Julian OliverFeb 23

One of the common misnomers around the migration away from toxic tech stacks is that the options are either 1) services managed by a company or 2) everyone #selfhosting themselves.

There is however an often overlooked 3rd option of community-scaled infrastructure. Here a group identifies their needs, plans & deploys to meet them. Much like a community garden, that infrastructure has people skilled & dedicated to its upkeep in providing for that group, working bees & skillshare as needed.

1/n

Show threadJulian OliverFeb 23

Here are some examples of this at work, in this case the Slack alternative Mattermost:

1. Our own instance in DE, used for online training
2. My friend's instance served from under her desk, on which I teach her students in CA
3. An instance in CH hosting thousands of environmental defenders that I deployed
4 An instance we deployed in IS hosting a US immigration support NGO, resistant to ICE warrants

There is no one deployment for all here, each instance meets the unique needs of the group

Show threadCRSFeb 24
@JulianOliver please use matrix bro. Mattermost isn’t that OpenSource! Most of the good things things are closed and enterprise.
Show threadJulian OliverFeb 24
@xr1st0ph Matrix/Element is great in many ways (E2EE) but memberships I've deployed for have found it too geeky, whereas alt platform averse can generally smoothly bump from Slack to MM with little to no complaints. Matrix/Element is also too sluggish for big channels of 1k+ members, even on powerful machines. Runs hot & starts to crawl in the thousands, whereas MM cruises through it. Matrix on smaller scales? Fine. I think their Olm, implementation of Double Ratchet holds them back a bit there.
Show threadCRSFeb 24
@JulianOliver we moved from rocket chat to matrix 2 yr ago. we have alot of groups. some with over 1k+ users. Our userbase is 60+. it works. Not saying it is all smooth. but mattermost is us based, and isnt real open. you have to pay the http://sso.tax/ ... yea the nice ui ... ok but element is getting there. the element X app is so good!
remarkable, that in your sphere of influence, UX is more important than opsec to you. why?
The SSO Wall of Shame

A list of vendors that treat single sign-on as a luxury feature, not a core security requirement.

The SSO Wall of Shame
Show threadJulian OliverFeb 24

@xr1st0ph The opsec with Mattermost is great when self-hosted & push notifications running through your own push server. Metadata quiet on the wire & FLOSS (team edition).

Again, we have deployed Matrix for groups, but IME it is a higher risk migration target with more ontraining req. Many are coming from Slack too, so for this case esp MM is by far the smoother journey.

If tech-averse get cold feet they will never move again & stay on US bigtech.

You either listen to people or you lose them

Show threadJulian OliverFeb 24

@xr1st0ph I use Matrix every day btw (with Element). As for SSO, we urge groups that choose MM to steer clear of it. Rather 2FA to email, ideally at their selfhosted MTA.

However some employ OAuth2 for auth flow from selfhosted platforms like GitLab, Nextcloud etc. This can work very well.

Show threadCRS
@JulianOliver yea there is this hack right? is it still possible to use the gitlab in the teams version for some keycloak i.e.?
Feb 24 at 8:05amWeb