"Matrix"? "Synapse"?

Posted Jun 12, 2019 17:58 UTC (Wed) by flussence (guest, #85566)
In reply to: "Matrix"? "Synapse"? by Cyberax
Parent article: Introducing Matrix 1.0 and the Matrix.org Foundation

It *is* what XMPP has been from the start, except XMPP servers typically don't also function as DDoS tools.

At least now it's finally caught up to XEP-0387.

"Matrix"? "Synapse"?

Posted Jun 12, 2019 18:32 UTC (Wed) by Cyberax (✭ supporter ✭, #52523) [Link] (5 responses)

No. Matrix and XMPP are on totally different levels.

XMPP is basically something like SMTP, but only even more braindead. The original XMPP used an infinite XML document that required a custom hacked parser to read - that's how braindead it is.

A lot of stuff was bolted on later on XMPP, but it has never worked properly. Most XEPs remained implemented at most once, with popular clients EVEN NOW not supporting basic features like message archive synchronization or search. Message encryption is also an afterthought in XMPP and is barely supported. I bet NSA loved it!

Matrix is from the start designed on the model of synchronizing state machines. Encryption (including for group chats!) is baked in from the start. Archiving is the core part of the protocol as is search.

"Matrix"? "Synapse"?

Posted Jun 13, 2019 13:36 UTC (Thu) by jkingweb (subscriber, #113039) [Link] (4 responses)

> A lot of stuff was bolted on later on XMPP, but it has never worked properly. Most XEPs remained implemented at most once, with popular clients EVEN NOW not supporting basic features like message archive synchronization or search.

Archive searching isn't implemented much (or even at all?), but synchronization is pretty common these days. Of the four clients I use (Conversations, Converse, Dino, Gajim), three do so, and the fourth may for all I know just be misconfigured. All four support message carbons, file uploads, and end-to-end encryption (though I don't use it), and I believe three of them support message correction. I wouldn't claim XMPP doesn't show its age sometimes and will always been a niche, but it's not as dire as you seem to think.

"Matrix"? "Synapse"?

Posted Jun 13, 2019 15:38 UTC (Thu) by pizza (subscriber, #46) [Link] (3 responses)

It's not just the clients; with synchronization/archiving, the server has to support it too.

"Matrix"? "Synapse"?

Posted Jun 13, 2019 17:27 UTC (Thu) by jkingweb (subscriber, #113039) [Link] (2 responses)

Sure. The three major server implementations support all these things. Granted, it's up to each individual deployment to configure the server such that they are enabled, but last I checked PEP, message archiving and carbons were all enabled by default in Prosody, ejabberd, and OpenFire.

File uploads admittedly take some effort, though, especially if you want to support Web-based clients who are hamstrung by the same-origin policy.

"Matrix"? "Synapse"?

Posted Jun 13, 2019 17:32 UTC (Thu) by pizza (subscriber, #46) [Link] (1 responses)

Don't forget jabberd, which doesn't support either. :/

"Matrix"? "Synapse"?

Posted Jun 13, 2019 17:43 UTC (Thu) by jkingweb (subscriber, #113039) [Link]

For what it's worth, jabberd2 appears to be dead. The source code repository has been archived.

"Matrix"? "Synapse"?

Posted Jun 15, 2019 18:36 UTC (Sat) by Arathorn (guest, #101018) [Link]

If anyone is wondering what this DDoS reference is, i assume it’s the idea that you can spin up a Matrix server on a throwaway hostname and join a busy room, and then point the DNS to some victim and watch as all the Matrix servers in the room try to send it data.

As such, it is *precisely* the same attack you could also do with SMTP, SIP, XMPP etc.

In practice, what happens with Matrix is that the servers in the room back off exponentially until they’re retrying once every 24h. The biggest rooms in Matrix typically have ~1000 participating servers, so I’m not convinced it counts as a serious DDoS attack.

(It’s worth noting that we did have a bug in the retry schedule code that got fixed in synapse 1.0, but even then it wasn’t so aggressive to count as an attack. There was also a presence bug which caused presence to be more chatty than it should be which got fixed.)