Hacker News new | past | comments | ask | show | jobs | submit login
Automattic invests in Matrix (techcrunch.com)
203 points by ptman 11 days ago | hide | past | web | favorite | 110 comments

Good news!

Now if only they can figure out how to make Riot usable with Encryption enabled without pulling your hair out every time you enter a room or chat with non-matching keys.

While Riot has a lot of features, it is also not easy for new users.

I've tried to convert at least 10 persons and none of them use it any more, citing not being able to figure out how to use it or simply not having the time to waste figuring it out.

It needs to be intuitive out of the box, how to contact people, how to find a room, how to chat.

Have you tried since we relaunched encryption and turned it on by default 2 weeks ago? The UX has completely been rewritten and it should now be transparent - see https://blog.riot.im/e2e-encryption-by-default-cross-signing....

edit: To be clear, we no longer nag whenever there's an unverified login present - and unverified logins should increasingly be a thing of the past anyway given we now have cross-signing and so let users verify their own sessions at login.

Recent update is a huge leap forward, but still, no one understands, why they have to save/remember 3 passwords.

Only my closest family would listen me explaining that there's encryption but there's also authentication, yet only because I force that info upon them while standing over their shoulder, making sure they write down all the recovery keys.

Select few graduated to password managers and know to back the bases up.

It's a struggle, mainly because I'm the only one who cares in this particular social circle, and thus people don't see my concerns as normal.

There aren't three passwords; there are two: an account password and a recovery passphrase/key. It's the same as (say) macOS - where you have a login password to get into your computer, and a recovery key for FileVault in case of disasters.

However, the feedback is overwhelmingly that we need to iterate on the recovery passphrase - either making it a generated key (like macOS does), or going the whole hog and replacing the login password entirely with the cryptographic recovery one.

Turns out the UX on this stuff is tough.

I'm used to a single pw system, where on account creation the system generates a recovery key, that I can save or not.

That is what's actually happening behind the scenes (though note that the "recovery key" is actually incredibly important since it gives you access to your key backups -- which is something you absolutely want to enable if you're an ordinary user). The problem is that by default Matrix tries to back the "recovery key" up to the homeserver you're using, encrypted with a second passphrase -- hence why you get two passphrases. You can opt-out of it, but I think the UX is the wrong way around -- it should be an opt-in thing and that would make it clearer that the recovery key is what's important and that the passphrase is only needed if you want to upload it to your homeserver.

There is an open issue on this topic[1].

[1]: https://github.com/vector-im/riot-web/issues/8751

I have and it's now at the point where I can recommend it to my family :) (with e2e, the UX otherwise I found fine)

edit: also, congratulations, really hope matrix can get the market share it deserves

thanks :D

Can I bump two phones together to exchange keys (using NFC or similar)? That would be the killer feature for us when we do conferences - perhaps more relevant to the Before Covid times of course.

You could, but we chose to do QR codes first as it's a bit more intentional and slightly harder to MITM.

Makes sense - that's also the method WeChat uses for many things including associating users.

I have logged in in the past couple of weeks. While setting up the encryption keys, the UI just hung there for a minute or two with almost no indication what was happening or how far things had progressed. I patiently waited through the process, but am not sure a casual user would know to wait for so long.

You must have hit us in the traffic spike on the matrix.org homeserver after we enabled e2ee by default - sorry. Keeping the matrix.org server scaling with the amount of traffic is a pain in the ass currently, but we're about to land horizontal scaling (at last) in the coming weeks which means others won't have to hang around. Thanks for being patient with it though. On the plus side, setup should be much lighter/faster for new users than existing ones.

Wait... Naive question: shouldn't you, especially in this case, still nag the account owner about his own unverified sessions? What if a bad-actor homeserver slides in a new session to snoop around?

BTW: I absolutely love the cross-signing move and riot/matrix in general! :) Thanks for your great work on this!

We do nag, in that all the green shields will suddenly go bright red. But we don't block the user from being able to send messages until they've resolved the problem.

It's possible we'll reintroduce this once cross-signing has been fully adopted though; it's tricky because we need to distinguish between encrypted rooms where you simply don't care if random users have unverified slides... versus ones where it's a disaster if an unverified session slides in. Finding the right UX for that is tough, but we think the current balance is an improvement.

