<rss version="2.0" xmlns:dc="http://purl.org/dc/elements/1.1/" xmlns:atom="http://www.w3.org/2005/Atom"><channel><title>Hacker News: Arathorn</title><link>https://news.ycombinator.com/user?id=Arathorn</link><description>Hacker News RSS</description><docs>https://hnrss.org/</docs><generator>hnrss v2.1.1</generator><lastBuildDate>Mon, 13 Jul 2026 05:42:14 +0000</lastBuildDate><atom:link href="https://hnrss.org/user?id=Arathorn" rel="self" type="application/rss+xml"></atom:link><item><title><![CDATA[New comment by Arathorn in "How should group chats work in decentralized systems?"]]></title><description><![CDATA[
<p>P2P Matrix (and Matrix over DMLS) is back as of a few days ago: see <a href="https://arewep2pyet.com" rel="nofollow">https://arewep2pyet.com</a> and in particular <a href="https://arewep2pyet.com/assets/pdf/2026-07-09%20DWebCamp%20P2P%20Matrix%20-%20A%20New%20Hope.pdf" rel="nofollow">https://arewep2pyet.com/assets/pdf/2026-07-09%20DWebCamp%20P...</a> :)</p>
]]></description><pubDate>Sun, 12 Jul 2026 06:43:08 +0000</pubDate><link>https://news.ycombinator.com/item?id=48878924</link><dc:creator>Arathorn</dc:creator><comments>https://news.ycombinator.com/item?id=48878924</comments><guid isPermaLink="false">https://news.ycombinator.com/item?id=48878924</guid></item><item><title><![CDATA[New comment by Arathorn in "Element 26.07.3, a Matrix client, adds content scanning infrastructure"]]></title><description><![CDATA[
<p>This is just the ~8 year old ICAP antivirus scanning system which Element has always had, built for government customer deployments who need antivirus, but implemented for Element X<p><a href="https://github.com/matrix-org/matrix-content-scanner" rel="nofollow">https://github.com/matrix-org/matrix-content-scanner</a><p><a href="https://github.com/element-hq/matrix-content-scanner-python" rel="nofollow">https://github.com/element-hq/matrix-content-scanner-python</a><p>etc.<p>This is nothing to do with ChatControl or Online Safety Act where you can see our position here:<p><a href="https://element.io/blog/the-online-safety-bill-an-attack-on-encryption/" rel="nofollow">https://element.io/blog/the-online-safety-bill-an-attack-on-...</a></p>
]]></description><pubDate>Sun, 12 Jul 2026 06:36:51 +0000</pubDate><link>https://news.ycombinator.com/item?id=48878893</link><dc:creator>Arathorn</dc:creator><comments>https://news.ycombinator.com/item?id=48878893</comments><guid isPermaLink="false">https://news.ycombinator.com/item?id=48878893</guid></item><item><title><![CDATA[New comment by Arathorn in "Grit: Rewriting Git in Rust with agents"]]></title><description><![CDATA[
<p>you may be shocked to hear that this is gemini hallucinating; Element (creators of Matrix) has never taken investment from a16z; it must be getting mixed up with a different Element.</p>
]]></description><pubDate>Wed, 10 Jun 2026 19:43:26 +0000</pubDate><link>https://news.ycombinator.com/item?id=48481595</link><dc:creator>Arathorn</dc:creator><comments>https://news.ycombinator.com/item?id=48481595</comments><guid isPermaLink="false">https://news.ycombinator.com/item?id=48481595</guid></item><item><title><![CDATA[New comment by Arathorn in "Wire to Replace Signal as Standard in the Bundestag"]]></title><description><![CDATA[
<p>there is a definite irony in switching from being vendorlocked to Signal (open source but closed and locked to a US non-profit) to being vendorlocked to Wire (open source but closed and locked to a German/Swiss for-profit) - talk about jumping from the frying pan into the fire :)<p>Meanwhile the rest of Europe (and much of the rest of Germany) seems to have converged on Matrix as a genuine open standard with various different commercial vendors (Element, Rocket Chat, Famedly, connect2x etc), avoiding vendor lock and so giving actual digital sovereignty: <a href="https://element.io/matrix-in-europe" rel="nofollow">https://element.io/matrix-in-europe</a></p>
]]></description><pubDate>Wed, 29 Apr 2026 08:47:26 +0000</pubDate><link>https://news.ycombinator.com/item?id=47945735</link><dc:creator>Arathorn</dc:creator><comments>https://news.ycombinator.com/item?id=47945735</comments><guid isPermaLink="false">https://news.ycombinator.com/item?id=47945735</guid></item><item><title><![CDATA[Public sector Matrix deployments in Europe]]></title><description><![CDATA[
<p>Article URL: <a href="https://element.io/matrix-in-europe">https://element.io/matrix-in-europe</a></p>
<p>Comments URL: <a href="https://news.ycombinator.com/item?id=47868846">https://news.ycombinator.com/item?id=47868846</a></p>
<p>Points: 7</p>
<p># Comments: 0</p>
