| 14 Jun 2019 |
 Maximus | the point is not related to that config option which I am aware of. Again, the research is with default config values. The default config value is that it's commented out and burried in a file which is fully commented. The | 12:28:49 |
| Maximus | default | 12:28:50 |
| Maximus | value is also not necessary for the protocol to work, or for any security reason | 12:29:04 |
| Maximus | That's the meaning of the sentence. | 12:29:15 |
| Maximus | if you think it should be worded differently, feel free to suggest | 12:29:26 |
 @mat:tout.im | again, fine, but the comment is misleading. | 12:29:35 |
| @mat:tout.im | ok give me 2 | 12:29:38 |
| @mat:tout.im | the problematic part to me is that it make it think it's not possible by config to do so, because you insist on changing the code. while it is now. it was probably written before this commit | 12:31:15 |
| @mat:tout.im | We have confirmed that removing the matrix.org entry from the default trusted_key_servers configuration does not prevent synapse from exchanging data with other servers in a secure manner to the best of our knowledge. We have been running such a setup on some of our Homeservers for several months without any issue. | 12:32:54 |
| @mat:tout.im | here is a suggestion | 12:33:05 |
| @mat:tout.im | but I undestand why you wrote it, this commit is 8 days old | 12:33:25 |
| Maximus | I agree the wording may be misleading | 12:33:42 |
| @mat:tout.im | after reading mat answers I think you are being unfair on _cfduid too. The fact that is Cloudfare doing so and not NV is lost in the middle of the paragraph, and the last sentence is extremely alarming, in a dedicated bullet point, and make you think Matrix people are doing it on purpose. | 13:26:54 |
| @mat:tout.im | the rest is a matter of point of view / priorities that clearly differ | 13:27:32 |
| @mat:tout.im | In reply to @mat:tout.im
after reading mat answers I think you are being unfair on _cfduid too. The fact that is Cloudfare doing so and not NV is lost in the middle of the paragraph, and the last sentence is extremely alarming, in a dedicated bullet point, and make you think Matrix people are doing it on purpose. First I thought that you didn't mention Cloudfare at all here, so I went back to read | 13:28:02 |
| Maximus | I'm sorry but I don't follow: is Cloudflare suddendly hijacking people's website and forcing traffic through their servers? Last I'm aware, using Cloudflare is a deliberate choice. There is no free pass on specific things that they do like "oh, it's not us". | 13:29:19 |
| Maximus | The sensitivity of the matrix.to domain has been debated at length. Nobody is forcing them to use Cloudflare | 13:30:19 |
| Maximus | Also, I just realise we are in the mxisd room discussing the review. Let's continue in #kamax-matrix:kamax.io please | 13:30:47 |
| @mat:tout.im | come on... it's a fact, it's not them. they should put better warnings regarding the use of Cloudfare, but it's a side effect of being DDoS | 13:31:12 |
| @mat:tout.im | agreed that they should probably try to use a not US based company for that however | 13:31:36 |
| Maximus | Cloudflare is not the only CDN/DDoS protector in existence | 13:31:39 |
| @mat:tout.im | agreed | 13:31:47 |
| Maximus | but again, it's not my problem as a user. Why they do it is irrelevant. The cookie is being set and users tracked for no reason or legitimate purpose | 13:32:16 |
| Maximus | you keep bringing up reasons why things would be acceptable. That is out of scope of the paper, or discussions about it. We don't take a stance on the acceptability of their action. We take a stance that all of this is happening, it has been reported several times, accross several years, and it got worse and worse. So here's the status for Matrix v1.0 | 13:33:37 |
| Maximus | If you find a factual error, e.g. "this endpoint is called when X is done" but it is in fact not, we'll correct directly. For the rest, we word it however we see fit for our targeted audiance. | 13:35:09 |
| @mat:tout.im | fine. that's your call, it's also the call of other people like me to either advertise the problems through your paper, or thinking you are trying to be misleading and alarmist, which you just confirm. so I'll just concentrate on the actual big problems and not reference your paper. Too bad, it was really not far. | 13:40:33 |
| Maximus | We didn't write the paper to advertise | 13:41:22 |
| Maximus | we wrote the paper to put down all our knowledge in a single, articulated document so people can make informed descision. If you think a few words matter so much that you shouldn't share, no problem. As I said, you read it, you could make an informed descision, an I am extremely happy. The paper served its intended purpose. | 13:42:35 |
| @mat:tout.im | anyway thx bc now I can track and create bugs from it | 13:42:48 |
| @mat:tout.im | 👍️ | 13:42:51 |
