Mattermost restricted access to old messages after 10000 limit is reached

318 pointsposted 11 hours ago
by xvilka
(github.com)

198 Comments

q3k

10 hours ago

    diff --git a/server/channels/app/limits.go b/server/channels/app/limits.go
    index b13103898a..a8be8dd908 100644
    --- a/server/channels/app/limits.go
    +++ b/server/channels/app/limits.go
    @@ -36,17 +36,6 @@ func (a *App) GetServerLimits() (*model.ServerLimits, *model.AppError) {
                    limits.MaxUsersHardLimit = licenseUserLimit + int64(extraUsers)
            }
     
    -       // Check if license has post history limits and get the calculated timestamp
    -       if license != nil && license.Limits != nil && license.Limits.PostHistory > 0 {
    -               limits.PostHistoryLimit = license.Limits.PostHistory
    -               // Get the calculated timestamp of the last accessible post
    -               lastAccessibleTime, appErr := a.GetLastAccessiblePostTime()
    -               if appErr != nil {
    -                       return nil, appErr
    -               }
    -               limits.LastAccessiblePostTime = lastAccessibleTime
    -       }
    -
            activeUserCount, appErr := a.Srv().Store().User().Count(model.UserCountOptions{})
            if appErr != nil {
                    return nil, model.NewAppError("GetServerLimits", "app.limits.get_app_limits.user_count.store_error", nil, "", http.StatusInternalServerError).Wrap(appErr)

compsciphd

7 hours ago

could be more complicated than this. the easiest thing (to me) would be to midufy the License() function so that it sets the Limits "correctly", as these type of things can be in multiple places.

kmeisthax

2 hours ago

I was wondering if this was even legal[0], so I went to the repo and noticed that their licensing[1] seems to be... a mess?

It says you can use "compiled versions" under the MIT License. Then it says you can use the source code under AGPL 3.0. And then it additionally says that they won't enforce the AGPL 3.0 copyleft if you haven't modified the source and don't link the Mattermost Platform directly. This is at best a bunch of tautologies that render the Affero clause moot and at worst enable a really stupid workaround to copyleft.

First off, the Affero clause - number 13 - in the AGPL only applies if you modify the source. There is no legal requirement to convey source code on a network server otherwise. So this is downgrading the license to GPL with extra steps.

Second, "linking directly" isn't legally meaningful with regards to the GPL. GPL cares about whether or not your derivative work forms a single "program" - which is deliberately left ambiguous, but almost certainly does not refer to the concept of an address space alone, or even a Go import. I guess what they wanted was to treat the Mattermost Admin and Configuration files under terms that are sort of LGPL-like? But that portion of the binary is already dual-licensed Apache 2.0. So there's no reason to argue

Third, and more importantly... the compiled versions license basically renders the source code requirement of the GPL family null and void. Like, in a normal use of the GPL, if you distribute binaries you're required to offer source. But here, they've weakened that clause.

The most speculative argument I have is that one could disassemble a compiled Go binary to obtain a "compiled version" under MIT terms that is no longer subject to any copyleft whatsoever. This is obviously contrary to the intent of the license, so I'm not sure if a judge would bother listening to this argument, but it's still really bad drafting. I suspect this license document was written by a business strategy guy, not a lawyer.

[0] If this code actually expressed their license requirements, then posting this Git diff is a violation of DMCA 1201, and you'd be liable for jail time. Er, well, except GPL version 3 (only) has a specific anti-1201 clause. But who knows if that's even applicable given the five different licenses at play?

[1] https://github.com/mattermost/mattermost/blob/master/LICENSE...

Zephilinox

10 hours ago

so not only did they enforce a ridiculously small message limit, they also did it for the self-hosted version, and they did it without announcing it AND without a suitable migration path

and still no one from that company has admitted to it being a mistake?

very nice

protimewaster

10 hours ago

In defense of them not admitting any kind of mistake, maybe it's not actually a mistake but instead a really well thought out, yet incredibly stupid, plan.

g947o

9 hours ago

aka "it's a good idea to turn our productivity software into ransomware" plan

pixl97

8 hours ago

Isn't that just the Oracle method?

BuildTheRobots

8 hours ago

It works exceptionally well for Slack as we've seen over the years. Someone in your $group uses signs up for the free tier, gets people using it and then you've got to pay through the nose to access any history.

happyopossum

3 hours ago

At least slack is clear upfront that this is going to happen, mattermost just did a rug pull and removed history from users who previously had access to it.

cwmoore

9 hours ago

The distinction isn’t non-discriminating, but if it is then, what it is, I believe.

creshal

9 hours ago

That'd be even more reason for them to have a solid PR plan prepared, to grind down opposition and gaslight everyone into giving up. Leaving all messaging about the issue to upset users is the worst way to handle it. Even just closing the issue would've been less damaging at this point.

AmazingTurtle

7 hours ago

Well they announced it in their v11 release. They stated that you may stay on v10 for 12 months (EOL) and otherwise proceed with non-profit etc.

Classic rug pull though

this_user

7 hours ago

Because it is almost certainly not a mistake. They also removed support for SSO via GitLab in the Community Edition in v11, which was the only SSO option still supported by the OSS version. They are pretty obviously trying to push users towards the paid plans.

