diff --git a/server/channels/app/limits.go b/server/channels/app/limits.go
index b13103898a..a8be8dd908 100644
--- a/server/channels/app/limits.go
+++ b/server/channels/app/limits.go
@@ -36,17 +36,6 @@ func (a *App) GetServerLimits() (*model.ServerLimits, *model.AppError) {
limits.MaxUsersHardLimit = licenseUserLimit + int64(extraUsers)
}
- // Check if license has post history limits and get the calculated timestamp
- if license != nil && license.Limits != nil && license.Limits.PostHistory > 0 {
- limits.PostHistoryLimit = license.Limits.PostHistory
- // Get the calculated timestamp of the last accessible post
- lastAccessibleTime, appErr := a.GetLastAccessiblePostTime()
- if appErr != nil {
- return nil, appErr
- }
- limits.LastAccessiblePostTime = lastAccessibleTime
- }
-
activeUserCount, appErr := a.Srv().Store().User().Count(model.UserCountOptions{})
if appErr != nil {
return nil, model.NewAppError("GetServerLimits", "app.limits.get_app_limits.user_count.store_error", nil, "", http.StatusInternalServerError).Wrap(appErr) $ sed -i -E '/maxUsers(Hard)?Limit.*0$/s/$/_000/' channels/app/limits.go
It says you can use "compiled versions" under the MIT License. Then it says you can use the source code under AGPL 3.0. And then it additionally says that they won't enforce the AGPL 3.0 copyleft if you haven't modified the source and don't link the Mattermost Platform directly. This is at best a bunch of tautologies that render the Affero clause moot and at worst enable a really stupid workaround to copyleft.
First off, the Affero clause - number 13 - in the AGPL only applies if you modify the source. There is no legal requirement to convey source code on a network server otherwise. So this is downgrading the license to GPL with extra steps.
Second, "linking directly" isn't legally meaningful with regards to the GPL. GPL cares about whether or not your derivative work forms a single "program" - which is deliberately left ambiguous, but almost certainly does not refer to the concept of an address space alone, or even a Go import. I guess what they wanted was to treat the Mattermost Admin and Configuration files under terms that are sort of LGPL-like? But that portion of the binary is already dual-licensed Apache 2.0. So there's no reason to argue
Third, and more importantly... the compiled versions license basically renders the source code requirement of the GPL family null and void. Like, in a normal use of the GPL, if you distribute binaries you're required to offer source. But here, they've weakened that clause.
The most speculative argument I have is that one could disassemble a compiled Go binary to obtain a "compiled version" under MIT terms that is no longer subject to any copyleft whatsoever. This is obviously contrary to the intent of the license, so I'm not sure if a judge would bother listening to this argument, but it's still really bad drafting. I suspect this license document was written by a business strategy guy, not a lawyer.
[0] If this code actually expressed their license requirements, then posting this Git diff is a violation of DMCA 1201, and you'd be liable for jail time. Er, well, except GPL version 3 (only) has a specific anti-1201 clause. But who knows if that's even applicable given the five different licenses at play?
[1] https://github.com/mattermost/mattermost/blob/master/LICENSE...
and still no one from that company has admitted to it being a mistake?
very nice
Classic rug pull though
If they want to do that then, as every corporate "open source", they are free to do so but why not communicate that at least in the release post?
Any potential free user who would consider going paid will now be starting off their relationship negatively.
Really weird strategy.
I feel that this idea is now in jeopardy, if I understand the 10k message history is the limit correctly.
And there I thought I had a solution to slowly bring over project channels, family related things etc. that was as reliable as "my linux box will be reachable on the public internet" and I am willing to manage that it does.
Seems I was wrong, but I don't know which other software has better future proofing.
They're trusted by multiple government agencies to stick around and treat their users reasonably, and there are a plethora of clients to choose from.
Now I'll step to the side for the next person to tear me down and sell you on XMPP.
My "job" in this holy-war thread is to tell you Matrix has become lighter over time, the "default" server Synapse has less, but IMO more up-to-date documentation with a real corporation behind keeping it up-to-date and useful, has a blossoming ecosystem of clients, servers, and bridges (allowing you to use it for other chat systems like Whatsapp and Telegram), has encryption being an enforced default for one-to-one mesasges (instead of XMPP's bolted-on after-the-fact extension), and a paid team to make Synapse more robust, reliable, lighter, faster, and more secure.
Take both arguments with a grain of salt, as I am biased as hell (to the point of donating a small amount monthly to Matrix, and starting flame wars like this one).
Not sure what isn't included in the core though.
- No limitation on search, members, etc.
- 10 user limit for mobile notifications, can be relaxed via community (for non-profits, FOSS projects, etc.)
