could be more complicated than this. the easiest thing (to me) would be to midufy the License() function so that it sets the Limits "correctly", as these type of things can be in multiple places.
I was wondering if this was even legal[0], so I went to the repo and noticed that their licensing[1] seems to be... a mess?
It says you can use "compiled versions" under the MIT License. Then it says you can use the source code under AGPL 3.0. And then it additionally says that they won't enforce the AGPL 3.0 copyleft if you haven't modified the source and don't link the Mattermost Platform directly. This is at best a bunch of tautologies that render the Affero clause moot and at worst enable a really stupid workaround to copyleft.
First off, the Affero clause - number 13 - in the AGPL only applies if you modify the source. There is no legal requirement to convey source code on a network server otherwise. So this is downgrading the license to GPL with extra steps.
Second, "linking directly" isn't legally meaningful with regards to the GPL. GPL cares about whether or not your derivative work forms a single "program" - which is deliberately left ambiguous, but almost certainly does not refer to the concept of an address space alone, or even a Go import. I guess what they wanted was to treat the Mattermost Admin and Configuration files under terms that are sort of LGPL-like? But that portion of the binary is already dual-licensed Apache 2.0. So there's no reason to argue
Third, and more importantly... the compiled versions license basically renders the source code requirement of the GPL family null and void. Like, in a normal use of the GPL, if you distribute binaries you're required to offer source. But here, they've weakened that clause.
The most speculative argument I have is that one could disassemble a compiled Go binary to obtain a "compiled version" under MIT terms that is no longer subject to any copyleft whatsoever. This is obviously contrary to the intent of the license, so I'm not sure if a judge would bother listening to this argument, but it's still really bad drafting. I suspect this license document was written by a business strategy guy, not a lawyer.
[0] If this code actually expressed their license requirements, then posting this Git diff is a violation of DMCA 1201, and you'd be liable for jail time. Er, well, except GPL version 3 (only) has a specific anti-1201 clause. But who knows if that's even applicable given the five different licenses at play?
so not only did they enforce a ridiculously small message limit, they also did it for the self-hosted version, and they did it without announcing it AND without a suitable migration path
and still no one from that company has admitted to it being a mistake?
In defense of them not admitting any kind of mistake, maybe it's not actually a mistake but instead a really well thought out, yet incredibly stupid, plan.
I have administered a number of Mattermost environments going back to 2019.
It absolutely is not a mistake. They’ve been slowly introducing limits to the Team Edition and screwing with the licensing in obtuse ways to drive revenue. It is something that has executive force behind it.
I have migrated everyone/everything to Zulip, which it turns out has a far better user experience and a much cleaner model. The admin tools are much more mature (and actually function reliably). I have not gotten any complaints.
And I also don’t have to deal with things like on-premise to managed cloud back to on-prem migrations due to ridiculous licensing and pricing instability.
It works exceptionally well for Slack as we've seen over the years. Someone in your $group uses signs up for the free tier, gets people using it and then you've got to pay through the nose to access any history.
At least slack is clear upfront that this is going to happen, mattermost just did a rug pull and removed history from users who previously had access to it.
That'd be even more reason for them to have a solid PR plan prepared, to grind down opposition and gaslight everyone into giving up. Leaving all messaging about the issue to upset users is the worst way to handle it. Even just closing the issue would've been less damaging at this point.
Because it is almost certainly not a mistake. They also removed support for SSO via GitLab in the Community Edition in v11, which was the only SSO option still supported by the OSS version. They are pretty obviously trying to push users towards the paid plans.
We migrated off them when they removed the license tier (there was cheaper self hosted tier that had LDAP feature we needed, and we really only got the enterprise version for) and essentially forced everyone to tier above.
I recently switched a bunch of friends from a project-oriented whatsapp chat to self-hosted mattermost, because I wanted permanent storage for messages and attachments, and threads, and did not want to pay slack in perpetuity.
I feel that this idea is now in jeopardy, if I understand the 10k message history is the limit correctly.
And there I thought I had a solution to slowly bring over project channels, family related things etc. that was as reliable as "my linux box will be reachable on the public internet" and I am willing to manage that it does.
Seems I was wrong, but I don't know which other software has better future proofing.
So I guess it's my turn today to start the holy war. If Whatsapp was enough, but you want it to live on your Linux box, Matrix will do just fine. self-hosting has been fast, responsive, low-maintenance, and easy for me over the past several years.
They're trusted by multiple government agencies to stick around and treat their users reasonably, and there are a plethora of clients to choose from.
Now I'll step to the side for the next person to tear me down and sell you on XMPP.
The next guy's job is to tell you XMPP is lighter, gen-er-ally viewed as simpler, with a wide array of clients and servers, optional encryption, and with a longer history (with that being viewed as rhyming with reliable).
My "job" in this holy-war thread is to tell you Matrix has become lighter over time, the "default" server Synapse has less, but IMO more up-to-date documentation with a real corporation behind keeping it up-to-date and useful, has a blossoming ecosystem of clients, servers, and bridges (allowing you to use it for other chat systems like Whatsapp and Telegram), has encryption being an enforced default for one-to-one mesasges (instead of XMPP's bolted-on after-the-fact extension), and a paid team to make Synapse more robust, reliable, lighter, faster, and more secure.
Take both arguments with a grain of salt, as I am biased as hell (to the point of donating a small amount monthly to Matrix, and starting flame wars like this one).
I used to use Mattermost. Highly recommend looking at Zulip as an alternative. (It’s my favourite slack alternative and even better than Slack because it’s the best at managing distractions IMO. It also has an interesting history was acquired by Dropbox and then back from Dropbox I believe)
Zulip is a kind of annoying name, and every time I encounter it it's in the context of some open source platform hiding their community discussion forum behind a login. I'm left with a not very great impression.
FYI, for a while now you can mark any Zulip channel as public, which means the chat history for that channel does not require a login to view. See https://zulip.com/help/public-access-option for more details.
I assume they mean the fact I myself know what Mattermost is but I've never heard of... now I even have to go back and load up the comment to find it's name again, Zulip
I don't like the way they push you to give a subject to every discussion. In a way it's more like a newsgroup replacement than Slack, whereas Mattermost is a straight-up Slack clone.
- No limitation on search, members, etc.
- 10 user limit for mobile notifications, can be relaxed via community (for non-profits, FOSS projects, etc.)
- SAML/LDAP *support* is available, you can configure it. They won't provide answers to your questions.
- Actually, all Zulip features are enabled sans Mobile Notifications, but for most of them, you're on your own. If you know what you're doing, it's not a problem, I assume.
IOW, for self-hosted plans, you pay for support, not the software. a-la early RedHat model.
This is false, SAML and LDAP are available. Zulip self hosted has all features with no restrictions, except for mobile notifications which require a subscription for $3.50/u/m (unless you are less than 10 users or are not a non-profit of any kind)
Then your piggybacking on their infrastructure. I don't think they are unreasonable. "It can be done for pennies, but I won't" sort of implies that it does indeed take more than pennies worth of effort.
It's a yearly fee that amounts to a couple hundred dollars. That's about an hour of an engineer's salary. Zulip's customers make this less than a fraction of a fraction of a fraction of a rounding error.
They're now a defense contractor, the copy on their website sounds like military cosplaying.... Probably chasing the stupid profits of Anduril and Palantir, and doing the old open source rugpull in the process.
Zulip (for Slack) and Wekan (for Trello) are good replacements, save yourself the ethical and technical worries.
So so weird that we live in a timeline where Anduril and Palantir are military contractors of the US and other governments.
I know it’s somewhat of a tired observation by now but I still wonder every time how badly you have to misread LOTR to name your company after the witch kings cursed surveillance artefacts.
I wonder when the first weapons manufacturing company calls themselves Angmar or Uruk-hai.
The names are really dope though I have to give them that…
> I know it’s somewhat of a tired observation by now but I still wonder every time how badly you have to misread LOTR to name your company after the witch kings cursed surveillance artefacts.
Have you considered that it is not "misread", they just see themselves on Saruman side ?
Not to be "that guy" but Anduril is Aragorn's sword and is the most good-guy good-thing that could ever be fantasized about. It's used to defeat Sauron. And the Palantir stones are not "the bad guys tool", they were made by the Elves in ancient history and a few of them wound up in the bad guys hands. Misread LOTR indeed!
I specifically referred to the witch kings surveillance artefacts with misreading.
I don’t think their creation story is mentioned in LOTR, other than that they are extremely powerful and dangerous.
But you are right of course about Anduril and if you take the whole silmarillion as background. I never really liked that part though
The Palantiri were created by the Elves in Valinor and given to the high race of Men.
The witch-king could in theory have used a Palantir, but there’s no suggestion he did.
The seven stars in Gondor’s crest are the Palantari, and in the War of the Ring, Aragon specifically requested they be added to his banner. They represent the highest level of the civilization of Men.
Yes, but the elf who created them is quite a tragic character himself. To the extent that his own mother chose to die after giving birth because she knew how much sorrow he would eventually bring. So I'd be careful to not paint them as a good thing either.
you're right, and definitely Palantir is a harder sell here. But to say "they named their weapons company Anduril, what are they, bad guys?" frustrates the nerd in me quite a lot.
