Moving Our Riot Accounts for Security & Sovereignty!
Ok, I'm currently scraping Kay's brain a little about this to get towards a proposal, but I want to open the discussion about moving our Riot accounts to be held locally on a server we run or rent.
This week matrix got hacked and riot was down, so it's inspired me to take more in my own hands!
From what I understand:
- We would have to create a new user (can be same name) on Riot run through a server we control
- We already have some options for this server: digital ocean droplet, a server RJ uses for hosting riot, a server we have been meaning to set up in Barcelona (great use for the new hacker pad!)
- There's probably no way to officially merge or port over your old account and it's history, but you can just invite your new user name to every room and personal chat you're in and thus easily resume from your new, locally hosted account with all your chat history visible.
- It will be way more secure for times of attack/glitch!
Y'all, please correct and add to/comment on these things! Once we have all the pieces I can make a proposal.
Loie Mon 15 Apr 2019 5:42PM
Setting up a server in Barcelona has been on the to do list for a long time for many reasons. It would save us money on a few things. So on that level at least, this isn't a lot of work for an isolated reactionary reason, it's a motivation to do something we've been meaning to for a long time.
Griff Green Mon 15 Apr 2019 5:41PM
would love this! I can't wait to get kay and family to live at the Giveth office for a week or 2 to set up some hardware solutions ;-)
Griff Green Mon 15 Apr 2019 5:42PM
@geleeroyale we have a california king and Darrell from camp contact is there right now... and BCN is beautiful... I'm just saying ;-)
Kris is Mon 15 Apr 2019 6:46PM
Big +1 to Dani's reaction. If a backup server is coming let's use that for backup of all things for sure, but I don't see the neec to migrate, why not use our resources mostly for the things that matter most? There is so much to do right now in the giveth galaxy! Matrix servers have been down 24hrs I think and yup the whole experience is a bit annoying and less 'pro' than what we've come to expect of the closed Comms apps we use daily. But that's the risk we took by supporting an open source solution and open source values. Migrating all of this now to our own (single, fallible) server.. does that make us more or less resilient?
From a whole team that is optimizing and supporting an open source hosting solution full time, to Kay on his own being responsible to keep this up/optimized 24/7, which will indeed take quite some of his time... Well, is that the best use of his and of giveth's time?
If this is really a majority to be found to do this or Kay really feels that this is what he needs to do.. let me flag a more 'micro' inefficiency if that happens. If I want to look for something in a conversation (eg a link loie sent to Kris in DM on the matrix server and account) I now have to check conversations or channels on both servers. Increasing the inefficiency of our communication platform (decreasing our overall output/focus as a team). We moved from slack bcs it ate our messages. EVEN if I can still access both accounts simultaneously, in the one riot interface all together or migrated into the new account (prob more hack work), it means double the rooms.
So personal opinion : limited return on quite the investment. (however if Kay wants to spend two weeks in Barcelona with his family as griff said, he should, just hope he'll be working on the commons stack or gov lab/research or whatever he wants or just some rest. 🙂
Josh Fairhead Wed 17 Apr 2019 4:40PM
Thanks for surfacing, I'm generally ok working on matrix servers as they probably have better redundancy to handle the down time. if we had more Dev ops people it might be worth while but till then I'm ok with my account occasionally melting down. (Especially if Riot are learning from things breaking; they'll be more robust the more it happens)
Kay Wed 24 Apr 2019 1:57PM
So sorry for entering this discussion late. In short:
1 - We are actively running a matrix server on digitalocean. Because matrix is using a federated data model any user who has an account on our server gets all his data mirrored on our server. The most prominent of our backup users is the slack-bridge, who is present in all rooms that come from the Slack aera.
2 - even moving all our accounts to our own server we would still need to run an authentication server - right now we use the matrix one for all purposes
3 - All channels that are bridged are very resilient because the data exists in two worlds now. It is extremely unlikely that riot, telegram and slack cave in at the same time, so most of our data is constantly being backed up to other services.
4 - Dani's and Kris's points are very valid and we would add a lot of overhead, apart from the pure fact that we would probably not get the neccessary buy-in of the whole community to make new users.
5 - The matrix/Riot infrastructure is still under heavy development. There is quite a lot of maintenance to be done if we want to fully use our own - although for sake of completion this is also offered as a paid service by the matrix people.
TLDR; I think we are fine. Riot's federated system offers high built in resilience against data loss. On top of that we use bridging that lets us backup data and keep up comms in the event of riot unavailability.
Still - I have some points to make the system better:
1 - Let's choose a protocol where we fully bridge the whole system to.
2 - Let's choose a backup room - like a bomb shelter - people can come to if they see Riot is down
3 - I am still on for that serverbuilding in Barcelona and would love to come there (maybe with family yea) when Griff and Lorelei return from Africa. The purpose of that server however will be to host non-mission-critical stuff and experiments.
Pol Lanski Tue 30 Apr 2019 3:40PM
DAPPNODE IN BCN!
Dani · Mon 15 Apr 2019 4:39PM
I'm a little slower to jump a ship that's been boarded by pirates previously and run off to captain my own ship.. this brings up a lot of questions in my mind. Would vulnerabilities that exist at Matrix would subsequently exist on our server/s? Are we better able to secure our own servers, or respond to and address an attack ourselves? Is this work really worth it for all of us right now? Do we have the depth and breadth to support additional servers of our own besides the DApp?
We know these risks exist, I just don't want to be too reactionary in our response. I was immediately looking on Slack, Twitter, Signal to see if anyone was chiming in over there, and strategizing how to implement a back up plan in the future, for when our communication services go down. Wondering if we should do more of a lessons learned analysis before planning next steps.