Vespasian

9 hours ago

Yeah I'm mostly confused about their lack of communication.

If they want to do that then, as every corporate "open source", they are free to do so but why not communicate that at least in the release post?

Any potential free user who would consider going paid will now be starting off their relationship negatively.

Really weird strategy.

PunchyHamster

4 hours ago

We migrated off them when they removed the license tier (there was cheaper self hosted tier that had LDAP feature we needed, and we really only got the enterprise version for) and essentially forced everyone to tier above.

SubiculumCode

4 hours ago

Where did you migrate to, if I may ask? And has it worked out?

nixgeek

4 hours ago

Discord. It’s not self-hosted but it currently works fine for my needs. I guess if they start charging $15/mo per user we’ll all migrate again.

Zacharias030

3 hours ago

I recently switched a bunch of friends from a project-oriented whatsapp chat to self-hosted mattermost, because I wanted permanent storage for messages and attachments, and threads, and did not want to pay slack in perpetuity.

I feel that this idea is now in jeopardy, if I understand the 10k message history is the limit correctly.

And there I thought I had a solution to slowly bring over project channels, family related things etc. that was as reliable as "my linux box will be reachable on the public internet" and I am willing to manage that it does.

Seems I was wrong, but I don't know which other software has better future proofing.

xethos

an hour ago

So I guess it's my turn today to start the holy war. If Whatsapp was enough, but you want it to live on your Linux box, Matrix will do just fine. self-hosting has been fast, responsive, low-maintenance, and easy for me over the past several years.

They're trusted by multiple government agencies to stick around and treat their users reasonably, and there are a plethora of clients to choose from.

Now I'll step to the side for the next person to tear me down and sell you on XMPP.

SubiculumCode

an hour ago

Given that I've been using a self hosted Mattermost for 6+ years, I haven't heard of either Matrix.or XMPP...so will now need to look these up.

xethos

3 minutes ago

The next guy's job is to tell you XMPP is lighter, gen-er-ally viewed as simpler, with a wide array of clients and servers, optional encryption, and with a longer history (with that being viewed as rhyming with reliable).

My "job" in this holy-war thread is to tell you Matrix has become lighter over time, the "default" server Synapse has less, but IMO more up-to-date documentation with a real corporation behind keeping it up-to-date and useful, has a blossoming ecosystem of clients, servers, and bridges (allowing you to use it for other chat systems like Whatsapp and Telegram), has encryption being an enforced default for one-to-one mesasges (instead of XMPP's bolted-on after-the-fact extension), and a paid team to make Synapse more robust, reliable, lighter, faster, and more secure.

Take both arguments with a grain of salt, as I am biased as hell (to the point of donating a small amount monthly to Matrix, and starting flame wars like this one).

dlkckvll

2 hours ago

The 10000 crippling messages limit is probably not chosen randomly, it’s the same as Slack’s. Not by accident.

brandensilva

5 hours ago

If this was intentional I'm going to uninstall it and encourage people never to use it. This is ridiculous.

carolosf

10 hours ago

I used to use Mattermost. Highly recommend looking at Zulip as an alternative. (It’s my favourite slack alternative and even better than Slack because it’s the best at managing distractions IMO. It also has an interesting history was acquired by Dropbox and then back from Dropbox I believe)

gtech1

8 hours ago

I love Zulip too, use it daily, wrote some nice integrations for it. Never got why people preferred Mattermost over it

mort96

an hour ago

Zulip is a kind of annoying name, and every time I encounter it it's in the context of some open source platform hiding their community discussion forum behind a login. I'm left with a not very great impression.

j45

4 hours ago

Hope Zulip's discoverability improves.

sundarurfriend

4 hours ago

In what sense?

muppetman

3 hours ago

I assume they mean the fact I myself know what Mattermost is but I've never heard of... now I even have to go back and load up the comment to find it's name again, Zulip

paper2d

8 hours ago

Zulip too has similar restrictions even on their self hosted plans. SAML/LDAP is behind paywall too.

bayindirh

8 hours ago

Just looked to their self hosted plans:

    - No limitation on search, members, etc.
    - 10 user limit for mobile notifications, can be relaxed via community (for non-profits, FOSS projects, etc.)
    - SAML/LDAP *support* is available, you can configure it. They won't provide answers to your questions.
    - Actually, all Zulip features are enabled sans Mobile Notifications, but for most of them, you're on your own. If you know what you're doing, it's not a problem, I assume.
IOW, for self-hosted plans, you pay for support, not the software. a-la early RedHat model.

Ref: https://zulip.com/plans/#self-hosted-sponsorships

Valodim

7 hours ago

This is false, SAML and LDAP are available. Zulip self hosted has all features with no restrictions, except for mobile notifications which require a subscription for $3.50/u/m (unless you are less than 10 users or are not a non-profit of any kind)

zukzuk

7 hours ago

It’s a bit odd though that Zulip charge $ for mobile notifications but still don’t have basic end-to-end encryption for those push notifications .

PunchyHamster

4 hours ago

It's a mix of "because they can" and "because they need to maintain infrastructure for mobile push".

Valodim

7 hours ago

The feature is deployed in the server, mobile clients are still pending the release iinm. But it's coming.

