Security releases: matrix-js-sdk 19.4.0 and matrix-react-sdk 3.53.0

31.08.2022 18:13 — Releases Denis Kasak

Today we are issuing security releases of matrix-js-sdk and matrix-react-sdk to patch a couple of High severity vulnerabilities (reserved as CVE-2022-36059 for the matrix-js-sdk and CVE-2022-36060 for the matrix-react-sdk).

Affected clients include those which depend on the affected libraries, such as Element Web/Desktop and Cinny. Releases of the affected clients will follow shortly. We advise users of those clients to upgrade at their earliest convenience.

The vulnerabilities give an adversary who you share a room with the ability to carry out a denial-of-service attack against the affected clients, making it not show all of a user's rooms or spaces and/or causing minor temporary corruption.

The full vulnerability details will be disclosed at a later date, to give people time to upgrade and us to perform a more thorough audit of the codebase.

Note that while the vulnerability was to our knowledge never exploited maliciously, some unintentional public testing has left some people affected by the bug. We made a best effort to sanitize this to stop the breakage. If you are affected, you may still need to clear the cache and reload your Matrix client for it to take effect.

We thank Val Lorentz who discovered and reported the vulnerability over the weekend.

This Week in Matrix 2022-08-26

26.08.2022 19:03 — This Week in Matrix Brendan Abolivier
Last update: 26.08.2022 18:43

Happy TWIMday everyone! Thib is away this week again, so I'm covering for him as your host in this edition of This Week In Matrix.

Matrix Live 🎙

Following up on last week's tutorial about using Docker Compose to install Synapse, this week Thib explains how to use Ansible to deploy your own Matrix homeserver.

Dept of Status of Matrix 🌡️

TravisR reports

Earlier in the year, t2bot.io passed 1 Million known rooms and now it's passed 10 Million bridged users (10,039,915 users to be exact, at time of writing). Most of these users will be people who have participated in a channel/chat on Discord or Telegram that was bridged to Matrix through t2bot.io's free service, with about 500 thousand being active each month.

Approximately 8 Million of the users are from Telegram, covering about 11% of all Telegram users (previously 15% based on information available at the time). The remaining 2 Million are Discord users, roughly 0.5% of Discord's user base. For perspective, t2bot.io has just over 683 Million events in the database and is bridging between 30 and 40 thousand people a day.

Like last time, this is just a milestone update, though it's also a good reminder to host your own server if you can. Element's own hosting platform is a great option if you'd like to have a server without running it yourself, and Beeper offers a richer bridging experience than t2bot.io can feasibly provide. If you'd like to go down the self-hosting route, check out Thib's video guide on hosting synapse or last week's Matrix Live for a better understanding of what hosting Synapse actually means.

As for an interesting statistic: despite not having much functionality that deals with Spaces, t2bot.io can see 2687 Spaces from the wider world. The plan in the coming months is to support a way to bridge a whole Discord server to a Matrix Space, making this statistic hopefully more interesting as time goes on.

Dept of Spec 📜

uhoreg reports

Here's your weekly spec update! The heart of Matrix is the specification - and this is modified by Matrix Spec Change (MSC) proposals. Learn more about how the process works at https://matrix.org/docs/spec/proposals.

MSC Status

Merged MSCs:

  • No MSCs were merged this week.

MSCs in Final Comment Period:

  • No MSCs are in FCP.

New MSCs:

Spec Core Team

The Spec Core Team has been continuing to push forward on the spec. Several new MSCs have been opened recently. The Spec Core Team is available in #sct-office:matrix.org when MSC authors think that they are ready for primetime.

Random MSC of the Week

The random MSC of the week is... MSC2162: Signaling Errors at Bridges!

Bridges sometimes are unable to relay messages to the remote service for one reason or another. This MSC proposes a way to allow bridges to indicate that a message failed to be delivered, and allow users to tell the bridge to retry.

Dept of Outreachy 🎓️

andybalaam announces

Usman's internship, working on Favourite Messages, is coming to an end! Check out Usman's blog post and Andy's blog post! To follow progress on Favourite Messages (which is still very much a prototype), check out the tracking issue: Tracking issue for Favourite Messages. Thanks to Usman for being an awesome mentee!

Dept of Servers 🏢

Synapse (website)

Synapse is a Matrix homeserver implementation developed by the matrix.org core team

Brendan Abolivier says

This week we've released Synapse 1.66.0rc1! This upcoming release deprecates delegating email validation to an identity server (more info here) and includes improved validation around user-interactive authentication, support for a couple of experimental features, as well as the usual batch of bug fixes and performance improvements 🙂

As always, any help with testing and feedback on this RC is appreciated! Feel free to drop any feedback or bug report in #synapse:matrix.org and the Synapse repo respectively.

