotlin is a sharper ax, and suddenly a lot more people will think it is worth the time to learn it.

@furmans is there any advantage to Kotlin over Java? Prioritizing paying off technical debt instead of learning the next fad language/rewriting existing code makes a lot of sense.

Since the only argument I've heard for Kotlin is "this project uses Kotlin", I have to say that the advocates aren't making it sound very attractive.

There are also negatives to switching to a less popular language, like fewer people willing to learn it in order to contribute code to FLOSS projects.

re: Virtual Hacker Space - Owncast 

re: Virtual Hacker Space - Owncast 

Virtual Hacker Space - Owncast 

@banjofox @ryen @GeoffWozniak Is there a recurring time & place for these meetings? If I add it to my calendar, at least I'll _know_ when I'm missing meetings 😝

re: Infosec 

This is the lightest on details I have ever seen on a technical blog. They don't explain the order of operations of the attack. One of the vulnerability descriptions is a definition of a class of vulnerabilities (insecure deserialization) instead of a description. No mention of anything being pre-authentication or unauthenticated...
microsoft.com/security/blog/20

Are they this clueless about how people are getting compromised, or do they just not want to share that info with defenders?

Infosec 

In case people didn't see the news about four 0-days being chained together to exploit Microsoft Exchange servers...
microsoft.com/security/blog/20

This is the same number of 0-days as was used in the Stuxnet attack.

@artificialphilosopher @matrix it has a ways to go in terms of basic functionality.

- still can't register for an account using Element on Android
- trying to register via element-web using Android sends you to a "get the app" screen, so can't register that way either
- key storage doesn't work, so keys need to be manually saved/restored to/from a text file each time you log out/in

There may be more issues, but after running into all of those, I gave up.

@Orwelldonesteak @djsundog it's like everyone is *selling* out, amirite?

But on a serious note, if the Auth0 crew made something awesome and OKTA brings it to a huge user base, that's probably a good thing.

The description of Dendrite being described as "not having all the features of synapse" is a gross understatement. Calling it "experimental software" would be more accurate.

If you are setting up a Matrix server, use Synapse, otherwise you'll end up wanting to be a Dendrite developer.

I've already found the open issues on GitHub for registration and key backup/restoration and added more details such as API endpoints and confirming that it is an issue outside of the docker packages.

It's a bit late to start picking up tickets at this point. That's something I'd like to do on a Saturday morning so I have a large, uninterrupted block of time.

I might make my next task be setting up a CI runner for my own Git server to make future dev work easier to do/test.

I can not recommend any of my friends sign onto Nextcloud, use the web app to sign up, switch to the mobile app that they wanted to use all along, manually back up keys regularly, and manually restore keys each time they log in. I can accept that there is no 2FA (TOTP), but this is too much.

The ability to register for an account and easily log out and back in again are very basic features. These are a must have features. I'm not sure how they weren't the first features implemented.

What next?

Show more
hax0rbana.social

Mostly hackers, mostly in Urbana, IL, talking to each other & our friends on like-minded servers without giving our personal data to the marketing machine.