]]></description><pubDate>Wed, 22 Apr 2026 20:25:09 +0000</pubDate><link>https://element.io/matrix-in-europe</link><dc:creator>Arathorn</dc:creator><comments>https://news.ycombinator.com/item?id=47868846</comments><guid isPermaLink="false">https://news.ycombinator.com/item?id=47868846</guid></item><item><title><![CDATA[New comment by Arathorn in "European civil servants are being forced off WhatsApp"]]></title><description><![CDATA[
<p>If you're talking about <a href="https://matrix.org/blog/2026/02/analysis-of-reported-issues-in-vodozemac" rel="nofollow">https://matrix.org/blog/2026/02/analysis-of-reported-issues-...</a>, I'm not <i>entirely</i> sure that characterisation is accurate :)</p>
]]></description><pubDate>Fri, 17 Apr 2026 09:46:28 +0000</pubDate><link>https://news.ycombinator.com/item?id=47804152</link><dc:creator>Arathorn</dc:creator><comments>https://news.ycombinator.com/item?id=47804152</comments><guid isPermaLink="false">https://news.ycombinator.com/item?id=47804152</guid></item><item><title><![CDATA[New comment by Arathorn in "European civil servants are being forced off WhatsApp"]]></title><description><![CDATA[
<p>It's more that they haven't gone public with it yet, and it's not for us to out them :)</p>
]]></description><pubDate>Fri, 17 Apr 2026 09:43:27 +0000</pubDate><link>https://news.ycombinator.com/item?id=47804139</link><dc:creator>Arathorn</dc:creator><comments>https://news.ycombinator.com/item?id=47804139</comments><guid isPermaLink="false">https://news.ycombinator.com/item?id=47804139</guid></item><item><title><![CDATA[New comment by Arathorn in "European civil servants are being forced off WhatsApp"]]></title><description><![CDATA[
<p>There's a big gap between lots of orgs using it, and lots of orgs paying for development of it.  That said, BWI in Germany is currently funding custom status so it should be coming soon :)</p>
]]></description><pubDate>Fri, 17 Apr 2026 09:41:26 +0000</pubDate><link>https://news.ycombinator.com/item?id=47804129</link><dc:creator>Arathorn</dc:creator><comments>https://news.ycombinator.com/item?id=47804129</comments><guid isPermaLink="false">https://news.ycombinator.com/item?id=47804129</guid></item><item><title><![CDATA[New comment by Arathorn in "European civil servants are being forced off WhatsApp"]]></title><description><![CDATA[
<p>This is true. We just published a map of it: <a href="https://element.io/en/matrix-in-europe" rel="nofollow">https://element.io/en/matrix-in-europe</a></p>
]]></description><pubDate>Thu, 16 Apr 2026 21:25:53 +0000</pubDate><link>https://news.ycombinator.com/item?id=47799697</link><dc:creator>Arathorn</dc:creator><comments>https://news.ycombinator.com/item?id=47799697</comments><guid isPermaLink="false">https://news.ycombinator.com/item?id=47799697</guid></item><item><title><![CDATA[New comment by Arathorn in "EFF is leaving X"]]></title><description><![CDATA[
<p>On the Matrix side, "unexpected" decryption errors got fixed in ~Sept 2024.<p>(There are still a few scenarios where e.g. if you delete your identity keys by logging out of all your clients, you may get "expected" decryption errors. We're still working on those.)</p>
]]></description><pubDate>Thu, 09 Apr 2026 20:54:25 +0000</pubDate><link>https://news.ycombinator.com/item?id=47709912</link><dc:creator>Arathorn</dc:creator><comments>https://news.ycombinator.com/item?id=47709912</comments><guid isPermaLink="false">https://news.ycombinator.com/item?id=47709912</guid></item><item><title><![CDATA[New comment by Arathorn in "Microsoft's "fix" for Windows 11"]]></title><description><![CDATA[
<p>potentially wrapping their own package or distro rather than using something like ESS Community? Or perhaps they left registration open and had abuse problems?</p>
]]></description><pubDate>Thu, 26 Mar 2026 20:12:58 +0000</pubDate><link>https://news.ycombinator.com/item?id=47535125</link><dc:creator>Arathorn</dc:creator><comments>https://news.ycombinator.com/item?id=47535125</comments><guid isPermaLink="false">https://news.ycombinator.com/item?id=47535125</guid></item><item><title><![CDATA[Vulnerabilities in Signal Sealed Sender and Usernames]]></title><description><![CDATA[
<p>Article URL: <a href="https://eprint.iacr.org/2026/484">https://eprint.iacr.org/2026/484</a></p>
<p>Comments URL: <a href="https://news.ycombinator.com/item?id=47310169">https://news.ycombinator.com/item?id=47310169</a></p>
<p>Points: 5</p>
<p># Comments: 0</p>