- SAML/LDAP *support* is available, you can configure it. They won't provide answers to your questions.
- Actually, all Zulip features are enabled sans Mobile Notifications, but for most of them, you're on your own. If you know what you're doing, it's not a problem, I assume.
They only give free accounts to non-profits with zero paid staff.
Push uses _their_ services. That's why it costs $$$. But you can build your own apns endpoint and plug into that at that volume
Zulip (for Slack) and Wekan (for Trello) are good replacements, save yourself the ethical and technical worries.
I know it’s somewhat of a tired observation by now but I still wonder every time how badly you have to misread LOTR to name your company after the witch kings cursed surveillance artefacts.
I wonder when the first weapons manufacturing company calls themselves Angmar or Uruk-hai.
The names are really dope though I have to give them that…
Have you considered that it is not "misread", they just see themselves on Saruman side ?
It was a Mike Judge type joke, aka ha-ha only serious.
But you are right of course about Anduril and if you take the whole silmarillion as background. I never really liked that part though
The witch-king could in theory have used a Palantir, but there’s no suggestion he did.
The seven stars in Gondor’s crest are the Palantari, and in the War of the Ring, Aragon specifically requested they be added to his banner. They represent the highest level of the civilization of Men.
Luckily/unluckily, AngMar is one of those shady medical subcontracting firms instead...
And the Palantiri were artifacts given by the Elves to the greatest race of Men to govern their kingdom. No connection to the witch-king (except some post-Tolkien video game).
Crucially, it's end to end encrypted.
You can self-host it, or pay for having it hosted (or use the hosted free tier).
Has other things in addition to kanban.
I got a 1 yr account.
I don't think it's all that crucial for something that at most gets some ticket descriptions on it
And even if you use it only for bug ticketing there are products that are big enough that it takes a long time to implement changes. You really don’t want outsiders to be able to read open bug tickets for security vulnerabilities you are working on fixing for example. And you also don’t want outsiders to read your planned features either, probably.
I think it makes perfect sense to use e2e encryption for bug tickets considering this.
Wonder whether they do weapons integrations for this. Urgh.
I'm sure organisations in war would do similar things, but with the tools of their 'craft'.
Edit: sorry, hotheaded reply. I assume you mean that the creator of mIRC was encouraging it (though it's not mentioned anywhere). I still.stand by my analogy, but I see your point given your assumption.
Like most licensed software, it was likely licensed by “US Government” or “Department of Defense”. Plus, it was openly written about back in the day. It was well known. No clauses in their licensing to prevent its use for those purposes.
Comparing to Mattermost and amplifying the original comment, Mattermost website is openly associating with PlatformOne.
The open source community really needs to stop with the "just fork it" mindset.
Well I did it for Mattermost and for some other software as well. Sure, its some work, but it's not "a ton" of work and may not be "trivial" but it is also not "far" from trivial.
Do it like Linux maintainers maintain a ton of patched RPM's, deb's, etc. Just keep a patch in GIT. For every release of Mattermost you do a GIT clone, apply your patch and build it. Most of the time the patch will just apply cleanly. Sometimes you need to make a few adjustments, you make them and put them in GIT. There is no extensive release management or anything. You just build a patched version for every released version.
It's right mindset. Just not applicable to projects that are made majority by the company because none of the contributors will move so it's essentially trying to make new team from scratch.
I think the implication is that some other interested org could very easily step in and assume the role that the Mattermost org was in, and everyone would very eagerly switch and leave Mattermost itself speaking to an empty room.
Most people want security fixes.
The open source community really needs to stop with the "just do everything i want for free" mindset.
I mean, open source does not mean you're entitled to free support, and free in free software is not about money. I think people depend too much on those projects and then act entitled.
Of course the open source bait and switch done by companies is a shitty behavior worth calling out, but the companies exist to earn money and at this point this can be expected.
I do think this development represents a bait and switch though.
Yes, that’s what we are doing here.
> but the companies exist to earn money and at this point this can be expected.
Expected != ethical. Also not a necessary, logical outcome.
What is legitimately expected is a pro version that has more corporate features. We’re not talking about $Xx/user/mo to enable SSO here, though.
Wanting to use Mattermost's binaries rather than building from source?
Re licensing see: https://isitreallyfoss.com/projects/mattermost/
The source code is... AGPL licensed? But not the admin tools. They seem to be licensed under the Apache License 2.0.
--------
Yeah, good luck. Contact your lawyer.
Why? The intent seems pretty clear and they're legally allowed to do this because all contributors signed a CLA.
You have to follow the AGPL "no additional restrictions" clause while also following the Apache License, and the Apache License might have require you to follow additional restrictions.
Now couple that with the fact that supply-chain control is profitable (legally or illegally); I think the next 5-10 years will be interesting.
