Mikina

Hello!

With the recent news about Discord, I've seen several people starting to consider Matrix as an alternative. That's why I wanted to share my experience with self-hosting it, because the whole hosting and upkeep of the server can be extremely simplified (and kind of cheap), if you choose the right tools for the job.

tl;dr - You can host Matrix with 2 very simple config changes and around 4 commands through this ansible project.

A little disclaimer - my use-case for Matrix is mostly to just bridge other messanging platforms, in my case it's Discord (text only), WhatsApp, FB Messenger and Telegram. I have set up voice support but never properly stress-tested it, and the user count of my server is 2 users. While the setup process will mostly be the same, I can't vouch for the chosen VM to handle higher traffic.

The main project I wanted to talk about is the matrix-docker-ansible-deploy, because it makes self-host the whole Matrix stack, along with a metric ton of optional services, extremely easy. For those that don't know, ansible is a tool that allows you to write "playbooks" of steps to run on a specified server that will set up whatever you need. In this case, the playbook is set up to install Matrix and any of the dozens of services, install it and their requirements, configure it, and all you have to do is set up config options telling it what you want and run the playbook, making it super easy.

So, how does the self-hosting actually looks like? I'm assuming knowledge about setting up hosting, ssh, domain, and basic work with docker.

You need to get a domain, and get a VPS. I've chosen Hetzner cloud CAX11 (ARM, 2 VCPU, 4GB RAM, 40Gb storage), which goes for ~7$ a month including storage and IP.

Get your private key and IP, and don't forget to set up firewall. You also need to set up Ansible and Just on your computer, here's the docker I'm using for the job. Make sure to run it from the matrix-docker-ansible-deploy folder (so from inside the repo):

docker run -it --rm -w /work -v `pwd`:/work -v $HOME/Work/Matrix-server/hetzner.key:/root/.ssh/id_rsa:ro --entrypoint=/bin/sh docker.io/devture/ansible:2.16.1-r0-0

Once you're there, you just pull the ansible project and can start with a Quickstart. This is the most difficult step - you have to set up and configure two files, one with your server host IP, and one with config vars.yml.

But, the basic config is extremely simple. You just give it a domain, and generate a few DB passwords, and you'll have a working matrix server. If you want other services, like bridges, it's usually also simple, and the documentation is clear. For example, adding voice support was literally just adding matrix_rcp_enabled: true into the vars.yml file.

Once you have that set up, the whole install process is literally running (from inside the ansible docker mentioned above)

just update (to update the playbook)

and then

ansible-playbook -i inventory/hosts setup.yml --tags=install-all,ensure-matrix-users-created,start

And that's it. Assuming you have your server SSH key set up properly, it should simply run and install whatever you have configured. It might throw some errors, but so far every one I've seen was extremely clear.

Also, don't forget to update often! I'm using this command from the ansible docker (with ssh key setup) mentioned above that does it:

git config --global --add safe.directory /work && git pull && just roles && just setup-all

I've never had the ansible fail in a way I couldn't figure out, even when I was updating after more than half a year - the script is so robust it even told me to remove depreciated config options. It's one of those rare projects that is so extremely robust it can handle a lot of situations. The only difficult issue I had in the two years was running out of space, since that made random things fail, and Matrix is pretty data heavy (because it saves all images).

As for my experience with matrix, I've been using it as my only message app for two years, and most of the time, it has been fine.

There are a few caveats:

• WhatsApp bridge requires me to log in to WhatsApp app every two weeks. I just have it in a separate quarantine profile on my GrapheneOS, and log it from time to time.
• Messenger bridge has stopped logging in after two years of usage without issues last week. I haven't solved it yet, but it looks like Meta has upped their bot detection.
• Discord bridge works great for chat, including servers, but AFAIK you can't join voice.
• Telegram had issues with logging out when I used a new account, but after using my personal, it's all right. Topics don't work AFAIK, though.
• And of course - all of the apps still get my data and my messages.

But, I was tired of not being able to convince my friends to switch, and by bridging it all to Matrix, I can at least avoid having their apps and visiting their sites, which is an OK compromise for me.

If you have any questions, feel free to ask. I wanted to share some visibility for this project, because just by watching the gazzilion of steps the playbook is doing, I can imagine that trying to actually self-host Matrix manually might be pretty long edeavour, but this project has so far done everything perfectly in a matter of three commands and a config change.

Hello!

I've been following the discourse about the recent ChatControl update that has passed few days ago, and I have been wondering if it changes anything for the majority of people who were ok with the first version from 2021.

