Thib

Matrix Live

Dept of Servers 🏢

Dendrite (website)

Second generation Matrix homeserver

Devon Dmytro reports

This week we released v0.13.3. Here are a few of the highlights:

• Room version 11 is now supported
• Sliding Sync proxy can be configured in the /.well-known/matrix/client response
• Invitations are now correctly pushed to devices
• A bug which could result in the corruption of m.direct account data has been fixed
• Clients can request the federation event_format when creating filters
• Many under the hood improvements for MSC4014: Pseudonymous Identities

...and a whole lot more. Check out the release notes for the full set of changes! As always, feel free to stop by #dendrite:matrix.org to join in on the discussion and if you encounter a bug make sure to report it here.

Dept of Bridges 🌉

Postmoogle (website)

An Email to Matrix bridge. 1 room = 1 mailbox.

Aine says

Introducing Postmoogle v0.9.16: Bridging Email and Matrix Like Never Before!

We at etke.cc are delighted to announce the release of Postmoogle v0.9.16, your trusted bridge for seamlessly connecting the worlds of email and Matrix. In this update, we've introduced a host of new features and enhancements to elevate your Matrix email experience.

Here's what's new in this release:

1. Emoji Support: Express yourself with emojis! You can now react to emails with the ⛔️,🛑, or 🚫 emojis to add the sender to your spam list. Embrace a better quality of life change within your Matrix rooms.
2. Subaddressing Support: Postmoogle now offers support for subaddressing. Receive emails sent to addresses like [email protected], giving you more control over your email routing.
3. Enhanced Banlist Modes: We've added two new server ban modes: banlist:auth and banlist:auto. The banlist:auth mode automatically bans users for attempting to authenticate into Postmoogle over SMTP with invalid credentials, while banlist:auto automatically bans for invalid emails, such as those failing MX, SPF, or DKIM checks. You can configure each mode separately, enhancing the security of your Matrix environment.
4. Improved Banlist Output: The !pm banlist command output has been improved to display bans per day in weekly chunks. This streamlined presentation makes it easier for you to monitor and manage banned IPs effectively.
5. Enhanced Reply Handling: Postmoogle now ensures that it always replies to your messages, either within the threads or using the reply-tos, depending on your mailbox configuration. This guarantees a more organized and threaded conversation experience within your Matrix rooms.
6. Custom Mailbox Signatures: The new !pm signature command enables you to set a personalized signature for your mailbox, adding a unique touch to your email messages.
7. Automatic Replies: With the introduction of the !pm autoreply command, you can configure automatic responses for all incoming emails without existing threads. This feature simplifies communication when receiving new email threads.

Postmoogle v0.9.16 brings you an enhanced email-to-Matrix bridge, bolstered security measures, and an improved quality of life. Whether you're managing email discussions within your Matrix rooms or responding to emails from your Matrix client, Postmoogle ensures a seamless integration.

Upgrade to Postmoogle v0.9.16 today and discover the future of email communication within the Matrix ecosystem. To get started, visit our GitLab repository or explore the #postmoogle:etke.cc room.

Dept of Clients 📱

Commet

A client packed with fun and convenient features.

airyz announces

Hello, world!

I'm excited to finally announce Commet! a new client for matrix! We are aiming to create a client that is packed with fun and convenient features, to help you connect with your friends.

We’ve been quietly in development over the past seven months and while we aren’t ready to call Commet stable, it is ‘stable enough’ to reveal it to the community

Despite being early in development, we have a few exciting features that help us stand out:

Built for multiple accounts

Commet was built from the ground up to have great support for running multiple accounts at once.

GIF Search

A Gif searcher in a matrix client?! We are running a proxy service for tenor, so you can easily send sarcastic gifs on matrix!

Custom Emotes / Stickers

We support the same custom emotes implementation that you might be familiar with from other clients!

Thats all for now! Check us out on github or stop by our room and say hi!

Neochat (website)

A client for matrix, the decentralized communication protocol

Tobias Fella says

We've landed a major feature in NeoChat this week: There's a now a page showing the subspaces and rooms in a space. This also allows for basic space administration tasks, like adding new rooms to the space. Internally, our Qt6 port is progressing, with all major changes being done now.

Element X iOS (website)

A total rewrite of Element-iOS using the Matrix Rust SDK underneath and targeting devices running iOS 16+.

Ștefan says

Busy week in Element X land:

• Following small tweaks here and there Polls are now officially finished! 🥳
• Work has started on support for voice messages
• And also on user mention pills
• We can now reply to more types of room messages
• Our unit tests are more stable and ever and our coverage is at all time high at 71.4%
• And we fixed bugs around UI and Integration tests, the Element Call integration, iOS 17 and more

Element X Android (website)

Android Matrix messenger application using the Matrix Rust Sdk and Jetpack Compose

benoit announces

• Element X Android will be released on the PlayStore - once Google approves it - with a fix for the crash about the Camera permission.
• Polls are getting the latest design tweak, notification with the poll question is coming.
• Open a room is smoother than before, some stuff have been move to worker thread.
• The bloom effect will also be rendered faster.
• We are adding test to reach the target of 60% of code coverage. We are not far!
• The Rich Text Editor can now be displayed in full screen mode.
• Next week we will start October features: Key backup management; pin and biometric unlock; voice message; and rendering pills in the timeline.

Element Web/Desktop (website)

Secure and independent communication, connected via Matrix. Come talk with us in #element-web:matrix.org!

Johannes Marbach announces

• We’re wrapping up some test stabilisation work on our notification test suite and will transition into fixing the failures next.
• Visual regressions from the Compound adoption have mostly been fixed. We started applying a UI refresh to the right panel and are planning to unlabs it together with the room header once complete.
• About 80% of our strings have been migrated over to Localazy. We’re getting close to finishing this off and reopening translations to contributors.
• People living on the edge might have noticed that the Safari 17 update has broken our emoji fonts. We’re planning to put a hotfix together for this today. On the back of this we’re also considering doing away with bundled emoji fonts entirely and falling back to what the OS provides. The situation on this is looking much different these days compared to a few years ago.

Dept of VoIP 🤙

Calling for bridges

Malte E reports

During the Matrix community summit, Timo K.and I discussed reducing friction for video calls with bridged users. Instead of true call bridging, which would likely be months of work, we implemented a workaround within less than a day. Starting an MSC3401 call from Matrix will send an element call link to the remote platform user, which will skip login and room selection, taking them straight to the call in two clicks (one for the link and one to confirm). On the Matrix side, the experience is seamless, once a few prerequisites have been met: the matrix client must use MSC3401 and because element web currently defaults to legacy calling in DMs, a third user, such as the bridge bot, must be present in the room. Furthermore, a modified element call instance is needed. We have so far implemented calls via Element Call for matrix -> Telegram in DMs. We will be working on solutions for incoming calls and group calls as well as support for other platforms. There is currently still a major security concern: To skip the login process, the link comes with a token for the ghost account. Anyone with access to the token - that includes the matrix user who started the call - will be able to log in with that ghost account. We invalidate the token once the call has ended, but that is obviously nowhere near sufficient. Scoped access tokens with permissions for sending and receiving call events in a single room for a limited time would be required. On platforms using Double Ratchet E2E, it should also be possible to use different plaintext for different recipients in the same message, thereby only exposing the token to those who already implicitly have authority over the ghost account through their account on the remote platform.

For those brave enough to try, you will need this fork of mautrix-python, this fork of mautrix-telegram as well as this fork of element call or just use the instance hosted here. In the bridge config.yaml, set bridge.calls.enabled to true and provide the element call instance in bridge.calls.ec_url. Be sure that you trust everyone with access your bridge before deploying, until we have figured out how to make it safer.

