buckket boosted
buckket boosted

@KitKat The matrix server is running the bridge or is at the very least connected to it in some way. So it's definitely a flaw in the design if they don't check or don't communicate. All XMPP to IRC bridges I know of don't suffer from this.

@sheogorath portal room, our IRC channel has no business with matrix except that some matrix users joined through the matrix irc bridge

@KitKat The Matrix sever should check if the bridged matrix user has successfully joined the IRC channel and is not banned or otherwise prohibited from accessing this channel and only then start forwarding the IRC content. It's that simple.

@sheogorath It's all in the OP. Connect (from a foreign matrix server) to the matrix.org IRC bridge and join a IRC channel where other matrix.org users are already present. There's a bug where your IRC connection then fails but you see the IRC activity anyway. I don't know how to reproduce the last part reliably. Just always happened to me and my self-hosted matrix instance.

@KitKat Good software architecture would prevent undesired information leakage when a minor side component malfunctions. AFAIK there's a bug in the bridge component so that the IRC connection fails but the Matrix server does not care that you're not in fact connect and shares the IRC logs with you anyway. There should be checks in place to prohibit this.

@KitKat It has to do with matrix.org hosting and advertising this bridge service. Additionally it seems like a deeper problem of their software architecture.

@sheogorath No accusations. I’ve provided a POC and showed it to them. Plus: This has nothing to do with misconfiguration on our (meaning IRC) part as we (chan ops) never used Matrix to begin with.

@matrix Please don’t tell me it’s not possible when in fact I’m currently being able to do just that.

@matrix The point is that anybody can join the channel without necessarily creating an IRC connection. The user can than follow the channel activity without anyone on the IRC side ever noticing that someone joined on the matrix side and is now being able to read along.

Heads up if you have a semi-private IRC channel with bridged users in it. Once the channel logs arrive at the Matrix server hosting the bridge, every Matrix user can join this channel and the Matrix sever will happily provide the complete channel logs without anyone on the IRC side ever noticing.

(tested with matrix.org & freenode)

This is a HUGE privacy concern and I don’t understand why anyone would consider using Matrix. It’s flawed in so many ways.

@uxintro You may wanna check github.com/mdom/we-are-twtxt and twtxt.xyz/ for a list of active users, there still should be a few around. :)

buckket boosted

Generally speaking producing a product in the hundreds is fucking hard. I can hand assemble a few. Economy of scales allows me to mass produce cheaply, but making only a few hundred? Pain in the ass.

Show thread

Okay, so I have this idea of building an enhanced darkroom timer for myself to control safe lights and the enlarger. Sounded simple enough at first, but if I wanted to turn it into a tangible product the BOM quickly skyrocketed. But I guess that’s part of the challenge. Maybe this could be a good first product for my yet to be founded company. :D

@jomo whenever you’re in dire need for an API key go and search github, jesus said

Show more