I know it’s been said but Anduril is the sword wielded by Aragon, forged from the shards of Narsil which defeated Sauron.
And the Palantiri were artifacts given by the Elves to the greatest race of Men to govern their kingdom. No connection to the witch-king (except some post-Tolkien video game).
And even if you use it only for bug ticketing there are products that are big enough that it takes a long time to implement changes. You really don’t want outsiders to be able to read open bug tickets for security vulnerabilities you are working on fixing for example. And you also don’t want outsiders to read your planned features either, probably.
I think it makes perfect sense to use e2e encryption for bug tickets considering this.
So far we had many leaks from internal systems of many companies like that and frankly not much happened, even when actual code leaked. It's far overrated fear, especially if you self-host it.
Every software development organisation I've been in that used Mattermost built integrations with monitoring, build pipelines, LDAP queries and the like.
I'm sure organisations in war would do similar things, but with the tools of their 'craft'.
Knives were too, and yet I'm not calling people to use forks instead. There is a difference between military contractors and generic tools.
Edit: sorry, hotheaded reply. I assume you mean that the creator of mIRC was encouraging it (though it's not mentioned anywhere). I still.stand by my analogy, but I see your point given your assumption.
> I assume you mean that the creator of mIRC was aware of it and encouraging it.
Like most licensed software, it was likely licensed by “US Government” or “Department of Defense”. Plus, it was openly written about back in the day. It was well known. No clauses in their licensing to prevent its use for those purposes.
Comparing to Mattermost and amplifying the original comment, Mattermost website is openly associating with PlatformOne.
Ive seen MM instances across defense dev teams for quite a while specifically to avoid Teams bs in the air force, gov teams does not like mixing with other orgs. Now it seems they’re actually going for contracts and Ill bet great money are mostly funded by USAF. Im very, very surprised.
Maintaining your own fork is a ton of work. Even if it's just routinely rebasing on upstream and maintaining your own upgrade infrastructure and doing releases, that's far from trivial.
The open source community really needs to stop with the "just fork it" mindset.
> Maintaining your own fork is a ton of work. Even if it's just routinely rebasing on upstream and maintaining your own upgrade infrastructure and doing releases, that's far from trivial.
Well I did it for Mattermost and for some other software as well. Sure, its some work, but it's not "a ton" of work and may not be "trivial" but it is also not "far" from trivial.
Do it like Linux maintainers maintain a ton of patched RPM's, deb's, etc. Just keep a patch in GIT. For every release of Mattermost you do a GIT clone, apply your patch and build it. Most of the time the patch will just apply cleanly. Sometimes you need to make a few adjustments, you make them and put them in GIT. There is no extensive release management or anything. You just build a patched version for every released version.
> The open source community really needs to stop with the "just fork it" mindset.
It's right mindset. Just not applicable to projects that are made majority by the company because none of the contributors will move so it's essentially trying to make new team from scratch.
I don't think the implication is that anyone as an individual would fork it.
I think the implication is that some other interested org could very easily step in and assume the role that the Mattermost org was in, and everyone would very eagerly switch and leave Mattermost itself speaking to an empty room.
>The open source community really needs to stop with the "just fork it" mindset.
The open source community really needs to stop with the "just do everything i want for free" mindset.
I mean, open source does not mean you're entitled to free support, and free in free software is not about money. I think people depend too much on those projects and then act entitled.
Of course the open source bait and switch done by companies is a shitty behavior worth calling out, but the companies exist to earn money and at this point this can be expected.
From my observation Mattermost is not a software you buy "support" for. It either works and is self-manageable or you use something else. I guess Mattermost (as in the company) saw that too and now uses shitty practices to coerece people into buying it.
I don't think I've expressed a "just do everything I want for free" mindset. In fact, I'm pushing against the idea that someone should just fork Mattermost and maintain that fork for free.
I do think this development represents a bait and switch though.
Maintaining a patch set for Mattermost is almost trivial. I did it for several years to authenticate users to internal Active Directory and found it easy enough to understand.
I use MM for about a year. Forking it would be a major undertaking as the number of vulnerabilities for which you would need to backport is quite high like 5 a month?). Last time they removed features from free (group calls in v10) there was a lot of grumbling but thats it.
Nothing. Open Source is dying. The model to finance open source work (well-off suburban american dads or as a portfolio show off) no longer apply. The old generation that believed in this model is retiring and for the new generation it pays better to "network", leet code, or spam your resume to thousands of employers.
Now couple that with the fact that supply-chain control is profitable (legally or illegally); I think the next 5-10 years will be interesting.
There never was a model to fund open source. At least outside largest and most wide spread codebases. I think it is that reality is finally hitting. Free money has run out and now software must stand as either community efforts, wide enough used foundations or forced support.
glancing through the code, it doesn't seem like it be that hard to remove limitations such as this. PostHistoryLimit/postHistoryLimit interpreted from License Limits. a little poke here and there and I'd guess the limitations would disappear.
The time and energy that it takes to do it and build it, and then make it easy for current users to move their automatic updates to the fork, then maintaining it etc.
AGPL and Apache are both open source licenses. So I’m not getting what the confusion would be as an end user, who won’t be modifying the software or packaging it for sale.
Combining source code under different licenses into one product is a nightmare.
You have to follow the AGPL "no additional restrictions" clause while also following the Apache License, and the Apache License might have require you to follow additional restrictions.
Honestly this has never been an issue for me, sure I have had to explain the limits of the licenses and check that I understand them. I guess it depends on your use case, so I am still uncertain when this has become a problem for you.
What's mattermost? People in the GitHub comments say "I just need messages" but there's lots of self hosted messaging apps/servers, no? XMPP comes to mind immediately.
Well, it was this at the beginning. Now it’s an open-core competitor to Slack, with higher pricing(!) but you can use the free version that has fewer features.
We've been using Element/Matrix for quite some time now and are fairly happy with it for the most part. The only major hiccup was hosting providers, not the software itself, per se.
We originally signed up with element.io back when they were called vector.im. Service was good, but a year or two in they decided they wanted to focus on those sweet, sweet enterprise licences and the pricing changes were untenable for our little 15 person operation. (I bear them little ill will for this, gotta do what you gotta do and all that, but it was a real PITA at the time.)
We moved to etke.cc who have been quite good. They were responsive to my modest support requests, and apart from being initially a bit surprised we wanted an unfederated server (which to their credit they dealt with with alacrity and aplomb) it's been a service we've just used and not had to otherwise think about.
The only sticking point was there was no way to migrate our messages from the older service. If memory serves, this was due to a deficiency in either Matrix or Synapse due to changing domains (originally an element.io customer subdomian). So always your own subdomain if you can is the moral of the story, I guess. I don't know if the migration story has improved in the years since.
If we had to leave Element/Matrix for whatever reasons I would definitely look at Zulip based on the many recommendations I see for it here. I think back when we went with Element I was quite interested in Zulip, but there just wasn't any good hosting options at the time and we didn't want to go with self-hosting (time-sink vs $$-sink).
If Mozilla did that, we'd have monthly news stories about them adding ads into the client, removing features people depend on, cramming in AI where it doesn't belong, abruptly making all sorts of controversial ToS changes, going back on old promises, and all kinds of other things we know and love Mozilla for. All before they'd get bored and discontinue the product after a couple of years.
Or maybe they'd just buy some existing closed source Slack competitor, promise to open source it, and then just never get around to it. You know, like how they bought Pocket in 2017, promised to make it open source, but somehow never got around to it before discontinuing it in 2025.
FF is plenty competitive on the technical and feature front. It's market share is not a reflection of technical merit.
What's more, next to Linux itself it is maybe the only case I can see where a major piece of user facing software is kept competitive with the Apple/Google/MS tools.
LibreOffice or Nextcloud are technically far further behind Office and Google's online offerings.
Which therefore begs the question: Who else is in a position to do this?
At first glance, Moz with Firefox + a suite of self-hosted team and productivity stuff that works well in Firefox would make a ton of sense...
Worse, it's ridden with spyware, and is merely a honeypot for security-aware people that are not sufficiently paranoid to check any of the claims. Like, those VPNs from YT ads that use your IP to give AI companies residential proxies, the same kind of scam.
Spin up Wireshark and take a look at activity of Firefox. Try to shut the browser up. It won't work.
Even if they weren't a Google's proxy company, they would lose to standards commitees being infested by Google, and would have to play the "best luck catching up" game by constantly supporting new versions of JS, APIs and CSS features that nobody needs (except Google's YouTube will use them to stop you from using an adblocker).
FF is governed by ex-Oracle managers at the moment, singing the Google's song. Don't anthropomorphize your lawnmower.
I thoroughly investigated every open-source (mostly open-core) self-hostable Slack alternative, and the conclusion was clear: only a self-hosted Matrix is a viable option.
There are no arbitrary limits for 'community editions', no risk of relicensing, no risk of being held hostage for features (like Gitlab did at some point).
You can work around all the missing features easily with self-built webhooks and other tools.
