• 0 Posts
  • 3 Comments
Joined 1 year ago
cake
Cake day: May 31st, 2023

help-circle
  • Sorry for the late reply, Beehaw is blocking my phone’s ip cus of vpn.

    Basically like blockchain yeah, where the state points to the previous state. I think it’s a combination of having to download all state events for the room (bandwidth), but also your server having to verify each and every event (cpu). It has to do all of this before you can really start using the room.

    So if a user on your server joins a big room, it can put strain on the server until it got everything downloaded and verified.

    Also, if for some reason (like someone spam joining the room) a lot of state events get generated, your server (and all other servers that connect to the room) have to download and verify each one of those state events.

    For me, I only have my own user account on my server, and I only join private rooms. It’s a shame, cus the idea of Matrix is neat, but currently there’s no way to avoid getting DoS-ed if you join public rooms.


  • There’s a page explaining it in more detail, but basically, all servers need to verify the complete chain of state events in order to trust data and messages about the room. This is because otherwise malicious servers could make bogus state events and messages that are not valid, like scam messages and unauthorized room setting changes.

    In matrix, when you create a new room, or edit room settings, a state event is made. The same is true for changes in user permissions like who is admin, and for settings related to who can join the room.

    The last one is key, because this means that in order for servers to trust other servers’ messages, they need to verify if the user that sent the message joined the room in a legit way.

    In order to do this, when a user joins a room it must cause a state event. However, this makes it easy for people to abuse, by joining a room with a ton of accounts, it spams state events to all connected servers, which bogs them all down because they are required to process all state events in order for chain of trust to function.

    Even for rooms with non-malicious usage, servers can still be bogged down if the room is very big, which might be what happened with you or your friend joining a big public room.

    Basically, in my opinion, Matrix cannot be used with public rooms as it stands today.