Feed cleverhans-blog [copy] http://www.cleverhans.io/feed.xml has loading error: cURL error 22: The requested URL returned error: 404
Improving the security of the federation protocol (matrix-conf-2025)
The federation protocol is how Matrix homeservers communicate between each other. In private federations this isn't particularly challenging as the network is trusted but in the public federation this isn't true. This talk dives into what protocol improvements are in the works to make the public federation more secure against Byzantine actors, particularly against "state resets": an unintended rollback of room state. We'll explore why this problem is hard, what some of the failure modes are, and how we are working on addressing them. The federation protocol, in particular state resolution, is one of the...
Invisible Crypto: can Matrix be both secure and easy to use? (matrix-conf-2025)
The Invisible Crypto initiative intends to make Matrix easier to use by ensuring that encrypted messaging is secure by default, and the user is not bothered by irrelevant information. In this talk we will give a status update, hopefully explaining why crypto needed to become slightly more visible on the journey towards making it disappear. We'll go into some detail about what we've done (and why some of it makes things a little more noisy) and what we plan to do to really get there. We've been working on the Invisible Crypto initiative for over a year,...
Rocket.Chat: Entering the Matrix (matrix-conf-2025)
In this talk, we trace the journey of evolving Rocket.Chat from a standalone collaboration server into a full-fledged Matrix home-server — all built in TypeScript. We’ll dive into the architecture decisions, the incremental features (federation, room state sync, identity translation, event routing, crypto, and bridging), and the real challenges of combining two paradigms (Rocket.Chat’s internal model + the Matrix spec) in one codebase. You’ll hear about lessons learned: when to build vs reuse, how we manage consistency under asynchronous federation, strategies for performance and rate limits, and how we maintain feature parity while gradually...
Lessons learned from implementing Native OIDC from scratch (matrix-conf-2025)
Are we OIDC yet ? YES ! We are !
OpenID Connect evolved as the one and only identity standard in the modern web. With MSC3861, the [matrix] ecosystem is finally moving to OIDC as the authentication standard amongst clients and homeservers.
Out of curiosity, I started implementing a native OIDC implementation from scratch : no OAuth 2.0 library, no Ruma ; just the [matrix] Dart SDK, an HTTP client and the MSC in front of me. This talk will be about the lessons learned.
Licensed to the public under https://creativecommons.org/licenses/by-sa/4.0/
about this event: https://cfp.2025.matrix.org/matrix-conf-2025/talk/XLV7PZ/
Video:matrix-conf-2025-71181-eng-Lessons_learned_from_implementing_Native_OIDC_from_scratch_hd.mp4
Matrix French gov deployment: opening a private federation securely (matrix-conf-2025)
The French government has deployed a private Matrix federation for French civil servants called Tchap. Currently this federation has about 300 000 monthly active users and its usage is growing constantly. Today our federation is closed and we would like to be able to connect with other public French Matrix nodes (local authorities for instance), and also other European countries. We should implement measures to ensure that the federation remains resilient against potential attacks, both technical (e.g., DDoS, data interception) and organizational (e.g., unauthorized access, insider threats) : - How can we restrict the servers we wish to...
MatrixRTC (matrix-conf-2025)
In this talk, we will share the newest improvements to MatrixRTC. We'll focus on how the security and encryption architecture has evolved to provide robust, private communications for Matrix users. Additionally, we will show how to integrate Element Call into clients using the Rust or JS-SDK in a matter of minutes. Whether you're building a custom Matrix client or want to know what makes MatrixRTC such a great solution for secure communication, you'll walk away with practical knowledge to bring encrypted calling capabilities to your users and an in-depth understanding about the key distribution...
Supporting TF-X with Matrix: best practices and pitfalls (matrix-conf-2025)
NATO organised a TaskForce-X Baltics event where we very quickly contracted, deployed and integrated telemetry and video streams from uncrewed platforms. This required a lot of coordination and this was done through our on-prem Matrix capability. I would like to share my experience by using Matrix to support this very demanding operational project.
Licensed to the public under https://creativecommons.org/licenses/by-sa/4.0/
about this event: https://cfp.2025.matrix.org/matrix-conf-2025/talk/7ZXT8V/
Video:matrix-conf-2025-78852-eng-Supporting_TF-X_with_Matrix_best_practices_and_pitfalls_hd.mp4
Governing Board transparency update (matrix-conf-2025)
In this talk we will cover
- what is the Governing Board about
- how does it fit into the Foundation
- reviewing the last 12 months and outputs
- showing some of the different processes like establishing Working Groups, what Committees are, interactions with the Foundation
- what next
- how to get involved in open governance
- take some questions
Licensed to the public under https://creativecommons.org/licenses/by-sa/4.0/
about this event: https://cfp.2025.matrix.org/matrix-conf-2025/talk/XDT3BL/
Video:matrix-conf-2025-75078-eng-Governing_Board_transparency_update_hd.mp4
No Desk Is an Island: Enabling Cross-Border Workspace Communication (matrix-conf-2025)
As EU member states (co-)develop sovereign workspace solutions for the public sector, the need for seamless communication between these platforms becomes increasingly important. France, Germany, and the Netherlands are among the countries working on such solutions together, with the goal of facilitating cross-border collaboration and data exchange while maintaining security and sovereignty. In collaboration with our French and Dutch partners, we at ZenDiS are developing a framework to enable communication between our openDesk office and collaboration suite and its international equivalents. Our effort aims to facilitate cross-border information sharing and promote a more integrated...
Agentic Cyber Defense with External Threat Intelligence (sps25)
This talk will detail how to integrate external threat intelligence data into an autonomous agentic AI system for proactive cybersecurity. Using real world datasets—including open-source threat feeds, security logs, or OSINT—you will learn how to build a data ingestion pipeline, train models with Python, and deploy agents that autonomously detect and mitigate cyber threats. This case study will provide practical insights into data preprocessing, feature engineering, and the challenges of adversarial conditions.
about this event: https://talks.python-summit.ch/sps25/talk/QNWFTD/
Video:import-56457-eng-Agentic_Cyber_Defense_with_External_Threat_Intelligence_hd.mp4