Starting with Mattermost or Zulip or similar is just way too risky.
What about their mobile push notifications? I don’t understand whether that’s something one can self-host. I have just read Zulip’s https://zulip.readthedocs.io/en/latest/production/mobile-pus... and they give me the impression only they can do this, so ‘pay us money or else’
I wonder whether this is something any other provider can rug pull in the figure and to be worried about.
> Would be a shame if someone with too much time on their hands dug into the binary and added a few zeroes to the message limit
Can this be done via some binary-patch tool? Really curious. It would save recompile efforts.
edit: link
edit 2: I just realized, their Ubuntu repository only contains the Enterprise edition labeled "Free edition". This is really confusing. I does look like entishitification has started long ago: https://docs.mattermost.com/deployment-guide/server/deploy-l...
It seems like the Team edition has a bunch of other limitations, but it's hard to tell from how convoluted and incomplete Mattermost's various comparison pages are.
Story time. This has basically nothing to do with this post other than it involves a limit of 10,000 but hey, it's Christmas and I want to tell a story.
I used to work for Facebook and many years ago people noticed you couldn't block certain people but the one that was most public was Mark Zuckerberg. It would just say it failed or something like that. And people would assign malice or just intent to it. But the truth was much funnier.
Most data on Facebook is stored in a custom graph database that basically only has 2 tables that are sharded across thousands of MySQL instances but most almost always accessed via an in-memory write-through cache, also custom. It's not quite a cache because it has functionality built on top of the database that accessing directly wouldn't have.
So a person is an object and following them is an edge. Importantly, many such edges were one-way so it was easy to query if person A followed B but much more difficult to query all the followers of B. This was by design to avoid hot shards.
So I lied when I said there were 2 tables. There was a third that was an optimization that counted certain edges. So if you see "10.7M people follow X" or "136K people like this", it's reading a count, not doing a query.
Now there was another optimization here: only the last 10,000 of (object ID,edge type) were in memory. You generally wanted to avoid dealing with anything older than that because you'd start hitting the database and that was generally a huge problem on a large, live query or update. As an example, it was easy to query the last 10,000 people or pages you've followed.
You should be able to see where this is going. All that had happened was 10,000 people had blocked Mark Zuckerberg. Blocks were another kind of edge that was bidirectional (IIRC). The system just wasn't designed for a situation where more than 10,000 people wanted to block someone.
This got fixed many years ago because somebody came along and build a separate system to handle blocking that didn't have the 10,000 limit. I don't know the implementation details but I can guess. There was a separate piece of reverse-indexing infrastructure for doing queries on one-way edges. I suspect that was used.
Anyway, I love this story because it's funny how a series of technical decisions can lead to behavior and a perception nobody intended.
It's another level of insane to put hard limits for self hosted open source software. I'm surprised so few people in the thread have just changed the source code and build it themselves.
It’s not hardcoded; self-hosted version call their server to ask what is the limit, which is 10k if you don’t pay or unlimited if you do. There is absolutely no performance problem with >10k messages.
This seems like a poorly hashed out plan, but I do have some sympathy...
in the face of competitors with many more employees and seemingly endless piles of VC money, how do open source projects like this fund themselves? What could Mattermost do instead? Should they take more money and race everyone towards the same cliff?
Are projects like this doomed to a small niche of people who understand the implications (and meanwhile can't contribute enough to ensure development keeps pace)?
Everyone else is just going to keep using Slack, and arguably outside of these niche concerns, it's a better funded and higher quality product.
It's not really open source project. They always gated a bunch of features, require CLA (so even if someone does contribute, boom, your code is theirs and they will probably close it down behind enterprise license if it is useful enough), and have pretty complex licensing scheme https://docs.mattermost.com/product-overview/faq-mattermost-...
> Everyone else is just going to keep using Slack, and arguably outside of these niche concerns, it's a better funded and higher quality product.
They had niche when their lite enterprise license (just basic LDAP and some other small features) was $2.5 per user.
Now they are basically on slack pricing, why would anyone bother...
yeah they certainly can't beat slack with slack pricing - low pricing is the biggest moat vc funding gets you (and you can just fill it in after you outlast the competition)
I looked at it for company chat and data, but those weird limits in functionality making in unusable was just too much, so them doing this too is not really surprising. Are they low on money?
Y’know I’m starting to think that every single migration from paid to free software, will end up in the same cycle of becoming feature-locked. People time and again fail to understand that you need to financially support projects you use for sustainable futures. But alas, here we are…
I was about to propose to deploy this as a company chat to my current boss, the self-hosted edition. So, is this still the best option (considering this can be reverted back, I assume), or should I just seek elsewhere now?
10 users for mobile notifications is a non-starter for me. I’d rather host XMPP then, I guess. Or a Matrix server, it seems like it allows the mobile notifications.
Have you worked with both Matrix and Zulip? Looking at both for a small team and wondering which way to go with. Matrix seems more complex to set up and less tailored to function as a Slack alternative. What has been your experience?
Unfortunately, not yet. I tried all of them locally earlier this year, but very briefly, like 15 minutes each. We use Matrix as our family messenger, which is not self-hosted. It’s mainly for occasional and brief text communication, so I’m not too motivated to go self-hosted, yet I had my plans.
I this this is the irony: mattermost probably is the right choice anyway, but you wouldn't want to be the guy who convinced others they should switch, because after something like this, it's him who will be blamed by everyone who he managed to convince.
Am I understanding this right that the main complainant in that issue thread is an IT company that wants to resell the (free) version of Mattermost software and is now complaining that they have to pay?
At first they tried to say that "we're a school" and then when the MM rep said they have an Education license, they admitted that they are not actually a school, but rather a consulting company that is gouging schools by overcharging for open source software.
> an IT company that wants to resell the (free) version of Mattermost software and is now complaining that they have to pay?
A user that was following the letter of the license and has suddenly had their access to the software restricted without warning.
Open source software means people are entirely within their rights to sell it to others, perhaps creating value by providing the warranty that all licenses expressly disclaim.
I’m having a lot of trouble with your comment. The word ‘resell’ doesn’t appear anywhere in the issue - there is absolutely nothing about reselling it anywhere within the linked issue.
I'm not sure about MIT, but the GNU license specifically requires the application licensed to be available in source code (human readable and editable form or similar verbiage).
The FSF calls it a "free license" [1] and I don't think they would if they didn't make the source code available.
Source code available is necessary but not sufficient for Free software, see [2]
> Freedoms 1 and 3 require source code to be available because studying and modifying software without its source code can range from highly impractical to nearly impossible.
And you're entirely wrong. MIT just require attribution, not giving the source code.
That is why companies and corpo programmers LOVE BSD/MIT code, they can freely steal I mean use it in their for-profit products without giving anything back but some bit of text hidden in about box
> If that were true, the FSF wouldn't call it a free license.
It is true; the license gives you the source, to do with as you please, including closing it off.
Famously, Microsoft included BSD licensed tools in Windows since the 90s and did not distribute the sources!
And that is completely legal. If you want to force the users to distribute their changes to your open source product when they are redistributing the product, you need to use GPL.
MIT/BSD licenses are pro-business - any business can take the product, change a few lines and redistribute the result without making their changes available.
GPL is pro-user - anyone who gets the source, makes changes, and then redistributes the result has to make their changed sources available as well.
The FSF has written extensively on why (in their opinion) you should prefer copyleft licenses over non-copyleft licenses, but they don't require a license to be copyleft in order to be considered free. It's worth spending a bit of time on their site to understand their point of view. Just be careful not to drink too much of the Kool-Aid or you'll become one of those annoying people who never shut up about the GPL on forums.
> you should prefer copyleft licenses over non-copyleft licenses,
For most, but not all, software. Stallman did famously argue for libvorbis, which you may know as the ogg codec used mostly by games and spotify, to be licensed under BSD instead of the (L)GPL.
True, there are exceptions. Stallman thought strategically. Having a free-but-non-copyleft licensed reference implementation is necessary if you are trying to wrest dominance from an established but proprietary standard.
But I'm willing to bet that he'd have pushed for GPL if he wasn't trying to topple MP3.
I think that the photos they have on their front page should be enough to tell you who is their target market.
I've invented this heuristic: if the page that describes the project uses the word "solutions", then they'll attempt to use "open source" to obtain free labour, but will distribute the revenues only amongst those people who actually have control.
I don't think the GP implied anything about race? The photos I see are war frigates, power plants, some sort of military operations center, and commercial airliners.
I left every option open for OP to explain. I personally couldn't care less what skin colour are in any of the photos. Not a single one of them match my own.
Everything you mentioned in that list in people who can pay. As opposed to people who code and they use what they code, and furthermore share it with other people who also code and use what they code.
It's "open source" so that they save on developer costs, not for ideological reasons, and you can tell from the photos on their front page - that's what I was implying.
I think this is kind of cynical. I often adopt open source tools because I want to avoid vendor lockin. And so do many. It's not like I say, "Wow. Another code base to dive into and spend hours trying to understand." Nope. I just want the assurance that I can do it if I ever need to do so.