]]></description><pubDate>Mon, 09 Mar 2026 15:13:40 +0000</pubDate><link>https://eprint.iacr.org/2026/484</link><dc:creator>Arathorn</dc:creator><comments>https://news.ycombinator.com/item?id=47310169</comments><guid isPermaLink="false">https://news.ycombinator.com/item?id=47310169</guid></item><item><title><![CDATA[New comment by Arathorn in "Ask HN: Where do you save links, notes and random useful stuff?"]]></title><description><![CDATA[
<p>ooh, that's cool - come tell us about it in matrix.to/#/#twim:matrix.org when it's ready :)</p>
]]></description><pubDate>Tue, 24 Feb 2026 12:23:18 +0000</pubDate><link>https://news.ycombinator.com/item?id=47136226</link><dc:creator>Arathorn</dc:creator><comments>https://news.ycombinator.com/item?id=47136226</comments><guid isPermaLink="false">https://news.ycombinator.com/item?id=47136226</guid></item><item><title><![CDATA[New comment by Arathorn in "Cloudflare outage on February 20, 2026"]]></title><description><![CDATA[
<p>the main bit of auth which was left unimplemented on matrix-workers was the critical logic which authorizes traffic over federation: <a href="https://spec.matrix.org/latest/server-server-api/#authorization-rules" rel="nofollow">https://spec.matrix.org/latest/server-server-api/#authorizat...</a><p>Auth for clients is also specified in the spec - there is some scope for homeservers to freestyle, but nowadays they have to implement OIDC: <a href="https://spec.matrix.org/latest/client-server-api/#client-authentication" rel="nofollow">https://spec.matrix.org/latest/client-server-api/#client-aut...</a></p>
]]></description><pubDate>Sun, 22 Feb 2026 00:09:31 +0000</pubDate><link>https://news.ycombinator.com/item?id=47106537</link><dc:creator>Arathorn</dc:creator><comments>https://news.ycombinator.com/item?id=47106537</comments><guid isPermaLink="false">https://news.ycombinator.com/item?id=47106537</guid></item><item><title><![CDATA[New comment by Arathorn in "Welcoming Discord users amidst the challenge of Age Verification"]]></title><description><![CDATA[
<p>Yes, that's the difference. Loads of Matrix servers have nothing exposed to index, and steer clear of public rooms, and so wouldn't show up on MRS's stats.<p>Whereas I literally select count(*)'d from the destinations table on matrix.org, filtered on servers which had been federating in the last week(?) in order to get the specific stats above.  (And then count(*) of all time for the 150K figure).</p>
]]></description><pubDate>Fri, 20 Feb 2026 14:43:14 +0000</pubDate><link>https://news.ycombinator.com/item?id=47088634</link><dc:creator>Arathorn</dc:creator><comments>https://news.ycombinator.com/item?id=47088634</comments><guid isPermaLink="false">https://news.ycombinator.com/item?id=47088634</guid></item><item><title><![CDATA[New comment by Arathorn in "Running My Own XMPP Server"]]></title><description><![CDATA[
<p>On the Matrix accessibility side, Element X has improved loads over the years - <a href="https://element.io/blog/helping-to-get-everyone-in-their-element/" rel="nofollow">https://element.io/blog/helping-to-get-everyone-in-their-ele...</a> and <a href="https://element.io/blog/element-is-accessible-by-design/" rel="nofollow">https://element.io/blog/element-is-accessible-by-design/</a> etc.</p>
]]></description><pubDate>Mon, 16 Feb 2026 14:29:19 +0000</pubDate><link>https://news.ycombinator.com/item?id=47035418</link><dc:creator>Arathorn</dc:creator><comments>https://news.ycombinator.com/item?id=47035418</comments><guid isPermaLink="false">https://news.ycombinator.com/item?id=47035418</guid></item><item><title><![CDATA[New comment by Arathorn in "Welcoming Discord users amidst the challenge of Age Verification"]]></title><description><![CDATA[
<p>The idea of crowdfunding Discordish features for Matrix from disaffected Discorders (e.g. using the premium acct system we've built for matrix.org) has come up a bunch.<p>The problem is more that Element team is seriously stretched (particularly after the various misadventures outlined here: <a href="https://youtu.be/lkCKhP1jxdk?t=740" rel="nofollow">https://youtu.be/lkCKhP1jxdk?t=740</a>) - so even if there was a pot of money to (say) merge custom emoji PRs... the team is more than overloaded already with commitments to folks like NATO and the UN.  Meanwhile, onboarding new folks and figuring out how to do the Discordy features and launch a separately Discordy app under a Discordy server would also be a major distraction from ensuring Element gets sustainable by selling govtech messaging solutions.<p>So, we're caught in a catch-22 for now. One solution would be for other projects to build Discordy solutions on top of Matrix (like Cinny or Commet), or fork Element to be more Discordy (and run their own crowdfunders, perhaps in conjunction with The Matrix Foundation). Otherwise, we have to wait for Element to get sustainable via govtech work so it can eventually think about diversifying back into consumer apps.</p>
