A small part of the fairkom team was present at the FOSDEM 2024 in Brussels, Belgium. Jan shares his impressions of the two-day conference on Free Software here with a focus on the matrix messenger.
Friday: matrix community Barcamp
The FOSS community and especially the matrix-community, has always been a very active one. For years there were different group meetups and events, like the Matrix Community Summit which I have had the pleasure to attend in 2022. Of course, the opportunity to gather matrix enthusiasts at the Brussel hackerspace HSBXL right before the big main FOSDEM conference could not be wasted!
The matrix barcamp and as well as the FOSDEM conference as a whole was a bit overshadowed by European and international politics: The farmers protests blocking the highways and streets delayed a lot of people, the EU recently passed a law called the CRA (Cyber Resilience Act), that potentially destroys the opensource movement and the Digital Markets Act (DMA) trying to force big tech gatekeepers to be more interoperable. Luckily, the FOSS community is well aware of these problems but more on that later. From 1-2 February 2024 there was also the EU Opensource Policy Summit, in Brussel, where they celebrated its 10 year anniversary and was used to lobby for a much needed open standard and transparent web.
Old and new matrix faces
The matrix barcamp preceded FOSDEM by a day so a lot of the "usual suspects" showed up to the matrix barcamp:
Kim Brose (aka HarHarLinks), motivated community member, FOSDEM devroom manager and employee was eager to connect and checking out potential collaborations and was especially interested in the customizable usersearch called maiden written by the University of Graz. We also discussed a federated and whitelisted search engine which would be especially nice for universitities and other institutions. He also talked about how to "pimp" your chat with useful tools, scripts, bridges, bots and admin stuff to make life in matrix easier.
Christian Paul (aka Jaller94) previously worked at element but was recently hired by Nordeck to work on a TI-messenger for the german health system. He is also an active community member and did interviews for the matrix meetup 2022. He is also the one who did the "Matrix Salon Podcasts" as well as an interview with me about my experience with matrix at the university of Graz (in german) if anyone is interested ;)
TravisR is a senior software developer working at the matrix foundation and is also known for running the bridges and bots at t2bot.io as well as maintaining the (now deprecated) dimension integration manager. He was explaining extensible events and teased a bit about topics which were in FOSDEM talks later on. He also was very interested in the Messaging Layer Security (MLS) which is an open RFC9420 security layer standard for encrypting messages. A collaboration of the BWI and Element is tasked to create ‘Matrix over MLS’ for use by the German Armed Forces, to further secure its own solution BwMessenger and to make it interoperable with other messaging products. Also the upcoming EU laws, namely regarding Instant Messaging Interoperability (MIMI), is making matrix particularly interesting and well suited for the future.
Jos talked about how to get funding for FOSS projects with the support of NLnet which are already supporting a lot of open internet projects like Jitsi, Wireguard, TOR, GPLv3 or CryptPad.
Yan and Nadine, also known as the organizers of the matrix community summit in Berlin, were working on a crossplatform communication platform called polychat which will use the new matrix feature extensible events that allows for protocol conversions, for example from whatsapp to telegram.
Sumner Evans works at Beeper, a messenger based on matrix which unifies all kind of different messenging platforms into one. They recently were in the news when they integrated iMessage and made it possible to communicate with Android users, but in the end, Apple foiled every attempt. Even though it was an unsuccessful "David vs Goliath" fight, they got a lot of attention when even US lawmakers got involved by discussing potential antitrust and anti innovation law violations by Apple.
Later in the evening, some more people came over from the OpenSource workshops (like matrix founder Matthew Hodgson) to mingle with everyone at the hackerspace.
Cyber Resiliance Act and more
The CRA recently reached political agreement but many organizations criticized the CRA for creating a "chilling effect on FOSS development". It seemingly was created without an in-depth consultation and had unclear and vague texts, scopes and requirements, for example when it comes the definition of "commercial activity".
