making a federated application without considering the failure modes of federation bad, actually,
i'm thinking abt a network simulator that you can test federated applications in, and apply various failure modes
based on shadow perhaps
but shadow is kind of a pain in the ass to use so idk
matrix definitely did not consider literally any failure mode and it shows
fuchsiaaaaaaaaaaaaaaaaa
@f0x as in, what if a server goes down for a bit and then comes back up later
matrix's behavior is to drop messages. it might try to redeliver them but only sometimes, and out of order. user gets no indication message was dropped
@haskal maybe synapse does something bad but, according to the federation spec it will realize messages are missing (because other servers' new messages refer to them) and then try fetch them. Inserts haopen out of order because remote timestamps aren't trusted (and that's a feature tbh, so you actually see them still and can't be used to spoof history that didn't happen)
@f0x there's been another issue that has happened _a lot_ where when a user adds a new device and publishes it, sometimes that doesn't federate and it results in messages appearing to be sent from an unknown device. and sometimes this entirely breaks e2e, or makes verification behave in strange ways
@f0x i'm not saying matrix is bad, and i'm definitely not saying go use a centralized system because i think decentralized systems are inherently the way to go. i just wish they could have actually like, tested failure modes and made sure the software behaves well and is resilient. because IME my XMPP chats have always kind of just worked, and e2e has just worked, and if federation breaks the server returns the error to the client and you can see your message failed to send
whereas on matrix encryption always seems to be broken and everything seems to break under the slightest of abnormal conditions and it's kind of irritating that i guess synapse was just so poorly coded
@f0x so synapse is doing something bad and/or out of spec i guess?
point is it behaves badly, and it seems like the authors didn't consider or even test what happens when federation breaks at all