Governmental organizations and corporate firms is the vibe (or maybe that was obvious and you're just trolling).
I think the point was that open source hasn't often been supported by companies serving these kinds of markets and the interests of the broader community are often sidelined.
IRC, email and XAMPP solved messaging a long time ago. Derivative products built on these protocols should have solved the chat problem for most orgs, but we got complacent and thus vulnerable to nickle and diming by the likes of Saleforce and Microsoft. Now rug pulls by faux-opensource projects that basically want free labor for their commercial project so they can sell it to bigger fish.
It's not people wanting to make more money that I despise. Fine, make your commercial version ten times better, I don't care. But the practice of crippling your opensource offering by removing features or adding limits is evil and shameful.
I recently switched a bunch of friends from a project-oriented whatsapp chat to self-hosted mattermost, because I wanted permanent storage for messages and attachments, and threads, and did not want to pay slack in perpetuity.
I feel that this idea is now in jeopardy, if I understand the 10k message history is the limit correctly.
And there I thought I had a solution to slowly bring over project channels, family related things etc. that was as reliable as "my linux box will be reachable on the public internet" and I am willing to manage that it does.
Seems I was wrong, but I don't know which other software has better future proofing.
As is usual, HN’s favourite “underdog” alternative to mainstream software is just a worse version of the mainstream software. I’ll just use Slack instead of some garbage clone that has the same restrictions.
> “Mattermost only got where it is today because of the open-source community.”
Not really? FOSS communities overestimate their importance on a daily basis.
Case in point: Linux. 90%+ of commits were corporate sponsored… in 2004. The pure community member does almost nothing of importance for Linux anymore; or any of these projects.
… by adding a check to builds that anyone, using the source code, can easily patch out?
FOSS never came with any guarantee of “builds must arrive in format most convenient for users.” That’s not in the license. Also not in the license, “FOSS companies can’t charge money for their builds.” Also not in the license, “FOSS companies must provide builds at all.”
If anything, it’s quite a bit of entitlement that “FOSS companies must provide free code, and free builds, forever, or they are evil.” Especially when they are getting VC money to presumably add features that otherwise would not exist and would have no code available at all.
Yes by adding friction to any existing user so they have to fuck with it every single time they update instead of just downloading a blob.
Now Go being easy to get builds running makes it less painful, but still, the entire reason it is in codebase is to add friction.
> If anything, it’s quite a bit of entitlement that “FOSS companies must provide free code, and free builds, forever, or they are evil.” Especially when they are getting VC money to presumably add features that otherwise would not exist and would have no code available at all.
I don't consider "OSS license with CLA forcing code rights assignment" to be FOSS. It being closed source would be better for everyone (but them) because less people would get baited into bait and switch and maybe support less insidiously managed projects.
Or just this:
Source: https://github.com/mattermost/mattermost/issues/34271#issuec...This is a different limit.
Would also be nice to remove the phone-home telemetry.
could be more complicated than this. the easiest thing (to me) would be to midufy the License() function so that it sets the Limits "correctly", as these type of things can be in multiple places.
I was wondering if this was even legal[0], so I went to the repo and noticed that their licensing[1] seems to be... a mess?
It says you can use "compiled versions" under the MIT License. Then it says you can use the source code under AGPL 3.0. And then it additionally says that they won't enforce the AGPL 3.0 copyleft if you haven't modified the source and don't link the Mattermost Platform directly. This is at best a bunch of tautologies that render the Affero clause moot and at worst enable a really stupid workaround to copyleft.
First off, the Affero clause - number 13 - in the AGPL only applies if you modify the source. There is no legal requirement to convey source code on a network server otherwise. So this is downgrading the license to GPL with extra steps.
Second, "linking directly" isn't legally meaningful with regards to the GPL. GPL cares about whether or not your derivative work forms a single "program" - which is deliberately left ambiguous, but almost certainly does not refer to the concept of an address space alone, or even a Go import. I guess what they wanted was to treat the Mattermost Admin and Configuration files under terms that are sort of LGPL-like? But that portion of the binary is already dual-licensed Apache 2.0. So there's no reason to argue
Third, and more importantly... the compiled versions license basically renders the source code requirement of the GPL family null and void. Like, in a normal use of the GPL, if you distribute binaries you're required to offer source. But here, they've weakened that clause.
The most speculative argument I have is that one could disassemble a compiled Go binary to obtain a "compiled version" under MIT terms that is no longer subject to any copyleft whatsoever. This is obviously contrary to the intent of the license, so I'm not sure if a judge would bother listening to this argument, but it's still really bad drafting. I suspect this license document was written by a business strategy guy, not a lawyer.
[0] If this code actually expressed their license requirements, then posting this Git diff is a violation of DMCA 1201, and you'd be liable for jail time. Er, well, except GPL version 3 (only) has a specific anti-1201 clause. But who knows if that's even applicable given the five different licenses at play?
[1] https://github.com/mattermost/mattermost/blob/master/LICENSE...
so not only did they enforce a ridiculously small message limit, they also did it for the self-hosted version, and they did it without announcing it AND without a suitable migration path
and still no one from that company has admitted to it being a mistake?
very nice
In defense of them not admitting any kind of mistake, maybe it's not actually a mistake but instead a really well thought out, yet incredibly stupid, plan.
I have administered a number of Mattermost environments going back to 2019.
It absolutely is not a mistake. They’ve been slowly introducing limits to the Team Edition and screwing with the licensing in obtuse ways to drive revenue. It is something that has executive force behind it.
I have migrated everyone/everything to Zulip, which it turns out has a far better user experience and a much cleaner model. The admin tools are much more mature (and actually function reliably). I have not gotten any complaints.
And I also don’t have to deal with things like on-premise to managed cloud back to on-prem migrations due to ridiculous licensing and pricing instability.
aka "it's a good idea to turn our productivity software into ransomware" plan
Isn't that just the Oracle method?
It works exceptionally well for Slack as we've seen over the years. Someone in your $group uses signs up for the free tier, gets people using it and then you've got to pay through the nose to access any history.
At least slack is clear upfront that this is going to happen, mattermost just did a rug pull and removed history from users who previously had access to it.
The distinction isn’t non-discriminating, but if it is then, what it is, I believe.
That'd be even more reason for them to have a solid PR plan prepared, to grind down opposition and gaslight everyone into giving up. Leaving all messaging about the issue to upset users is the worst way to handle it. Even just closing the issue would've been less damaging at this point.
Well they announced it in their v11 release. They stated that you may stay on v10 for 12 months (EOL) and otherwise proceed with non-profit etc.
Classic rug pull though
Because it is almost certainly not a mistake. They also removed support for SSO via GitLab in the Community Edition in v11, which was the only SSO option still supported by the OSS version. They are pretty obviously trying to push users towards the paid plans.
Huh? I just saw it as supported in their docs a week ago I thought?
Yeah I'm mostly confused about their lack of communication.
If they want to do that then, as every corporate "open source", they are free to do so but why not communicate that at least in the release post?
Any potential free user who would consider going paid will now be starting off their relationship negatively.
Really weird strategy.
We migrated off them when they removed the license tier (there was cheaper self hosted tier that had LDAP feature we needed, and we really only got the enterprise version for) and essentially forced everyone to tier above.
Where did you migrate to, if I may ask? And has it worked out?
Discord. It’s not self-hosted but it currently works fine for my needs. I guess if they start charging $15/mo per user we’ll all migrate again.
I recently switched a bunch of friends from a project-oriented whatsapp chat to self-hosted mattermost, because I wanted permanent storage for messages and attachments, and threads, and did not want to pay slack in perpetuity.
I feel that this idea is now in jeopardy, if I understand the 10k message history is the limit correctly.
And there I thought I had a solution to slowly bring over project channels, family related things etc. that was as reliable as "my linux box will be reachable on the public internet" and I am willing to manage that it does.
Seems I was wrong, but I don't know which other software has better future proofing.
So I guess it's my turn today to start the holy war. If Whatsapp was enough, but you want it to live on your Linux box, Matrix will do just fine. self-hosting has been fast, responsive, low-maintenance, and easy for me over the past several years.
They're trusted by multiple government agencies to stick around and treat their users reasonably, and there are a plethora of clients to choose from.
Now I'll step to the side for the next person to tear me down and sell you on XMPP.
Given that I've been using a self hosted Mattermost for 6+ years, I haven't heard of either Matrix.or XMPP...so will now need to look these up.
The next guy's job is to tell you XMPP is lighter, gen-er-ally viewed as simpler, with a wide array of clients and servers, optional encryption, and with a longer history (with that being viewed as rhyming with reliable).
My "job" in this holy-war thread is to tell you Matrix has become lighter over time, the "default" server Synapse has less, but IMO more up-to-date documentation with a real corporation behind keeping it up-to-date and useful, has a blossoming ecosystem of clients, servers, and bridges (allowing you to use it for other chat systems like Whatsapp and Telegram), has encryption being an enforced default for one-to-one mesasges (instead of XMPP's bolted-on after-the-fact extension), and a paid team to make Synapse more robust, reliable, lighter, faster, and more secure.