First a disclaimer - I'm vehemently against it, because it does affect me since I do use the alternative services affected, and I'm not trying to downplay the impact. I know that it's an issue for people already invested in privacy, but this question focuses on general population and services that reportedly already do the scanning anyway.

At least based on information on this website, most of the commonly popular services have been doing ChatControl since 2021:

Currently a regulation (that passed in 2021) is in place allowing providers to scan communications voluntarily (so-called “Chat Control 1.0”). So far only some unencrypted US communications services such as GMail, Facebook/Instagram Messenger, Skype, Snapchat, iCloud email and X-Box apply chat control voluntarily (more details here). As a result of the mandatory Chat Control 2.0 proposal, the Commission expected a 3.5-fold increase in scanning reports (by 354%).

My first question is - is this correct? I have not seen it mentioned anywhere else, not even a single comment in any discussion about the new resolution, and I don't want to spread false information. It sounds like an important fact that more people should be aware of, but everyone seemed to conviniently forget right after the first Chatcontrol passed in 2021, and the first round of trying to pass the second one (in 2023 or whenever) failed. If anyone has more information about the current state, I'd love to hear it.

Assuming that's correct, then my question/rant is - what does change for people who are already using these services exclusively? People like that had the last 5 years to do something about the serious privacy violation like this - stop using services that do the scanning. Most of them did not do that, forcing people like me to choose between privacy and being able to contact my friends, because "they don't want to install a new chatting app, and everyone is on Messenger anyway". And I'm pretty sure that they wouldn't stop even if the new resolution did not pass.

I realize it sounds more than a rant that a question, because it kind of is, it has been frustrating screaming about ChatControl to deaf ears for the past few years, but I'm also honestly asking what actually changes. Even though I am frustrated, I still want to have actual arguments, so when I'm convincing people to stop using those services, I'm not lying that "nothing changes for you if you don't switch" (assuming the current resolution does not get finalized and implemented). Plus, since people are now actually listening about ChatControl, telling them that it's already happening does have a greater impact.

Unity has been sounding the alarm about a code execution vulnerability that has been identified in all applications built with vulnerable editor.

EDIT: While the below text kind of still holds for Desktops, I've absolutely forgotten about Android. If you have an Android game, you should definitely patch, since the situation is kind of different there.

Also, if your game is registered as custom URL schema handler, it can lead to privlidge escalation, or maybe even be triggered remotely (through a malicious link), so Update.

While there's definitely no harm in patching, in my personal opinion, the situation is needlessly overblown. I have worked in offensive cybersecurity, and the fact that Unity game allows you to locally run a code that

would be confined to the privilege level of the vulnerable application, and information disclosure would be confined to the information available to the vulnerable application.

is not really exploitable. Since the attack vector is local, the attacker already has to have read/write/execute access to the application and your system, which usually means you have way bigger problems.

Not to mention that since Unity suffers with .dll injection vulnerability (which is what most mods are using), the attacker can do the same by simply replacing a .dll file of the game.

So, patch up if you can, but if you're not able or can't be bothered, in my opinion, it doesn't really matter. But please prove me if I'm wrong.

I've recently discovered this project, which assuming it works as advertised (which I think wasn't really tested yet, since it seems to be a pretty new repo) sounds like a pretty good library to add into your toolbox.

For those that do not know, LINQ is basically a query language over collections in C#, that allows you (from the top of my head) to do stuff like

someList.Where(x => x.value < 10).OrderBy(x => x.priority).Select(x => x.name)

which would give you a IEnumerable list with names of elements where value is smaller than 10, ordered by priority.

However, using LINQ in performance critical code, such as per-frame Updates, is not really a good idea because it unfortunately does generate a lot of garbage (allocations for GC to collect). Having a version that doesn't allocate anything sounds awesome, assuming you are a fan of LINQ.

What are your thoughts? For me, it sounds like something really useful. While it's not really that difficult to avoid LINQ, I'm a fan of the simplicity and descriptive nature of the syntax, and not having to avoid it would be great. It does seem there are quite a few issues starting to pop up, but it's definitely a project that could be worth it to follow.

Hello!

When I was creating a CTF for a conference, I've finally got to learn about how blockchain and smart contracts actually works in practice, and the whole concept is simply brilliant. A quick introduction for those unfamiliar with it would be in this summary, but just to summarize how I basically understand it, blockchain is simply a VM that runs code (smart contracts) a both the code, and result of every execution of it is calculated by a bunch of users (so, mining is basically running a VM) and appended into the blockchain based on some kind of consensus and proof of work. This means that you get a single source of truth and history of every execution of a smart contract that is decentralized and you can rely on it.