Alrighty, thanks for your answer :)

That is really a tough UX problem... Maybe a room could have a "sensitive content" flag that is enabled by default for one-on-one chats and can be manually enabled for group chats.

AFAIK as more and more chats become encrypted (as it is the default for private rooms) then a rogue server operator wont to be able to snoop because they can't decrypt the messages unless you go through the verification process. And this aside, there are are few unobtrusive, but noticeable icons letting you know that you have an unverified session.

This hasn't helped. There's no way I could recommend Riot to anybody but my most techy friends. As soon as we get the message to "Re-request encryption keys from your other devices" they would be done with it. This is still a problem within the last 2 weeks.

well, if you’re seeing undecryptable messages at this point then it’s a bug. please submit bug reports from both sender and receiver so we can jump on it; we are triaging and chasing down each & all to avoid precisely this.

Very good. I'll keep my eye out and report as needed

I haven't, this should make a large difference!

Nice to see this finally happen :-)

Now that's good news! The old UI code was horrible

I'm using the latest. It's still horrible.

you might need to provide a more detailed bug report than that...

I mean, Matrix is great. I love it. But I would not be able to push Riot to my non-telecom-geek friends - the GUI is just so far from the experience you are used to with Whatsapp or Telegram. Messages that aren't deciphered? Scroll resetting mid-way? Click on reply and the GUI is stuck?

They've been working on that for quite a while and just had a major update to Riot (Web/X on Android/iOS) -- E2EE is now on by default. Have you tried the latest version? Most of the issues with key verification have been resolved (and now having users you haven't verified isn't as big of a scary warning as it was in the past -- in fact, I believe the default is that there isn't a warning unless there is a device present which a verified user hasn't signed). Also now there are per-account identities which are used to sign devices (the ever-elusive "cross-signing" feature), so you only need to verify a user once.

Security/crypto usability has a tragedy of the commons type underinvestment problem. No one does it well. You can have beautiful designs but it's pretty much impossible to monetize them because crypto exists at such a fundamental level, so nothing ever evolves. Exempli gratia, ~10 years of blockchain apps/investment have passed and I still use vim to hand edit my ~/.ssh/known_hosts file.

For me the main issue is the battery usage of Riot fdroid which is way too high (i don't know if the google play version have the same issue). Last time i tried it was using more than 50% of my battery just by sitting in the background.

is this on Riot or RiotX on Android? All dev in the last year has been on RiotX, which should be an unrecognisably better app and will shortly replace Riot on Android (hopefully end of June).

Sorry, i missed you comment. It's both for riot and riotx. Reading at opened issues on riotx though it seems that the approach to solve this would be to add server side events

Completely unrelated but are there any plans for setting a explicit content filter for riot? At the moment on RiotX you only need to scroll down 7 times in the room directory on matrix.org to see rooms dedicated to sexual content. I think it would be beneficial for broader mass adoption.

Yup. https://github.com/matrix-org/matrix-doc/blob/msc2313/propos... is the sort of direction this work is going; meanwhile we manually try to keep the matrix.org public directory uncontroversial.

No offense, but this comment is outdated since the recent UX overhaul. You should check it out sometime.

The UX overhaul was two weeks ago, I don't check Riot website daily.

I was hoping not to come off as unreasonable. Just wanted to make it clear to everyone that things have changed while being terse.

VC money mixed with open source software again. It didn't end well for Keybase. I hope Matrix has a monetization strategy.

Edit: for people interested there are company docs at https://beta.companieshouse.gov.uk/company/10873661/filing-h... eg. "25 Mar 2020 Total exemption full accounts" document (2.2) shows a yearly loss of almost 2M pounds.

Edit 2: it seems Matrix people no longer control 50% of their company shares, or I'm reading it wrong: https://beta.companieshouse.gov.uk/company/10873661/persons-...

But keybase still has their server software that people depend on and that isn't open source. Worst that could happen with New Vector is that they stop paying developers to work for the Matrix.org foundation but that would not prevent anyone from continuing to use the existing software

Yeah, we (Matrix) have a fundamentally different model to Keybase. The Matrix.org Foundation (https://matrix.org/foundation) is an independent neutral entity that safeguards the protocol and ecosystem, with the mission to protect it from being sabotaged by any actors in the ecosystem (including New Vector - https://vector.im, the startup founded by the team who created Matrix).

