A brand new website

15.06.2023 15:21 — General Thib
Last update: 15.06.2023 14:16

Hello federation,

TLDR: New website is coming tomorrow, your RSS reader might be disoriented during the switch.

That's right, after several months of studying, designing and implementing: we're finally going to deploy the new matrix.org website on June 16! Let's have a look back at the why and how.

I also need to thank Jonas Platte not only for his technical expertise but also for his kind support and patience. Thanks to MTRNord as well for kickstarting the project, and to the various designers involved.

Continue reading…

This Week in Matrix 2023-06-09

09.06.2023 20:51 — This Week in Matrix Thib
Last update: 09.06.2023 20:48

Matrix Live

We didn't have time for a Matrix Live this week, but don't miss next week's episode!

Dept of Spec 📜

TravisR says

Here's your weekly spec update! The heart of Matrix is the specification - and this is modified by Matrix Spec Change (MSC) proposals. Learn more about how the process works at https://spec.matrix.org/proposals.

MSC Status

New MSCs:

MSCs in Final Comment Period:

Accepted MSCs:

  • No MSCs were accepted this week.

Closed MSCs:

  • No MSCs were closed/rejected this week.

Spec Updates

On the Spec Core Team (SCT), we've started converting the list of MSCs we received into a roadmap for the next 8-ish weeks. This is all to prepare for Matrix 1.8, and we're already starting to think a bit about what Matrix 1.9 looks like too. You can see what the team plans to look at here - each column is ordered in relative priority, where the top is more likely to receive attention first. Not everything is actionable at the moment, but that's the point 😄 As we work through the next month or so, the remaining MSCs should be unblocked or near-unblocked enough to allow the SCT to make progress on them.

Most of the MSCs on the roadmap have a target state of acceptance (and merge, if we can make that happen), though some do have a simple task of reviewing the MSC ahead of implementation effort. We're aiming to test this process over the next few releases, where the SCT unblocks progress by providing review ahead of review actually being needed, but to do that we need to know what people plan to work on. If you have something which could do with review (not just acceptance) in the August-November window of time, let us know in the SCT Office.

As always, if you have questions about a particular MSC's state or what this process actually means, let us know in the SCT Office.

Meanwhile, the SCT is continuing its IETF/MIMI adventures by pushing Linearized Matrix towards working group adoption. The current stages involve updating the Internet-Draft (I-D, or MSC in IETF terms) to cover the MIMI-specific bits of the room model and working on multiple implementations of the proposal. We'll be updating the MSC at a later stage to account for the DAG interop components, though how to get a DAG to work with the linear, append-only, MIMI variant is very much top of mind. You can see the current rapidly-changing I-D here.

As mentioned, to further adoption of Linearized Matrix within MIMI we're looking for independent implementations. "Independent" here means not written by the Matrix Core Team and not written by Element given the potential for conflict of interest, though the Matrix team is working on proving the I-D through eigen-server and possibly a dual-stack Synapse (watch this space). We have a line on ~2 completely independent (but undisclosed 😇) Linearized Matrix implementations already, but more is often better for these things: if you work for a messaging service provider and are interested in writing an implementation, get in touch with us so we can coordinate some interop testing. You don't already have to be using Matrix to write an implementation, and in fact it's probably better if you aren't already using Matrix, awkwardly.

Random MSC of the week

The script of fate has decided to put forward MSC3060: Room Labels this week. This is a relatively small MSC, but one which provides a ton of value to discovering rooms. The labels/topics your room covers are listed in a state event and can inform users of what to expect beyond the room name/avatar. For example, if your room has primarily NSFW/18+ content, you can disclose that in the labels.

Leave your thoughts and concerns on the MSC via threads on the diff 🙂

Continue reading…

Introducing Third Room TP2: The Creator Update

07.06.2023 15:15 — General Matthew Hodgson

Hi all,

Back in September 2022 we launched the very first public technology preview of Third Room - our entirely open source, open standards-based platform for creating decentralised multiparty spatial apps and virtual worlds on top of Matrix.

The mission of Third Room is to ensure that a truly open and equitable platform exists for powering shared 3D environments - providing an alternative to the closed walled gardens of the bigger vendors, and generally safeguard against a repeat of the fragmented dystopia that has plagued instant messaging and VoIP systems. In short, just as Matrix aims to be the missing secure communication layer of the open Web, Third Room aims to be the spatial collaboration layer.