Take both arguments with a grain of salt, as I am biased as hell (to the point of donating a small amount monthly to Matrix, and starting flame wars like this one).
The 10000 crippling messages limit is probably not chosen randomly, it’s the same as Slack’s. Not by accident.
what license do they use? If a true FOSS license it's time to fork...
Framasoft did: https://news.ycombinator.com/item?id=46393817
Appears to be "open core" agpl https://github.com/mattermost/mattermost?tab=readme-ov-file
Not sure what isn't included in the core though.
If this was intentional I'm going to uninstall it and encourage people never to use it. This is ridiculous.
I used to use Mattermost. Highly recommend looking at Zulip as an alternative. (It’s my favourite slack alternative and even better than Slack because it’s the best at managing distractions IMO. It also has an interesting history was acquired by Dropbox and then back from Dropbox I believe)
I love Zulip too, use it daily, wrote some nice integrations for it. Never got why people preferred Mattermost over it
Zulip is a kind of annoying name, and every time I encounter it it's in the context of some open source platform hiding their community discussion forum behind a login. I'm left with a not very great impression.
FYI, for a while now you can mark any Zulip channel as public, which means the chat history for that channel does not require a login to view. See https://zulip.com/help/public-access-option for more details.
Hope Zulip's discoverability improves.
In what sense?
I assume they mean the fact I myself know what Mattermost is but I've never heard of... now I even have to go back and load up the comment to find it's name again, Zulip
I don't like the way they push you to give a subject to every discussion. In a way it's more like a newsgroup replacement than Slack, whereas Mattermost is a straight-up Slack clone.
How does Zulip compare to Matrix/Element?
Zulip too has similar restrictions even on their self hosted plans. SAML/LDAP is behind paywall too.
Just looked to their self hosted plans:
IOW, for self-hosted plans, you pay for support, not the software. a-la early RedHat model.Ref: https://zulip.com/plans/#self-hosted-sponsorships
This is false, SAML and LDAP are available. Zulip self hosted has all features with no restrictions, except for mobile notifications which require a subscription for $3.50/u/m (unless you are less than 10 users or are not a non-profit of any kind)
It’s a bit odd though that Zulip charge $ for mobile notifications but still don’t have basic end-to-end encryption for those push notifications .
It's a mix of "because they can" and "because they need to maintain infrastructure for mobile push".
The feature is deployed in the server, mobile clients are still pending the release iinm. But it's coming.
I stand corrected. SAML & LDAP is free in zulip.
> unless you are less than 10 users or are not a non-profit of any kind
They only give free accounts to non-profits with zero paid staff.
What restrictions have you hit ?
Seeing their pricing page, mobile notifications for upto 10 users is too less.
But you mentioned similar...this is a discussion about message limits (and saml ?). Those are free for self hosted.
Push uses _their_ services. That's why it costs $$$. But you can build your own apns endpoint and plug into that at that volume
Push costs pennies. It's an arbitrary restriction.
If you want to run your own push for pennies all you have to do is compile the client yourself.
I'm not going to recompile and redistribute a binary outside the Play Store.
Then your piggybacking on their infrastructure. I don't think they are unreasonable. "It can be done for pennies, but I won't" sort of implies that it does indeed take more than pennies worth of effort.
Then you pay for it. Nothing stops you
That's precisely my point. It's an arbitrary rent-seeking restriction.
Publishing an app in popular app stores, for an organization, requires several $100 in annual fees. That’s before any mobile app is even published.
It's a yearly fee that amounts to a couple hundred dollars. That's about an hour of an engineer's salary. Zulip's customers make this less than a fraction of a fraction of a fraction of a rounding error.
At this point I think he's just trolling. Nobody can be this entitled
You can switch to https://framagit.org/framasoft/framateam/mostlymatter which doesn't have the user limit crap.
We use Docker to deploy, do you know of any public forks that do Docker builds?
You don’t need Docker desktop to build a docker image. In linux, which everyone should use in their ci/cd, just run ”docker build .”
it also has no maintenance; the last commit is from May 2024.
wish the compile instructions in MOSTLY_MATTER_HOWTO were a little more intelligible to me.
Bait contributors by a FOSS-like model, then switch the mode to sell the results of their contributions without paying them back. What a classic.
They're now a defense contractor, the copy on their website sounds like military cosplaying.... Probably chasing the stupid profits of Anduril and Palantir, and doing the old open source rugpull in the process.
Zulip (for Slack) and Wekan (for Trello) are good replacements, save yourself the ethical and technical worries.
https://zulip.com/
https://wekan.github.io/
So so weird that we live in a timeline where Anduril and Palantir are military contractors of the US and other governments.
I know it’s somewhat of a tired observation by now but I still wonder every time how badly you have to misread LOTR to name your company after the witch kings cursed surveillance artefacts.
I wonder when the first weapons manufacturing company calls themselves Angmar or Uruk-hai.
The names are really dope though I have to give them that…
> I know it’s somewhat of a tired observation by now but I still wonder every time how badly you have to misread LOTR to name your company after the witch kings cursed surveillance artefacts.
Have you considered that it is not "misread", they just see themselves on Saruman side ?
Sauron’s side, surely? Or else there is a need for a whole different question of “how badly you have to read LOTR...”
Do you guys really think Gondor was a democratic society with privacy laws?
"Tech Company: At long last, we have created the Torment Nexus from classic sci-fi novel Don't Create The Torment Nexus"
It was a Mike Judge type joke, aka ha-ha only serious.
I don't think they misread it, I think they just liked sauron more than the good guys
Not to be "that guy" but Anduril is Aragorn's sword and is the most good-guy good-thing that could ever be fantasized about. It's used to defeat Sauron. And the Palantir stones are not "the bad guys tool", they were made by the Elves in ancient history and a few of them wound up in the bad guys hands. Misread LOTR indeed!
I specifically referred to the witch kings surveillance artefacts with misreading. I don’t think their creation story is mentioned in LOTR, other than that they are extremely powerful and dangerous.
But you are right of course about Anduril and if you take the whole silmarillion as background. I never really liked that part though
The Palantiri were created by the Elves in Valinor and given to the high race of Men.
The witch-king could in theory have used a Palantir, but there’s no suggestion he did.
The seven stars in Gondor’s crest are the Palantari, and in the War of the Ring, Aragon specifically requested they be added to his banner. They represent the highest level of the civilization of Men.
Yes, but the elf who created them is quite a tragic character himself. To the extent that his own mother chose to die after giving birth because she knew how much sorrow he would eventually bring. So I'd be careful to not paint them as a good thing either.
you're right, and definitely Palantir is a harder sell here. But to say "they named their weapons company Anduril, what are they, bad guys?" frustrates the nerd in me quite a lot.
That is fair even though I referred only to Palantir with that part. Did you name this account after Eru Illuvatar?
Indeed!
I assume it's after another legendary figure, @eru
Oh yeah, totally agree with you on that one.
> I wonder when the first weapons manufacturing company calls themselves Angmar or Uruk-hai.
Luckily/unluckily, AngMar is one of those shady medical subcontracting firms instead...
I guess they are named after the founders (Angie and Mark) - but still an eerie coincidence…
Wait until my pals Saul and Ronald team up!
I know it’s been said but Anduril is the sword wielded by Aragon, forged from the shards of Narsil which defeated Sauron.
And the Palantiri were artifacts given by the Elves to the greatest race of Men to govern their kingdom. No connection to the witch-king (except some post-Tolkien video game).
On Kanban, I would instead suggest cryptpad.fr.
Crucially, it's end to end encrypted.
You can self-host it, or pay for having it hosted (or use the hosted free tier).
Has other things in addition to kanban.
I got a 1 yr account.
https://cryptpad.fr/
> Crucially, it's end to end encrypted.
I don't think it's all that crucial for something that at most gets some ticket descriptions on it
It’s a whole office suite.
And even if you use it only for bug ticketing there are products that are big enough that it takes a long time to implement changes. You really don’t want outsiders to be able to read open bug tickets for security vulnerabilities you are working on fixing for example. And you also don’t want outsiders to read your planned features either, probably.
I think it makes perfect sense to use e2e encryption for bug tickets considering this.
So far we had many leaks from internal systems of many companies like that and frankly not much happened, even when actual code leaked. It's far overrated fear, especially if you self-host it.
That's ok. You don't mind putting your life online, go ahead. To me it's crucial.
I just read the copy on Mattermost's website. I believe you can't go more cringe than this for a group chat application.
Wonder whether they do weapons integrations for this. Urgh.
Every software development organisation I've been in that used Mattermost built integrations with monitoring, build pipelines, LDAP queries and the like.
I'm sure organisations in war would do similar things, but with the tools of their 'craft'.
Unsurprising, given that the CEO of Element/Matrix is also selling and creating primarily to that end as well.
https://news.ycombinator.com/item?id=46379589
mIRC was used during GWOT for military. They just didn’t openly advertise it.
https://news.ycombinator.com/item?id=5147321
Knives were too, and yet I'm not calling people to use forks instead. There is a difference between military contractors and generic tools.
Edit: sorry, hotheaded reply. I assume you mean that the creator of mIRC was encouraging it (though it's not mentioned anywhere). I still.stand by my analogy, but I see your point given your assumption.