Dendrite (website)

Second generation Matrix homeserver

neilalexander announces

This week we released Dendrite 0.9.5 which includes a number of fixes, particularly for federation:

  • The roomserver will now correctly unreject previously rejected events if necessary when reprocessing
  • The handling of event soft-failure has been improved on the roomserver input by no longer applying rejection rules and still calculating state before the event if possible
  • The federation /state and /state_ids endpoints should now return the correct error code when the state isn't known instead of returning a HTTP 500
  • The federation /event should now return outlier events correctly instead of returning a HTTP 500
  • A bug in the federation backoff allowing zero intervals has been corrected
  • The create-account utility will no longer error if the homeserver URL ends in a trailing slash
  • A regression in /sync introduced in 0.9.4 should be fixed

As always, please feel free to join us in #dendrite:matrix.org for more Dendrite-related discussion.

Dept of Ops 🛠

matrix-docker-ansible-deploy (website)

Matrix server setup using Ansible and Docker

Slavi reports

Thanks to Aine of etke.cc, matrix-docker-ansible-deploy can now set up the new Postmoogle email bridge/bot. Postmoogle is like the email2matrix bridge (also already supported by the playbook), but more capable and with the intention to soon support sending emails, not just receiving.

See our Setting up Postmoogle email bridging documentation to get started.

Dept of Bridges 🌉

Aine reports

follow-up to Slavi's announcement: Postmoogle is here!

Actually, he explained it pretty good, so here are some additional links

Source code and Roadmap with implemented and planned features and as usual, say hi in the #postmoogle:etke.cc

Dept of Clients 📱

Quadrix (website)

A Minimal, simple, multi-platform chat client for the Matrix protocol.

JFA says

Quadrix v1.2.5 has been released! The update is already available for Linux, MacOS and iOS. The Windows and Android updates are awaiting approval from the respective stores. This release has mostly "under the hood" improvements (upgrade to React Native 0.69, React 18 and other key dependencies), but also fixes a few bugs and brings minor UI improvements.

Great news: Quadrix finally made it to https://matrix.org/clients/ :-) Many thanks to @madlittlemods:matrix.org!!!

Please leave feedback/comments at #quadrix:matrix.org or in the issues at https://github.com/alariej/quadrix (stars welcome :-))

Element Web/Desktop (website)

Secure and independent communication, connected via Matrix. Come talk with us in #element-web:matrix.org!

kittykat says

In labs (you can enable labs features in settings on develop.element.io or on Nightly):

  • We’re working hard on updating Threads, squashing bugs and improving performance. We have several MSCs open introducing new functionality to read receipts so that notifications work better than ever.

Element iOS (website)

Secure and independent communication for iOS, connected via Matrix. Come talk with us in #element-ios:matrix.org!

Ștefan reports

  • We’re working hard on making the new layout ready for general use, squashing bugs and taking names until everything is in tip top shape. We have a test flight build out: we’ve delayed the release to next week while we iron out the last creases.
  • In ElementX land we have started on adding analytics and Xcode Cloud support and have updated our logging strategy. We will also start adopting sliding sync and using the new Rust Timeline providers

Dept of VoIP 🤙

Element Call (website)

Native Decentralised End-to-end Encrypted Group Calls in Matrix, as a standalone web app

Robin announces

Element Call v0.2.7 and v0.2.8 have been released this past week, adding local volume control, full screen mode, audio in screen sharing and, ahem, fixing an embarrassing bug where we broke walkie-talkie mode... 🐑 Oh, and it's also all in TypeScript now. 🚀 https://github.com/vector-im/element-call/releases/tag/v0.2.7

Dept of SDKs and Frameworks 🧰

simplematrixbotlib (website)

simplematrixbotlib is an easy to use bot library for the Matrix ecosystem written in Python and based on matrix-nio.

HarHarLinks says

simplematrixbotlib has reached version 2.7.0, adding support for end-to-end encryption! 🎉 Come chat over at #simplematrixbotlib:matrix.org!

Here is a summary of things that have happened since we last announced v2.6.3 on this channel:

  • 🌐 The repo canonically moved to https://github.com/i10b/simplematrixbotlib, but the PyPI package remains available in the usual place.
  • 🔒️ E2EE support! To enable it, simply install the optional e2ee dependencies. Find out how in the manual.
  • 😄 Emoji verification support! Enable the option and you'll be able to interactively verify between the bot and your devices. (But mind that for now, in-room verification is not supported, but only to-device).
  • ☝️ Fingerprint verification support! As an additional method, the bot will print it's encryption fingerprint so you can "manually verify".
  • 🗄️ Extensible config file! It is now easier than ever to add your own configuration options to the built-in TOML config file.
  • 🧹 The usual housekeeping, bumping matrix-nio to 0.19.0.
  • 🗨️ I (HarHarLinks) will be presenting the library this weekend at #matrix-summit-berlin-2022:c-base.org! If you are in the Berlin 🇩🇪 area, come visit c-base!