We originally signed up with element.io back when they were called vector.im. Service was good, but a year or two in they decided they wanted to focus on those sweet, sweet enterprise licences and the pricing changes were untenable for our little 15 person operation. (I bear them little ill will for this, gotta do what you gotta do and all that, but it was a real PITA at the time.)
We moved to etke.cc who have been quite good. They were responsive to my modest support requests, and apart from being initially a bit surprised we wanted an unfederated server (which to their credit they dealt with with alacrity and aplomb) it's been a service we've just used and not had to otherwise think about.
The only sticking point was there was no way to migrate our messages from the older service. If memory serves, this was due to a deficiency in either Matrix or Synapse due to changing domains (originally an element.io customer subdomian). So always your own subdomain if you can is the moral of the story, I guess. I don't know if the migration story has improved in the years since.
If we had to leave Element/Matrix for whatever reasons I would definitely look at Zulip based on the many recommendations I see for it here. I think back when we went with Element I was quite interested in Zulip, but there just wasn't any good hosting options at the time and we didn't want to go with self-hosting (time-sink vs $$-sink).
https://github.com/mattermost/mattermost/issues/34271#issuec...
Also one of the comments:
> Would be a shame if someone with too much time on their hands dug into the binary and added a few zeroes to the message limit
Can this be done via some binary-patch tool? Really curious. It would save recompile efforts.
edit: link
edit 2: I just realized, their Ubuntu repository only contains the Enterprise edition labeled "Free edition". This is really confusing. I does look like entishitification has started long ago: https://docs.mattermost.com/deployment-guide/server/deploy-l...
It’d be nice if Mozilla (or a similar foundation) could create a baseline OS platform for a business communications suite.
Or maybe they'd just buy some existing closed source Slack competitor, promise to open source it, and then just never get around to it. You know, like how they bought Pocket in 2017, promised to make it open source, but somehow never got around to it before discontinuing it in 2025.
What's more, next to Linux itself it is maybe the only case I can see where a major piece of user facing software is kept competitive with the Apple/Google/MS tools.
LibreOffice or Nextcloud are technically far further behind Office and Google's online offerings.
Which therefore begs the question: Who else is in a position to do this?
At first glance, Moz with Firefox + a suite of self-hosted team and productivity stuff that works well in Firefox would make a ton of sense...
Worse, it's ridden with spyware, and is merely a honeypot for security-aware people that are not sufficiently paranoid to check any of the claims. Like, those VPNs from YT ads that use your IP to give AI companies residential proxies, the same kind of scam.
Spin up Wireshark and take a look at activity of Firefox. Try to shut the browser up. It won't work.
Even if they weren't a Google's proxy company, they would lose to standards commitees being infested by Google, and would have to play the "best luck catching up" game by constantly supporting new versions of JS, APIs and CSS features that nobody needs (except Google's YouTube will use them to stop you from using an adblocker).
FF is governed by ex-Oracle managers at the moment, singing the Google's song. Don't anthropomorphize your lawnmower.
Being laid off from there was sad, but at least I didn't have to use Mattermost anymore.
I used to work for Facebook and many years ago people noticed you couldn't block certain people but the one that was most public was Mark Zuckerberg. It would just say it failed or something like that. And people would assign malice or just intent to it. But the truth was much funnier.
Most data on Facebook is stored in a custom graph database that basically only has 2 tables that are sharded across thousands of MySQL instances but most almost always accessed via an in-memory write-through cache, also custom. It's not quite a cache because it has functionality built on top of the database that accessing directly wouldn't have.
So a person is an object and following them is an edge. Importantly, many such edges were one-way so it was easy to query if person A followed B but much more difficult to query all the followers of B. This was by design to avoid hot shards.
So I lied when I said there were 2 tables. There was a third that was an optimization that counted certain edges. So if you see "10.7M people follow X" or "136K people like this", it's reading a count, not doing a query.
Now there was another optimization here: only the last 10,000 of (object ID,edge type) were in memory. You generally wanted to avoid dealing with anything older than that because you'd start hitting the database and that was generally a huge problem on a large, live query or update. As an example, it was easy to query the last 10,000 people or pages you've followed.
You should be able to see where this is going. All that had happened was 10,000 people had blocked Mark Zuckerberg. Blocks were another kind of edge that was bidirectional (IIRC). The system just wasn't designed for a situation where more than 10,000 people wanted to block someone.
This got fixed many years ago because somebody came along and build a separate system to handle blocking that didn't have the 10,000 limit. I don't know the implementation details but I can guess. There was a separate piece of reverse-indexing infrastructure for doing queries on one-way edges. I suspect that was used.
Anyway, I love this story because it's funny how a series of technical decisions can lead to behavior and a perception nobody intended.