> I assume you mean that the creator of mIRC was aware of it and encouraging it.
Like most licensed software, it was likely licensed by “US Government” or “Department of Defense”. Plus, it was openly written about back in the day. It was well known. No clauses in their licensing to prevent its use for those purposes.
Comparing to Mattermost and amplifying the original comment, Mattermost website is openly associating with PlatformOne.
Thanks. For context, this is what you're referring to (many entities with that name):
https://p1.dso.mil/
Yes, exactly.
What's GWOT?
Global War on Terror
Global War on Tankers
Ive seen MM instances across defense dev teams for quite a while specifically to avoid Teams bs in the air force, gov teams does not like mixing with other orgs. Now it seems they’re actually going for contracts and Ill bet great money are mostly funded by USAF. Im very, very surprised.
Mattermost is MIT licensed. What is stopping anyone from removing this restriction?
Maintaining your own fork is a ton of work. Even if it's just routinely rebasing on upstream and maintaining your own upgrade infrastructure and doing releases, that's far from trivial.
The open source community really needs to stop with the "just fork it" mindset.
> Maintaining your own fork is a ton of work. Even if it's just routinely rebasing on upstream and maintaining your own upgrade infrastructure and doing releases, that's far from trivial.
Well I did it for Mattermost and for some other software as well. Sure, its some work, but it's not "a ton" of work and may not be "trivial" but it is also not "far" from trivial.
Do it like Linux maintainers maintain a ton of patched RPM's, deb's, etc. Just keep a patch in GIT. For every release of Mattermost you do a GIT clone, apply your patch and build it. Most of the time the patch will just apply cleanly. Sometimes you need to make a few adjustments, you make them and put them in GIT. There is no extensive release management or anything. You just build a patched version for every released version.
> The open source community really needs to stop with the "just fork it" mindset.
It's right mindset. Just not applicable to projects that are made majority by the company because none of the contributors will move so it's essentially trying to make new team from scratch.
I don't think the implication is that anyone as an individual would fork it.
I think the implication is that some other interested org could very easily step in and assume the role that the Mattermost org was in, and everyone would very eagerly switch and leave Mattermost itself speaking to an empty room.
Still need someone to do unthankful work, in which many are not interested, naturally.
You actually don't have to maintain the fork and/or update to latest version if you don't need new features.
You don't have to maintain the fork and/or update to the latest version if you don't need new features or security fixes.
Most people want security fixes.
Or patched vulnerabilities.
>The open source community really needs to stop with the "just fork it" mindset.
The open source community really needs to stop with the "just do everything i want for free" mindset.
I mean, open source does not mean you're entitled to free support, and free in free software is not about money. I think people depend too much on those projects and then act entitled.
Of course the open source bait and switch done by companies is a shitty behavior worth calling out, but the companies exist to earn money and at this point this can be expected.
From my observation Mattermost is not a software you buy "support" for. It either works and is self-manageable or you use something else. I guess Mattermost (as in the company) saw that too and now uses shitty practices to coerece people into buying it.
I don't think I've expressed a "just do everything I want for free" mindset. In fact, I'm pushing against the idea that someone should just fork Mattermost and maintain that fork for free.
I do think this development represents a bait and switch though.
> Of course the open source bait and switch done by companies is a shitty behavior worth calling out,
Yes, that’s what we are doing here.
> but the companies exist to earn money and at this point this can be expected.
Expected != ethical. Also not a necessary, logical outcome.
What is legitimately expected is a pro version that has more corporate features. We’re not talking about $Xx/user/mo to enable SSO here, though.
Maintaining a patch set for Mattermost is almost trivial. I did it for several years to authenticate users to internal Active Directory and found it easy enough to understand.
I use MM for about a year. Forking it would be a major undertaking as the number of vulnerabilities for which you would need to backport is quite high like 5 a month?). Last time they removed features from free (group calls in v10) there was a lot of grumbling but thats it.
https://github.com/mattermost/mattermost/issues/34271#issuec...
Wanting to use Mattermost's binaries rather than building from source?
Re licensing see: https://isitreallyfoss.com/projects/mattermost/
It’s not open source, it’s “open core” SaaS.
No. The binaries they prepackage for you are MIT. If you want the source it is AGPL or you pay for a proprietary license.
I don't know, but that seems somewhat beside the point. The restriction obviously was not added to test peoples ability to remove it.
Nothing. Open Source is dying. The model to finance open source work (well-off suburban american dads or as a portfolio show off) no longer apply. The old generation that believed in this model is retiring and for the new generation it pays better to "network", leet code, or spam your resume to thousands of employers.
Now couple that with the fact that supply-chain control is profitable (legally or illegally); I think the next 5-10 years will be interesting.
There never was a model to fund open source. At least outside largest and most wide spread codebases. I think it is that reality is finally hitting. Free money has run out and now software must stand as either community efforts, wide enough used foundations or forced support.
almost seems like there is now too much money in software. the old times felt like computer science was mostly a science.
I don't think anything has changed really. Open source never really had a good funding option.
glancing through the code, it doesn't seem like it be that hard to remove limitations such as this. PostHistoryLimit/postHistoryLimit interpreted from License Limits. a little poke here and there and I'd guess the limitations would disappear.
The time and energy that it takes to do it and build it, and then make it easy for current users to move their automatic updates to the fork, then maintaining it etc.
The compiled binary is.
The source code is... AGPL licensed? But not the admin tools. They seem to be licensed under the Apache License 2.0.
--------
Yeah, good luck. Contact your lawyer.
AGPL and Apache are both open source licenses. So I’m not getting what the confusion would be as an end user, who won’t be modifying the software or packaging it for sale.
They're both FREE software licenses, which is more.
https://www.gnu.org/licenses/license-list.html
> Yeah, good luck. Contact your lawyer.
Why? The intent seems pretty clear and they're legally allowed to do this because all contributors signed a CLA.
Explain please. This interests me and I'm extremely curious about what you mean.
Combining source code under different licenses into one product is a nightmare.
You have to follow the AGPL "no additional restrictions" clause while also following the Apache License, and the Apache License might have require you to follow additional restrictions.
Honestly this has never been an issue for me, sure I have had to explain the limits of the licenses and check that I understand them. I guess it depends on your use case, so I am still uncertain when this has become a problem for you.
What's mattermost? People in the GitHub comments say "I just need messages" but there's lots of self hosted messaging apps/servers, no? XMPP comes to mind immediately.
It’s an IRC-like, group chat for Corporate that works in airgap. When HipChat was obsoleted, then Mattermost took over.
It's an open source alternative to Slack
Well, it was this at the beginning. Now it’s an open-core competitor to Slack, with higher pricing(!) but you can use the free version that has fewer features.
My employer migrated to it from IRC, for example.
For all the bad press element/matrix has been getting, I am happy that at least I don't have to deal with this as well.
We've been using Element/Matrix for quite some time now and are fairly happy with it for the most part. The only major hiccup was hosting providers, not the software itself, per se.
We originally signed up with element.io back when they were called vector.im. Service was good, but a year or two in they decided they wanted to focus on those sweet, sweet enterprise licences and the pricing changes were untenable for our little 15 person operation. (I bear them little ill will for this, gotta do what you gotta do and all that, but it was a real PITA at the time.)
We moved to etke.cc who have been quite good. They were responsive to my modest support requests, and apart from being initially a bit surprised we wanted an unfederated server (which to their credit they dealt with with alacrity and aplomb) it's been a service we've just used and not had to otherwise think about.
The only sticking point was there was no way to migrate our messages from the older service. If memory serves, this was due to a deficiency in either Matrix or Synapse due to changing domains (originally an element.io customer subdomian). So always your own subdomain if you can is the moral of the story, I guess. I don't know if the migration story has improved in the years since.
If we had to leave Element/Matrix for whatever reasons I would definitely look at Zulip based on the many recommendations I see for it here. I think back when we went with Element I was quite interested in Zulip, but there just wasn't any good hosting options at the time and we didn't want to go with self-hosting (time-sink vs $$-sink).
what bad press is that?
well e.g. those HN articles and comments
https://news.ycombinator.com/item?id=46376201
https://news.ycombinator.com/item?id=46106132
The good ole VC OS Rug Pull. Classic.
It’d be nice if Mozilla (or a similar foundation) could create a baseline OS platform for a business communications suite.
If Mozilla did that, we'd have monthly news stories about them adding ads into the client, removing features people depend on, cramming in AI where it doesn't belong, abruptly making all sorts of controversial ToS changes, going back on old promises, and all kinds of other things we know and love Mozilla for. All before they'd get bored and discontinue the product after a couple of years.
Or maybe they'd just buy some existing closed source Slack competitor, promise to open source it, and then just never get around to it. You know, like how they bought Pocket in 2017, promised to make it open source, but somehow never got around to it before discontinuing it in 2025.
Feel like then people would just have one more thing to complain about the Mozilla Foundation over.
I'd be nice for anyone but Mozilla to do it. They can barely keep FF competitive
FF is plenty competitive on the technical and feature front. It's market share is not a reflection of technical merit.