The easiest to use bot library for Matrix. Get started in just 10 lines of code:

import simplematrixbotlib as botlib

config = botlib.Config()
config.emoji_verify = True
creds = botlib.Creds("https://home.server", "user", "pass")
bot = botlib.Bot(creds, config)

@bot.listener.on_message_event
async def echo(room, message):
    if botlib.MessageMatch(room, message, bot, PREFIX).is_not_from_this_bot():
        await bot.api.send_text_message(room.room_id, message.body)

bot.run()

matrix-rust-sdk (website)

Matrix Client-Server SDK for Rust

ben announces

With a few people out of office, this weeks has been one of the more quiet ones, but progress has been made non-the-less. Again a lot happens in draft PRs and the background, like with the upcoming Timeline API but also the path forward for integrating the crypto bindings into the js-sdk. There are a few notable PRs merged this week still improving the API (#972 and #973, #961), upgrading to latest ruma, removing dependencies (parking_lot) to improve compile times as well as merging the release infrastructure for crypto-js.

👉 Wanna hack on matrix rust? Go check out our help wanted tagged issues and join our matrix channel at Matrix Rust SDK.

Dept of Bots 🤖

Alertbot (website)

moanos [he/him] announces

This new bot allows users to use webhooks to forward monitoring alerts (e.g from prometheus) to matrix rooms. This means that you no longer have to use E-Mail or Slack to receive alerts. To set it up visit Github Alertmanager or join #alertbot:hyteck.de

Opsdroid (website)

An open source chat-ops bot framework

Oleg says

Though this release doesn't include Matrix-related changes. Still there are new feature and fixes worth mentioning:

Thanks for all the contributions! 🙌 See the full changelog for details.

Dept of Events and Talks 🗣️

HarHarLinks says

Greetings to the world from #matrix-summit-berlin-2022:c-base.org!

Dept of Interesting Projects 🛰️

Array in a Matrix reports

Matrix AI that generates messages based off other users' messages using a neural network. The bot trains its GPT-2 model using the CPU and is written in JavaScript (Node.JS) and Python. The project's code can be found here.

MinesTRIX (website)

A privacy focused social media based on MATRIX

Henri Carnot reports

Hi all, quite a lot happened since the last twim post a few months ago.

In a nutshell, we refactored the feed page and user page for a better viewing experience. We also now allow displaying and commenting post images in a dedicated view. Also, you can now send follow request using knocking, thanks to profile as space support. (Yes, MSC is coming)

Finally, we have now multi account support, better stories display and refactored login and settings page.

Well... we almost modified everything :D

See more at https://minestrix.henri2h.fr/posts/

Stay tuned, event organization is coming soon (you can see the first implementation in the blog post.

PS: For those at the Matrix summit, I will be presenting it tomorrow

Dept of Guides 🧭

Nate Covington reports

I recently made a blog post / video walk through of Matrix, hopefully it will be helpful to someone: https://www.covingtoncreations.com/blog/what-can-matrix-do-for-your-organization

Room of the Week 📆

ssorbom ⚡️ says

Have you ever felt lost in the Matrix world? Too many rooms and spaces to manage? Well, back by popular demand (with Timo's blessing), I present, The Room of the Week! Every week we strive to highlight a room or a space that we believe deserves attention for discussing interesting going on across the Matrix Network.

This week on room of the week:

We Are All Tech enthusiasts on The Matrix Network, but do you ever experience Tech burnout? Do you ever wish you could find discussions in The Matrix Universe about things other than Tech? Well, this week we bring you a very technical solution!

Because we are highlighting:

#non-technology:matrix.org

A space where you will find information about everything except technology. Groups are helpfully categorized by Subspace, and feature discussions about everything from musical instruments to beverages. If it isn't about computing, it's there.

If you have a room you wish to see highlighted, join us at: https://matrix.to/#/!bIyiUUnriVoHtYzuPS:fachschaften.org?via=chat.shawnsorbom.net&via=matrix.org&via=fachschaften.org To get your favorite room of the week highlighted.

Dept of Ping 🏓

No ping stats while Thib is away, but you can always join the fun at #ping:maunium.net and #ping-no-synapse:maunium.net!

