XMPP lacks coherency and is kind of a mess.

Yeah, this is a problem. Cisco used to drive XMPP but right now with MS Teams and whatnot they kinda lost interest.

Yeah, no security there, but I wasn’t expecting to see providers doing that. What’s the point.

I have an online business. How f*cked am I ?

Very f*cked. Advertising forces you to sell your data to those companies in order to get decent results, if you try to go around it you’ll be losing customers, that’s what it is.

if you’re sending or trying to receive a text message with swear words in the U.S., chances are the carrier will block it.

So much for the land of the free. Not even the EU with their chat control bullshit is pushing it so far.

Thanks for sharing the article.

. For one, there’s comparatively zero users across XMPP anyways, and it has a big problem with compatibility across different software packages.

This isn’t a problem, the problem is that we lack decent clients. XMPP is the most standardized thing ever, both the core thing and extensions are covered by RFCs but currently there isn’t much investment into creating solid clients.

server operators unknowingly hosting copies of it across the world.

Well, at least a properly configured XMPP server with the relevant extensions won’t be a metadata clusterfuck like Matrix is. Nor it will be centered around a spec and software made by a single for profit organization.

Then there’s the privacy and GDPR minefields that come with any decentralized/federated service.

Email is federated and nobody is complaining about it.

Matrix is developed by a for profit entity, a group of venture capitalists and having a spec doesn’t mean everything. The way Matrix is designed is to force into jumping through hoops and kind of draw all attention to Matrix itself instead of the end result.

XMPP is the true and the OG federated and truly open solution that is very extensible. XMPP is tested, reliable, secure and above all a truly open standard and decentralized it just lacks some investment in better mobile clients.

What people fail to see is that XMPP is the only solution that treats messaging and video like email: just provide an address and the servers and clients will cooperate with each other in order to maintain a conversation. Everything else is just an attempt at yet another vendor lock-in.

People need to get this through their heads, XMPP is the only solution for their problems.

Instead of wasting money into making yet another protocol, closed system etc. what about just work on a cross platform XMPP client that actually supports everything and has a decent UI. For eg. iOS clients are all shit. Without decent clients and push notifications people won’t be using XMPP ever.

Controller by Microsoft? You mean a GitHub repository with the entire list of packages? A simple list of yaml files that simply point to whatever the developers decided to point them at?

Definitely worse than the BS that flathub is :)

Even Microsoft’s Winget repository is easier to deal with than Flathub.

It’s a fun exercise for you to see how convoluted and problematic it becomes.

How do I know all of this? Well I happen to work with WordPress professionally as the lead developer for an agency where I manage literally hundreds of WordPress sites and host all of them myself on servers I manage for them (not shared hosting reselling).

I used to have the same role and before that I managed a shared hosting provider. At that job the majority of websites hosted there were WordPress and customers would pay us to develop or fix stuff sometimes.

The vast majority of those “extensions” (plugins) are horribly made and are security nightmares,

Yes, this is true and a problem, but at the same time the WordPress ecosystem, as you know, gets shit done.

I also had some experiences with PrestaShop/Magento and they are even worse than WordPress. You still have the performance issues, the 3rd party poorly developed themes and plugins and a convoluted API.

WooCommerce powers 38% of the online stores out there…

WordPress’s data structure is not properly suited for an e-commerce site

To be fair WordPress’ data structure is not properly suited for anything, not even posts and pages, let alone block structures and whatever but the truth is that it works and delivers results. Same goes for WooCommerce, if you don’t want to be hostage of Shopify and your objective actually selling shit instead of spending all your time developing store software then WooCommerce is the way to go.

WooCommerce also has an extensive extension list, integrations with all the payment providers out there and it’s easy to get help / support be it free or paid.

and it’s a resource hog.

Did you ever they Magento or PrestaShop? Doesn’t seem like you did as those are store-first solutions and they’re all slower and more of a resource hog than WP can ever be.

Because…

• Universities might want to locally host a mirror in order to waste less bandwidth and provide faster downloads;
• Large companies usually like to host internal mirrors for the same reasons as above and also so they can audit and pick what packages will be available for their end users;
• Flathub is slow af for some people;
• Local country-specific mirrors are always faster;
• In some countries not everyone can access the official flathub;
• One might be dealing with airgapped networks and systems for sensitive work and you want to have ways for your end users to install flatpaks;
• Fastly, their CDN might go down at any point (like Cloudflare sometimes does) and you’ll end up with nothing;
• Flathub itself may be subject to a cyberattack and their service might get crippled for a days or weeks and you’ll have nothing as well;

For what’s worth Debian archive repositories are about 5 TB and people actively mirror then in universities, companies, cloud providers etc.

The question here isn’t “why would you” but rather “why would I be unable to do it”. Their actively gatekeeping their repository in a futile attempt to be the single and central point of flatpak distribution - much like what Apple does with the App Store.

I agree with everything you said, however there are a few details.

it is technically possible to just launch your own [repo]

The ability to create repositories ≠ from mirror existing ones.

Unlike apt repositories Flatpak ones aren’t simply a directory tree with a bunch of files that can get mirrored using rysnc or other efficient means, it’s a clusterfuck of HTTP-only requests that need to be backed by specific metadata and there aren’t tools to manage those.

flatpak create-usb may be promising but the name says its all - the priority wasn’t to create a way to mirror repositories but a quick and dirty hack for some situation.

theoretically you could open your own repo and throw all dependency related packages in there or am I getting something wrong here

Theoretically yes, in practice things are bit more nuanced. That tools only considers your current architecture, it’s a pain to get dependencies in an automated way and most of the time you’ll end up with broken archives. You’ll also need to hack things a lot.

Oh no, this is Flatpaks’ fault because they made this twisted repository system instead of doing sane things and then it is Flathub’s fault as well because they aren’t opening their storage to rsync or other sane syncing methods.

Did you ever try doing that with public packages?

Yeah sure, just try to mirror Flathub into your repo.

Thinking about it, I wonder if there’s enough “core features” with ‘create-usb’ that its just matter of scripting something together to intercept requests, auto-create-usb what’s being requested and then serve the package locally?

The issue is that… there aren’t enough “core features”. It doesn’t even handle different architectures and their dependencies correctly. It wasn’t made to be mirrored, nor decentralized.

Apt for instance was designed in a much better way, it becomes trivial to mirror the entire thing or parts and for the end tool it doesn’t even matter if the source is a server on the internet, a local machine, a flash drive or a local folder, all work the same.

Unmirrorable

Yes, unlike apt repositories, it wasn’t designed to be mirrored around, run isolated servers etc.

Touche. Centralized and un-mirrorable.

Still no proper way to mirror the thing and have it working offline / on internal networks. Great job self-hosters and sovereign citizens ;)