What's more, next to Linux itself it is maybe the only case I can see where a major piece of user facing software is kept competitive with the Apple/Google/MS tools.
LibreOffice or Nextcloud are technically far further behind Office and Google's online offerings.
Which therefore begs the question: Who else is in a position to do this?
At first glance, Moz with Firefox + a suite of self-hosted team and productivity stuff that works well in Firefox would make a ton of sense...
It isn't competitive. They are paid by Google.
Worse, it's ridden with spyware, and is merely a honeypot for security-aware people that are not sufficiently paranoid to check any of the claims. Like, those VPNs from YT ads that use your IP to give AI companies residential proxies, the same kind of scam.
Spin up Wireshark and take a look at activity of Firefox. Try to shut the browser up. It won't work.
Even if they weren't a Google's proxy company, they would lose to standards commitees being infested by Google, and would have to play the "best luck catching up" game by constantly supporting new versions of JS, APIs and CSS features that nobody needs (except Google's YouTube will use them to stop you from using an adblocker).
FF is governed by ex-Oracle managers at the moment, singing the Google's song. Don't anthropomorphize your lawnmower.
I thoroughly investigated every open-source (mostly open-core) self-hostable Slack alternative, and the conclusion was clear: only a self-hosted Matrix is a viable option.
There are no arbitrary limits for 'community editions', no risk of relicensing, no risk of being held hostage for features (like Gitlab did at some point).
You can work around all the missing features easily with self-built webhooks and other tools.
Starting with Mattermost or Zulip or similar is just way too risky.
What about their mobile push notifications? I don’t understand whether that’s something one can self-host. I have just read Zulip’s https://zulip.readthedocs.io/en/latest/production/mobile-pus... and they give me the impression only they can do this, so ‘pay us money or else’
I wonder whether this is something any other provider can rug pull in the figure and to be worried about.
IME it "just works" on Android:
https://docs.element.io/latest/element-server-suite-classic/...
This seems to be only for the Enterprise edition. The "free" Team edition should not have this limit:
https://github.com/mattermost/mattermost/issues/34271#issuec...
Also one of the comments:
> Would be a shame if someone with too much time on their hands dug into the binary and added a few zeroes to the message limit
Can this be done via some binary-patch tool? Really curious. It would save recompile efforts.
edit: link
edit 2: I just realized, their Ubuntu repository only contains the Enterprise edition labeled "Free edition". This is really confusing. I does look like entishitification has started long ago: https://docs.mattermost.com/deployment-guide/server/deploy-l...
It seems like the Team edition has a bunch of other limitations, but it's hard to tell from how convoluted and incomplete Mattermost's various comparison pages are.
Is it legal to "patch" (remove a restriction) the binary?
As with many things in adult life, the question is not really "is it legal" but "could I get in trouble for doing this". And we all know the answer.
How could it be illegal? It's not aviation software and doesn't need to be certified to allow it to be used.
yes
Story time. This has basically nothing to do with this post other than it involves a limit of 10,000 but hey, it's Christmas and I want to tell a story.
I used to work for Facebook and many years ago people noticed you couldn't block certain people but the one that was most public was Mark Zuckerberg. It would just say it failed or something like that. And people would assign malice or just intent to it. But the truth was much funnier.
Most data on Facebook is stored in a custom graph database that basically only has 2 tables that are sharded across thousands of MySQL instances but most almost always accessed via an in-memory write-through cache, also custom. It's not quite a cache because it has functionality built on top of the database that accessing directly wouldn't have.
So a person is an object and following them is an edge. Importantly, many such edges were one-way so it was easy to query if person A followed B but much more difficult to query all the followers of B. This was by design to avoid hot shards.
So I lied when I said there were 2 tables. There was a third that was an optimization that counted certain edges. So if you see "10.7M people follow X" or "136K people like this", it's reading a count, not doing a query.
Now there was another optimization here: only the last 10,000 of (object ID,edge type) were in memory. You generally wanted to avoid dealing with anything older than that because you'd start hitting the database and that was generally a huge problem on a large, live query or update. As an example, it was easy to query the last 10,000 people or pages you've followed.
You should be able to see where this is going. All that had happened was 10,000 people had blocked Mark Zuckerberg. Blocks were another kind of edge that was bidirectional (IIRC). The system just wasn't designed for a situation where more than 10,000 people wanted to block someone.
This got fixed many years ago because somebody came along and build a separate system to handle blocking that didn't have the 10,000 limit. I don't know the implementation details but I can guess. There was a separate piece of reverse-indexing infrastructure for doing queries on one-way edges. I suspect that was used.
Anyway, I love this story because it's funny how a series of technical decisions can lead to behavior and a perception nobody intended.
Merry Christmas! This is why I like hackernews.
Years ago I used to work at a company that used Mattermost for internal chats.
Being laid off from there was sad, but at least I didn't have to use Mattermost anymore.
An ex-coworker used to call it "matterworst".
It's another level of insane to put hard limits for self hosted open source software. I'm surprised so few people in the thread have just changed the source code and build it themselves.
They probably found performance problems at certain limits and "resolved" the problem with a hard coded limit.
It’s not hardcoded; self-hosted version call their server to ask what is the limit, which is 10k if you don’t pay or unlimited if you do. There is absolutely no performance problem with >10k messages.
... a hard coded limit... for self-hosted software... which is removed for paying users?
GitHub needs a better flag for license stuff like this. Open Source doesn’t mean what it used to.
Why would GitHub step in (or even care)? GitHub isn't open source.
Open source doesn't imply no limitations.
Anyone can sue anyone for anything. Even if the case is laughed out of court.
Btw I hope you didn’t forget to pay the Linux license fee to SCO.
This seems like a poorly hashed out plan, but I do have some sympathy...
in the face of competitors with many more employees and seemingly endless piles of VC money, how do open source projects like this fund themselves? What could Mattermost do instead? Should they take more money and race everyone towards the same cliff?
Are projects like this doomed to a small niche of people who understand the implications (and meanwhile can't contribute enough to ensure development keeps pace)?
Everyone else is just going to keep using Slack, and arguably outside of these niche concerns, it's a better funded and higher quality product.
It's not really open source project. They always gated a bunch of features, require CLA (so even if someone does contribute, boom, your code is theirs and they will probably close it down behind enterprise license if it is useful enough), and have pretty complex licensing scheme https://docs.mattermost.com/product-overview/faq-mattermost-...
> Everyone else is just going to keep using Slack, and arguably outside of these niche concerns, it's a better funded and higher quality product.
They had niche when their lite enterprise license (just basic LDAP and some other small features) was $2.5 per user.
Now they are basically on slack pricing, why would anyone bother...
yeah they certainly can't beat slack with slack pricing - low pricing is the biggest moat vc funding gets you (and you can just fill it in after you outlast the competition)
I looked at it for company chat and data, but those weird limits in functionality making in unusable was just too much, so them doing this too is not really surprising. Are they low on money?
Y’know I’m starting to think that every single migration from paid to free software, will end up in the same cycle of becoming feature-locked. People time and again fail to understand that you need to financially support projects you use for sustainable futures. But alas, here we are…
I was about to propose to deploy this as a company chat to my current boss, the self-hosted edition. So, is this still the best option (considering this can be reverted back, I assume), or should I just seek elsewhere now?
Zulip is recommended by many here. Their mobile app is atrocious though...
10 users for mobile notifications is a non-starter for me. I’d rather host XMPP then, I guess. Or a Matrix server, it seems like it allows the mobile notifications.
Have you worked with both Matrix and Zulip? Looking at both for a small team and wondering which way to go with. Matrix seems more complex to set up and less tailored to function as a Slack alternative. What has been your experience?
Matrix has a really good ansible playbook that's easy to set up and keep updated with all the trimmings like bridges to other networks.
https://github.com/spantaleev/matrix-docker-ansible-deploy
Unfortunately, not yet. I tried all of them locally earlier this year, but very briefly, like 15 minutes each. We use Matrix as our family messenger, which is not self-hosted. It’s mainly for occasional and brief text communication, so I’m not too motivated to go self-hosted, yet I had my plans.
Thank you for sharing your experience!
You’re welcome. Unfortunately, not much to share, really.
Thank god i didn't convince my team to selfhost mattermost instead of using slack
… slack is exactly the same, except without even the ability to self-host?
I this this is the irony: mattermost probably is the right choice anyway, but you wouldn't want to be the guy who convinced others they should switch, because after something like this, it's him who will be blamed by everyone who he managed to convince.
Am I understanding this right that the main complainant in that issue thread is an IT company that wants to resell the (free) version of Mattermost software and is now complaining that they have to pay?
At first they tried to say that "we're a school" and then when the MM rep said they have an Education license, they admitted that they are not actually a school, but rather a consulting company that is gouging schools by overcharging for open source software.
> an IT company that wants to resell the (free) version of Mattermost software and is now complaining that they have to pay?
A user that was following the letter of the license and has suddenly had their access to the software restricted without warning.
Open source software means people are entirely within their rights to sell it to others, perhaps creating value by providing the warranty that all licenses expressly disclaim.