That's all I know 🏁

See you next week, and be sure to stop by #twim:matrix.org with your updates!

This Week in Matrix 2022-08-19

19.08.2022 21:42 — This Week in Matrix Brendan Abolivier
Last update: 19.08.2022 18:52

Hey folks, welcome to a new edition of This Week In Matrix! Thib is offline this week and next so I'll be taking over while he's away.

Matrix Live 🎙

This week Thib (is he ever really away?) shows us how to host Synapse with Docker Compose.

Dept of Status of Matrix 🌡️

Matthew shared with us the Matrix Summer Special 2022! Come read all about what's happened in Matrix-land so far this year, and what's coming up next, right here: https://matrix.org/blog/2022/08/15/the-matrix-summer-special-2022

Dept of Spec 📜

Andrew Morgan (anoa) announces

Here's your weekly spec update! The heart of Matrix is the specification - and this is modified by Matrix Spec Change (MSC) proposals. Learn more about how the process works at https://matrix.org/docs/spec/proposals.

MSC Status

New MSCs:

MSCs in Final Comment Period:

  • No MSCs are in FCP.

Merged MSCs:

  • No MSCs were merged this week.

Closed MSCs:

Spec Updates

This week the Spec Core Team focused on improvements to the spec source itself. richvdh opened a PR for edit events, and yours truly did a small PR to clarify the required state of the response to /_matrix/client/v3/login/.

There's a lot more open issues available for people to tackle however, so feel free to get involved and help out if you have some spare time!

Finally other than the usual rounds of review by the team, I've been working on a spec process document that aims to explain the practical portions of the text found at https://spec.matrix.org/proposals/, but in a easily scannable manner. Look out for a PR with that in the near future.

Random MSC of the Week

The random MSC of the week is... MSC2871: Give widgets an indication of which capabilities they were approved for! What a mouthful!

Historically, widgets have laid outside of the spec and have only been implemented in a small subset of clients - mainly Element. As of recent weeks though, there's now a team at Element backing the feature. So exciting times ahead!

Regardless, let's highlight this MSC! It solves a crucial problem with a simple solution. Widgets can ask the client they're embedded in to do certain things (if granted certain capabilities), and the client, potentially after asking the user for permission, can allow or deny those actions. This MSC adds the machinery for a further step: the client will tell the widget what capabilities they requested were allowed, and which were denied.

I believe this spec is non-contentious, but is blocked on widgets entering the spec as a whole. Regardless, if this particular piece of the puzzle interests you, or you'd like to read all about widgets in general, the see either the MSC above or this widget spec tracking PR: https://github.com/matrix-org/matrix.org/pull/825.

Dept of Servers 🏢

Synapse (website)

Synapse is a Matrix homeserver implementation developed by the matrix.org core team

Shay announces

It's the last days of summer here and we are toiling away at making Synapse faster and leaner! In addition to continued work on faster joins, we released Synapse v1.65.0, with new features such as support for stable prefixes for private read receipts and a new module API method for creating a room (plus some other features!), as well as a host of bugfixes and internal changes to make Synapse faster and more stable. Make sure to check it out!

Dendrite (website)

Second generation Matrix homeserver

neilalexander announces

This week we released Dendrite 0.9.4, containing primarily bug fixes:

  • A bug in the roomserver around handling rejected outliers has been fixed
  • Backfilled events will now use the correct history visibility where possible
  • The device list updater backoff has been fixed, which should reduce the number of outbound HTTP requests and Failed to query device keys for some users log entries for dead servers
  • The /sync endpoint will no longer incorrectly return room entries for retired invites which could cause some rooms to show up in the client "Historical" section
  • The /createRoom endpoint will now correctly populate is_direct in invite membership events, which may help clients to classify direct messages correctly
  • The create-account tool will now log an error if the shared secret is not set in the Dendrite config
  • A couple of minor bugs have been fixed in the membership lazy-loading
  • Queued EDUs in the federation API are now cached properly

As always, please feel free to join us in #dendrite:matrix.org for more Dendrite-related discussion.

Homeserver Deployment 📥️

Helm Chart (website)

Matrix Kubernetes applications packaged into helm charts

Ananace says

This week has seen a quite a few Helm Chart updates; element-web got updated to 1.11.3, matrix-media-repo got a Redis usage fix, and matrix-synapse got updated to 1.65.0

Dept of Clients 📱

Nheko (website)

Desktop client for Matrix using Qt and C++17.

