Riot/Matrix is a chat standard, but it's not an open standard. I say this with melancholy as the developer of the only federating matrix server other than the reference server developed by the for-profit company (read: for-profit company) that controls the standard. I do it because this has the potential to be a great protocol and facilitate a great UX if the controlling party didn't alienate talent from its ecosystem. Matrix is a lot of gloss, a lot of hype and cheap talk, but under the hood it's deeply insecure and it's entirely controlled by a single person (again, read: a single person). And he is a fraud. He has lied about the userbase on numerous occasions; the company had its funding abruptly cut in 2017. It's now funded by scamcoin sales from a shell called status.im.
Anyway, I think matrix has potential as a traditonal free software community project which can exercise some leverage against the controlling party, so that's why I still work on the Construct: https://github.com/matrix-construct/construct
To me it seems, that the problem jasonzemos has with Matrix is, that they do things differently than he wants it and he can't change that so he would like to fork it. And have it a community project (with him in charge?)
Not a problem with that per se, but he uses personal insults and lies as it seems to reach his agenda.
No. The for-profit company only recently setup that foundation after projects like mine pressured them to do so. They have absolute control over the foundation's board and direction. There are a few minority seats for others -- they are not filled, last I checked.
If you go to matrix.org and look at the list of about a dozen or so servers: you will find that none of them actually work except the reference implementation, and maybe sometimes Construct. Even thus, the phrase "able to build" is questionable. I have spent months reverse-engineering their software and its interactions before, and after, it was at all documented in this so-called standard (by the way, it's just documentation of their software -- errata and all (and rather poor)).
Construct server is the single survivor out of the ones listed and even more who have attempted and given up early which we don't know about. That being said, it is still incomplete.
Doesn't this just sound as a rather complex and young protocol that is still in development? I've never gotten the impression of the New Vector guys deliberately misguiding others out of malice. Does Construct work as a Matrix homeserver or does it not?
Regarding your insecurity claims, is there any particular area where Matrix has concrete weaknesses? Could you elaborate on that point?
As a sidenote: I really appreciate your work and think new homeserver implementations are invaluable.
Whether or not they are deliberarely misguiding is arguable. It's a great example of the classic Incompetence vs. Malice dichotomy: the maxim is that one should never attribute malice to incompetence, and that's where I lean here, slightly. The fact is though that they have little to no interest in third parties writing servers. They love clients, and protocol briges. They love people putting in the effort to present their system to more users on diverse platforms and make them popular; servers are a risk to their interests.
Servers have control. I can quote the CEO of new vector in an argument we had about the insecurities of the protocol and what needs to be done to fix them where he said "good luck talking to your own federation." That reveals a lot.
A popular server controls the federation. It controls the de facto standard. If their server isn't the most popular they lose control. This is how they operate the standard -- on an ad hoc de facto basis. If they lose control they lose velocity and value as a for-profit enterprise. The matrix is all about control, just like the movie, ironically.
The protocol is deeply insecure. It's modeled on ideas robbed from blockchain Merkel trees and directed acyclic graphs for eventual consistency. But they don't use either properly. At the protocol level blocks in the chain are not identified by their hash, they're identified by arbitrary strings. The blocks have hashes but their implementation does not check the hash. Read that again. The DAG allows for arbitrary insertion of blocks into the chain.
Are these backdoors? Probably not. They're just idiots. And they don't give a shit unless, maybe, they're pressed to.
Anyway, I think matrix has potential as a traditonal free software community project which can exercise some leverage against the controlling party, so that's why I still work on the Construct: https://github.com/matrix-construct/construct