We apologize for the subpar audio and glitches. We had limited time and equipment to record the demo and will try to do better next time {{< video src="vrcDiEGzmollhUGuTEONHVCE.m4v" >}}

Dept of SDKs and Frameworks 🧰

Rory&::LibMatrix

Emma [it/its] says

Not much changed this week:

• Some refactors to how user identities are handled
• Correction in function names to correctly display async vs non-async functions
• AuthenticatedHomeserverGeneric.GetRoom(string id) is no longer async, since that is only a constructor call.
• Sync code has gotten a slight cleanup
• AuthenticatedHomeserverGeneric.WhoAmI was turned into a property that only gets fetched when attempting to get the info for the first time, rather than fetching it when constructing the homeserver object.
• Added a null check for creationEvent.Invite when callign CreateRoom
  • This field was also made nullable
• Renamed canonicalHomeServerDomain to baseUrl in the constructors for homeservers
• FullHomeServerDomain and HomeServerDomain were removed from homeserver objects
• Authentication was moved to a functions inside RemoteHomeserver rather than being service-only. This allows for usecases outside of Dependency Injection based applications
• LoginResponse now tries to get homeserver canonical domain from mxid if not provided by the server (since this field is deprecated)
• Removed an obsolete way to get room state without providing a type (can still pass JsonElement if required)
• Fixed sending files in a room via room.SendFileAsync, this now does what you would expect instead of throwing an exception (because I'd written the wrong code)
• Added room.DisbandRoomAsync() in the case you ever want to completely get rid of a room, ban everyone and make the room private
• Added AddChildAsync to SpaceRoom, in order to allow adding space children
• Removed TieredStorage arguments from homeserver constructor
• Removed explicit http client creation for authenticated homeservers, in favor of re-using the one created in RemoteHomeserver
• Fixed room.SendMessageEventAsync requiring an event type (this is always m.room.message afaik)
• Moved namespace LibMatrix.StateEventTypes.Spec to LibMatrix.EventTypes.Spec.State in order to better represent what's in that folder
• Increased coverage of MatrixHttpClient to include PUT requests
• Removed TieredStorageService argument from SyncHelper (I might make SyncHelper not part of homeserver in the future so you can have separate sync loops with different filters)
• GetRoom(string id) now has a check that the id needs to start with a !
• Added a Logout function to AuthenticatedHomeserverGeneric so you can properly dispose a session
• Added the ability to resolve room aliases
• Last, but definitely not least, some unit tests have been added!

Non-code updates:

• Unit tests are powered by an unfederated homeserver at matrixunittests.rory.gay - there is no data persistence

As always:

• The code is available at my git domain
  • If anyone wants to contribute a page to put there instead of a plain dumb git directory, please feel free to!
  • All other contributions are more than welcome, be it documentation, code, anything!
• Discussion is welcome in #libmatrix:rory.gay

Trixnity (website)

Multiplatform Kotlin SDK for Matrix

Michael announces

We are happy to announce that Trixnity Messenger is open source now. It is a Kotlin multiplatform Matrix messenger SDK built on top of Trixnity. It defines a messenger client without specifying a UI layer (think of it as a headless messenger). All it provides is a series of view models that define the structure and logic of a messenger. It has never been easier to implement a Matrix messenger targeting multiple platforms such as Android, iOS, Desktop or the web. Just define how it should look - all the logic and nitty-gritty details are already accounted for. And if you do not like the behavior of the messenger in some parts, just extend or override the existing logic with your own. There is no need to fork the project. So join us at https://gitlab.com/connect2x/trixnity-messenger and in #trixnity-messenger:imbitbu.de.

matrix-rust-sdk (website)

Next-gen crypto-included SDK for developing Clients, Bots and Appservices; written in Rust with bindings for Node, Swift and WASM

Jonas Platte reports

• [Timeline] Add highlevel API for replying
• Progress on the WidgetDriver API
• and lots of bug fixes and refactorings

Dept of Internet of Things 💡

Home Assistant - Matrix Integration

Paarth Shah announces

I'm happy to announce that Home Assistant 2023.10 release (in beta at the time of writing) includes my PR to refactor the included matrix integration to use matrix-nio! You can see the full changelog here. As part of the merge, I've also become the code owner for the integration.

In the 2023-06-09 TWIM I announced that I'd created matrix-nio-hacs as a stand-in while this had still been pending merge. As it will no longer be necessary, for those of you who have been using it, I'll eventually be archiving the repository since I now will be able to continue development directly on home assistant core. Any and all bug reports and/or PRs will be greatly appreciated!

Dept of Events and Talks 🗣️

Matrix User Meetup Berlin

saces reports

Long time no matrix meetup? We can help!

Next Matrix user meetup 4.10.2023, 8 pm @ c-base

Meet other matrix users, chat about Matrix, the rest, and everything else, discuss your Matrix ideas, sign each other in persona, and maybe spice the evening with a good mate or beer.

Every first Wednesday of the month in the c-base at 8pm ('til the next pandemic).

Matrix room: #mumb:c-base.org

Matrix Salon Podcast (German episode)

Christian Paul (jaller94) says

Meet Nadine, a designer and UX enthusiast who builds Polychat. Polychat is a bridging service for people from different messenger silos. This way, people won't need to leave their familiar messenger silo to talk to group on other platforms.

Episode url: https://podcasters.spotify.com/pod/show/matrix-podcast0/episodes/Nadine---Polychat--Matrix-Community-Summit-2023-e29urs9 RSS feed: https://anchor.fm/s/cdb34188/podcast/rss Mastodon post: https://mastodontech.de/@jaller94/111149212044231025

For English interviews of Matrix community members, check out some of our previous episodes! Also, in the upcoming weeks, we'll release two more English episodes.

Dept of Interesting Projects 🛰️

Mappo

Janet Blackquill reports

Hi, I present to y'all a little bot called Mappo. He's technically been around for a while, but I polished him up with some new Matrix features as of late to bring him closer to his presence on Discord, and I haven't really promoted it before.

He's a lil noodly jellyfish fella that lets you play the eponymous social deduction game of Mappo where some people are villagers and some people are creatures. The village is trying to figure out who the creatures are to exile them, but at the same time, the creatures are slowly picking them off, one-by-one until they outnumber them! Who wins is determined by who's the best at deducing the truth (or obfuscating it if you're one of the creatures!) The roles range from the conventional like the Seer and Werewolf to the wild and wacky like Cookie Person and Goose.

His source is located on GitHub at https://github.com/pontaoski/mappo. Mappo is unique for a bot due to being multi-protocol with a core logic speaking to an abstraction layer implemented for both Discord and Matrix.

If you wanna check out Mappo in action, come stop by #mappo:toki.club and give the game a try with other people!

matrix-static

HarHarLinks reports

Hi from the Matrix Community Summit Sunday Hackathon!

That's right, a couple people were still alive on Sunday after one awesome Thursday of BarCamp BarCamping and two more excellent days full of Matrix programme and programming across two stages and got together for some creative Matrix hacking!

We had a bunch of interesting projects, see the announcement about VoIP bridging from Malte E. and Timo K. Personally, I was involved in the event T-Shirt creation revised MSC2997 implementation with the wonderful @c_atc:c-base.org. If you look at that more closely, you'll find there is an mxc-URL in the event body. matrixmeetup.de is hosted using GitLab pages, so you can't just do anything you want, however challenge_accepted.jpg. Of course, entering it into your browser works (how?), try it out!

The obvious idea was to also make it all work through matrix so that in the future, once other client's implement the event scheme, the event will properly work? But how would we set up a media on a defined media ID and ...could we circumvent having to set up it's own homeserver just for this gimmick, or even any additional infrastructure at all?

Luckily I was sitting next to the excellent Nico from Nheko and we started hacking! After stumbling over the need to still offer working legacy r0 endpoints, we quickly got it working. Try a m.room.message with:

  "content": {
    "body": "Summit Logo.png",
    "info": {
      "h": 1578,
      "mimetype": "image/png",
      "size": 386815,
      "w": 2022
    },
    "msgtype": "m.image",
    "url": "mxc://matrixmeetup.de/summit2023"
  }

We learned during the event that we would have liked its Matrix rooms and space(s) to be more discoverable, so we continued prototyping with the room directory for next year. The /_matrix/federation/v1/publicRooms is not too complicated, it's basically a list of room IDs with a couple attributes we had to hardcode...:

{
  "avatar_url": "mxc://matrixmeetup.de/summit2023",
  "guest_can_join": false,
  "join_rule": "public",
  "name": "Matrix Community Summit Berlin 2023",
  "num_joined_members": 1000000,
  "room_id": "!rrRxqrMIOzXJggCSEm:matrix.org",
  "room_type": "m.space",
  "topic": "Summit on 21-23 September 2023.\n @c-base in Berlin\n \n a barcamp - 21th\n a conference - 22/23th\n open door day - 24th (to be confirmed)",
  "world_readable": true
}

However it was not quite so easy. As you can see above, the endpoint - like most of Matrix - doesn't use a file type extension. It turns out that Synapse really wants that piece of JSON to served with the JSON mime type, but GitLab pages' does not support setting the mime type manually and can only derive it automatically using some heuristic. Thanks to the manical investigation into that heuristic, Nico came up with the idea to use GitLab's _redirects or more precisely rewrite function to forward from the Matrix endpoint to the actual file served with the .json extension and what can I say - it works as proven by this screenshot from Nheko (it's Other Clients October soon, so try using Nheko)!