As is often the case, the original motivations were well intentioned:
- Protect consumers from security flaws of digital products (e.g. IoT, smart devices)
- Cybersecurity becomes a "full company risk issue" because of supply-chain attacks (e.g. Log4Shell affected 93% of cloud enterprises)
- Establish a "security by default" principle which forces manufacturers to comply to a life-cycle of their products
- Harmonius standards and risk categorization
- Sharing the responsibilities
- Cyberattacks are dangerous to critical infrastructure (public administration, hospitals)
- Reporting obligations
However, it became clear, that the legislators had no understanding of how opensource communities actually function. It was assumed, you can just "add security to software" by forcing programs to a government standard. The lack of motivation, revenue or resources of many FOSS developers was also disregarded.
Needless to say, there was action needed to be taken und luckily, the FOSS community rose up to the challenge. During the FOSDEM23, we directly heard from the authors of the CRA (as well as the Product Liablilty Directive) and during last year, they received a lot of help from experts accross the community. Unfortunately, the war is not won yet, as we can still learn lessons on how to engage over the next wave and see how legislators see the CRA after the insights from the community. I highly recommend this talk to anyone who is interested in the far-reaching implications of the CRA or in how to engage with legislators over policy.
There were many, many other talks on Saturday as well, ranging from a workshops, discussions and presentations. There were smaller devrooms dedicated to topics like "Public Code and Digital Public Goods", great talks with massive audiences regarding "FOSS software in the AI research community", climate relevant topics like Open Power Grid Models and of course, in-depth talks and workshops about technology stacks like kubernetes, which we also run at fairkom.
Digital Markets Act
The DMA aims for a higher degree of competition within the digital economy by forcing so called "gatekeepers" (like Google or facebook) to open up their communication silos. Third party interoperability while preserving end-to-end-encryption (E2EE) lets users pick their preferred service without sacrificing interoperability. There are basically 3 ways that can be done:
- Open APIs
- Client-side briding (a gatekeeper copies traffic back and forth)
- Everyone speaks the same protocol (e.g. Matrix)
With an open API (or similar open standards) as requirements, it could create an new industry on top of today's communication platforms effectively supplanting the public telephone network with an open communication fabric for everyone.
A particularly interesting architecture to achieve this, it the matrix protocol, as it can act as in various ways between gatekeepers and clients. However, due to its decentralization properties it was seen as overkill, so a "linearized" matrix was proposed but there are still many discussions about the need for message history, state events, DAGs and auth events. The people from the "Messaging Layer Security" (MLS) started the "More Instant Messaging Interoperability" (MIMI) Working Group to make sure, interoperability and low-friction onboarding is guaranteed for everyone and that everyone talks MLS long-term. It will be interesting what exactly happens, when Meta ships its DMA API on March 7th 2024.
I highly recommend the talk by Matthew Hodgson who is also a co-author of the MIMI draft as he talks about the DMA and its challenges for matrix as well as updates to matrix:
- Public sector matrix deployments, funding and a hard year
- Matrix 2.0 (sliding sync, faster joins, native VoIP, OpendID connect)
- matrix rust sdk, crypto, reliability
- sponsors (fairkom is now one of them!)
- what's next
The majority of my visited talks were releated to matrix, which happened mostly in the matrix devroom where you can meet and talk to the people directly as well as ask questions. Another interesting talk by TravisR goes technically in-depth for matrix's DMA application with linearized matrix works at room level and interactions with MIMI and its algorithms behind the scenes. There was also work done on the native VoIP integration and a meetings-widget to organise meetings within matrix.
If you wanted to meet the people like Simon Phipps who made the changes to CRA possible, you could go to the "Open Source In The European Legislative Landscape" devroom, where over-aching FOSS themes and EU policy were discussed.
A overview of tracks, days, schedules and devrooms can be looked up here: https://fosdem.org/2024/schedule/. I bet you also find something here you are interested in besides EU politics and Matrix ;)