Today, we’re incredibly excited to announce Third Room Technology Preview 2: The Creator Update. As more and more 3D hardware enters the market, the race is on to provide tools to developers and creators so they can build on an open, vendor-agnostic platform - and in this update we’ve focused on building out the scripting, editing and authoring capabilities of Third Room to provide a solid platform for building and running collaborative 3D apps of any kind. Check out the new release at https://thirdroom.io.

As a reminder: the Third Room team is a tiny band formed by Robert, Nate and Ajay and operates outside of all the rest of our work on Matrix: the other 97% of our effort goes into making the core of Matrix amazing (particularly the underpinnings for Element X and the next generation of Matrix clients). However, Matrix is about more than just chat and VoIP, and Third Room provides an excellent showcase of Matrix’s abilities as a general purpose communication fabric.

Continue reading…

This Week in Matrix 2023-06-02

02.06.2023 20:20 — This Week in Matrix Thib

Matrix Live

Dept of Spec 📜

Andrew Morgan (anoa) reports

Here's your weekly spec update! The heart of Matrix is the specification - and this is modified by Matrix Spec Change (MSC) proposals. Learn more about how the process works at https://spec.matrix.org/proposals.

MSC Status

New MSCs:

MSCs in Final Comment Period:

  • No MSCs are in FCP.

Accepted MSCs:

  • No MSCs were accepted this week.

Closed MSCs:

Spec Updates

Part of the SCT's goals with Matrix 1.8 is to pre-plan the majority of our review attention, which means we need to be told what folks are working on to plan accordingly. We'll still have some room for random/surprise MSC work, but this is expected to be harder to acquire going forward (and so should not be relied upon).

Please let us know if you're working on something which affects the spec! We want to hear about:

  • things that aren't MSCs (yet)
  • things that are MSCs but aren't planned to be merged in 1.8
  • MSCs which are expected to be ready in time for Matrix 1.8 (in ~2 months)

If you aren't sure if your project affects the spec, talk to us about it. We do not want to be the bottleneck in your development cycle, instead preferring to know ahead of time that something will need attention from us.

All we need is for you to mention your project/MSC and timeline in the #sct-office:matrix.org - DMs and private rooms with SCT members are not enough to get something on the roadmap. This is to ensure there is full transparency in why the SCT is looking at something, and to ensure that the MSC moves through the process in an efficient manner. If your project has a sensitive context (commercial or otherwise), then we ask that you reference that here and someone from the team will contact you to get more information, relaying as much (non-sensitive) detail as possible back to the room here.

Our expected outcome for this system is to not only be a more effective team, but also to give you a faster/more reasonable turnaround on MSC review (at all stages), more rapid deployment of stable features (dropping unstable prefixes), and overall fewer review iterations as the SCT can think about problems ahead of you actually needing a review. We seriously do not want to be a blocker, but we need to know what we could end up blocking by accident.

Starting approximately August 1st, we will be starting to plan out what Matrix 1.9's release cycle will look like. A similar call to action will be raised at that point. Note that Matrix 1.8 is set to be released in late August, meaning we're aiming to have Matrix 1.9 thought out before Matrix 1.8 is released, which is a deliberately accelerated timeline than the current Matrix 1.8 release cycle planning.

As always, if you have any questions about this, please let us know in #sct-office:matrix.org.

Random MSC of the Week

The random MSC of the week is... MSC3869: Read event relations with the Widget API!

This MSC would allow Matrix Widgets, knowing an event ID, to request any and all other events that relate to it. Thus, if you had a m.room.message event, you could ask the client whether any edits have been made to that event, via asking for m.room.message events with m.replace relations.

This would be useful for Widgets to traverse any data structure that used relations to tie together events - which could model all sorts of use cases!

As always, leave your feedback on the MSC if this is something you're interested in or want to push forwards :)

Continue reading…

This Week in Matrix 2023-05-26

26.05.2023 20:49 — This Week in Matrix Hubert Chathi
Last update: 26.05.2023 20:24

Matrix Spec (website)

uhoreg announces

Here's your weekly spec update! The heart of Matrix is the specification - and this is modified by Matrix Spec Change (MSC) proposals. Learn more about how the process works at https://spec.matrix.org/proposals.

MSC Status

New MSCs:

MSCs in Final Comment Period:

  • No MSCs are in FCP.

Accepted MSCs:

  • No MSCs were accepted this week.