What if I told you there were even more hackers there? urp picked up where we achieved our goals and continued testing. You can follow the experiments being done and the documented findings on GitLab/matrix-static and join the effort or give feedback in the matrix room matrix-static-server..

Overall we can absolutely recommend you try hacking with some static Matrix for your project, I can see lots of applications for hosting media alone. Until next time! 👋

Department of Community Initiatives 👪️

For everything impulsed by the community that is not an Foundation initiative.

Matrix Community Forum

MTRNord announces

Changes and new features

• Email registration should be fixed. If you tried to register and didn't get the activation email, check your spam folder please
• There now is a way to announce events and get them into a calendar at https://forum.miki.community/t/matrix-events/52
  • For example, TWIM is in the calendar (also contains some Tips and Tricks for your next post :) feel free to add more of these if you have them!) https://forum.miki.community/t/this-week-in-matrix/100/2
• Categories have been reorganized to be more useful
• Login via GitHub is possible - Login via matrix will only be possible after OIDC lands in Matrix spec and is adapted by users
• Small nice to have features have been added
  • Support for setting a birthdate this seems to break the forum
  • Support for Footnotes
  • Support for templates
  • A dark/light mode toggle
  • User Fields for mxid, git(hub) (and friends) ID, pronouns have been added to be optionally set on the profile.
• Added the gamification plugin which gives a Forum Leaderboard which may help to motivate some people that are not coders and gives those people rewards too. Additionally, there could be also further integration, for example using https://meta.discourse.org/t/how-to-integrate-discourse-gamification-with-an-external-system-redeem-and-award-points/262968

Planned things

• Support for integration into existing Matrix based communication using https://meta.discourse.org/t/discourse-chat-integration/66522
• Possibly finding a way to get events announced in twim also into the forum automatically

Discussion Area

Anything more permanent like wishes or request should be in the forum itself at https://forum.miki.community/c/site-feedback/2

However for quick discussions or questions there is #matrix-community-forum:midnightthoughts.space available too.

Asbjørn announces

Other Clients October

We're doing it again!

Other Clients October is a month-long challenge, where we switch away from our daily-driver Matrix clients completely for a the entire month if October.

It's a nice way to explore the rich space of Matrix clients.

Only use Element? Maybe check out Cinny. Only use Fluffychat? Try kicking the tires on ElementX. Only use Nheko? Why not try out Gomuks? Working on a client? Give dogfooding it a shot this month!

Join the Matrix room: #other-clients-october:olli.ng

Say hi, and tell us what clients you'll be trying!

Dept of Ping

Here we reveal, rank, and applaud the homeservers with the lowest ping, as measured by pingbot, a maubot that you can host on your own server.

#ping:maunium.net

Join #ping:maunium.net to experience the fun live, and to find out how to add YOUR server to the game.

#ping-no-synapse:maunium.net

Join #ping-no-synapse:maunium.net to experience the fun live, and to find out how to add YOUR server to the game.

That's all I know

See you next week, and be sure to stop by #twim:matrix.org with your updates!

Matrix Live

Dept of Status of Matrix 🌡️

Thib announces

Let me start right away with no less than a sneak peek at Matrix 2.0. Matthew walks us through the most exciting MSCs currently in flight with working implementations, that will be drastically changing the experience on Matrix.

One of those MSCs makes Matrix support OIDC. But Synapse already supports OIDC, right? If you want to learn more about the difference between OIDC and OIDC (sic) and how it's going to impact you, the auth team and I wrote a post for you.

Continue reading…

Before we explain all about our new authentication system - don't panic! This change is part of Matrix 2.0, the next step for Matrix that will be introduced in a blog post later today.

Nothing breaks

Matrix 2.0 is a reference to Matthew’s FOSDEM talk Matrix 2.0, itself a reference to the name he coined in the Matrix Summer Special 2022: evolutions of the spec that are making the Matrix experience so much better it almost feels like a different protocol. One of the major changes in this bundle is the introduction of OpenID Connect-native Matrix and its implementation matrix-authentication-service (MAS).

Don’t panic: your current setup is not at risk, you don’t urgently need to deploy the matrix-authentication-service to keep using Matrix.

Let’s walk together through what OIDC-native Matrix, what changes as compared to the Matrix we know and love, and what’s the impact for your deployment.

From OIDC-ish to OIDC

One of the most popular Matrix server implementations, Synapse, supports authentication via OIDC. This is the only mainstream server implementation to support authentication via an OpenID Connect Provider. OpenID Connect, SAML, and more generally Single Sign On (SSO) are a requirement for most companies past a certain size, as well as a security best practice.

As it is today, Synapse is more OIDC-compatible than OIDC-native. This means that it’s possible to use SSO (typically OpenID Connect) to connect to Synapse, but that’s about where the OpenID Connect adventure stops. Once you’re authenticated, Synapse generates a Matrix Access Token for your client, but that is not an OAuth2/OIDC Access Token. From your client point of view, it is doing the “Matrix SSO dance” defined by the spec, but the fact that Synapse does a login via OIDC, SAML or CAS is irrelevant to the client. Whenever your client asks Synapse for anything that requires being logged in, it sends that Matrix Access Token in the Authorization header of the http requests.

While this approach has served Matrix well, the Matrix Access Token method is reimplementing some concepts of OpenID Connect without all the benefits of thousands of developers battle testing and fixing every edge case they meet.

MSC3861, which proposes the adoption of OIDC in Matrix, is all about embracing the best of OIDC to make Matrix even better. By adopting the standard OIDC flows we allow Matrix to stand on the shoulders of another battle-tested industry standard. Not only does it improve security overall, it also unlocks new use cases for Matrix.

Unlocking use cases

The Matrix Access Tokens Matrix currently relies on are secure, but not very flexible. A unique token is granted to each and every client during user login. This Matrix Access Token is only revoked when the user manages their sessions and logs a device out. A Matrix Access Token gives full access to a Matrix Account. Session management based on Matrix Access Tokens is quite nuclear.

Using OpenID Connect for Matrix comes with three major areas of improvements:

• Standard authentication process on every client, including on devices without a keyboard
• Improved security with token rotation
• Better granularity of permissions (which improves security too!)

Authenticate like you want

When relying on OIDC, the client delegates authentication to the OpenID Provider. This means that the client redirects the user to a web page on the OpenID Provider, where the user needs to authenticate. This authentication can happen through a username and password, WebAuthn (passwordless login), additional steps if you want to add MFA… and much more.

Since the authentication happens on the OpenID Provider, the client doesn’t need to support any authentication method other than “redirect the user to the OpenID Provider, and handle the result”. Once the user has authenticated against the OpenID Provider, it is going to be redirected back to its client, to allow it to retrieve an Access Token on their behalf.

During the whole process, no password was given to the client, and the client doesn’t even know how the user authenticated. All that matters to the client is that it now has an Access Token it can use to perform the regular Matrix API calls.

From the user perspective, the authentication is a very familiar process very well integrated in their password manager regardless of the client they use. They can use any client that supports OIDC, without having to worry about whether it supports every particular step of their authentication process. It’s also worth noting that matrix-authentication-service has a compatibility layer to support the m.login.password flow. This means compatibility with older clients will not break!

From the administrator perspective, it’s possible to force authentication flows (e.g. MFA), making sure the login is secure and matches their organisation’s policies. It also makes it possible to have a central management of all users' devices, including the ability to enforce policies upon them as provided by the OpenID Provider. For example, it becomes possible to the re-authentication of the user if they leave a trusted network.

From the developer perspective, neither clients nor servers have to add support for every new authentication method, existing or to come.

Element has been spearheading the effort to implement MSC3861 and matrix-authentication-service, and Element X is the first client to support them. Here is how the authentication flow and account management look like as seen from Element X iOS.

Token rotation

While current Matrix Access Token can expire thanks to MSC2918, this best practice didn’t make it to most of the clients of the ecosystem. If the access token of a user was leaked for one reason or another, they wouldn’t notice since this wouldn’t create a new session, and the leaked token would be valid forever. Please note that thanks to E2EE, attackers who gain access to a Matrix Access Token would not be able to read the encrypted content in encrypted rooms.

OpenID Connect relies on two tokens:

• an Access Token, that is used to perform the authenticated API calls, and that expires regularly,
• and a Refresh Token that is used in conjunction with the Access Token to rotate both.

This ensures that if the Access Token was leaked during an API call, its validity would be very limited in time. Leaking a Refresh Token will also have limited impact, since the server would notice that two different clients are trying to consume the same Refresh Token and would log the user out from devices using this token.