]]></description><pubDate>Fri, 13 Feb 2026 20:12:02 +0000</pubDate><link>https://news.ycombinator.com/item?id=47007204</link><dc:creator>Arathorn</dc:creator><comments>https://news.ycombinator.com/item?id=47007204</comments><guid isPermaLink="false">https://news.ycombinator.com/item?id=47007204</guid></item><item><title><![CDATA[New comment by Arathorn in "Welcoming Discord users amidst the challenge of Age Verification"]]></title><description><![CDATA[
<p>that would be a bit like w3c.org not running a web server on their domain…?</p>
]]></description><pubDate>Fri, 13 Feb 2026 08:09:17 +0000</pubDate><link>https://news.ycombinator.com/item?id=47000207</link><dc:creator>Arathorn</dc:creator><comments>https://news.ycombinator.com/item?id=47000207</comments><guid isPermaLink="false">https://news.ycombinator.com/item?id=47000207</guid></item><item><title><![CDATA[New comment by Arathorn in "Welcoming Discord users amidst the challenge of Age Verification"]]></title><description><![CDATA[
<p>We're taking it for granted that people do not want to be tracked on the internet, and certainly don't want everyone to have to verify themselves on every site they use.  I personally spent ages of time campaigning against the legislation (and lost) - e.g. <a href="https://matrix.org/blog/2021/05/19/how-the-uk-s-online-safety-bill-threatens-matrix/" rel="nofollow">https://matrix.org/blog/2021/05/19/how-the-uk-s-online-safet...</a> and <a href="https://element.io/blog/the-online-safety-bill-an-attack-on-encryption/" rel="nofollow">https://element.io/blog/the-online-safety-bill-an-attack-on-...</a> etc.<p>The difference with Discord is that Matrix is a protocol, not a service.  It's made up of thousands of servers run by different people in different countries.  Public instances may choose to verify users in affected countries to abide by the law; others may choose to run a private instance instead.</p>
]]></description><pubDate>Thu, 12 Feb 2026 23:23:14 +0000</pubDate><link>https://news.ycombinator.com/item?id=46996722</link><dc:creator>Arathorn</dc:creator><comments>https://news.ycombinator.com/item?id=46996722</comments><guid isPermaLink="false">https://news.ycombinator.com/item?id=46996722</guid></item><item><title><![CDATA[New comment by Arathorn in "Welcoming Discord users amidst the challenge of Age Verification"]]></title><description><![CDATA[
<p>That post is 2023 vintage and is both outdated and questionable in parts.<p>19. "media downloads are unauthenticated by default" -> fixed in Jun 2024: <a href="https://matrix.org/blog/2024/06/26/sunsetting-unauthenticated-media/" rel="nofollow">https://matrix.org/blog/2024/06/26/sunsetting-unauthenticate...</a><p>20. "ask someone else’s homeserver to replicate media" -> also fixed by authenticated media<p>21. "media uploads are unverified by default" - for E2EE this is very much a feature; running file transfers through an antivirus scanner would break E2EE.  (Some enterprisey clients like Element Pro do offer scanning at download, but you typically wouldn't want to do it at upload given by the time people download the AV defs might be stale).  For non-encrypted media, content can and is scanned on upload - e.g. by <a href="https://github.com/matrix-org/synapse-spamcheck-badlist" rel="nofollow">https://github.com/matrix-org/synapse-spamcheck-badlist</a><p>22. "all it takes is for one of your users to request media from an undesirable room for your homeserver to also serve up copies of it" - yes, this is true. similarly, if you host an IMAP server for your friends, and one of them gets spammed with illegal content, it unfortunately becomes your problem.<p>In terms of "invisible events in rooms can somehow download abusive content onto servers and clients" - I'm not aware of how that would work. Clients obviously download media when users try to view it; if the event is invisible then the client won't try to render it and won't try to download the media.<p>Nowadays many clients hide media in public rooms, so you have to manually click on the blurhash to download the file to your server anyway.</p>
]]></description><pubDate>Thu, 12 Feb 2026 22:57:22 +0000</pubDate><link>https://news.ycombinator.com/item?id=46996477</link><dc:creator>Arathorn</dc:creator><comments>https://news.ycombinator.com/item?id=46996477</comments><guid isPermaLink="false">https://news.ycombinator.com/item?id=46996477</guid></item></channel></rss>