I'm aware of what open source software is.
And there are 3 things that you can do when in this situation:
1) Pay the fee, if that is what is required for it to continue to be easy for you to re-sell the software.
2) Fork the project, remove the restrictions, and maintain it yourself.
3) Stop using the software.
All of those are perfectly within the spirit of FOSS.
The user who is the IT company is not the same user who started the thread and claims to be a school.
No, you are not understanding this right.
It's about rug pulling your users and cutting them off at the knees. I don't use mattermost but read the github thread in it's entirety.
The good brand of open-source software is basically being abused to do basic rug pull schemes. Sad.
I’m having a lot of trouble with your comment. The word ‘resell’ doesn’t appear anywhere in the issue - there is absolutely nothing about reselling it anywhere within the linked issue.
From the readme.md
> A new compiled version is released under an MIT license every month on the 16th.
What does than even mean? Is it equivalent to what we use to call "freeware". Is it legal to modify the binaries?
Broadly. You can do anything you want with MIT licensed software as long as you include the copyright and warranty notice.
I suppose with "freeware" technically you could be prevent from redistributing or selling it. As there is no hard definition on that term.
I'm not sure about MIT, but the GNU license specifically requires the application licensed to be available in source code (human readable and editable form or similar verbiage).
The MIT licence does not require this.
I'm not an expert, but I very much doubt this.
The FSF calls it a "free license" [1] and I don't think they would if they didn't make the source code available.
Source code available is necessary but not sufficient for Free software, see [2]
> Freedoms 1 and 3 require source code to be available because studying and modifying software without its source code can range from highly impractical to nearly impossible.
[1] https://www.gnu.org/licenses/license-list.en.html#Expat
[2] https://en.wikipedia.org/wiki/Free_software
EDIT Oh sorry, you mean for the LICENSE to be available. Never mind then.
And you're entirely wrong. MIT just require attribution, not giving the source code.
That is why companies and corpo programmers LOVE BSD/MIT code, they can freely steal I mean use it in their for-profit products without giving anything back but some bit of text hidden in about box
You can compile MIT software and distribute the binary while saying “fuck you” to anyone who asks for the source.
You are thinking of copyleft (e.g. GPL)
If that were true, the FSF wouldn't call it a free license.
> If that were true, the FSF wouldn't call it a free license.
It is true; the license gives you the source, to do with as you please, including closing it off.
Famously, Microsoft included BSD licensed tools in Windows since the 90s and did not distribute the sources!
And that is completely legal. If you want to force the users to distribute their changes to your open source product when they are redistributing the product, you need to use GPL.
You should have linked the MIT License on Wikipedia (or anywhere else) instead of Free Software.
The license is only three paragraphs long. You can see it does not contain text supporting your claim.
https://en.wikipedia.org/wiki/MIT_License
Well, I'm confused.
It's actually very simple:
MIT/BSD licenses are pro-business - any business can take the product, change a few lines and redistribute the result without making their changes available.
GPL is pro-user - anyone who gets the source, makes changes, and then redistributes the result has to make their changed sources available as well.
The FSF has written extensively on why (in their opinion) you should prefer copyleft licenses over non-copyleft licenses, but they don't require a license to be copyleft in order to be considered free. It's worth spending a bit of time on their site to understand their point of view. Just be careful not to drink too much of the Kool-Aid or you'll become one of those annoying people who never shut up about the GPL on forums.
> you should prefer copyleft licenses over non-copyleft licenses,
For most, but not all, software. Stallman did famously argue for libvorbis, which you may know as the ogg codec used mostly by games and spotify, to be licensed under BSD instead of the (L)GPL.
True, there are exceptions. Stallman thought strategically. Having a free-but-non-copyleft licensed reference implementation is necessary if you are trying to wrest dominance from an established but proprietary standard.
But I'm willing to bet that he'd have pushed for GPL if he wasn't trying to topple MP3.
Don't listen to spauldo, GP. Drink the delicious Kool Aid that is free software. Bring that joy to everyone else you find.
Did they take VC money?
I think that the photos they have on their front page should be enough to tell you who is their target market.
I've invented this heuristic: if the page that describes the project uses the word "solutions", then they'll attempt to use "open source" to obtain free labour, but will distribute the revenues only amongst those people who actually have control.
Black businesswomen? Firefighters? White servicemen? White software developers?
I really don't get what you're implying. I don't see any problem with the photos on the mattermost front page.
https://mattermost.com/
I don't think the GP implied anything about race? The photos I see are war frigates, power plants, some sort of military operations center, and commercial airliners.
Think "enterprise", rather than "racism".
Exactly. But some people think everyone else is racist. Those people's skin colour didn't even register.
I left every option open for OP to explain. I personally couldn't care less what skin colour are in any of the photos. Not a single one of them match my own.
Everything you mentioned in that list in people who can pay. As opposed to people who code and they use what they code, and furthermore share it with other people who also code and use what they code.
It's "open source" so that they save on developer costs, not for ideological reasons, and you can tell from the photos on their front page - that's what I was implying.
I think this is kind of cynical. I often adopt open source tools because I want to avoid vendor lockin. And so do many. It's not like I say, "Wow. Another code base to dive into and spend hours trying to understand." Nope. I just want the assurance that I can do it if I ever need to do so.
Governmental organizations and corporate firms is the vibe (or maybe that was obvious and you're just trolling).
I think the point was that open source hasn't often been supported by companies serving these kinds of markets and the interests of the broader community are often sidelined.
Yes. They are a YC company, too: https://mattermost.com/blog/yc-leads-50m-series-b-in-matterm...
Waiting for the thread to be marked as [flagged] and then [dead] then, I assume.
Has HN ever showed bias in this way? I can't think of any occasions.
Isn’t that obvious? Look at the domain name.
So, they limit the access to data on self hosted instances after upgrade? Sounds like a ransomware with extra steps.
Enshitification ensues.
this is not the only such recent change. can't make voice calls in public channels anymore either, only pms.
IRC, email and XAMPP solved messaging a long time ago. Derivative products built on these protocols should have solved the chat problem for most orgs, but we got complacent and thus vulnerable to nickle and diming by the likes of Saleforce and Microsoft. Now rug pulls by faux-opensource projects that basically want free labor for their commercial project so they can sell it to bigger fish.
It's not people wanting to make more money that I despise. Fine, make your commercial version ten times better, I don't care. But the practice of crippling your opensource offering by removing features or adding limits is evil and shameful.
"Fauxpensource", if you will.
can someone clarify the situation that self-hosted free (as in beer) community mattermosts are/will be in?
They have been slowly removing features from it and this is another one removed
I recently switched a bunch of friends from a project-oriented whatsapp chat to self-hosted mattermost, because I wanted permanent storage for messages and attachments, and threads, and did not want to pay slack in perpetuity.
I feel that this idea is now in jeopardy, if I understand the 10k message history is the limit correctly.
And there I thought I had a solution to slowly bring over project channels, family related things etc. that was as reliable as "my linux box will be reachable on the public internet" and I am willing to manage that it does.
Seems I was wrong, but I don't know which other software has better future proofing.
Another project bites the dust. They will return after a fork will get way popular. In time
Use matrix instead. Or zulip. Or xmpp. Or IRC
As is usual, HN’s favourite “underdog” alternative to mainstream software is just a worse version of the mainstream software. I’ll just use Slack instead of some garbage clone that has the same restrictions.
Another option is the open source Rocket.Chat.
Last time I checked they were worse.
[dead]
> “Mattermost only got where it is today because of the open-source community.”
Not really? FOSS communities overestimate their importance on a daily basis.
Case in point: Linux. 90%+ of commits were corporate sponsored… in 2004. The pure community member does almost nothing of importance for Linux anymore; or any of these projects.
It's because you misunderstood the reason - they OSS part got them some free advertising and users that gave it a try and got on the subscription.
Now VC's want their money so gotta make people that can't be bothered to get off it to migrate to paid plan
… by adding a check to builds that anyone, using the source code, can easily patch out?
FOSS never came with any guarantee of “builds must arrive in format most convenient for users.” That’s not in the license. Also not in the license, “FOSS companies can’t charge money for their builds.” Also not in the license, “FOSS companies must provide builds at all.”
If anything, it’s quite a bit of entitlement that “FOSS companies must provide free code, and free builds, forever, or they are evil.” Especially when they are getting VC money to presumably add features that otherwise would not exist and would have no code available at all.
Yes by adding friction to any existing user so they have to fuck with it every single time they update instead of just downloading a blob.
Now Go being easy to get builds running makes it less painful, but still, the entire reason it is in codebase is to add friction.
> If anything, it’s quite a bit of entitlement that “FOSS companies must provide free code, and free builds, forever, or they are evil.” Especially when they are getting VC money to presumably add features that otherwise would not exist and would have no code available at all.
I don't consider "OSS license with CLA forcing code rights assignment" to be FOSS. It being closed source would be better for everyone (but them) because less people would get baited into bait and switch and maybe support less insidiously managed projects.
This is one of the reasons I don't like using Linux so much. I don't want to be a corporate playing ball.