Principle of least privilege

Matrix is not just about apps and servers. It’s also a vibrant ecosystem of widgets, bots and various CLI to toy with. One of the strengths of Matrix has been its hackability: log into a client, dump the matrix access token, and you can hand it to a CLI or a bot for it to do things on your behalf.

While this approach is particularly convenient for development, it comes with its own lot of issues. Most of the time you don’t want the CLI or bot to be able to do everything on your behalf.

Widgets are another case where OIDC can help. While widgets are not yet part of the spec, in practice they are already commonly used. In essence, a widget is a tiny app that has access to an (unspecified) widgets API that allows it to do a limited amount of things on behalf of the user, such as sending a message in the rooms it’s in. While this has served several clients well, this can be improved. Indeed, it’s up to the client to enforce the restrictions mandated by the widgets API. This means you can’t be assured that all the clients will consistently enforce them.

With OpenID Connect, widgets can eventually become tiny embedded Matrix clients on their own, and they can get their own Access Token with explicit and granular permissions of their own. Those restrictions will be enforced by the server, who will not even be aware it’s a widget calling the API, making the experience consistent across clients. This behaviour still needs to be added to the specification, but a more OIDC-native Matrix paves the way for it.

Upgrading to use matrix-authentication-service

MSC3861 (and friends) define how the OIDC flows and concepts (e.g. token exchange, dynamic client registration) should be used in Matrix, as well as the requirements for things which need to be coordinated with the homeserver (e.g. session lifecycle management).

The goals of matrix-authentication-service (MAS) are two-fold: firstly, it provides an implementation of the MSCs to support the Matrix Specification Change (MSC) process; secondly, it provides capabilities to facilitate the transition of the Matrix ecosystem to OIDC.

Because MSC3861 is changing the technical mechanism by which your client gets access to your account it is not something that can be done by pushing a single, big button.Instead we need a transition period where both OIDC and the existing legacy Matrix authentication methods coexist so that different clients and homeservers can migrate at their own pace.

One way in which MAS facilitates this transition is by allowing deployments without an external Identity Provider (IdP) to use OIDC out-of-the-box. This means that MAS will support some of the current flows that Synapse supports, primarily in the form of password-based login. Please note those flows are not supported yet: MAS requires an external IdP for now.

Another way is that MAS allows for existing sessions and access tokens to be imported (just from Synapse so far) so that there is no need for clients to re-authenticate when a homeserver is migrated.

Because of these migration capabilities we expect MAS to be widely used, however, in keeping with the open philosophy of Matrix, we expect other implementations to exist either standalone or integrated with other OIDC providers like Keycloak or Dex.

MAS is not intended to be a fully fledged IdP solution: we suggest using a dedicated software for this if you want to do more than what is included.

Currently MAS is deployable as a sidecar service alongside the homeserver. While larger setups shouldn’t see this as a problem, it might be seen as cumbersome in smaller self-hosted setups. For the sake of convenience, the Synapse and MAS team are investigating how to bundle MAS along with Synapse natively using PyO3. We anticipate such a bundle to exist by the end of Q2 2024.

You can browse the matrix-authentication-service docs to get all the technical details and installation steps.

Matrix Live

Dept of Spec 📜

TravisR says

Here's your weekly spec update! The heart of Matrix is the specification - and this is modified by Matrix Spec Change (MSC) proposals. Learn more about how the process works at https://spec.matrix.org/proposals.

MSC Status

New MSCs:

• MSC4056: Role-Based Access Control (mk II)

MSCs proposed for Final Comment Period:

• MSC2702: Specifying semantics for Content-Disposition on media

MSCs in Final Comment Period:

• No MSCs are in FCP.

Accepted MSCs:

• No MSCs were accepted this week.

Closed MSCs:

• No MSCs were closed/rejected this week.

New MSCs in detail

In this new segment, we aim to give a bit more context as to why an MSC was opened, beyond what is available in the MSC's introduction.

MSC4056 stems from a conversation held back at IETF 117, where members of the Spec Core Team (SCT) were attempting to make RBAC work in Matrix. Thankfully, there was prior art in the form of MSC2812, but a problem with decentralization (and specifically state resolution) was discovered. Thoughts were had about how to fix it, and MSC4056 is the result of those thoughts. Implementation work is eventually planned for this MSC, but in the meantime it should see forwards movement with the SCT's involvement in the MIMI working group at the IETF.

If you have thoughts or suggestions about the very Discord-centric approach, please leave them on the MSC :)

Continue reading…

Matrix Live

Dept of Status of Matrix 🌡️

Matthew announces

Josh joined the Matrix Foundation as its first ever Managing Director!

Continue reading…

Matrix Live

Dept of Status of Matrix 🌡️

Thib says

We’d like to thank everyone for their patience as we continue to work toward restoring the Libera.Chat bridge, and apologize for the continued inconvenience. We’ve heard from many people and communities who are impacted, who have confirmed that operating this bridge is an important service and we remain committed to getting it back online.

It’s been a month since our last update and folks have been reaching out, so we wanted to take this opportunity to provide a brief update.

The bridge team at Element is still actively working on the issues that led to the bridge being disabled in the first place. You can see some of the work that’s in flight through GitHub PRs: #1757, #1766, #1764, #1734.

We’re also looking into a way to transition responsibility for the bridge from Element to being directly run by The Matrix.org Foundation over the coming months - more details as we have them.

Unfortunately, we do not yet have a clear timeline for bringing the bridge back online. We’ll continue providing regular updates and will share more information as soon as we can. Thank you again for your patience! Please do not hesitate to reach out at #libera-matrix:libera.chat if you have any questions or concerns.

Dept of Spec 📜

Andrew Morgan (anoa) announces

Here's your weekly spec update! The heart of Matrix is the specification - and this is modified by Matrix Spec Change (MSC) proposals. Learn more about how the process works at https://spec.matrix.org/proposals.

MSC Status

New MSCs:

• There were no new MSCs this week.

MSCs in Final Comment Period:

• MSC4026: Allow /versions to optionally accept authentication (merge)

Accepted MSCs:

• No MSCs were accepted this week.

Closed MSCs:

• No MSCs were closed/rejected this week.

New MSCs in detail

In this new segment, we aim to give a bit more context as to why an MSC was opened, beyond what is available in the MSC's introduction.

For MSC4026, the primary motivation came out of the Element Backend team's desire to selectively enable new and experimental Matrix features for only a subset of users on matrix.org. Experimental features are exciting, but also have the chance to break clients completely. By only enabling a feature for a small subset of users, system administrators can ensure that there is no breakage before widening the set of users.

By adding optional authentication to the /versions client endpoint, which has a set of unstable_features flags, the homeserver is able to know which user the request came from. From there, it can decide whether a certain feature should be advertised as enabled or disabled.

The expected outcome of this is safer deployments - and ultimately less panicking when (not if) something breaks.

Spec Updates

Matrix v1.8 was released last week, and hot on the heels we're now working towards Matrix v1.9, due November 2023.

See the "Upcoming in Matrix 1.9" section of the linked blogpost for the MSCs that the Spec Core Team plan to land in time for v1.9!

Random MSC of the Week

The random MSC of the week is... MSC3160: Message timezone markup!

This MSC proposes new HTML syntax for formatted m.room.messages with a <time> tag that could display a time automatically based on the receiving user's timezone/12 or 24hr/etc. preferences. This saves users from manually calculating timezone offsets in their head.

I think this would be an excellent feature, and I've seen it in use already in platforms like Discord. Discord lacks any UI for the user to construct these though, instead hoping users just magically figure it out. This leads to sites like https://hammertime.cyou/ existing. But it would be nice to see clients providing a similar native UI.

What do you think? Have thoughts? Leave them on the MSC as a new pull request comment!

Dept of Servers 🏢

Synapse (website)

Synapse is a Matrix homeserver implementation developed by the matrix.org core team

dmr says

This week we released Synapse 1.91, which contains

• admin API improvements for locking users, and filtering admins in user searches;
• performance improvements for state resolution in old rooms and during high replication traffic; plus
• improvements to the single-sign-on configuration

We are aware of a performance regression in this release which gradually consumes more CPU over time. We have just (within the last hour) begun to understand this and have a fix planned. We'll need to test this properly at the start of next week; you can expect a bugfix release shortly after, if all goes well.

The full changelog is available on GitHub. Thank you to our contributors for this release: Alexander Fechler, Gabriel Rodríguez, Nick Mills-Barret, Nico, Matthew Ma, Maximilian Bosch and Theodore Ni.