Nico reports

Nheko now has some very dirty hack to render spoilers on desktop platforms. This does not show the reason and not work in mobile mode, doesn't hide it from notifications or from the sidebar. But it is at least something. Similarly we tightened what tags we allow when validating the incoming html again. Also, as a small fix, DMs should now also properly start with encryption enabled when started from a profile and there were a few crash fixes when searching for direct chat partners and closing the window too quickly or when a user uploads a device with invalid keys.

Element Web/Desktop (website)

Secure and independent communication, connected via Matrix. Come talk with us in #element-web:matrix.org!

Danielle announces

  • Bug fixes and final polishing has been taking place for our “Start DM on first message” project. This is where the user receiving a new room invite as a DM will not get the notification until you’ve sent a message.
  • The team is testing embedding Element Call in Element Web, as well as working on other improvements to Video rooms.
  • The new user’s checklist is live in product. It’s our first version so let us know what you think!

In labs (you can enable labs features in settings on develop.element.io or on Nightly):

  • Notifications improvements to Threads are underway. The team has been testing the new MSC and related Proof of Concept (POC) which we think will solve most of the issues with Threads right now.

Element iOS (website)

Secure and independent communication for iOS, connected via Matrix. Come talk with us in #element-ios:matrix.org!

Ștefan announces

  • We did the AppStore review dance and version 1.8.27 is now available. We even got better usage strings out of it.
  • We now have UI integration and performance tests in ElementX. Even more, they’re joined by some really nice Screenshot UI tests. Test all the things!
  • We’ve fixed some small bugs and some not so small ones, coming to an Element close to you early next week. The way things are laid out, you might even see a new feature land 😉
  • The new app layout testing session went well and we are looking for more iOS testers for future sessions. If you’d like to help out in future sessions, please join #element-community-testing:matrix.org

Element Android (website)

Secure and independent communication for Android, connected via Matrix. Come talk with us in #element-android:matrix.org!

Danielle says

  • We had a very successful testing session with the all new app layout. If you’d like to take part in a future session, join us over at #element-community-testing:matrix.org
  • This week we’ve been working on fixing some FTUE crashes and covering some edge cases. Thanks to the community members submitting bugs and more info - keep it coming!
  • We’re investigating reports of missing messages, as well as a bug with the Threads beta where not all 'threaded messages' are showing up in the right place…

Dept of SDKs and Frameworks 🧰

Trixnity (website)

Multiplatform Kotlin SDK for Matrix

Benedict reports

Trixnity got some minor updates with bugfixes and iOS ARM64 Simulator support.

ruby-matrix-sdk (website)

Ruby SDK for the Matrix communication protocol

Ananace reports

Just pushed another version (2.8.0) of the Ruby Matrix SDK, which drops support for the EoL Ruby 2.6 (and drops a bunch of workarounds for it) in order to support much improved caching of room state data, along with more helper methods and a fix for a floating accessor that didn't get hooked up correctly.

matrix-rust-sdk (website)

Matrix Client-Server SDK for Rust

ben says

The Matrix Rust SDK team has been busy this week, too. Progress has been made on Siding Sync in particular, the types have been finalised and merged into mainline ruma, and more API has been made accessible via FFI. The new reactive Timeline API has been progressed, it, too, has some FFI definitions now, allowing mobile client to start playing with it. Crypto-JS, too, has progressed, adding support for de/encrypting attachments in an memory efficient fashion. On the crypto-side, the longer on-going refactor and improvements have yielded another few PRs, too, that have successfully merged, while others are still pending reviews. Other than that, we've seen quite a few smaller fixes and improvements, around logging, docs and the examples.

👉️ Wanna hack on matrix rust? Go check out our help wanted tagged issues and join our matrix channel at Matrix Rust SDK.

Matrix Dart SDK (website)

Matrix SDK written in pure Dart.

Nico announces

This week in the dart SDK we mostly fixed bugs. Many of those are related to call negotiations where streams were closed in the wrong order, not closed at all or in group calls the call never learned about new members or the call_ids would not match. There were also a few fixes to the background thumbnailing support added in 0.11.1, helper methods were added to easily send the right message corresponding to the mimetype of some media and fetching a timeline for some event id should work properly again.

We have some support to mark a room as either a dm or a group using slashcommands now, you have more flexibility when implementing the SSSS Bootstrap now (using the extra Bootstrap parameter in onUpdate() and to round it all off, we now have nice coverage numbers as well as coverage display on merge request diffs.