Even if New Vector did go evil (e.g: bought by EvilCorp; coerced into adding backdoors; tried to monetise user data/metadata; tried to relicense opensource stuff as proprietary; tried to add core functionality as paid-only) then both the Foundation and the wider ecosystem would fight back; rejecting the obnoxious changes to the spec, or simply going and supporting an alternative provider.

Meanwhile, if New Vector did implode, the team could still go elsewhere and keep working on Matrix if they wanted to - and there are an increasing number of folks who might hire them to do so. <plug>e.g. Automattic's new Matrix job opening! https://automattic.com/work-with-us/matrix-integrations-engi...

edit: the monetisation strategy for New Vector is selling Matrix hosting (https://modular.im) and helping out big folks like Governments who want to jump on board Matrix. While the company is certainly not profitable yet, it certainly has a path to being sustainable (otherwise folks like Automattic wouldn't invest!)

> the monetisation strategy for New Vector is selling Matrix hosting (https://modular.im) and helping out big folks like Governments who want to jump on board Matrix. While the company is certainly not profitable yet, it certainly has a path to being sustainable (otherwise folks like Automattic wouldn't invest!)

Thanks for this info! Exactly what I was looking for.

Nope, worse is that investors subtly want to extract value from them e.g. utilizing user data from identity server on vector.im or so.

Even if they just "went Keybase" not having people outside of the org working on it would slowly bring them the XMPP fate (irrelevance).

> Talking of moving, Hodgson says he expects Automattic to move over from Slack to Riot following this investment.

Here's hoping Automattic has enough influence to move the WordPress.org open source and community discussions (which are currently hosted on Slack, but used to take place on IRC) to Matrix too.

That's the hope - the pressure is on the Riot/Matrix side to ensure that the transition is a no-brainer in terms of UX :)

Are we currently able to easily integrate an existing community (usernames) to a matrix server?

With E2E encryption in place by default is there any real advantage in using Signal instead of Riot client for everyday communication with my friends? Riot desktop app is definitely more polished and customizable, video quality on all of my devices also seems to be a lot better.

Surprisingly the only thing that I am really missing is the ability to use custom sticker packs which got added to Signal a few months ago.

A short while ago (maybe 2 months?) I tried an audio call from Android and while I don't remember the details, the experience was bad enough that we both agreed to not do that again and use Signal in the future.

RiotX Android doesn't support calls at all according to the Play store page, while the old Riot Android client doesn't support cross-signing, search doesn't work, and it overall feels unpolished. It's still very much beta software.

VoIP has historically been a second class citizen in Riot, but we're trying to fix that right now. The implementation in RiotX is in mid flight up at https://github.com/vector-im/riotX-android/compare/feature/v... and Riot Android will be killed off shortly in favour of RiotX.

I miss Telegram's stickers like crazy. I'm going to try to contribute art once they get the feature out.

sounds awesome - I am looking forward to it

Signal supports SMS, so you don't need dedicated app and can handle them all in one app

I think they had more metadata collection than signal mainly due to the design. They were making progress on it however, but I dont know the status of the work.

If you don't have any servers, you don't collect any metadata ;) We're playing with this at https://fosdem.org/2020/schedule/event/dip_p2p_matrix/ and live at https://p2p.riot.im (albeit very alpha)

> Imagine if every WP site automatically came with its own Matrix room or community? Imagine if all content in WP automatically was published into Matrix as well as the Web?… Imagine there was an excellent Matrix client available as a WordPress plugin for embedding realtime chat into your site?”

I want to imagine it, but I really struggle to. Matrix is just too slow, bloated, and heavy. I cannot even fathom what a snappy experience with Matrix would be like. I look forward to something like this if it happens though!

The main Matrix.org homeserver is pretty slow because it's usually overloaded: https://matrixservers.anchel.nl/783115140

This is IMO mainly because they've stuck with the main implementation of the homeserver (Synapse) being written in Python. Had they've gone through with developing Dendrite as the main implementation, or perhaps even gone with one written in Rust, all of this would feel much snappier.