Aside from the release, this week we have been working on a few small bugfixes, which should make a nice addition to the upcoming 1.92 release.

In other news, for the last few releases Erik has been working to fix database corruption problems relating to room retention and purging historical events. He put out a call for testing in the Synapse Announcements room last Friday. It is not risk-free, but if anyone is feeling bold and is prepared to handle potential data loss, we would appreciate testing and feedback.

Finally, let me once thank our community of server operators in the #synapse:matrix.org room. It is an invaluable asset; we are indebted to everyone for all of your efforts and are extremely grateful.

Dept of Clients 📱

Benedict says

Just wanted to mention, that Konstantin Tskhovrebov created a really cool little Matrix messenger based on Trixnity. It is called smalk, uses Compose Multiplatform and already works on Desktop, Android and iOS with the same code base. Maybe web is coming soon too.

Neochat (website)

A client for matrix, the decentralized communication protocol

Tobias Fella says

This week, we've implemented a bunch of cool features:

• You can now create matrix accounts directly in NeoChat. As part of the, the entire login UI has been revamped to a more modern look.
• On the other end of an account's life cycle, we've also implemented deactivating accounts
• You can now forward messages to a different room
• The right sidebar has been improved for mobile devices

Apart from that, we're improving a lot of our code behind the scenes and preparing for the move to Qt6 (hopefully completed later this

Element X iOS (website)

A total rewrite of Element-iOS using the Matrix Rust SDK underneath and targeting devices running iOS 16+.

Ștefan says

Happy Friday everybody, ending another week that very much kept us on our toes:

• Polls are making quite the appearance 1, 2
• We started showing the room notification config in the room list
• The rich text editor is now actually part of the app but under a feature flag
• We’re working out the last kinks for OIDC
• We have a new placement for the start chat button and prettier avatars and usernames
• The app is faster than ever thanks to some clever mechanics under the hood
• Fixed bugs here, there and everywhere
• And we even improved our testing coverage and performance tracking

Element X Android (website)

Android Matrix messenger application using the Matrix Rust Sdk and Jetpack Compose

benoit reports

• Element X Android is not far from being released to production, but we want to fix the issue about notification without content first. This happens when the SDK cannot decrypt the Event content.
• Polls are now enabled, you can create, vote and end polls, and they are correctly rendered in the timeline.
• We have started to integrate Element Call to the application.
• Still working on polishing OIDC and making progress on integrating the Rich Text Editor.
• We are fixing lots of bugs, keep reporting bug reports, it’s really helpful!

Dept of SDKs and Frameworks 🧰

Trixnity (website)

Multiplatform Kotlin SDK for Matrix

Benedict announces

A small Trixnity release this week (v.3.10.4):

features/improvements:

• add default user agent "Trixnity"
• allow subscribeAsFlow in SyncApiClients Subscribable

bugfixes:

• fix createRoomRepositoriesModule

matrix-rust-sdk (website)

Next-gen crypto-included SDK for developing Clients, Bots and Appservices; written in Rust with bindings for Node, Swift and WASM

Jonas Platte says

Over the last few weeks, we added

• RoomInfo subscriptions, makes fetching room list entry data faster for EX
• Client integration for widgets is starting to take shape
• Initial support for showing polls in the timeline landed
• Initial support for OIDC landed! (some iOS-specific problems remain)
• A non-fuzzy room list filter
• Creation of HTML messages over FFI (without going through markdown)

We also fixed lots of issues, including

• Content of redacted events being retained in timeline items
• Room avatar not showing up with new FFI RoomInfo
• matrix-sdk-crypto-ffi crashing on x86_64 Android
• Timeline not getting updated when (un)ignoring a user (not yet merged)
• Timeline sometimes flickering when opening it in EX (not yet merged)

… and improved our logging setup, as well as CI.

Dept of Services 🚀

matrix-docker-ansible-deploy (website)

Matrix server setup using Ansible and Docker

Slavi announces

Thanks to Aine of etke.cc, matrix-docker-ansible-deploy can now set up the SchildiChat client.

See our Configuring SchildiChat documentation to get started.

Dept of Bots 🤖

Maubot-meetings

Gwmngilfen announces

Historically, Ansible has relied on an old IRC bot called Zodbot to run our official chat meetings - take notes, log action items, and so forth, as well as posting the logs to a webhost for people to read later. With the IRC bridge currently down, we decided to dust off a 2-year-old action item to write a Matrix Meeting bot. Since (a) Zodbot is written in Python, and (b) I was already using Maubot for other things, it made sense to write it in the Maubot framework.

If you also have a need to a meeting Matrix, you might have a use for this! If so, you can check out the extremely hacky code on GitHub and deploy it to your own Maubot host in the usual way. By default the bot will post the meeting logs to the room when #endmeeting is called, but optionally (because this is useful to me) you can also post the logs to a Discourse instance instead. More backends for log handling are also planned.

Comments/feature requests/bug reports are of course very welcome!

Dept of Events and Talks 🗣️

Matrix User Meetup Berlin

saces says

This will be the last meetup before the matrix community summit, a good opportunity to test your [m]atrix outfit.

Next Matrix user meetup 6.9.2023, 8 pm @ c-base

Meet other matrix users, chat about Matrix, the rest, and everything else, discuss your Matrix ideas, sign each other in persona, and maybe spice the evening with a good mate or beer.

Also when the bbq is lit you may wish you brougth your favorite item :)

Every first Wednesday of the month in the c-base at 8pm ('til the next pandemic).

Matrix room: #mumb:c-base.org

Matrix Community Summit 2023 (website)

HarHarLinks reports

The Matrix Community Summit 2023 🗻 is taking place September 21st through September 24th at the awesome hacker space station c-base in Berlin!

News: The schedule had a slight adjustment to fix times being shown later than intended. The talks on Friday and Saturday start at 10:00 AM (CEST). The schedule has also been updated to include the breakfast, lunch break, dinner, and social events.

If your talk was accepted and you are participating as a speaker, please do still get a ticket!

The range of available T-Shirts has been extended! There are now 4 variants for you to choose from (or get them all!). If you already bought a ticket that includes a free T-shirt, you should be able to switch your choice to any of the new ones, in case you prefer them.

Summary:

• 📆 We updated the schedule from last week to show sessions in Berlin local time properly and also include breaks and meals. View it online here or import to your schedule consuming apps.
• 🎫 Tickets are available! We are counting on Matrix businesses and professionals to buy our supporter tickets or sponsoring packages so we can provide everyone with food and drinks.
• 👕 T-Shirts available for preordering, including new additional variants!
• 🗨️ Join the event space #matrix-community-summit-berlin-2023:matrix.org for all related rooms including news and general discussion, etc.
  • 🚗🏨 Carpools and Roomshares if you're looking for how to travel or where to sleep.
  • 💪 If you can and want to help out with the event organisation, join the orga room!
• 🗣️ The call for participation ended last Sunday, August 20th, however if you missed it until now and just came up with the greatest new idea, don't hesitate to contact us at Matrix Community Summit Orga and we will see how we can squeeze you in.

See you soon in Berlin!

Dept of Ping

Here we reveal, rank, and applaud the homeservers with the lowest ping, as measured by pingbot, a maubot that you can host on your own server.

#ping:maunium.net

Join #ping:maunium.net to experience the fun live, and to find out how to add YOUR server to the game.

#ping-no-synapse:maunium.net

Join #ping-no-synapse:maunium.net to experience the fun live, and to find out how to add YOUR server to the game.

That's all I know

See you next week, and be sure to stop by #twim:matrix.org with your updates!

Matrix Live

Dept of Spec 📜

Andrew Morgan (anoa) says

Here's your weekly spec update! The heart of Matrix is the specification - and this is modified by Matrix Spec Change (MSC) proposals. Learn more about how the process works at https://spec.matrix.org/proposals.

MSC Status

New MSCs:

• MSC4039: Add an MSC for a new Widget API action to upload files into the media repository

MSCs in Final Comment Period:

• MSC3381: Polls (mk II) (merge)

Accepted MSCs:

• No MSCs were accepted this week.

Closed MSCs:

• No MSCs were closed/rejected this week.

Spec Updates

We've been quite busy at IETF 117 this last week discussing MLS and MIMI in several contexts, meetings, and sessions. Overall things have moved pretty fast in the last week, but the short summary is we're working with MIMI to get (Linearized) Matrix used as the new-found "signalling layer". This layer delegates membership of the room to the crypto layer when the crypto layer (namely MLS) supports being used as such, and is responsible for enforcing all policies. Policies in the context of MIMI are things like join rules, history visibility, and power levels, but with an added twist: we're looking at supporting Role-Based Access Control (RBAC) in combination with power levels in MIMI, which should also bring RBAC to Matrix in the form of a currently-unwritten MSC.