RobotToaster

7 hours ago

> unless you are less than 10 users or are not a non-profit of any kind

They only give free accounts to non-profits with zero paid staff.

gtech1

8 hours ago

What restrictions have you hit ?

paper2d

8 hours ago

Seeing their pricing page, mobile notifications for upto 10 users is too less.

gtech1

8 hours ago

But you mentioned similar...this is a discussion about message limits (and saml ?). Those are free for self hosted.

Push uses _their_ services. That's why it costs $$$. But you can build your own apns endpoint and plug into that at that volume

emptysongglass

5 hours ago

Push costs pennies. It's an arbitrary restriction.

Volundr

3 hours ago

If you want to run your own push for pennies all you have to do is compile the client yourself.

emptysongglass

2 hours ago

I'm not going to recompile and redistribute a binary outside the Play Store.

gtech1

3 hours ago

Then you pay for it. Nothing stops you

emptysongglass

2 hours ago

That's precisely my point. It's an arbitrary rent-seeking restriction.

dlkckvll

an hour ago

Publishing an app in popular app stores, for an organization, requires several $100 in annual fees. That’s before any mobile app is even published.

garganzol

8 hours ago

Bait contributors by a FOSS-like model, then switch the mode to sell the results of their contributions without paying them back. What a classic.

constantius

10 hours ago

They're now a defense contractor, the copy on their website sounds like military cosplaying.... Probably chasing the stupid profits of Anduril and Palantir, and doing the old open source rugpull in the process.

Zulip (for Slack) and Wekan (for Trello) are good replacements, save yourself the ethical and technical worries.

https://zulip.com/

https://wekan.github.io/

sallveburrpi

9 hours ago

So so weird that we live in a timeline where Anduril and Palantir are military contractors of the US and other governments.

I know it’s somewhat of a tired observation by now but I still wonder every time how badly you have to misread LOTR to name your company after the witch kings cursed surveillance artefacts.

I wonder when the first weapons manufacturing company calls themselves Angmar or Uruk-hai.

The names are really dope though I have to give them that…

PunchyHamster

4 hours ago

> I know it’s somewhat of a tired observation by now but I still wonder every time how badly you have to misread LOTR to name your company after the witch kings cursed surveillance artefacts.

Have you considered that it is not "misread", they just see themselves on Saruman side ?

dragonwriter

2 hours ago

Sauron’s side, surely? Or else there is a need for a whole different question of “how badly you have to read LOTR...”

basket_horse

2 hours ago

Do you guys really think Gondor was a democratic society with privacy laws?

ahartmetz

8 hours ago

"Tech Company: At long last, we have created the Torment Nexus from classic sci-fi novel Don't Create The Torment Nexus"

It was a Mike Judge type joke, aka ha-ha only serious.

erulabs

4 hours ago

Not to be "that guy" but Anduril is Aragorn's sword and is the most good-guy good-thing that could ever be fantasized about. It's used to defeat Sauron. And the Palantir stones are not "the bad guys tool", they were made by the Elves in ancient history and a few of them wound up in the bad guys hands. Misread LOTR indeed!

sallveburrpi

2 hours ago

I specifically referred to the witch kings surveillance artefacts with misreading. I don’t think their creation story is mentioned in LOTR, other than that they are extremely powerful and dangerous.

But you are right of course about Anduril and if you take the whole silmarillion as background. I never really liked that part though

scsh

3 hours ago

Yes, but the elf who created them is quite a tragic character himself. To the extent that his own mother chose to die after giving birth because she knew how much sorrow he would eventually bring. So I'd be careful to not paint them as a good thing either.

erulabs

3 hours ago

you're right, and definitely Palantir is a harder sell here. But to say "they named their weapons company Anduril, what are they, bad guys?" frustrates the nerd in me quite a lot.

sallveburrpi

2 hours ago

That is fair even though I referred only to Palantir with that part. Did you name this account after Eru Illuvatar?

scsh

2 hours ago

Oh yeah, totally agree with you on that one.

swiftcoder

9 hours ago

> I wonder when the first weapons manufacturing company calls themselves Angmar or Uruk-hai.

Luckily/unluckily, AngMar is one of those shady medical subcontracting firms instead...

sallveburrpi

8 hours ago

I guess they are named after the founders (Angie and Mark) - but still an eerie coincidence…

thatguy0900

5 hours ago

I don't think they misread it, I think they just liked sauron more than the good guys

ekjhgkejhgk

9 hours ago

On Kanban, I would instead suggest cryptpad.fr.

Crucially, it's end to end encrypted.

You can self-host it, or pay for having it hosted (or use the hosted free tier).

Has other things in addition to kanban.

I got a 1 yr account.

https://cryptpad.fr/

PunchyHamster

4 hours ago

> Crucially, it's end to end encrypted.

I don't think it's all that crucial for something that at most gets some ticket descriptions on it

QuantumNomad_

2 hours ago

It’s a whole office suite.

And even if you use it only for bug ticketing there are products that are big enough that it takes a long time to implement changes. You really don’t want outsiders to be able to read open bug tickets for security vulnerabilities you are working on fixing for example. And you also don’t want outsiders to read your planned features either, probably.

I think it makes perfect sense to use e2e encryption for bug tickets considering this.

bayindirh

8 hours ago

I just read the copy on Mattermost's website. I believe you can't go more cringe than this for a group chat application.