Closed MSCs:

Spec Updates

We released version 1.7 of the Matrix Spec on Thursday. This release features media repository improvements and reactions. Thank you to all who contributed to this release, whether through writing or reviewing MSCs, writing spec PRs, or finding spec bugs. And congratulations to those who had their first MSC make it to the release. Read the blog post for the full details.

We're in the process of working out what Matrix 1.8 looks like and need to hear what people are working on. If you have an MSC or idea you're planning on looking at in the next 2 months, let us know in #sct-office:matrix.org so we can prioritize it accordingly.

Random MSC of the Week

The random MSC of the week is... MSC3184: Challenges Messages! This feature allows participants in a room to make decisions randomly by playing rock, paper, scissors; flipping a coin; or drawing straws.

Continue reading…

Matrix v1.7 release

25.05.2023 18:56 — Releases Travis Ralston

Hey all,

Matrix 1.7 has just been released! The last spec release was about 3 months ago, keeping us on track for regular quarterly releases. Unlike Matrix 1.6 though, today’s release is packed with plenty of features, some of which we’d like to call out here. Not all implementations will have support for these features yet though, and that’s okay (expected, even).

Adding support for a spec release can be a significant body of work. Instead of implementations having everything ready for spec release day, the idea is that they gain support over the next few months. If you’re able, please help those projects get v1.7’s features.

Today, we see 15 MSCs achieve their formally adopted status. All of them bring forward some much-needed features to Matrix, and a few highlights are below. Read on to the full changelog for a complete overview, and for a sneak peak at what the Spec Core Team (SCT) is planning to look at for v1.8 👀

Continue reading…

Disclosing Synapse security advisories

24.05.2023 13:44 — Security Denis Kasak
Last update: 24.05.2023 13:36

Today we are retroactively publishing advisories for security bugs in Synapse. From oldest to most recent, they are:

We strongly advise Synapse operators who are still on earlier Synapse versions to upgrade to the latest version (v1.84.0) or at the very least v1.74.0 (released Dec 2022), to prevent attacks based on these vulnerabilities. Please see the advisories for the full details, including a description of

  • the vulnerability and potential attacks,
  • exactly which deployments are vulnerable, and
  • workarounds and mitigations.

Because these bugs are either related to or exploitable over Matrix federation, we have delayed publishing these advisories until now out of caution. This allowed us to ensure that the majority of Synapse homeservers across the public federation have upgraded to a sufficiently patched version, based on the (opt-in) stats reporting to the Matrix.org foundation.

If you have any questions or comments about this announcement or any of the advisories, e-mail us at [email protected].

This Week in Matrix 2023-05-19

19.05.2023 00:00 — This Week in Matrix Andrew Morgan

Matrix Live

No Matrix Live this week as Thib's away. Tune in next week though - maybe he'll do two!

Dept of Spec 📜

Andrew Morgan (anoa) announces

Here's your weekly spec update! The heart of Matrix is the specification - and this is modified by Matrix Spec Change (MSC) proposals. Learn more about how the process works at https://spec.matrix.org/proposals.

MSC Status

New MSCs:

MSCs in Final Comment Period:

  • No MSCs are in FCP.

Accepted MSCs:

  • No MSCs were accepted this week.

Closed MSCs:

  • No MSCs were closed/rejected this week.

Spec Updates

Matrix v1.7 has been given a release date of May 25th, right before the next TWIM! Expect a matrix.org blog post with all the details on the day.

Leading up to the release we've seen a number of great spec PRs appearing and being merged! Thank you to everyone for writing them (saving the SCT some time!) and to other reviewing on commenting. It's a huge help and the spec feels like it's chugging along at a blistering pace!

Random MSC of the Week

The random MSC of the week is... MSC2213: Rejoinability of private/invite-only rooms!

This MSC adds the ability for users who have previously joined a room to rejoin again. Typically this isn't desired in a public room setting, but it does specifically make sense in the case of a DM that you've left and want to return to without the other user needing to invite you. This case has specific implications for cases where there could be only ever one room between two users. Being able to rejoin it if the other user has disappeared is key!

Outside of the DM use case, this functionality can mostly already be achieved by using restricted rooms, where users of a given space/another room can always join your room. However, it would be nice to have the flexibility of allowing certain users to rejoin a room without needing another room to serve as proof of membership.

Is this something you're interested in? Do you have additional use cases? Feel free to check out the MSC and comment with your thoughts!