In a way, Dendrite is now being primed to be compiled to WASM and used in a p2p setup of Matrix, but hopefully we'll also see it running on servers instead of Synapse one day.

Although, to be fair, you can't really blame them too much though, they're a casualty to the Coronavirus effects like a lot of similar services are currently.

There are a bunch of Dendrites already running serverside on the public network there - it's almost out of alpha.

Meanwhile Conduit (http://conduit.rs/) is a new implementation in Rust which is making spectacular progress (it's overtaken Dendrite in some places already).

Both of them are unrecognisably snappy, relative to Synapse - even when Synapse isn't completely overloaded.

Very interesting! I hadn't heard of Conduit before.

So, if that's available, why not use Conduit as a candidate for the p2p-matrix? Wouldn't it be a better choice than Dendrite? AFAIK Mozilla is already heavily pushing Rust into the WASM territory so perhaps that would make a lot of sense.

Conduit doesn’t federate yet, but Dendrite does - and Dendrite is working surprisingly well for p2p already. But in future could use Conduit too; it’d probably be way smaller footprint.

Conduit looks fantastic, I might start using it and possibly contribute.

On that note, is hosting a git GUI a trend? If I want to contribute I have to sign up. I’d have dozens of logins if projects started doing this.

I wonder if matrix could work as a decentralized git.

Hi, you should be able to log in with your GitHub account on this page: https://git.koesters.xyz/user/login

You might be interested in https://radicle.xyz/

There's also a few servers running Construct (https://matrix.org/docs/projects/server/construct), a homeserver written in C++, on the network as well.

I don't use it myself, but I hear it's quite snappy too.

Just want to say this is my experience. I’ve tried a few times to set up a Matrix server and federating with and joining any room that’s larger/has more history is an exercise in frustration. High CPU usage, frequent timeouts. And this is with years between attempts; nothing really seems to have improved. And I’m still getting Matrix-related HTTP requests a month after taking the server down, which is a little annoying.

Obviously distributed and encrypted not an easy problem, but if this is what it is, it’s just not fit for purpose for me.

Joining big rooms is still slow because you currently have to check the keys of every server in the room before you know whether to trust the events in that room; we're fixing this with MSC1228 (using keys as identifiers so you don't have to separately check the keys).

Once you're in, though, performance has improved 2-3x over the last year, and there's easily 10-100x more improvements to be made one way or another. We're also about to add active/active clustering in Synapse at last, which should make bigger servers zippy.

In terms of receiving traffic after you've torn down the server; this is equivalent to getting people trying to talk SMTP to you on port 25 years after you've taken down your MTA. You can mitigate it by explicitly leaving all the rooms on your server before you tear it down, though; i've just filed a bug at https://github.com/matrix-org/synapse/issues/7551 to track maintaining a script to do so.

Sorry you've had a crap time so far though :(

This is the MSC you mentioned? https://github.com/matrix-org/matrix-doc/blob/rav/proposal/r...

I love the idea of using public keys as identifiers, but to be honest the current proposal does NOT give me a warm fuzzy feeling inside.

First, you’re having the server generate keys for the users. This is at best a “code smell” —- even if it works for your particular security goals, it sure feels weird. Zoom recently got absolutely blasted (and rightly so) for doing something similar. Why not have the user generate their own keypair, and then the server can sign the public half, essentially giving you a cert.

Second, there’s a lot of places where you have a layer of indirection between old @user:domain id’s and the new public keys. As an attacker, I would see every one of those places as extra attack surface where I might be able to exploit some confusion.

I hope this doesn’t come off as excessively negative. Matrix is awesome and you’re all doing a great job tackling some huge problems.

Yup, that's the right link, but I think you've misunderstood the intention of MSC1228.

The user identity keys are not used for encryption, let alone end-to-end encryption. These are of course only ever created on clients, and never leave the clients.

Instead, this is just a proposal for how to determine what servers are allowed to host a given identity. The proposal also predates E2E - nowadays we might also sign the keys with your E2EE keys to lock the chain of trust to the client.

I get why the whole indirection from @foo:bar.com through to new public keys might also feel weird, but in practice we have that indirection today - as you resolve (say) an email address to a matrix ID. It's basically making the old matrix IDs equivalent to today's 3rd party IDs (email or phone number or whatever).

