Roll up, roll up, get it while it’s hot, Synapse 0.33.4 is here.
This release brings together a whole host of bug fixes, some enhancements to resource usage management and a bunch of internal changes in readiness for room member state lazy loading and our ongoing port to Python 3 (we are hoping to ship a py3 test candidate rsn!).
As referenced in yesterday’s pre-disclosure, today we are releasing Synapse 0.33.3.1 as a critical security update.
We have patched two security vulnerabilities we identified whilst working on the upcoming r0 spec release for the Server-Server API (see details below). We do not believe either have been exploited in the wild, but strongly recommend everybody running a federated Synapse upgrades immediately.
Many thanks for your patience and understanding; with fixes like this we are moving ever closer to Synapse reaching a 1.0 Thanks also to the package maintainers who have coordinated with us to ensure distro packages are available for a speedy upgrade!
Note, for anyone running Debian Jessie, we have prepared a 0.33.2.1 deb (as 0.33.3 dropped support for Jessie).
Synapse 0.33.3.1 (2018-09-06)
Fix an issue where event signatures were not always correctly validated (#3796)
Fix an issue where server_acls could be circumvented for incoming events (#3796)
Unignore synctl in .dockerignore to fix docker builds (#3802)
Recently I’ve been working to improve some of the content on the matrix.org website.
Firstly the FAQ now has updated content and a more presentable menu.
We have a Guides Index, which includes a clarified guide list, plus links to off-site contributions from the community. It’s possible to click “recommend” on these items if you’ve had a good experience with them. If you have documentation or guides you’d like to see added to the list, contact me on Matrix or make a pull request on the site repo.
Finally, as part of a programme to improve visibility on projects in the Matrix ecosystem, we are introducing the “Matrix Clients Matrix“. This is a list of some of the most popular current Matrix clients in the ecosystem today, and should shed some light on current feature statuses! The list is not exhaustive, and if you would like to see your client project included, please contact me at the same address, or come chat in the Matrix Client Developers community room. Pretty green Features grid:
Folks, it’s release time, Synapse 0.33.2 has landed.
The release focuses on performance, notable highlights include reducing CPU consumption through speeding up state delta calculations (#3592) and reducing I/O through lazily loading state on the master process (#3579, #3581, #3582, #3584)
Separately work continues on our python 3 port and we hope to have something concrete to trial very soon – we’re really excited about this and expect step change improvements in CPU and memory use.
Finally we have some ground work for upcoming room membership lazy loading, there is nothing to see here as yet, but rest assured we will make a lot of noise as soon as it is ready. Stay tuned.
Progress on the spec has been motoring since TravisR dived (dove?) into it full time a few weeks ago – the Federation API r0 megathread bug that tracks progress on filling in the gaps on the S2S API is clearing its checkboxes at an impressive rate.
MSC1452 agreement has been reached on Homeserver Warning Messages
We’re going with pinned messages (option 2) and room tags (option 5) as that seems to be where the consensus is: it re-uses existing bits of the spec and room tags also help clients that don’t know about this specific room tag to handle the room the right way
MSC1425 Room Versioning
It’s likely that in the immediate future we’ll want to change the properties of rooms in a way that will not be compatible with existing servers – for example, changing the rules for event auth or state resolution, or changing the format of an event id.
MSC1318 Documentation describing the anticipated Open Governance of Matrix.org (aka, Matrix.org Foundation)
libQMatrixClient and Quaternion have gained ability to resend and discard unsent messages.
this means if Quaternion could not, after several attempts, deliver a message, a user can click “Resend” and it will try again
On the subject of libQMatrixClient, it’s exciting that Konversation, the KDE IRC client, may in future start to use libQMatrixClient for Matrix support!
Matrique now has a Flatpak repo. It is the nightly build of the master branch. You can add the repo by typing flatpak remote-add matrique https://b0.gitlab.io/matrique-repo/matrique.flatpakrepo and install it by flatpak install matrique org.eu.encom.matrique
As it is still Alpha quality, bugs are expected. Feel free to open an issue if anything goes wrong!
Neo now has inline youtube and image url previews, and handles room state changes such as name, avatar and topic as they occur.
Android: a lot of bug fixes and small UI improvements
iOS: Lazy Loading is coming to life, showing huge improvements in bandwidth usage and performance in the app
Updates on IRC bridges from Half-Shot
Half-Shot has been working tirelessly on the IRC bridge lately, so I wanted to update on his recent successes:
I’ve recently been working on mitigating the effects of a netsplit on the IRC bridge, and optimising it to start and run faster. This week I trimmed down the heap usage (where the memory usually goes) to just under a gigabyte on my 10,000 matrix user test bridge. Previously it could spike to as much as 3.5GB. This optimisation is still in a testing phase but results are looking positive.
For reference here is the memory usage of the Freenode process during startup:
And here are the results of my local test bridge before and after the change:
We also made some internal changes to the appservice-bridge to cache the joined state of all the bridge users and therefore avoiding joining rooms which saves us some time on startup.
Matrix for Grafana, and more from Ananace
In his regular spot, Ananace has made progress on his Matrix sysadmin/ruby suite:
Synapse 0.33.1 is out now as a security update release. Please update if you haven’t already – it fixes two issues concerning event visibility where if you knew the event ID of an event you could read it even if you didn’t have access to it; we don’t believe these have been exploited in the wild, but you will definitely want to upgrade now.
Meanwhile the Python 3 port is progressing well (all sytests now pass in Python 3, i think!), and intrepid folks are starting to experiment with running it in production.
Decentralised Web Summit & Matrix Live
Meanwhile, Matthew & Amandine have been in San Francisco for the 2018 Decentralised Web Summit – so this week’s Matrix Live is live from SFO and gives a quick overview of the sort of things we got up to! Some of the sessions are already online thanks to the (somewhat unreliable) live stream (e.g. here’s Muneeb (Blockstack), Amandine, Danielle (Dat), and Zooko (Zcash) talking about their respective governance models & growing pains over the last 2 years: https://youtu.be/tsz3ffrJDpw?t=12133). The summit was a massive success, with lots of discussions about decentralised reputation, UI/UX for decentralised apps, metadata-resistance, the balance of P2P versus decentralised-servers, etc. Hopefully some of the conversations we had will result in some major improvements to Matrix in the future!