For more info, check the release notes for 0.11.2, 0.12.0, 0.12.1 and 0.12.2: https://pub.dev/packages/matrix/changelog ;-)

Dept of Events and Talks 🗣️

ChristianP says

Six days until Matrix Community Summit Berlin 2022

In less than a week the Matrix Community Summit Berlin is taking place at c-base. Join us early on Thursday (25th August) for a Barcamp where we will brainstorm, draft and prototype new ideas. The main conference days are Friday and Saturday (26th and 27th August). We have a schedule all about Matrix hosting, clients and development. With three simultaneous tracks there sure is something for you to listen to. It's also the perfect place to get to know other community members. Look forward to talks, workshops, a signing party, a Matrix P2P live test, dinner and barbecue!

We're not planing to stream or record the event. Our focus lies on providing a great in-person activities. If attendees want to blog or toot/tweet about it, please use the hashtag #MatrixCommunitySummit. Also, German-speaking folks can look forward to more coverage from the event on my podcast. https://chrpaul.de/podcast/

Because we've heard about some confusion: The event is NOT organised by the Matrix Foundation. To minimize the misconception, we've renamed it to the Matrix Community Summit Berlin. This is an event initiated by Yan, jaller94 and other Matrix enthusiasts. We also organise the Matrix Meetup Berlin.

Matrix Space: #matrix-summit-berlin-2022:c-base.org

Schedule: https://cfp.summit2022.matrixmeetup.de/matrix-summit-conference-2022/schedule/

cel says

One week until DWeb Camp

Next week (August 24-28), people will meet outdoors in California to learn and share about decentralized web technologies.

Some attendees and organizers are using Matrix internally for camp chat.

Public chat: https://matrix.to/#/#decentralizedweb-general:matrix.org

Site: https://dwebcamp.org/

Schedule (in progress): https://dwebcamp2022.sched.com

More info: https://gitlab.com/getdweb/dweb-camp-2022/#dweb-camp-2022

Previously announced: https://matrix.org/blog/2022/04/14/this-week-in-matrix-2022-04-14#dweb-camp

Room of the Week 📆

ssorbom ⚡️ announces

Have you ever felt lost in the Matrix world? Too many rooms and spaces to manage? Well, back by popular demand (with Timo's blessing), I present, The Room of the Week! Every week we strive to highlight a room or a space that we believe deserves attention for discussing interesting going on across the Matrix Network.

Last week, we were serving coffee, this week, it's tea! Specifically, tea at

#tea:matrix.org

Do you prefer sheng or shu puerh? Maybe bit more into lapsang, liuan or perhaps cliff oolongs? Greens or whites? Sencha? Having mood to discuss impact of varios clays and pot shapes? Is it better warm up water in bofura, tetsubin or electric kettle? Simply everything about the tea.

Come join us while the kettle is whistling.

If you have a room you wish to see highlighted, join us at: https://matrix.to/#/!bIyiUUnriVoHtYzuPS:fachschaften.org?via=chat.shawnsorbom.net&via=matrix.org&via=fachschaften.org To get your favorite room of the week highlighted.

Dept of Ping 🏓

No ping stats while Thib is away, but you can always join the fun at #ping:maunium.net and #ping-no-synapse:maunium.net!

That's all I know 🏁

See you next week, and be sure to stop by #twim:matrix.org with your updates!

Synapse 1.65 released

17.08.2022 15:44 — Releases Brendan Abolivier
Last update: 17.08.2022 15:25

Hey everyone! We've just released Synapse 1.65! Let's have a peek at what's inside.

Private read receipts

A feature that the more privacy-focused users of Matrix have been missing was the ability to hide read receipts from other users. Read receipts in rooms can tell a user which messages another user has read in a room. However, they can also be an unwelcome indicator that a user is currently reading a certain room, thus giving away the user's activity on Matrix at a given time.

Hiding one's read receipts from other Matrix users is unfortunately not as straightforward as simply preventing a client from sharing read receipts with the server. This is because read receipts are also used by Matrix homeservers to calculate how much of a room a user has read, and generate notification counts for rooms accordingly.

Synapse 1.65 introduces stable support for private read receipts. This feature, described by MSC2285, allows clients to send a different type of read receipt to the server. This then tells the homeserver to use this piece of information to update the user's notification counts, but not to share it with other users.

Improved room management APIs for modules

This version of Synapse includes two new module API methods to help Synapse modules interact and manage rooms. The first one, lookup_room_alias, allows modules to retrieve the room ID corresponding to a given room alias. This works both for local and remote aliases. The second one, create_room, allows modules to create new rooms on behalf of an existing user.

The update_room_membership method has also been updated in this release of Synapse to allow modules to join a room the server is not already in via federation. This can be done by using the new remote_room_hosts argument, which takes a list of homeservers to try to join via.

Everything else

Synapse 1.65 stabilises the implementation of MSC3827, which allows filtering public room searches on room types. This means it is now possible to search specifically for public spaces. For more information on this feature, see the Synapse 1.63 announcement.