Wonder whether they do weapons integrations for this. Urgh.

cess11

3 hours ago

Every software development organisation I've been in that used Mattermost built integrations with monitoring, build pipelines, LDAP queries and the like.

I'm sure organisations in war would do similar things, but with the tools of their 'craft'.

firesteelrain

10 hours ago

mIRC was used during GWOT for military. They just didn’t openly advertise it.

https://news.ycombinator.com/item?id=5147321

constantius

10 hours ago

Knives were too, and yet I'm not calling people to use forks instead. There is a difference between military contractors and generic tools.

Edit: sorry, hotheaded reply. I assume you mean that the creator of mIRC was encouraging it (though it's not mentioned anywhere). I still.stand by my analogy, but I see your point given your assumption.

firesteelrain

9 hours ago

> I assume you mean that the creator of mIRC was aware of it and encouraging it.

Like most licensed software, it was likely licensed by “US Government” or “Department of Defense”. Plus, it was openly written about back in the day. It was well known. No clauses in their licensing to prevent its use for those purposes.

Comparing to Mattermost and amplifying the original comment, Mattermost website is openly associating with PlatformOne.

notesinthefield

8 hours ago

Ive seen MM instances across defense dev teams for quite a while specifically to avoid Teams bs in the air force, gov teams does not like mixing with other orgs. Now it seems they’re actually going for contracts and Ill bet great money are mostly funded by USAF. Im very, very surprised.

bramhaag

10 hours ago

Mattermost is MIT licensed. What is stopping anyone from removing this restriction?

mort96

10 hours ago

Maintaining your own fork is a ton of work. Even if it's just routinely rebasing on upstream and maintaining your own upgrade infrastructure and doing releases, that's far from trivial.

The open source community really needs to stop with the "just fork it" mindset.

jsiepkes

7 hours ago

> Maintaining your own fork is a ton of work. Even if it's just routinely rebasing on upstream and maintaining your own upgrade infrastructure and doing releases, that's far from trivial.

Well I did it for Mattermost and for some other software as well. Sure, its some work, but it's not "a ton" of work and may not be "trivial" but it is also not "far" from trivial.

Do it like Linux maintainers maintain a ton of patched RPM's, deb's, etc. Just keep a patch in GIT. For every release of Mattermost you do a GIT clone, apply your patch and build it. Most of the time the patch will just apply cleanly. Sometimes you need to make a few adjustments, you make them and put them in GIT. There is no extensive release management or anything. You just build a patched version for every released version.

PunchyHamster

4 hours ago

> The open source community really needs to stop with the "just fork it" mindset.

It's right mindset. Just not applicable to projects that are made majority by the company because none of the contributors will move so it's essentially trying to make new team from scratch.

derefr

10 hours ago

I don't think the implication is that anyone as an individual would fork it.

I think the implication is that some other interested org could very easily step in and assume the role that the Mattermost org was in, and everyone would very eagerly switch and leave Mattermost itself speaking to an empty room.

whatevaa

9 hours ago

Still need someone to do unthankful work, in which many are not interested, naturally.

nlitened

8 hours ago

You actually don't have to maintain the fork and/or update to latest version if you don't need new features.

mort96

5 hours ago

You don't have to maintain the fork and/or update to the latest version if you don't need new features or security fixes.

Most people want security fixes.

yread

9 hours ago

I use MM for about a year. Forking it would be a major undertaking as the number of vulnerabilities for which you would need to backport is quite high like 5 a month?). Last time they removed features from free (group calls in v10) there was a lot of grumbling but thats it.

integralid

10 hours ago

>The open source community really needs to stop with the "just fork it" mindset.

The open source community really needs to stop with the "just do everything i want for free" mindset.

I mean, open source does not mean you're entitled to free support, and free in free software is not about money. I think people depend too much on those projects and then act entitled.

Of course the open source bait and switch done by companies is a shitty behavior worth calling out, but the companies exist to earn money and at this point this can be expected.

mort96

9 hours ago

I don't think I've expressed a "just do everything I want for free" mindset. In fact, I'm pushing against the idea that someone should just fork Mattermost and maintain that fork for free.

I do think this development represents a bait and switch though.

gsich

8 hours ago

From my observation Mattermost is not a software you buy "support" for. It either works and is self-manageable or you use something else. I guess Mattermost (as in the company) saw that too and now uses shitty practices to coerece people into buying it.

fn-mote

8 hours ago

> Of course the open source bait and switch done by companies is a shitty behavior worth calling out,

Yes, that’s what we are doing here.

> but the companies exist to earn money and at this point this can be expected.

Expected != ethical. Also not a necessary, logical outcome.

What is legitimately expected is a pro version that has more corporate features. We’re not talking about $Xx/user/mo to enable SSO here, though.

giancarlostoro

4 hours ago

No. The binaries they prepackage for you are MIT. If you want the source it is AGPL or you pay for a proprietary license.