So yup, understood that it smells funny, but I think the concerns aren't entirely well-founded here. That said, the proposal is ~2 years old, and we'll be dusting it off and sorting it out in the coming months in order to support P2P and speed up room joins, and that might be the point where we tie it into E2EE keys (or not).

Ah ok that does make me feel better. I’ll try to take a closer look when I have time. Thanks!

Has this ever worked out?

1: A new technology is being worked on by enthusiasts. Nobody knows if it will get mainstream traction or not.

2: A company puts in a siginificant amount of money to accelerate development and marketing.

3: The new technology gains mainstream traction.

Two examples I can think of for point 1 are Linux and PHP. I think both grew without money coming in, right?

Those criteria are so vague that they could apply to all technologies; or none of them. What separates a tech from another, who's considered to be a enthusiast and who isn't, what is traction and when is it mainstream, at what point does a pile of money stop being insignificant, ...

The Web & Netscape? At least, this is the pattern we're trying to copy with Matrix & New Vector. (Minus the AOL bit :/)

I think you could argue that the is the story of many popular open source projects that were developed first by employees of large companies: React, Go, JavaScript, TensorFlow come to mind.

WordPress itself.

The internet itself?

Every individual Matrix room is a multi-master, non-ACID database which uses its own data as security- and privacy-related configuration. Given how hard this is to get right, I'd really, really like to see Jepsen tests and a security audit done on more than the crypto aspect of Matrix.

There's a massive academic paper dedicated to Matrix's theoretical correctness (and the correctness of the Synapse implementation) going to be published in a few weeks. Wish it was already out, because it's spectacular :)

That said, nobody's done any Jepsen tests yet as far as we know, but we'd really welcome them!

Getting a Jepsen test done involves paying Aphyr for it, which I imagine you could do with this lovely new investment. Information here: https://jepsen.io/analyses

The first thing we earmarked the new investment for is doing a proper audit on the full stack - not just libolm (the e2ee ratchet implementation), but ideally an end-to-end audit of a typical best practice setup (e.g. E2EE-enabled registration/login/msg flows for Riot Web <-> Synapse <-> Riot Web), so we can then stamp a LTS label on it. We'll want to finish sorting teething problems on the new E2EE stuff though, as well as the scaling mess on Synapse first.

Sounds like Jepsen could certainly be part of that; we'll ping Aphyr when the time is right.

That is great news! Please post a link to a preprint when you can.

looking forward to that

I wish they would help fix/maintain the Matrix-Purple bridge, which would allow more people to use riot servers with clients such as pidgin. https://github.com/matrix-org/purple-matrix/issues/95

libpurple bridging support is being achieved through matrix-bifröst (https://github.com/matrix-org/matrix-bifrost), this is via node-purple.

Much confusion here. There are three different Matrix projects related to libpurple:

https://github.com/matrix-org/purple-matrix is a very basic proof-of-concept PRPL plugin that lets a libpurple client like Pidgin or Adium or Purism's Chatty connect to Matrix. We wrote it as a demo to inspire others hoping that someone from the Pidgin community might pick it up and polish it, but sadly there hasn't been much progress. We don't have bandwidth to finish it off ourselves.

Then there was matrix-appservice-purple (https://github.com/matrix-org/node-purple/tree/f5ad4ef798904...), which was a proof of concept bridge using node-purple which let Matrix connect to anything that libpurple can speak. We used it to demo bridging from Matrix into Skype via the skypeweb PRPL - but it was a very fragile quick hack demo.

Then this was replaced by Bifrost, a proper production-grade bridge engine: https://github.com/matrix-org/matrix-bifrost. It supports different plugins for the bridging, one of which is libpurple via node-purple (although most people use it as an XMPP bridge, via the xmpp.js plugin). This lets you connect from Matrix into any protocol supported by libpurple - effectively an equivalent of Bitlbee, but for Matrix rather than IRC.

Can someone give the “elevator pitch” of what sets Matrix apart?

Real-time decentralisation is the headline. Matrix allows you to host your own server, federate messages in real-time between servers, and still benefit from end-to-end encryption between multiple client devices.