But, almost every use of blockchain or smart contracts I have seen has pretty large issues either in sustainability in the long term, or in cases where you simply need some form of an authority to prevent and punish misuse. While I'm not really that much familiar with every use of blockchain so far, I will first list what I've already thought about or seen, and the main issues that I think are a deal-breaker for choosing blockchain for that kind of tasks. It's possible that some of the issues are wrong or have already been solved, so please correct me if I'm wrong - my knowledge of blockchain isn't really that in-depth.

First and the most common use is the one you are probably most aware of - cryptocurrencies. If I ignore the biggest and most unfortunate issue of cryptocurrencies turning into an investment-only product, with hugely volatile and inflated price that is not backed by any kind of real value (sure, you can pay with BTC, but it's slow, expensive and super volatile to be useful, so the only real use is to literally sell it to others for a profit - which also basically means you are scamming someone out of their money down the line), I see the following problems with using blockchain for currencies:

• Longevity - The ledger size is already getting massive, only after a few year. It's not sustainable, and it will eventually be really hard to keep the whole ledger at a large enough number of places to not run into problems of integrity. It's growing exponentionally, and is at around 500Gb after around 10 years.
• Gas cost - It's getting harder and harder to mine and confirm new transactions, which increases the cost while also making less people able to mine new transactions without being at a loss. This will only get worse, and eventually lead to the 50% problem (if someone controls 50%+ of mining nodes, he can confirm fake transactions or do whatever he wants with the blockchain) being a real issue.
• Lack of moderation - This may be one of the more controversial issues, because it goes directly against the whole idea of cryptocurrencies, but is one of the biggest problems I see that are in the way of crypto being able to be considered for wider use. We live in a world where some people are dicks that are not afraid to steal and cheat, and something like a currency simply has to be moderatable. You need to be able to punish criminals, and take back what they have stolen. If someone doesn't pay their debts and owns me money, the government should be able to just take the money if they have them. If someone uses an account for scamming and stealing, it should be possible to freeze it.

The last issue will eventually show in most of the other uses of blockchain as well, and while I have included it, I'm still not sure how I feel bout it. In an ideal world, you would not have to deal with something like this. I would also really like to have an option to do my transactions privately, without anyone being able to profile my behavior and data, but such a system would have to allow for some safeguards against missuse to be widely adoptable. (Which is an interresting off-topic question - would it be possible to create a system that is private, but also has the possibility for trusted authorities to freeze accounts and force transactions?) And the more that I think about it, the more I'm certain that I'd rather have a centralized system where you can punish criminals and scammers, than a system where lives of people are regularly ruined by someone stealing all of their savings unpunished. But it is a thin line - I only say that because I live in a country that is all-right and I can trust my government - for now. But I definitely agree that such a private unmoderated option should exist - but can't be considered for widespread use, which I've heard some people say that "crypto will replace cash in a few years". And this is why it never will, IMO. But this discussion shouldn't be about whether this is a good opinion or not - but more about "what blockchain is a good tool for".

Next one are NFTs. I will just quickly gloss over them, because they are even bigger scam than crypto is. Ever heard someone say "Someone has copied and minted my NFT?". Well, it's a shame that there isn't some kind of centralized authority that could, you know, not allow them to do that.

Another use I've heard someone praise as "the future" was lending money. I'm not sure what were they talking about, but the whole point was that you can... Escrow an amount you are borrowing, and then borrow the same amount? It didn't make any sense, so I guess I'm missing something, but then again - we have the same issues as above, while also it being just a bizare idea - why simply not use the amount you already have? The person tried to explain it to me, but it just feels gimmicky. And if you escrow a lesser amount, you then have the same problem with moderation as above - nothing can force you to return the money (unless it is already escrowed, but then, why??)

So far, every use of blockchain I have heard about would be better done in a centralized fashion, especially as far as longevity is concerned. The growing ledger size and increasing gas cost, along with the 50% problem simply makes most of these kind of uses too impractical to work on a larger scale.

But I really like the concept and idea of smart contracts, and I'm sure there has to be some kind of use that is not as "revolutionary" or large scale. I'm just having hard time coming up with any.

I have only one - voting, and maybe transparent randomization (i.e lottery). Smart contracts are an amazing way to collect votes transparently but privately, since you can be sure that no-one can cheat, if you set it up properly. It's also something that doesn't suffer from the longevity problem, because it's more of a one-shot use of blockchain, rather than something ongoing - which also justifies the price.