LudwigNagasena

10 hours ago

It’s not open source, it’s “open core” SaaS.

jstummbillig

10 hours ago

I don't know, but that seems somewhat beside the point. The restriction obviously was not added to test peoples ability to remove it.

compsciphd

9 hours ago

glancing through the code, it doesn't seem like it be that hard to remove limitations such as this. PostHistoryLimit/postHistoryLimit interpreted from License Limits. a little poke here and there and I'd guess the limitations would disappear.

bfkwlfkjf

10 hours ago

The time and energy that it takes to do it and build it, and then make it easy for current users to move their automatic updates to the fork, then maintaining it etc.

csomar

10 hours ago

Nothing. Open Source is dying. The model to finance open source work (well-off suburban american dads or as a portfolio show off) no longer apply. The old generation that believed in this model is retiring and for the new generation it pays better to "network", leet code, or spam your resume to thousands of employers.

Now couple that with the fact that supply-chain control is profitable (legally or illegally); I think the next 5-10 years will be interesting.

Ekaros

5 hours ago

There never was a model to fund open source. At least outside largest and most wide spread codebases. I think it is that reality is finally hitting. Free money has run out and now software must stand as either community efforts, wide enough used foundations or forced support.

Zacharias030

6 hours ago

almost seems like there is now too much money in software. the old times felt like computer science was mostly a science.

J-Kuhn

10 hours ago

The compiled binary is.

The source code is... AGPL licensed? But not the admin tools. They seem to be licensed under the Apache License 2.0.

--------

Yeah, good luck. Contact your lawyer.

dns_snek

6 hours ago

> Yeah, good luck. Contact your lawyer.

Why? The intent seems pretty clear and they're legally allowed to do this because all contributors signed a CLA.

bfkwlfkjf

10 hours ago

Explain please. This interests me and I'm extremely curious about what you mean.

J-Kuhn

4 hours ago

Combining source code under different licenses into one product is a nightmare.

You have to follow the AGPL "no additional restrictions" clause while also following the Apache License, and the Apache License might have require you to follow additional restrictions.

pastage

3 hours ago

Honestly this has never been an issue for me, sure I have had to explain the limits of the licenses and check that I understand them. I guess it depends on your use case, so I am still uncertain when this has become a problem for you.

p2detar

9 hours ago

This seems to be only for the Enterprise edition. The "free" Team edition should not have this limit:

https://github.com/mattermost/mattermost/issues/34271#issuec...

Also one of the comments:

> Would be a shame if someone with too much time on their hands dug into the binary and added a few zeroes to the message limit

Can this be done via some binary-patch tool? Really curious. It would save recompile efforts.

edit: link

edit 2: I just realized, their Ubuntu repository only contains the Enterprise edition labeled "Free edition". This is really confusing. I does look like entishitification has started long ago: https://docs.mattermost.com/deployment-guide/server/deploy-l...

mort96

an hour ago

It seems like the Team edition has a bunch of other limitations, but it's hard to tell from how convoluted and incomplete Mattermost's various comparison pages are.

bmacho

9 hours ago

Is it legal to "patch" (remove a restriction) the binary?

mystifyingpoi

2 hours ago

As with many things in adult life, the question is not really "is it legal" but "could I get in trouble for doing this". And we all know the answer.

bfkwlfkjf

10 hours ago

What's mattermost? People in the GitHub comments say "I just need messages" but there's lots of self hosted messaging apps/servers, no? XMPP comes to mind immediately.

firesteelrain

10 hours ago

It’s an IRC-like, group chat for Corporate that works in airgap. When HipChat was obsoleted, then Mattermost took over.

figmert

10 hours ago

It's an open source alternative to Slack

loeg

5 hours ago

My employer migrated to it from IRC, for example.

lousken

9 hours ago

For all the bad press element/matrix has been getting, I am happy that at least I don't have to deal with this as well.

anotherevan

31 minutes ago

We've been using Element/Matrix for quite some time now and are fairly happy with it for the most part. The only major hiccup was hosting providers, not the software itself, per se.

We originally signed up with element.io back when they were called vector.im. Service was good, but a year or two in they decided they wanted to focus on those sweet, sweet enterprise licences and the pricing changes were untenable for our little 15 person operation. (I bear them little ill will for this, gotta do what you gotta do and all that, but it was a real PITA at the time.)

We moved to etke.cc who have been quite good. They were responsive to my modest support requests, and apart from being initially a bit surprised we wanted an unfederated server (which to their credit they dealt with with alacrity and aplomb) it's been a service we've just used and not had to otherwise think about.

The only sticking point was there was no way to migrate our messages from the older service. If memory serves, this was due to a deficiency in either Matrix or Synapse due to changing domains (originally an element.io customer subdomian). So always your own subdomain if you can is the moral of the story, I guess. I don't know if the migration story has improved in the years since.

If we had to leave Element/Matrix for whatever reasons I would definitely look at Zulip based on the many recommendations I see for it here. I think back when we went with Element I was quite interested in Zulip, but there just wasn't any good hosting options at the time and we didn't want to go with self-hosting (time-sink vs $$-sink).

DrStartup

7 hours ago

The good ole VC OS Rug Pull. Classic.

It’d be nice if Mozilla (or a similar foundation) could create a baseline OS platform for a business communications suite.

mort96

an hour ago

If Mozilla did that, we'd have monthly news stories about them adding ads into the client, removing features people depend on, cramming in AI where it doesn't belong, abruptly making all sorts of controversial ToS changes, going back on old promises, and all kinds of other things we know and love Mozilla for. All before they'd get bored and discontinue the product after a couple of years.