Good place to get started reading: https://matrix.org/docs/guides/introduction

> Matrix allows you to host your own server, federate messages in real-time between servers, and still benefit from end-to-end encryption between multiple client devices.

This sounds like XMPP so nothing new.

What sets the Matrix apart is that they have the money and spend time and effort to get their clients into good shape. The E2E verification is a prime example: looks simple and works well.

Cross signing. If you already have a verified device you can use that device to verify new devices. That way you don't have to bother all your correspondents when you get a new phone.
bertman 11 days ago [flagged]

Apart from what? Compared to xmpp: Marketing mostly.

From a technical perspective, Matrix & XMPP are about as different as you can get. It's not just a marketing thing.

Matrix is a decentralised encrypted conversation store; where all conversation history gets replicated across all the participating servers/nodes. It's a bit like Git, or NNTP (Usenet) or possibly IMAP, depending on how you squint.

XMPP is a message-passing protocol; where stanzas get passed between servers/nodes. It's a bit like SMTP or SIP.

There are a bunch of other differences philosophically (Matrix is one big monolithic versioned spec; XMPP is a cloud of XEPs, etc) too.

The only similarity in the end is that you can use both to build chat systems (and you can use both to build a bunch of other things too - e.g. IOT use cases).

Another way of thinking of it is SVG versus Canvas. Or OpenGL versus a Scene Graph library (Open Inventor, or whatever that's become now). Sure you can use both to draw pretty pictures, but architecturally they couldn't be more different.

XMPP vs Matrix is a really interesting discussion. I don't think marketing is the main difference though, I think most developers would prefer to work with Matrix and the user experience is much better. Here's a decent past discussion that also links to older discussions:


I’m just not “in the know” to see if this is the case, but I just found myself taking a look at the site and thinking “what’s new about this?”

Let's hope they use that money to make synapse more lightweight...

Synapse plus a few bridge just eats all my server's resources. Go wonder why they chose to do it in python...

Glad to see this, I hope open source communication will be the preferred first choice.

Why? openness Archiving Enabling access to all

IRC used to be used open I hope Matrix and IRCv3 takes over.

This will not work. There are no incentives for different groups of people to collaborate on a single shared communication standard. The incentive is for entities to keep data to themselves. Also, this standard is too complex and unclear. Complex standards which try to bring together many different technologies under one abstraction never seem to work.

Also, universal standards are not necessarily a good thing. Decentralization with multiple competing tools and standards is good as it provides redundancy and opportunities for specialization.

> This will not work.

They seem to be doing fine:

~10.0M global visible accounts

~2.5M messages per day

~4.5M unbridged accounts

~500K unbridged messages per day

~2.1M rooms that Matrix.org participates in

~20,000 federated servers

~3000 msgs/s out, ~30 msgs/s in on Matrix.org

~400 projects building on Matrix

~70 companies building on Matrix


They're up to 20k visible servers from about 5.5k servers in September 2018, and if you look here: https://youtu.be/1TPICntbC5w?t=1692 you can see the growth curve looks pretty good.

> Also, universal standards are not necessarily a good thing. Decentralization with multiple competing tools and standards is good

Matrix explicitly doesn't try to be "the one true standard". That's the whole idea of their bridging model: https://youtu.be/1TPICntbC5w?t=296

10M accounts with 2M rooms sounds odd, any explanation?

10M (nowadays 16.8M) is the total number of matrix IDs we can see from matrix.org based on phone-home stats from Synapse. 2M (nowadays 5.18M) is the total number of matrix rooms from Synapse.

The ratio is about what we'd expect - there's a mix of DMs, private rooms, and massive public rooms; the DMs will dominate, hence this ratio. Every conversation in Matrix happens in a "room" (even DMs), under the hood, which might be the point of confusion here.

OK, didn't know you call private conversation room

What seems odd about that?

I don't know about federation, but to me matrix hits the right spot for people that want modern chat (irc with full history & e2e encryption) in-house. I know my org is using it heavily on a custom install. I think the French government also announced some time ago some kind of adoption. I hope we can get away from whatsapp, telegram, slack and anything Google when we want.

Only things missing (to me) is a full Java API. I built one for bots and quick fleet-history-monitoring, but it's clunky...