All told, we've got several new documents to write and MSCs to draft, but we'll get there in time. The MIMI working group is expecting solutions in place by about September, so watch this space for more news as we progress. An architecture draft is also in progress on the MIMI side to further explain what all of these new layers mean. In the meantime, if you have questions then please visit the matrix-spec room on Matrix!

We're also looking for more Matrix 1.9 candidates. Currently we have just custom emoji and anything to do with MIMI on the agenda - if you'd like to add more, let us know in the Office of the Matrix Spec Core Team room on Matrix.

Random MSC of the Week

The random MSC of the week is... MSC3062: Bot verification!

This MSC describes a method for verifying (cross-signing) the devices of a bot user, and how verification of that sort could be done. Obviously it wouldn't make much sense to verify emoji with a bot. Instead, this MSC suggests that the bot provide a URL to present to the user. If the URL appears trustworthy (those who would control this URL should also be in charge of this bot), then the user can choose to continue the verification.

The user's Matrix client would then make a request to the URL with details of the verification. If the server responds successfully, some cryptographic magic happens, and your client will consider the bot verified!

This is essentially tying a bot's verification with control of a domain's DNS, which I think is a smart way to do things. But you do need to watch out for those pesky UTF-8 control characters when asking the user to verify the URL!

Dept of Servers 🏢

Synapse (website)

Synapse is a Matrix homeserver implementation developed by the matrix.org core team

Shay says

This week we released 1.89.rc1. Highlights include:

• Add Unix Socket support for HTTP Replication Listeners. Document and provide usage instructions for utilizing Unix sockets in Synapse
• Fix a long-standing bug where remote invites weren't correctly pushed
• Ensure a long state res does not starve CPU by occasionally yielding to the reactor
• Remove support for calling the /register endpoint with an unspecced user property for application services
• Support room version 11 from MSC3820

and much more. If you'd like to take a deep dive into the changes, you can find the release notes here and as always, if you encounter a bug feel free to report it at https://github.com/matrix-org/synapse/issues/new/choose.

Dept of Bridges 🌉

Thib says

we have asked the Libera.Chat team to postpone the removal of portals from 31st July to 11th August, both to leave us more time to get the bridge ready and to leave people more time to turn their portals into plumbed rooms.

We're grateful to the Libera Chat team for accepting our request and being mindful of our community.

Dept of Clients 📱

Element X iOS (website)

A total rewrite of Element-iOS using the Matrix Rust SDK underneath and targeting devices running iOS 16+.

Ștefan reports

Another week, another successful campaign on tweaks and bugfixes. We’ve continued our foray with:

• a brand new timeline implementation that just needs a few final tweaks before absolutely shining
• fixes around media upload for uncommon flows and file types
• copyable app version and device id
• improvements to Compound and our design system
• and even some tweaks for the mac

Otherwise we’re also working on room notification settings and support for polls

Element X Android (website)

Android Matrix messenger application using the Matrix Rust Sdk and Jetpack Compose

benoit reports

• We are still fixing issues on Element X Android, to be able to release it. Thanks for your patience!
• We are also making progress on some new features like polls for instance, mainly on the Rust SDK side right now.
• The project got an updated readme: https://github.com/vector-im/element-x-android!

Element Web/Desktop (website)

Secure and independent communication, connected via Matrix. Come talk with us in #element-web:matrix.org!

Johannes Marbach says

• We’ve continued our quest to eliminate stuck notifications. Fixes around read receipts for non-thread relations on thread roots, missing replies and some of the zombie notifications that appear on app reload have landed. Hot off the press, we’ve also identified a promising fix for the unread count mismatch before and after decryption. Check out our meta issue for the plan going forward.
• On the Compound front, we’ve had discussions around theming support and aligned on letting a small subset of customisable colours define the theme identity while not entirely disabling fully custom themes
• Lastly, we’ve also made some more progress around the logout path in the native OIDC integration. Sadly, things will be somewhat delayed here with folks going on summer vacation and having to pivot to other projects temporarily.

Element Android (website)

Secure and independent communication for Android, connected via Matrix. Come talk with us in #element-android:matrix.org!

benoit says

• Element Android 1.6.5 has been released, it contains some bugfixes, especially when the device is out of network range. Should be available soon on GooglePlay and F-Droid.

Commune (website)

Commune is a communications suite built on top of matrix. Commune aims to bring together chat, discussions, email and other interactive apps into a single matrix client.

ahq reports

Shpong is an instance of Commune, a publicly-accessible matrix community.

Dept of Non Chat Clients 🎛️

Thirdroom (website)

A browser-based open metaverse client

Matthew (away) reports

We've had to stop development on Third Room for the foreseeable due to lack of funding (folks who said they were interested in funding the project unfortunately did not come through in the end, and Element unfortunately doesn't have the resources to continue funding the development solo). All the code is of course Apache Licensed open source, and we very much hope that the codebase will find a way to live on in future.

Dept of SDKs and Frameworks 🧰

Matrix.swift SDK (website)

cvwright reports

The Circles team at FUTO is proud to announce the first alpha pre-release of Matrix.swift, our homegrown Swift client SDK for Matrix apps on Apple platforms including iOS and MacOS.

Although the project is still quite rough around the edges, it already provides most of the basic functionality that a simple Matrix client app would need. It can create, join, and leave rooms, and it can send and receive messages and media attachments, with support for Matrix end-to-end encryption via the Rust Crypto SDK.

A more complete list of features is available in the main project repo.

The first alpha v0.1.0 release is available from the FUTO Gitlab as well as from a Github mirror.

Trixnity (website)

Multiplatform Kotlin SDK for Matrix

Benedict reports

Trixnity 3.8.0 is released with matrix 1.7 support 🎉

features:

• matrix 1.7 support (reactions and more)
• extend MatrixClient API of sync allowing to set presence
• configurable sync delays (contribution by @steffen.eichenberg)

bugfixes:

• don't fail filling timeline when room does not exist locally yet

matrix-rust-sdk (website)

Next-gen crypto-included SDK for developing Clients, Bots and Appservices; written in Rust with bindings for Node, Swift and WASM

Jonas Platte reports

This week, we made progress on four key areas:

• Polls. FFI types were added and we got a first draft PR for timeline support. Special thanks to Kévin Commaille who did all the Ruma work this builds on, including recently making it compatible with both the latest state of the MSC and the older version currently implemented by Element Web
• Sliding Sync: Making it more robust against unexpected server behavior, more logging context, getting the new server-computed avatar URL
• Timeline: applying redactions more thoroughly
• Room List API: Update batching to reduce the amount of FFI back-and-forth for EX and fuzzy searching

Dept of Bots 🤖

Matrix Registration Bot (website)

moanos [he/him] announces

The matrix-registration-bot allows you to manage an invite only matrix server. An admin asks the bot for a invite code and then sends this code to a friend (or enemy) that they want to invite to the server.

it is now a lot easier to run the bot

• Create an admin account on your server for the bot
• run docker run -it -e "BOT_USERNAME=@matrix-registration-bot:example.org" -e "BOT_PASSWORD=SECURE_PASSWORD" -e "BOT_SERVER=https://synapse.example.org" moanos/matrix-registration-bot:1.3.0
• Message the bot help to find out about all it can do

For all the folks using matrix-docker-ansible-deploy: Adding the following to you vars.yml is enough to fully configure the bot

matrix_bot_matrix_registration_bot_enabled: true

#By default, the playbook will set use the bot with a username like 
## this: `@bot.matrix-registration-bot:DOMAIN`.
# To use a different username, uncomment & adjust the variable.
# matrix_bot_matrix_registration_bot_matrix_user_id_localpart: bot.matrix-registration-bot

# Generate a strong password here. Consider generating it with `pwgen -s 64 1`
matrix_bot_matrix_registration_bot_bot_password: PASSWORD_FOR_THE_BOT

# Enables registration
matrix_synapse_enable_registration: true

# Restrict registration to users with a token
matrix_synapse_registration_requires_token: true

No more hassle with access tokens - the bot can obtain them now on it's own!

For questions and support visit #matrix-registration-bot:hyteck.de

flip-matrix-bot (website)

A Matrix bot for the Friendly Linux Players community.

HER0 says

The new online documentation has received a bunch of updates, and now the Interacting with the bot section (starting with the usage overview) is much more fleshed out.