Or maybe they'd just buy some existing closed source Slack competitor, promise to open source it, and then just never get around to it. You know, like how they bought Pocket in 2017, promised to make it open source, but somehow never got around to it before discontinuing it in 2025.

jonnycomputer

3 hours ago

Feel like then people would just have one more thing to complain about the Mozilla Foundation over.

PunchyHamster

4 hours ago

I'd be nice for anyone but Mozilla to do it. They can barely keep FF competitive

Certhas

2 hours ago

FF is plenty competitive on the technical and feature front. It's market share is not a reflection of technical merit.

What's more, next to Linux itself it is maybe the only case I can see where a major piece of user facing software is kept competitive with the Apple/Google/MS tools.

LibreOffice or Nextcloud are technically far further behind Office and Google's online offerings.

Which therefore begs the question: Who else is in a position to do this?

At first glance, Moz with Firefox + a suite of self-hosted team and productivity stuff that works well in Firefox would make a ton of sense...

throw-the-towel

8 hours ago

Years ago I used to work at a company that used Mattermost for internal chats.

Being laid off from there was sad, but at least I didn't have to use Mattermost anymore.

october8140

8 hours ago

GitHub needs a better flag for license stuff like this. Open Source doesn’t mean what it used to.

xandrius

4 hours ago

Open source doesn't imply no limitations.

nfkkfkkc

an hour ago

Anyone can sue anyone for anything. Even if the case is laughed out of court.

Btw I hope you didn’t forget to pay the Linux license fee to SCO.

acheong08

10 hours ago

It's another level of insane to put hard limits for self hosted open source software. I'm surprised so few people in the thread have just changed the source code and build it themselves.

dotancohen

10 hours ago

They probably found performance problems at certain limits and "resolved" the problem with a hard coded limit.

danielheath

10 hours ago

... a hard coded limit... for self-hosted software... which is removed for paying users?

jamescontrol

10 hours ago

I looked at it for company chat and data, but those weird limits in functionality making in unusable was just too much, so them doing this too is not really surprising. Are they low on money?

cletus

8 hours ago

Story time. This has basically nothing to do with this post other than it involves a limit of 10,000 but hey, it's Christmas and I want to tell a story.

I used to work for Facebook and many years ago people noticed you couldn't block certain people but the one that was most public was Mark Zuckerberg. It would just say it failed or something like that. And people would assign malice or just intent to it. But the truth was much funnier.

Most data on Facebook is stored in a custom graph database that basically only has 2 tables that are sharded across thousands of MySQL instances but most almost always accessed via an in-memory write-through cache, also custom. It's not quite a cache because it has functionality built on top of the database that accessing directly wouldn't have.

So a person is an object and following them is an edge. Importantly, many such edges were one-way so it was easy to query if person A followed B but much more difficult to query all the followers of B. This was by design to avoid hot shards.

So I lied when I said there were 2 tables. There was a third that was an optimization that counted certain edges. So if you see "10.7M people follow X" or "136K people like this", it's reading a count, not doing a query.

Now there was another optimization here: only the last 10,000 of (object ID,edge type) were in memory. You generally wanted to avoid dealing with anything older than that because you'd start hitting the database and that was generally a huge problem on a large, live query or update. As an example, it was easy to query the last 10,000 people or pages you've followed.

You should be able to see where this is going. All that had happened was 10,000 people had blocked Mark Zuckerberg. Blocks were another kind of edge that was bidirectional (IIRC). The system just wasn't designed for a situation where more than 10,000 people wanted to block someone.

This got fixed many years ago because somebody came along and build a separate system to handle blocking that didn't have the 10,000 limit. I don't know the implementation details but I can guess. There was a separate piece of reverse-indexing infrastructure for doing queries on one-way edges. I suspect that was used.

Anyway, I love this story because it's funny how a series of technical decisions can lead to behavior and a perception nobody intended.

Zacharias030

4 hours ago

Merry Christmas! This is why I like hackernews.

cantalopes

10 hours ago

Thank god i didn't convince my team to selfhost mattermost instead of using slack

adastra22

9 hours ago

… slack is exactly the same, except without even the ability to self-host?

krick

3 hours ago

I this this is the irony: mattermost probably is the right choice anyway, but you wouldn't want to be the guy who convinced others they should switch, because after something like this, it's him who will be blamed by everyone who he managed to convince.

pmdr

3 hours ago

IRC, email and XAMPP solved messaging a long time ago. Derivative products built on these protocols should have solved the chat problem for most orgs, but we got complacent and thus vulnerable to nickle and diming by the likes of Saleforce and Microsoft. Now rug pulls by faux-opensource projects that basically want free labor for their commercial project so they can sell it to bigger fish.

It's not people wanting to make more money that I despise. Fine, make your commercial version ten times better, I don't care. But the practice of crippling your opensource offering by removing features or adding limits is evil and shameful.

davisr

3 hours ago

"Fauxpensource", if you will.

petcat

9 hours ago

Am I understanding this right that the main complainant in that issue thread is an IT company that wants to resell the (free) version of Mattermost software and is now complaining that they have to pay?

At first they tried to say that "we're a school" and then when the MM rep said they have an Education license, they admitted that they are not actually a school, but rather a consulting company that is gouging schools by overcharging for open source software.

lexicality

9 hours ago

> an IT company that wants to resell the (free) version of Mattermost software and is now complaining that they have to pay?

