-
Splitting the Horizon: Secure Public Federation vs. Blind Internal LAN Routing in Matrix
When architecting a sovereign communication appliance, the engineering requirements for security and usability are frequently at war. This tension reaches its peak when configuring federation for a private Matrix homeserver. By default, self-hosted Matrix setups inherit a classic, binary problem: When engineering the Remote Rails Sovereign Appliance, we rejected this compromise. We implemented a Split-Horizon…
-
Architecting Element Call: Escaping Docker Bottlenecks, Double Encryption, and WebRTC Port Ranges
Deploying a native, high-performance video conferencing stack for a sovereign Matrix homeserver requires far more than just spinning up a few containers. At the core of Element Call’s architecture are two critical components: LiveKit (operating as the Selective Forwarding Unit, or SFU) and Coturn (acting as the STUN/TURN relay). When engineering the communications stack for…
-
Rethinking External Collaboration—Why We Say “No” to Guest Accounts
For years, enterprise IT departments have operated under a dangerous architectural myth: to collaborate with external clients, vendors, and contractors, you have to provision “Guest Accounts” inside your internal communication system. Whether it is Microsoft Teams adding a user to your identity directory or an IT admin manually setting up an external account in an…