Additionally, Synapse 1.65 implements the new experimental error codes documented by MSC3848. Once stabilised, these error codes will allow clients to show more specific errors to their users about why an event could not be sent.

See the full changelog for a complete list of changes in this release.

Synapse is a Free and Open Source Software project, and we'd like to extend our thanks to everyone who contributed to this release, including (in no particular order) Beeper, andrewdoh, Julian-Samuel Gebühr and Dirk Klimpel, as well as anyone helping us make Synapse better by sharing their feedback and reporting issues.

The Matrix Summer Special 2022

15.08.2022 00:00 — General Matthew Hodgson

Hi all,

At the end of each year it’s been traditional to do a big review of everything that the Matrix core team got up to that year, and announcing our predictions for the next. You can see the last edition in 2021 here - and if you’re feeling nostalgic you can head down memory lane with the 2020, 2019, 2018 ones etc too.

This year is turning out to be slightly different, however. Our plans for 2022 are particularly ambitious: to force a step change in improving Matrix’s performance and usability so that we firmly transition from our historical “make it work” and “make it work right” phases into “making it fast”. Specifically: to succeed, Matrix has to succeed in powering apps which punch their weight in terms of performance and usability against the proprietary centralised alternatives of WhatsApp, Discord, Slack and friends.

We’ve seen an absolute tonne of work happening on this so far this year… and somehow the end results all seem to be taking concrete shape at roughly the same time, despite summer traditionally being the quietest point of the year. The progress is super exciting and we don’t want to wait until things are ready to enthuse about them, and so we thought it’d be fun to do a spontaneous Summer Special gala blog post so that everyone can follow along and see how things are going!

Making it fast

We have always focused on first making Matrix “work right” before we make it “work fast” - sometimes to a fault. After all: the longer you build on a given architecture the harder it becomes to swap it out down the line, and the core architecture of Matrix has remained essentially the same since we began in 2014 - frankly it’s amazing that the initial design has lasted for as long as it has.

Over the years we’ve done a lot of optimisation work on the core team implementations of that original architecture - whether that’s Synapse or matrix-{js,react,ios,android}-sdk and friends: for instance Synapse uses 5-10x less RAM than it used to (my personal federated server is only using 145MB of RAM atm! 🤯) and it continues to speed up in pretty much every new release (this PR looks to give a 1000x speedup on calculating push notification actions, for instance!). However, there are some places where Matrix’s architecture itself ends up being an embarrassingly slow bottleneck: most notably when rapidly syncing data to clients, and when joining rooms for the first time over federation. We’re addressing these as follows…

Sliding Sync (aka Sync v3)

Historically, /sync always assumed that the client would typically want to know about all the conversations its user is in - much as an IRC client or XMPP client is aware of all your current conversations. This provided some nice properties - such as automatically enabling perfect offline support, simplifying client and server development, and making features like “jump to room” and “tab complete” work instantly given the data is all client-side. In the early days of Matrix, when nobody was yet a power user, this wasn’t really a problem - but as users join more conversations and join bigger rooms, it’s become one of Matrix’s biggest performance bottlenecks. In practice, logging into a large account (~4000 rooms) can take ~10 minutes and hundreds of megabytes of network traffic, which is clearly ridiculous. Worse: if you go offline for a day or so, the incremental sync to catch back up can take minutes to calculate (and can even end up being worse than an initial sync).

To fix this, we started work on Sliding Sync (MSC3575) in 2021: a complete reimagining of the /sync API used by Matrix clients to receive data from their homeserver. In Sliding Sync, we only send the client the data it needs to render its UI. Most importantly, we only tell it about the subset of rooms which it is visible in the scroll window of its room list (or that it needs to display notifications about). As the user scrolls around the room list, they slide the window up and down - hence the name “sliding sync”. Sliding Sync was originally called Sync v3, given it’s our 3rd iteration of the sync API - it got renamed Sliding Sync given the current sync API confusingly ended up with a prefix of /v3.

Back in December our work on Sliding Sync was still pretty early: we had the initial MSC, an experimental proxy that converted the existing sync v2 API into Sliding Sync, and a simple proof-of-concept web client to exercise it. Since then, however, there has been spectacular progress:

  • MSC3575 has undergone some big iterations as we converge on the optimal API shape.
  • The sliding-sync proxy has matured to be something which we’re now running in stealth against matrix.org for those dogfooding the API
  • We added the concept of extensions to split out how to sync particular classes of data (to avoid the API becoming a monolithic monster) - specifically:
    • Account Data
    • End-to-end Encryption
    • To-device messages
    • Ephemeral events (to be done)
    • Presence (to be done)
  • We added support for spaces!
  • We implemented it in matrix-js-sdk (which merged a few weeks ago!)
  • …and have a WIP implementation in matrix-rust-sdk too.