> Decentralization with multiple competing tools and standards is good as it provides redundancy and opportunities for specialization

Strange argument. This is one of those competing, decentralised standards you are asking for. It’s not clear that fragmentation is better for chat services, even if like you say commercial interests lead to that. Would the web be better if information was spread across 10 competing incompatible versions of http/dns/html/web browser?

i think this is great, VC $ aside. my biggest issue with contributing to Riot or Matrix ecosystem from a Client UI perspective is (from what i remember) the weirdness of the Riot client being half separated into two repos. it makes the barrier to entry seem too high. my hope is that this investment can resolve these concerns

is there some Matrix Android app with SMS support to replace Signal?

Reading the headline I thought Matrix is acquiring Automattic.

We changed the URL from https://matrix.org/blog/2020/05/21/welcoming-automattic-to-m... to an article that gives more background. (via https://news.ycombinator.com/item?id=23256180)

I disagree with this editorialization. You have driven clicks away from the source website (content origin) over to a 3rd party entity running ads and writing their own narrative "Automattic pumps...").

uBlock has blocked 31 (actually, 38 and counting - dynamic while open - oops, up to 41 now) intrusive ads/trackers on your new link to a commercial website, and zero on the original link to the source of information. I do not want this as a reader and feel given the subject matter (privacy, e2e chats, etc.) that this move is not in the best interests of the people reading this link or article.

Generally we prefer original sources, of course (https://news.ycombinator.com/newsguidelines.html), but corporate press releases are special in a bad way. They tend not to contain background or interesting detail. They are written in bland PR language that surely every intelligent reader finds gross. (I'm by no means saying that media articles are great, but PR language is truly the bottom of the barrel.) Whatever is interesting in a new development, they often obscure. They lead to more generic discussion, which is worse discussion for HN (https://hn.algolia.com/?dateRange=all&page=0&prefix=true&que...). So they're more or less deprecated here.

I hear you about the ads etc. and agree in principle, but it's a separate issue. That's how media work right now. We may not like it but it doesn't mean we should bite our nose off to spite them.

Btw, it's possible that I made the wrong call in this case. I didn't look closely either at the PR release or at the TC article—I just skimmed them. But the above is the heuristic we use, and I'm pretty sure it's the right one for HN.

I think the confusion might be my fault in this instance, as the author of the original Matrix.org blog post. The post wasn't a PR or written as a PR (and I hate PRs like the best of them)... but in retrospect I see that the headline and the banner image could make you think that it was. Hopefully the contents of the blogpost itself wasn't bland & gross tho :/

Ironically, the /actual/ PR for this was at the bottom of https://blog.vector.im/automattic-backs-matrix-investing-4-6... - which indeed is bland PR language, intended to convey the bare facts to journos rather than actually be read by normal folk :)

The heuristic worked and the TC article provides a lot more background and context about this deal. It's not a close (never mind wrong) call in this particular case.

Weird change to me.

The official post is concise and contains all of the important information, while the Techcrunch "article" is mostly just a string of rambling quotes with filler sentences.

Techcrunch has horrible quality in general, and is only accessible in Europe through a basically malicious tracking opt out.

Since when are low effort aggregators preferred over the original source/announcement? The TC article would be just fine as a comment...

Excuse me... what am I missing here? Is this just some sort of donation or does Matrix have plans to make money (how?)?

It's not a donation to the Matrix.org Foundation, it's an equity investment in New Vector (https://vector.im), the startup that the folks who created Matrix began in order to make money to support Matrix development. New Vector makes money by selling Matrix hosting (https://modular.im) and providing consulting/support/services to large folks building on Matrix.

Off topic but the language here ... What is it about it that makes it plastic? For example it employs the phrases "that said" and "not least" which are generic, throw aways.

New projects are a kind of success itself so we expect the principals to be ebullient. But the prose is over the top. It gushes. Quantum computing wasn't invented here.

It's the IT corporate form of Hollywood but in words: Another theoretically innvoative industry except it isn't: It largely can't make an original film.

The older I get, the more I am in agreement with English Profs: use a better adjective, could you? Don't repeat. Avoid generic over used phrasing. In short: is it too much to ask that your language had a pulse? Game? Personality?

Guidelines | FAQ | Support | API | Security | Lists | Bookmarklet | Legal | Apply to YC | Contact