Continue reading…

This Week in Matrix 2023-05-12

12.05.2023 20:47 — This Week in Matrix Thib
Last update: 12.05.2023 20:45

Matrix Live

Dept of Spec 📜

Andrew Morgan (anoa) announces

Here's your weekly spec update! The heart of Matrix is the specification - and this is modified by Matrix Spec Change (MSC) proposals. Learn more about how the process works at https://spec.matrix.org/proposals.

MSC Status

New MSCs:

MSCs in Final Comment Period:

  • No MSCs are in FCP.

Accepted MSCs:

Closed MSCs:

Spec Updates

A regular reminder that every Tuesday, the Spec Core Team (SCT) publishes their approximate priorities in the public Office of the Spec Core Team room - check it out to see what the SCT is working on. Similarly, if you’d like the SCT to engage with your MSC, mention so in that room.

The release of Matrix 1.7 is expected in the next 1-2 weeks! Keep an eye out for announcement blog post specifically for it. We'll call it out in the following TWIM as well of course :)

Matrix 1.8 is currently scheduled for around August 2023.

Random MSC of the Week

The random MSC of the week is... MSC3914: Matrix native group call push rule!

This MSC adds a new push rule that causes your Matrix client to emit a notification if a group call (as defined by MSC3401 is started in a Matrix room. This MSC (obviously) depends on MSC3041, so that MSC will need to be accepted before this one can be.

There is currently a client-side implementation for this MSC, but it is missing a homeserver side one (for adding the push rule).

Check out the MSC if you're interested, or perhaps take a look at adding that server-side implementation?

Continue reading…

This Week in Matrix 2023-05-05

05.05.2023 00:00 — This Week in Matrix Thib

Matrix Live

Dept of Social Good 🙆

Denise announces

we know there have been some questions about the recent ban on Element by the Indian Central Government. We are still trying to get answers ourselves and have put out a public statement on our understanding of the situation so far: https://element.io/blog/india-bans-flagship-client-for-the-matrix-network/

Dept of Spec 📜

Andrew Morgan (anoa) reports

Here's your weekly spec update! The heart of Matrix is the specification - and this is modified by Matrix Spec Change (MSC) proposals. Learn more about how the process works at https://spec.matrix.org/proposals.

MSC Status

New MSCs:

MSCs in Final Comment Period:

Accepted MSCs:

  • No MSCs were accepted this week.

Closed MSCs:

  • No MSCs were closed/rejected this week.

Spec Updates

Lots of MSCs moving through the pipeline this week! Plus a myriad of spec changes too! The spec seems to be gently humming along.

In other news, the next release of the spec, v1.7, is coming up in the not-too-distant future. In keeping with our roughly quarterly release schedule - the release of v1.6 was on February 14th, 2023 - a new release of the spec should come some time in next few weeks.

We haven't set a date yet, but expect to do so soon. So watch this space!

Random MSC of the Week

The random MSC of the week is... MSC3741: Revealing the useful login flows to clients after a soft logout!

This MSC fixes an edge case in the spec. Imagine the following scenario. You're logged into your homeserver via an SSO flow (let's say by signing into GitLab), and then you try to change your password on GitLab. Doing so may cause a "soft logout" to occur for your Matrix client. A soft logout, by the way, happens when your access token is invalidated, but your client is told explicitly not to wipe its local state (including encryption keys).

Your Matrix client is telling you to log back in again, and in doing so calls out to the GET /_matrix/client/v3/login endpoint to see what login methods are available. Your homeserver supports both password-based and SSO-based login, so that's what you get back. Your client happily presents you both options. You try to type your GitLab password, but it's incorrect. And you've just given your GitLab password to this Matrix homeserver in plaintext - oh no!

The problem here stems from the fact that GET /login is unauthenticated. The homeserver doesn't know who you are when you attempt to log in again, and thus can't tailor the available login methods to those that make sense for you. This MSC aims to fix this by having your Matrix client, upon trying to learn how to log in again after a soft logout, provide your expired access token in an Authorization request header. The homeserver can then check and see that 1) you were just soft logout'd and 2) you are an account that is authorised via SSO - so it doesn't make sense to suggest you log in again via a password specific to your Matrix homeserver!

While this MSC discusses a valuable solution, it is worth considering that the User-Interactive Authentication system as a whole is going to be completely replaced by OpenID Connect instead, which will make this problem (and solution) moot. Still, that day is not here yet, so if you suffer from this problem today, this may be one method to deal with it.

Continue reading…