A user that was following the letter of the license and has suddenly had their access to the software restricted without warning.

Open source software means people are entirely within their rights to sell it to others, perhaps creating value by providing the warranty that all licenses expressly disclaim.

petcat

8 hours ago

I'm aware of what open source software is.

And there are 3 things that you can do when in this situation:

1) Pay the fee, if that is what is required for it to continue to be easy for you to re-sell the software.

2) Fork the project, remove the restrictions, and maintain it yourself.

3) Stop using the software.

All of those are perfectly within the spirit of FOSS.

margalabargala

7 hours ago

The user who is the IT company is not the same user who started the thread and claims to be a school.

sergiotapia

9 hours ago

No, you are not understanding this right.

It's about rug pulling your users and cutting them off at the knees. I don't use mattermost but read the github thread in it's entirety.

toxik

9 hours ago

The good brand of open-source software is basically being abused to do basic rug pull schemes. Sad.

hluska

4 hours ago

I’m having a lot of trouble with your comment. The word ‘resell’ doesn’t appear anywhere in the issue - there is absolutely nothing about reselling it anywhere within the linked issue.

gus_massa

10 hours ago

From the readme.md

> A new compiled version is released under an MIT license every month on the 16th.

What does than even mean? Is it equivalent to what we use to call "freeware". Is it legal to modify the binaries?

Ekaros

5 hours ago

Broadly. You can do anything you want with MIT licensed software as long as you include the copyright and warranty notice.

I suppose with "freeware" technically you could be prevent from redistributing or selling it. As there is no hard definition on that term.

dotancohen

10 hours ago

I'm not sure about MIT, but the GNU license specifically requires the application licensed to be available in source code (human readable and editable form or similar verbiage).

tom_

10 hours ago

The MIT licence does not require this.

ekjhgkejhgk

9 hours ago

I'm not an expert, but I very much doubt this.

The FSF calls it a "free license" [1] and I don't think they would if they didn't make the source code available.

Source code available is necessary but not sufficient for Free software, see [2]

> Freedoms 1 and 3 require source code to be available because studying and modifying software without its source code can range from highly impractical to nearly impossible.

[1] https://www.gnu.org/licenses/license-list.en.html#Expat

[2] https://en.wikipedia.org/wiki/Free_software

EDIT Oh sorry, you mean for the LICENSE to be available. Never mind then.

PunchyHamster

4 hours ago

And you're entirely wrong. MIT just require attribution, not giving the source code.

That is why companies and corpo programmers LOVE BSD/MIT code, they can freely steal I mean use it in their for-profit products without giving anything back but some bit of text hidden in about box

adastra22

9 hours ago

You can compile MIT software and distribute the binary while saying “fuck you” to anyone who asks for the source.

You are thinking of copyleft (e.g. GPL)

ekjhgkejhgk

9 hours ago

If that were true, the FSF wouldn't call it a free license.

lelanthran

4 hours ago

> If that were true, the FSF wouldn't call it a free license.

It is true; the license gives you the source, to do with as you please, including closing it off.

Famously, Microsoft included BSD licensed tools in Windows since the 90s and did not distribute the sources!

And that is completely legal. If you want to force the users to distribute their changes to your open source product when they are redistributing the product, you need to use GPL.

fn-mote

8 hours ago

You should have linked the MIT License on Wikipedia (or anywhere else) instead of Free Software.

The license is only three paragraphs long. You can see it does not contain text supporting your claim.

https://en.wikipedia.org/wiki/MIT_License

ekjhgkejhgk

8 hours ago

Well, I'm confused.

lelanthran

4 hours ago

It's actually very simple:

MIT/BSD licenses are pro-business - any business can take the product, change a few lines and redistribute the result without making their changes available.

GPL is pro-user - anyone who gets the source, makes changes, and then redistributes the result has to make their changed sources available as well.

spauldo

7 hours ago

The FSF has written extensively on why (in their opinion) you should prefer copyleft licenses over non-copyleft licenses, but they don't require a license to be copyleft in order to be considered free. It's worth spending a bit of time on their site to understand their point of view. Just be careful not to drink too much of the Kool-Aid or you'll become one of those annoying people who never shut up about the GPL on forums.

squigz

6 hours ago

Don't listen to spauldo, GP. Drink the delicious Kool Aid that is free software. Bring that joy to everyone else you find.

steanne

6 hours ago

this is not the only such recent change. can't make voice calls in public channels anymore either, only pms.

Zacharias030

7 hours ago

can someone clarify the situation that self-hosted free (as in beer) community mattermosts are/will be in?

PunchyHamster

4 hours ago

They have been slowly removing features from it and this is another one removed

Zacharias030

3 hours ago

I recently switched a bunch of friends from a project-oriented whatsapp chat to self-hosted mattermost, because I wanted permanent storage for messages and attachments, and threads, and did not want to pay slack in perpetuity.

I feel that this idea is now in jeopardy, if I understand the 10k message history is the limit correctly.

And there I thought I had a solution to slowly bring over project channels, family related things etc. that was as reliable as "my linux box will be reachable on the public internet" and I am willing to manage that it does.