(tl;dr feel free to start here:) Which is what I'm interested in - does any of you have similar ideas for use of smart contracts and blockchain, that would be practical in a daily live? Be it one-shot smart contracts for a small task, such as voting or random winner selection, maybe some kind of escrow. It doesn't have to be a "society changing system", or something revolutionary. A common small code snippets or apps that would solve the trust issue inherent to a centralized task is what I'm after - but have hard time coming up with.

And just a disclaimer - I don't plan on building anything and am not fishing for the next blockchain thing, I barely even understand it. I would just like to incorporate blockchain into my programming repertoire as a tool, because the concept feels so clever, but is also misused or misunderstood due to hype, but it has to have it's uses that are overshadowed by people jumping on the blockchain bandwagon without considering whether it's really the best tool for the job.

But is has to be a good tool for some kind of problems, right? And I would like to start a discussion about what would that be, without it being affected by the hype and reputation surrounding blockchain. I feel like that would be an interesting though exercise, and I'm sure we can come up with some interesting little uses here and there, without it being gimmicky but actually the best tool for the job.

Thank you!

EDIT: And I'd like to add that I never got into the blockchain hype, and my opinion on how it's used so far is mostly negative. If a product mentions blockchain, I usually just avoid it as a gimmick. But that's why I'm genuinely interested in this discussion - I don't judge a tool about how people misuse it.

Hello!

One of the things I really enjoy is unique, interesting or out-of-the box game design. It doesn't have to be AAA game, it doesn't have to be a perfect game, it can be pretty rough - but if it has a mechanic or design element that is somehow unique or original, I'm instantly in love with the game.

The problem is that such games do not usually get a lot of exposure, since it is after all a niche. And that is really a shame - in the past few years the most fun had with video-games was playing such smaller and shorter indie games with something unique or pretty clever, where I can obsess over the design and more importantly - get inspired. That leads me to my question - are there any communites or blogs or content curators that are about this kind of smaller, maybe unpolished, but original games? Or what games would you recommend that would fit into this description? I don't mind if it's a 5 minute experience. It's ok if it's more interactive art than a game.

To better illustrate what I'm looking for, I'd compare it to modern art - the kind where you get a single colored square on a canvas. I never got it, and it always felt just weird - until I had to start doing flyer design and started researching and reading about composition, space and all that stuff. And now I see there's so much going on even on a picture with a single line, that it's really interesting to think about why the square is where it is, and what kind of composition rules was he working with.

And I think it's the same for game design - sometimes you see a clever mechanic or design on otherwise really ugly and unpolished game, and it still gets you inspired and thinking.

I understand that my question is a little bit vague, so I'll give you a list of some games I consider unique, some of them are well known, some of them not-so-much:

• Immortality - you probably know about this one, but a game where the plot twist is discovering a hidden game mechanic, you could've done all the time? And the fact that you watch three movies at once in random scene order is also a really good experience.
• Against the Storm - I really like how they solved the issue with management sims - that they tend to get boring once you set everything up, by making it a roguelike.
• Different Strokes - an online persistent collaborative museum of art, where you can either leave a new painting, or edit someone's else. Each painting can be edited only once, so there are always two authors of a single piece.
• Sayonara Wild Hearts - I really like the idea of making what's basically an interactive music album. While the game design isn't anyting that interresting, the focus on music is cool - there should be more music albums with video-games instead of video-clips.
• Project Forlorn - Again, not really a game - this time I think there's no actuall gameplay, but it's the best interactive music album presentation I've ever seen. And again - I like the idea of exploring music and games together.
• Playdate - Not exactly a single game, but rather a console - but the idea behind giving you a game per day (which is I think how it started, they may all be available now looking at it) sounds amazing - which I'd also consider a game design (or rather, experience design?).
• Baba is You - Another probably well known game, but the puzzle mechanic is just mindblowing.
• Before Your eyes - In this game, the main mechanic is that you go through the memories of someone who has just passed away, but the time advances every time you blink - physically blink, because the game can use your camera. That is such a clever idea, that it definitely fits onto this list.
• Nerve Damage - This is my favourite recent discovery. The game is trying so hard to be uncomfortable to play, with it's main design build around just being unplayable. But it somehow works and once you get into the flow, it's such an unique experience.

So, does anyone has some recommendations about where to look for more experimental games? A curated list, blog would be awesome - since clicking through pages of games on itch.io is pretty hit and miss. Also, feel free to share some of your favourite unique design or experimental experiences and games!