The docs are still in an early state, but this is a step towards making the bot easier to work with! If you have any feedback on this, feel free to file an issue or discuss it with us in #flip-matrix-bot:flip.earth.

Dept of Events and Talks 🗣️

Michael Weimann says

Schau dir den Vortrag „Die aufregende Reise einer Matrix-Nachricht“ am Sonntag, den 06.08. August um 10:00 Uhr auf der FrOSCon an

This post is about a talk „The exciting journey of a Matrix message“ explaining the Matrix protocol and APIs at FrOSCon. Since the conference is mainly in German, the main content of this post is also in German.

Wenn ihr wissen wollt, warum Matrix funktioniert und ihr nächstes Wochenende in der Nähe von Bonn (bzw. Sankt Augustin) seid, schaut euch den Vortrag „Die aufregende Reise einer Matrix-Nachricht“ auf der FrOSCon an!

Im Vortrag verfolgen wir den Weg einer Matrix-Nachricht vom eigenen Eingabefeld bis zur Timeline des Empfängers: Was passiert da, wer redet mit wem und wie zum Geier funktioniert eigentlich diese Verschlüsselung? Zu jedem Schritt schauen wir uns an, welche APIs benutzt werden. Außerdem werfen wir einen Blick in die Matrix-Spezifikation, in der drinsteht, wie das alles funktioniert.

Der Vortrag wird danach auch als Stream bei media.ccc.de verfügbar sein. Die komplette Beschreibung zum Vortrag gibt es im FrOSCon Programm.

HarHarLinks says

Matrix @ FrOSCon

FrOSCon is happening next week!

• 🐸 Free and Open Source Conference
• 📆 Saturday August 5 and Sunday August 6
• 🗺️ University of applied Sciences Bonn Rhine Sieg 🇩🇪
• 🧑‍🏫 Matrix community devroom, Matrix community stand, and even talks about Matrix on the main tracks
• 🕒️ Programme/Schedule: Saturday / Sunday
• 🗨️ Matrix Room: #FrOSCon:fiksel.info
• 💲 Free as in free beer! If you're in the area, come and meet us!
• 🦣 Share the toot or tweet (nitter mirror)

Matrix User Meetup Berlin

saces reports

Next Matrix user meetup 2.8.2023, 8 pm @ c-base

Meet other matrix users, chat about Matrix, the rest, and everything else, discuss your Matrix ideas, sign each other in persona, and maybe spice the evening with a good mate or beer.

Also when the bbq is lit you may wish you brougth your favorite item :)

Every first Wednesday of the month in the c-base at 8pm ('til the next pandemic).

Matrix room: #mumb:c-base.org

Dept of Ping

Here we reveal, rank, and applaud the homeservers with the lowest ping, as measured by pingbot, a maubot that you can host on your own server.

#ping:maunium.net

Join #ping:maunium.net to experience the fun live, and to find out how to add YOUR server to the game.

#ping-no-synapse:maunium.net

Join #ping-no-synapse:maunium.net to experience the fun live, and to find out how to add YOUR server to the game.

That's all I know

See you next week, and be sure to stop by #twim:matrix.org with your updates!

We have recently announced that we will be honouring Libera Chat’s request to turn off portalled rooms on the Libera.Chat bridge maintained by the Matrix.org Foundation. The changes were originally scheduled to be effective on 31st July. In the meantime, we posted instructions for people to turn their portalled rooms into plumbed ones so the bridge keeps working for them.

Some stability issues on the bridge have prevented people from turning their portalled rooms into plumbed ones. We have been actively working on resolving those issues since the first reports and the situation is gradually improving. However, at this point, we do not believe the plumbed mode can be considered sufficiently stable yet.

Continue reading…

Matrix Live

Dept of Spec 📜

Andrew Morgan (anoa) announces

Here's your weekly spec update! The heart of Matrix is the specification - and this is modified by Matrix Spec Change (MSC) proposals. Learn more about how the process works at https://spec.matrix.org/proposals.

MSC Status

New MSCs:

• MSC4033: Explicit ordering of events for receipts

MSCs in Final Comment Period:

• No MSCs are in FCP.

Accepted MSCs:

• MSC4025: Local user erasure requests

Closed MSCs:

• MSC3746: Render image data in reactions
  • An alternative proposal: MSC4027: Propose method of specifying custom images in reactions

Spec Updates

Work to use Matrix as the standard for interoperable messaging at the IETF is continuing in full stride. At IETF 117 (July 22nd - 28th, 2023) we'll be talking about the precise requirements of an interoperable protocol, and encouraging Matrix be that protocol. Linearized Matrix is our proposal for the room model, with more updates expected in the coming days ahead of the submission deadline, meanwhile yours truly is working on using MSC1767 Extensible Events for a content format. Watch this space for updates leading up to IETF 117 🙂

We're also well on track to test interoperability of different Linearized Matrix implementations at the Hackathon - get in touch with us via the #sct-office:matrix.org if you're working on such an implementation so we can coordinate details. It's not too late to get started either; Linearized Matrix itself is relatively simple to implement compared to the full capability of Matrix, by design.

Random MSC of the Week

The random MSC of the week is... MSC3903: X25519 Elliptic-curve Diffie-Hellman ephemeral for establishing secure channel between two Matrix clients!

This MSC provides a means of establishing a trusted, secure communications channel across a potentially untrusted network. Subsequent MSCs could then use this channel to transfer details such as login tokens or key backup credentials in the context of setting up a new Matrix device. MSC3906 is one proposal that takes advantage of this.

This is just one piece of work building on the tree of MSCs supporting the shift of authentication in Matrix from home-brewed to OIDC. See https://areweoidcyet.com/ for more details on that effort.

Dept of Servers 🏢

Synapse (website)

Synapse is a Matrix homeserver implementation developed by the matrix.org core team

Shay reports

This week we released 1.87.0. As a reminder, please note that this will be the last release of Synapse that is compatible with Python 3.7 and earlier. Now on to the highlights:

• Improve /messages response time by avoiding backfill when we already have messages to returns
• Fix a long-standing bug where media files were served in an unsafe manner
• Fix joining rooms through aliases where the alias server isn't a real homeserver
• Avoid invalidating a cache that was just prefilled

and much more. If you'd like to take a deep dive into the changes, you can find the release notes here and as always, if you encounter a bug feel free to report it at https://github.com/matrix-org/synapse/issues/new/choose.

Dendrite (website)

Second generation Matrix homeserver

Devon Dmytro announces

This week we released v0.13.1. Here are a few of the highlights:

• A long-standing "off-by-one" error has been fixed, which could result in state resets
• Roomserver Prometheus Metrics are available again

Check out the release notes for the full set of changes! As always, feel free to stop by #dendrite:matrix.org to join in on the discussion and if you encounter a bug make sure to report it here.

Conduit (website)

Conduit is a simple, fast and reliable chat server powered by Matrix

Timo ⚡️ reports

It's happening! I finally managed to implement some highly requested features in Conduit like the hierarchy and relations endpoints to finally allow users to:

• Explore spaces locally and over federation
• Read and write thread messages
• View edit history

I also worked on some other improvements to make the overall experience smoother:

• Significant memory usage improvement, smaller instances can be at 150MB or lower, bigger instances around 1GB. Try it out on your own Conduit instance and join #conduit:fachschaften.org to tell us what you find.
• Fixed a state resolution bug. There should be fewer soft failing errors now.
• Randomize server join order

Last but not least, I started working on Element X support for Conduit by implementing sliding sync. This is a bigger task, but a very basic version is already working: https://mastodon.social/@timokoesters/110665620551657280

Element X developers should prepare for native sliding sync support in the not-too-distant future and should try to detect this functionality instead of requiring a client well known file.

You can support me on https://liberapay.com/timokoesters

PS: I'm also looking for jobs and other opportunities for when I finish university at the end of the year, contact me if you have ideas.

Dept of Bridges 🌉

Libera.Chat Deportalling

Thib says

Libera.Chat asked the Matrix.org Foundation to "deportal" the bridge, only leaving plumbed rooms active by July 31st. This means the bridge could stop working if your room is not "plumbed". Plumbed? Portalled? What are we even talking about?

I wrote a guide to help you make sure the rooms you maintain will keep bridging after July 1st, and you can find it here.

Dept of Clients 📱

chooj (website)

Farooq announces

Many bugs when joining and leaving rooms has been fixed in chooj. Furthermore, many bug fixes and improvements happened in the underlying UI library, KaiUIng. And finally, a small guide has been added to chooj which shows up for the first launch and explains the Matrix network and its capabilities. I am still looking for sponsors to financially help with the development of the project. I am also considering publishing chooj to KaiStore. Meanwhile, you can download chooj from the BananaHackers webstore and try sideloading it, given that your KaiOS feature phone supports that.