At first they tried to say that "we're a school" and then when the MM rep said they have an Education license, they admitted that they are not actually a school, but rather a consulting company that is gouging schools by overcharging for open source software.
A user that was following the letter of the license and has suddenly had their access to the software restricted without warning.
Open source software means people are entirely within their rights to sell it to others, perhaps creating value by providing the warranty that all licenses expressly disclaim.
And there are 3 things that you can do when in this situation:
1) Pay the fee, if that is what is required for it to continue to be easy for you to re-sell the software.
2) Fork the project, remove the restrictions, and maintain it yourself.
3) Stop using the software.
All of those are perfectly within the spirit of FOSS.
It's about rug pulling your users and cutting them off at the knees. I don't use mattermost but read the github thread in it's entirety.
> A new compiled version is released under an MIT license every month on the 16th.
What does than even mean? Is it equivalent to what we use to call "freeware". Is it legal to modify the binaries?
I suppose with "freeware" technically you could be prevent from redistributing or selling it. As there is no hard definition on that term.
The FSF calls it a "free license" [1] and I don't think they would if they didn't make the source code available.
Source code available is necessary but not sufficient for Free software, see [2]
> Freedoms 1 and 3 require source code to be available because studying and modifying software without its source code can range from highly impractical to nearly impossible.
[1] https://www.gnu.org/licenses/license-list.en.html#Expat
[2] https://en.wikipedia.org/wiki/Free_software
EDIT Oh sorry, you mean for the LICENSE to be available. Never mind then.
You are thinking of copyleft (e.g. GPL)
It is true; the license gives you the source, to do with as you please, including closing it off.
Famously, Microsoft included BSD licensed tools in Windows since the 90s and did not distribute the sources!
And that is completely legal. If you want to force the users to distribute their changes to your open source product when they are redistributing the product, you need to use GPL.
The license is only three paragraphs long. You can see it does not contain text supporting your claim.
MIT/BSD licenses are pro-business - any business can take the product, change a few lines and redistribute the result without making their changes available.
GPL is pro-user - anyone who gets the source, makes changes, and then redistributes the result has to make their changed sources available as well.
That is why companies and corpo programmers LOVE BSD/MIT code, they can freely steal I mean use it in their for-profit products without giving anything back but some bit of text hidden in about box
It's not people wanting to make more money that I despise. Fine, make your commercial version ten times better, I don't care. But the practice of crippling your opensource offering by removing features or adding limits is evil and shameful.
I've invented this heuristic: if the page that describes the project uses the word "solutions", then they'll attempt to use "open source" to obtain free labour, but will distribute the revenues only amongst those people who actually have control.
I really don't get what you're implying. I don't see any problem with the photos on the mattermost front page.
Think "enterprise", rather than "racism".
It's "open source" so that they save on developer costs, not for ideological reasons, and you can tell from the photos on their front page - that's what I was implying.
I think the point was that open source hasn't often been supported by companies serving these kinds of markets and the interests of the broader community are often sidelined.
Enshitification ensues.
I feel that this idea is now in jeopardy, if I understand the 10k message history is the limit correctly.
And there I thought I had a solution to slowly bring over project channels, family related things etc. that was as reliable as "my linux box will be reachable on the public internet" and I am willing to manage that it does.
Seems I was wrong, but I don't know which other software has better future proofing.
in the face of competitors with many more employees and seemingly endless piles of VC money, how do open source projects like this fund themselves? What could Mattermost do instead? Should they take more money and race everyone towards the same cliff?
Are projects like this doomed to a small niche of people who understand the implications (and meanwhile can't contribute enough to ensure development keeps pace)?
Everyone else is just going to keep using Slack, and arguably outside of these niche concerns, it's a better funded and higher quality product.
> Everyone else is just going to keep using Slack, and arguably outside of these niche concerns, it's a better funded and higher quality product.
They had niche when their lite enterprise license (just basic LDAP and some other small features) was $2.5 per user.
Now they are basically on slack pricing, why would anyone bother...
Not really? FOSS communities overestimate their importance on a daily basis.
Case in point: Linux. 90%+ of commits were corporate sponsored… in 2004. The pure community member does almost nothing of importance for Linux anymore; or any of these projects.
Now VC's want their money so gotta make people that can't be bothered to get off it to migrate to paid plan
FOSS never came with any guarantee of “builds must arrive in format most convenient for users.” That’s not in the license. Also not in the license, “FOSS companies can’t charge money for their builds.” Also not in the license, “FOSS companies must provide builds at all.”
If anything, it’s quite a bit of entitlement that “FOSS companies must provide free code, and free builds, forever, or they are evil.” Especially when they are getting VC money to presumably add features that otherwise would not exist and would have no code available at all.