Hacker Newsnew | past | comments | ask | show | jobs | submit | snorge's commentslogin

Does anyone have experience with Matrix? [0] I haven't tried it yet but the site looks interesting.

0: http://matrix.org/


Works great. Definitely check it out. (I found Matrix after trying to write an XMPP client and becoming a giggly/teary-eyed wreck trying to parse out how many incomplete extensions I would have to implement to get multi-device working. Previously: [1]) I now use matrix daily from all of my devices, mobile and desktop alike.

They're also working on an Axolotl rachet implementation: https://matrix.org/git/olm/ It's not integrated yet, sadly, but I'm eagerly awaiting seeing it jump in as a first-class supported feature.

---

[1]: https://news.ycombinator.com/item?id=9772968


I'm conflicted on Axolotl. For every layer of security you add, you increase the odds of someone doing something careless (this[1] is way more common than you'd think).

Key-leak healing is an interesting function out-of-the-box, but if your priv key gets uploaded accidentally, odds are so did your DH Identity/Ratchet/Chain keys as well, effectively rendering you "fully compromised". It only offers protection in an instance where you keep your keys compartmentalized.

Is there a general consensus within the crypto community as to whether a) this is conceptually sound, and b) if there's an audited implementation? It's so so easy to mess up and have that error be overlooked (i.e. the OpenSSL debacle), which makes me want to just stick with the tried and true GPG DH/ELG setup with PKI and revocation. Definitely a real interesting project to watch and a real interesting take on perfect-forward secrecy though! Thanks for your feedback. If you see this, read my other post in this thread and e-mail me, I'd love your feedback.

[1]http://rdist.root.org/2008/02/05/tlsssl-predictable-iv-flaw/


What are your plans for supporting other databases?


Redshift, Druid and Presto are in planning, but in general, we're going to build drivers in the order of community demand. If you have a specific db, open an issue or chime in on one of the open driver issues letting us know it's important.


Support for some of the more common JDBC drivers would be nice, like SQLite, MS SQL and (shudder) Oracle. I know Korma supports all of these (http://www.sqlkorma.com/docs#db), and it seems like you use that.


His patch after review is linked in the last line of the article:

https://lkml.org/lkml/2015/10/12/427


Wow. I'd had to search LKML to find the patch, and I wondered why the article didn't seem to have a link. Turns out the article's CSS makes the link almost completely indistinguishable from regular text. Text uses dark grey (#3a3a3a), and links use black (#000000), with no decoration either.


:enew


Thanks :) I'd completely forgotten about enew.


Just what I needed. Thanks!


Consider applying for YC's Summer 2026 batch! Applications are open till May 4

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: