poVoq

I highly recommend you read up on history. For most of humanity's existence we lived in small relatively egalitarian groups were people depended on each other for survival.

Your "always" is a very recent state of afairs and also not universally true even today.

Ich habe den Eindruck wir reden aneinander vorbei.

Niemand redet von perfekten Lösungen 🤷

Glaubst du ernsthaft das nachdem ihr lang und breit erzählt habt wie sicher Signal doch ist (was nur sehr eingeschränkt stimmt, aber davon mal völlig abgesehen), irgend jemand so schnell noch mal wechseln wird?

Klar wäre es besser gewesen schon vor Jahren eine eigene Infrastruktur aufzubauen, aber besser jetzt als nie, und bis die steht ist es besser bei WhatsApp zu bleiben und sich nicht selbst zu sabotieren.

Sorry aber Geheimdienst "leaks" sind meist genau das Gegenteil und ohne jetzt den Aluhut aufzusetzten sollte einen das erst recht misstrauisch machen. Und AWS hat exzellente Kontakte zur NSA, daher gibt es da jede Menge "Profitmöglichkeiten".

Aber mein eigentliches Argument ist das Signal eine lock-in Falle ist aus der Ihr so schnell nicht wieder raus kommen werdet. Bei WhatsApp wird es auch noch mal ne andere gute Gelegenheit geben...

Mit Signal wird die Menge an unverschlüsselt vorliegenden Daten gegenüber WhatsApp gewaltig reduziert, was auch bei aller Zentralisiertheit die Angriffsfläche radikal reduziert

Das ist größtenteils Marketing, da Signal erhebliche Teile seiner Infrastruktur an AWS und Cloudflare ausgelagert hat bei denen dann die Metadaten anfallen, aber Signal kann so behaupten sie speichern selbst fast nichts.

Und "quantenresistente" Verschlüsselung ist bisher rein theoretisch und die Effektivität alles andere als belegt. Im Gegenteil, die meisten dieser neuen Algorithmen haben sich nach einer Weile als weniger sicher oder von der NSA mit Hintertüren ausgestattet herausgestellt.

Ich denke das der Wechsel von WhatsApp zu Signal einen Wechsel zu etwas wirklich besserem dann erst recht erschweren wird. Erst erzählen das Signal so viel sicherer ist, und dann was anderes Vorschlagen? Das macht doch niemand der von der Materie wenig versteht mit 🤷

Gab es nicht mal versuche eine eigene IT Infrastruktur aufzubauen?

Von einem zentralisiertem Anbieter aus den USA zu einem anderen zu wechseln ist leider wirklich keine Verbesserung.

P.S.: Element ist auch kaum besser. Die wirkliche alternative heißt XMPP und es gibt exzellente Android apps dafür die Signal in nichts nachstehen.

Nice picture, but without context it doesn't tell us much.

Ok, sorry, didn't get around writing something on the weekend, and I will need to keep it short now as well.

The issue was primarily caused by a recent change in IP assignment by our ISP in addition to what looks like an very recent bug in our firewall software (IPfire) in combination with some odd errors in the fallbacks that I can't fully explain.

So basically our ISP is not assigning a completely fixed IP (it would cost 20 euro a month extra and we would need to switch to a business contract for it), but during the first 3 years of operation the IP they assigned only changed 3 times or so. Recently however they started to reassign a new IP more often, and annoyingly they assign a temporary IP first and a few weeks later apparently switch it again to a more permanent one in a different subnet.

We had this issue a few times in the last months, but the dynamic DNS of IPfire always caught it within a few minutes and thus is wasn't a major issue. But before I left on the work trip I updated the Firewall software, which caused the IP to switch to the temporarily assigned one, but again the dynDNS updated everthing within minutes, so I assumed everything was working fine.

However when the ISP randomly switched the subnet again, some still unkown bug caused the dynDNS to fail and the few failsaves I had in place to inform me about IP changes also didn't work, which led me to assume there was a hardware failure in the firewall and thus no way to fix it remotely.

But a few days after, I recieved an automated email from one of the services we host, which made it clear that outgoing connections were still working and thus we started to investigate how to find an alternative way to get the true IP of the server. Ultimatly my friend resorted to port-scan approximately 500k IPs in the subnet we knew the new IP should be at and we found 20 or so IPs that had ports open for a XMPP server and thus were potential candidates for our server. Luckily it was among them and thus we were able to manually update the DNS entries and restore service.

There are some lessons lerned from that, especially that the dynDNS of IPfire seems unreliable and I already have some plans to switch to another software for that, as well as add additional out of band notifications on IP change.

In addition we will try to find a cheap KVM to install on the main firewall that is connected on a seperate IP to be able to connect to it directly and reboot / troubleshoot it more easily even if the main connection is lost.

Last but not least we are experimenting with a Wireguard tunnel on a rented VPS which might allow more stable connection and the same VPS could be used to host some vital services like the XMPP server that thus would remain accessible even if the main server goes down (however since accounts are linked to the Lemmy database, this is a bit tricky and likely needs some partial database replication on the VPS or so, as otherwise there is no way to log in when the main server is down).

Most of these improvements will only happen once I have physical access to the server again end of July, but for now the service seems stable and hopefully we will not run into other issues until then.

It's not any worse than the differen't feature support levels of different Matrix clients. But especially on Android, XMPP has nice modern clients with all the features you would expect, including a/v calls and reactions/stickers.

The main issue right now are up to date Windows desktop clients, but on Linux desktop there are some good options.

We run the latest beta.7 on https://photon.slrpnk.net/

There is: XMPP 🤷

There is not much they can do about it short of shutting down the entire server. Due to how matrix functions internally any sufficiently large federated homeserver replicates most of the entire network.

It is a bit counter-intuitive but restricting new signups will not help them much. The way the matrix protocol is designed, i.e. replicating everything on every server, means that clients connecting to their server have only a minor impact. As long as most rooms of the entire matrix network are replicated on the matrix.org homeserver their costs will stay high and there isn't really much they can do about that other than shutting it down entirely.