Seems I was wrong, but I don't know which other software has better future proofing.

gmerc

10 hours ago

Did they take VC money?

bfkwlfkjf

10 hours ago

I think that the photos they have on their front page should be enough to tell you who is their target market.

I've invented this heuristic: if the page that describes the project uses the word "solutions", then they'll attempt to use "open source" to obtain free labour, but will distribute the revenues only amongst those people who actually have control.

dotancohen

10 hours ago

Black businesswomen? Firefighters? White servicemen? White software developers?

I really don't get what you're implying. I don't see any problem with the photos on the mattermost front page.

https://mattermost.com/

stavros

10 hours ago

I don't think the GP implied anything about race? The photos I see are war frigates, power plants, some sort of military operations center, and commercial airliners.

Think "enterprise", rather than "racism".

bfkwlfkjf

10 hours ago

Exactly. But some people think everyone else is racist. Those people's skin colour didn't even register.

dotancohen

9 hours ago

I left every option open for OP to explain. I personally couldn't care less what skin colour are in any of the photos. Not a single one of them match my own.

bfkwlfkjf

10 hours ago

Everything you mentioned in that list in people who can pay. As opposed to people who code and they use what they code, and furthermore share it with other people who also code and use what they code.

It's "open source" so that they save on developer costs, not for ideological reasons, and you can tell from the photos on their front page - that's what I was implying.

xhkkffbf

10 hours ago

I think this is kind of cynical. I often adopt open source tools because I want to avoid vendor lockin. And so do many. It's not like I say, "Wow. Another code base to dive into and spend hours trying to understand." Nope. I just want the assurance that I can do it if I ever need to do so.

notarobot123

10 hours ago

Governmental organizations and corporate firms is the vibe (or maybe that was obvious and you're just trolling).

I think the point was that open source hasn't often been supported by companies serving these kinds of markets and the interests of the broader community are often sidelined.

liviux

8 hours ago

Another project bites the dust. They will return after a fork will get way popular. In time

xinayder

2 hours ago

Another option is the open source Rocket.Chat.

yard2010

9 hours ago

So, they limit the access to data on self hosted instances after upgrade? Sounds like a ransomware with extra steps.

Enshitification ensues.

yunohn

6 hours ago

Y’know I’m starting to think that every single migration from paid to free software, will end up in the same cycle of becoming feature-locked. People time and again fail to understand that you need to financially support projects you use for sustainable futures. But alas, here we are…

wltr

6 hours ago

I was about to propose to deploy this as a company chat to my current boss, the self-hosted edition. So, is this still the best option (considering this can be reverted back, I assume), or should I just seek elsewhere now?

xvilka

6 hours ago

Zulip is recommended by many here. Their mobile app is atrocious though...

wltr

6 hours ago

10 users for mobile notifications is a non-starter for me. I’d rather host XMPP then, I guess. Or a Matrix server, it seems like it allows the mobile notifications.

fittingopposite

3 hours ago

Have you worked with both Matrix and Zulip? Looking at both for a small team and wondering which way to go with. Matrix seems more complex to set up and less tailored to function as a Slack alternative. What has been your experience?

micromacrofoot

8 hours ago

This seems like a poorly hashed out plan, but I do have some sympathy...

in the face of competitors with many more employees and seemingly endless piles of VC money, how do open source projects like this fund themselves? What could Mattermost do instead? Should they take more money and race everyone towards the same cliff?

Are projects like this doomed to a small niche of people who understand the implications (and meanwhile can't contribute enough to ensure development keeps pace)?

Everyone else is just going to keep using Slack, and arguably outside of these niche concerns, it's a better funded and higher quality product.

PunchyHamster

4 hours ago

It's not really open source project. They always gated a bunch of features, require CLA (so even if someone does contribute, boom, your code is theirs and they will probably close it down behind enterprise license if it is useful enough), and have pretty complex licensing scheme https://docs.mattermost.com/product-overview/faq-mattermost-...

> Everyone else is just going to keep using Slack, and arguably outside of these niche concerns, it's a better funded and higher quality product.

They had niche when their lite enterprise license (just basic LDAP and some other small features) was $2.5 per user.

Now they are basically on slack pricing, why would anyone bother...

ptman

7 hours ago

Use matrix instead. Or zulip. Or xmpp. Or IRC

gjsman-1000

10 hours ago

> “Mattermost only got where it is today because of the open-source community.”

Not really? FOSS communities overestimate their importance on a daily basis.

Case in point: Linux. 90%+ of commits were corporate sponsored… in 2004. The pure community member does almost nothing of importance for Linux anymore; or any of these projects.

PunchyHamster

4 hours ago

It's because you misunderstood the reason - they OSS part got them some free advertising and users that gave it a try and got on the subscription.

Now VC's want their money so gotta make people that can't be bothered to get off it to migrate to paid plan

gjsman-1000

40 minutes ago

… by adding a check to builds that anyone, using the source code, can easily patch out?

FOSS never came with any guarantee of “builds must arrive in format most convenient for users.” That’s not in the license. Also not in the license, “FOSS companies can’t charge money for their builds.” Also not in the license, “FOSS companies must provide builds at all.”

If anything, it’s quite a bit of entitlement that “FOSS companies must provide free code, and free builds, forever, or they are evil.” Especially when they are getting VC money to presumably add features that otherwise would not exist and would have no code available at all.