Nheko (website)

Desktop client for Matrix using Qt and C++17.

Nico reports

I've had a lot of people reach out the last few weeks, that they wanted to know who can see their messages and how to control that. As a result I finally got around to implementing a history visibility selector in Nheko: You can toggle between anybody being able to see your messages without joining the room you sent them in or restrict visibility to joined users only. In the latter case you can then select visibility of past messages for joined members between all the past messages, from the invite on or from their join going forward. These are the standard Matrix history visibility rules, but we try to represent them a bit differently to make it clearer, what they mean. I hope this makes them a bit easier to understand.

However there are ways around visibility rules. If a room selects to not allow users to see its messages, unless the user joins the room, a user could possibly use a bot to proxy the messages and make them either visible or possibly even searchable to users, that haven't joined the room. This sometimes happens on Mastodon and you basically have 2 options to prevent it: approve each user individually after verifying they are not a bot or delete your messages after some time to prevent how much can be read by a bot.

The former is already available in Nheko for quite some time. You can set any room to require knocking and a user will have to knock before being allowed to join the room and view messages. You can even combine that with restricted joins, that allow a user of some room to join another room without knocking, which significantly reduces the overhead.

However knocking isn't always a great solution, especially if you don't control the room or it really should be public. So we also implement an option for automatically expiring messages now. This is EXPERIMENTAL and might cause significant strain on your homeserver when first enabled (and possibly even after that), as such please be careful and apply good judgement. Originally we were waiting for this to be part of the Matrix specification eventually and have the server handle the deletion more efficiently and with less load. However the effort on multiple of those MSCs has stalled and as such we now have a client-side solution until we can rely on server support for this. You can now in the settings of each room select when your old messages should be deleted (after some time or by only keeping a specific total of messages). You then enable the background job in the general settings and Nheko will periodically check for messages to delete and then delete them. In theory you can enable this also globally for all rooms, however Nheko does not expose a button for that yet, as this again is still experimental and might come with performance issues or worse. You can however enable it manually if you write the configuration by hand.

Apart from that we are still stabilizing the qt6 port. LorenDB fixed the Recaptcha and also qmlified that dialog (finally). And Satellia fixed some minor issue, where the focus didn't return properly to the input bar after sending files.

I hope this update was interesting. It does tick of some items I was always to lazy to work on, so I guess that is nice to have it over with! Have a nice and enjoyable weekend!

Element X Android (website)

Android Matrix messenger application using the Matrix Rust Sdk and Jetpack Compose

benoit says

This week on the Element X Android team we’ve been implementing improvements to the room list loading time, invites and many more. Other new updates include,

• Being able to swipe in order to start a reply to someone from the timeline
• Having message actions responsive to the type of event or message

Element Web/Desktop (website)

Secure and independent communication, connected via Matrix. Come talk with us in #element-web:matrix.org!

Danielle reports

• Our long-awaited improvements to the notifications settings screens are now available in labs! In the coming weeks we’ll be making the new view the default experience so let us know if you have feedback on it.

  • Other work on notifications continues with our team heads down on fixing stuck notifications issues. We’ve started drafting a new MSC we hope will make improvements - watch this space for more news.

• Along with this our other projects have been making great progress, for example our more strategic improvements to accessibility are starting to take shape and you’ll soon see the typeface and colours in Element reflect that.

• Our integration with OIDC is making massive strides forwards. We’re currently testing the login flow and work on logout is well underway.

Element X iOS (website)

A total rewrite of Element-iOS using the Matrix Rust SDK underneath and targeting devices running iOS 16+.

Manu reports

It’s a big week for the Element X team on iOS as we’ve released the beta app live to the App Store! More info in our blog post. 🚀

While there’s a lot we’re still working on building, here’s my personal highlights:

• Location sharing: Being able to send your location and view others’ locations in the timeline, being able to send a pin location, along with viewing it all in dark mode!
• Notifications: We’re building out the settings screens, in app messages, push notifications etc. are all in the works and looking really great. You’ll be able to experience it soon. Remember; keep checking in for updates and keep sending over your feedback!

Dept of Non Chat Clients 🎛️

Circles (website)

E2E encrypted social networking built on Matrix. Safe, private sharing for your friends, family, and community.

cvwright reports

Circles is a secure social network app for friends and families, built on Matrix.

This week we released a new beta build (v1.0.12) for Android, including:

• Emoji picker now shows a quick list of the most recent or most common emojis
• Added the option to re-send invites
• New visual design for the timeline
• Quick gesture-based navigation on the timeline (single, long, double tap gestures)
• Added the ability to share rooms and profiles via deep links
• Added loading indicators
• Various bug fixes and performance optimization

In particular, scrolling the timeline is now much snappier, especially when new posts are coming in from the server.

The latest beta build is available on Google Play and from our own F-Droid beta repo.

Dept of VoIP 🤙

Element Call (website)

Native Decentralised End-to-end Encrypted Group Calls in Matrix, as a standalone web app

Jake B-B reports

The Element VoIP team are making a major update to Element Call with our release of a new version backed by the LiveKit SDK and SFU. This means that our SPA at call.element.io will now support much larger calls; 100 participants comfortably and potentially many more.

To support that, we have delivered new UI for large calls, with a scrolling grid that you can rearrange to your liking, dragging and dropping tiles and expanding them as you like.

It's worth noting that call.element.io will temporarily no longer be encrypted after this update, but we will be bringing back end to end encryption within the next few weeks.

This release requires running a LiveKit SFU and also a tiny service that will issue tokens for that SFU. Note that we don't currently offer a publicly available implementation of the latter. This means that if you currently run Element Call, it is probably advisable to remain on the 0.3.x releases rather than upgrade at this point.

Dept of SDKs and Frameworks 🧰

matrix-rust-sdk (website)

Next-gen crypto-included SDK for developing Clients, Bots and Appservices; written in Rust with bindings for Node, Swift and WASM

Jonas Platte announces

• Timeline: More thoroughly support MSC3488 (m.location)
• Timeline: Make pending local echoes stick to the bottom
• Timeline: Add EventTimelineItem::origin
• Add notification settings
• Timeline: Keep loading indicator at the top when processing events (bugfix)
• Timeline: Replace loading indicator and timeline start virtual items
• Timeline: Spawn a background task for decryption retrying
• Immediately fail if a sliding sync request failed
• Crypto: Don't recreate the cross-process lock if it already existed
• Allow to filter events added to the Timeline
• Store the last timeline event in RoomInfo (WIP)
• Timeline: Add timestamp to reactions

libQuotient (website)

A Qt5 library to write cross-platform clients for Matrix

Tobias Fella says

Just half a year after the last minor release, here's libQuotient 0.8!

Here's what this release brings to you, other than a quicker release cycle:

• Support for newer Matrix APIs
• Generated documentation
• Coinstallability of Qt5 and Qt6 versions
• Stability Improvements Have a look at the release page for more information

Dept of Bots 🤖

flip-matrix-bot (website)

A Matrix bot for the Friendly Linux Players community.

HER0 announces

The greeting feature of the bot has been improved to detect when a user is rejoining the room (as their previous membership event was to leave), and to provide a much shorter "welcome back" message in those cases.

On the community website side, events scheduled by the bot now have schema.org event markup. This allows for events to potentially have fancy UI in search engines!

Dept of Interesting Projects 🛰️

deavid announces

If anyone finds it interesting, some time ago I made "Yarrosco" : https://github.com/deavid/yarrosco A simple app to get chats from Matrix and Twitch into OBS when streaming made in Rust.

Dept of Ping

Here we reveal, rank, and applaud the homeservers with the lowest ping, as measured by pingbot, a maubot that you can host on your own server.

#ping:maunium.net

Join #ping:maunium.net to experience the fun live, and to find out how to add YOUR server to the game.

#ping-no-synapse:maunium.net

Join #ping-no-synapse:maunium.net to experience the fun live, and to find out how to add YOUR server to the game.

That's all I know

See you next week, and be sure to stop by #twim:matrix.org with your updates!

Libera Chat recently announced their decision to opt-out of portalled rooms from the Libera.Chat bridge instance hosted by the Matrix.org Foundation (a decision we regret but respect). This means that for the bridge to keep working, all of your portalled rooms need to be turned into plumbed rooms before July 31st. All of this might be a bit obscure, so let’s walk together through these concepts and give you the tools to make sure the bridge keeps working for you.

Continue reading…