But most importantly, we’ve also been busy implementing Sliding Sync in Element Web itself so we can start using it for real. Now, this is still a work in progress, but as of today it’s just getting to the point where one can experiment with it as a daily driver (although it’s definitely alpha and we’re still squishing bugs like crazy!) - and we can see just how well it really performs in real life.

For instance, here’s a video of my account (4055 rooms, redacted for privacy) logging in on an entirely fresh browser via Sliding Sync - the actual sync takes roughly 1 second (at 00:18 in the video). And if we’d started the sync operation while the user is setting up E2E encryption, it would have completed in the background before they even got to the main screen, giving instant login(!). Given my account typically takes ~10 minutes to initial sync (plus even more time for encryption to sync up), this is at least a real-life 600x improvement. Moreover, the sync response is only 20KB (a ~5000x improvement) - a huge win for low-bandwidth Matrix situations.

Then, having logged in, the client subsequently launches pretty much instantly, no matter how long you’ve been offline. Total launch time is roughly 4 seconds, most of which is loading the app’s assets - which in turn could well be improved by progressively loading the app. It could also be sped up even more if we cached state locally - currently the implementation simply reloads from the server every time the app launches rather than maintaining a local cache.

As you can see, this is palpably coming together, but there’s still a bunch of work to be done before we can encourage folks to try it, including:

  • Switching the RoomList to be fully backed by sliding sync (currently the v2 roomlist is jury-rigged up to the sliding sync API, causing some flakey bugs such as duplicate rooms)
  • Spec and hook up typing / receipts / presence extensions
  • Hook up favourites, low_priority, knocked and historical rooms
  • Adding back in loading room members
  • Apply quality-of-service to to-device messages so we prioritise ones relevant to the current sliding window
  • Sync encrypted rooms in the background to search for notifications (and for indexing).
  • More local caching to speed up operations which now require checking the server (e.g. Ctrl/Cmd-K room switching)

We also need to determine whether it’s viable to run the sliding-sync proxy against matrix.org for general production use, or whether we’ll need native support in Synapse before we can turn it on by default for everyone. But these are good problems to have!!

matrix-rust-sdk and Element X

Meanwhile, over in the land of Rust, we’ve been making huge progress in maturing and stabilising matrix-rust-sdk and exercising it in Element X: the codename for the next generation of native Element mobile apps. Most excitingly, we literally just got the first (very alpha) cut of Sliding Sync working in matrix-rust-sdk and hooked up to Element X on iOS - you can see Ștefan’s demo from last week here:

matrix-rust-sdk itself is now getting a steady stream of releases - including long-awaited official node bindings, providing excellent and performant encryption support via the newly audited vodozemac Rust implementation of Olm. It’s also great to see loads of major contributions to matrix-rust-sdk from across the wider Matrix community - particularly from Ruma, Fractal, Famedly and others - thank you!! As a result the SDK is shaping up to be much more healthy and heterogeneous than the original matrix-{js,ios,android}-sdk projects.

On Element X itself: matrix-rust-sdk is being used first on iOS in Element X iOS - aiming first for launching a stable “barbecue” feature set (i.e. personal messaging) asap, followed by adding on “banquet” features (i.e. team collaboration) such as spaces and threads afterwards. We’ve shamelessly misappropriated the barbecue & banquet terminology from Tobias Bernard’s excellent blog post “Banquets and Barbecues” - although, ironically, unlike the post, our plan is still to have a single app which incrementally discloses the banquet functionality as the user’s barbecue starts to sprawl. We’ve just published the brand new development roadmap for Element X from the rust-sdk perspective on GitHub. Above all else, the goal of Element X is to be the fastest mobile messenger out there in terms of launch and sync time, thanks to Sliding Sync. Not just for Matrix - but the fastest messenger, full stop :D Watch this space to see how we do!

Finally: Element is getting a major redesign of the core UI on both iOS and Android - both for today’s Element and Element X. I’m not going to spoil the final result (which is looking amazing) given it’ll have a proper glossy launch in a few weeks, but you can get a rough idea based on the earlier design previewed by Amsha back in June:

In addition to the upcoming overall redesign, Element also landed a complete rework of the login and registration flows last week on iOS and Android - you can see all about it over on the Element blog.

Fast Remote Joins

In terms of performance, the other area that we’re reworking at the protocol level is room joins.

One of the most glaring shortcomings of Matrix happens when a new server admin excitedly decides to join the network, installs a homeserver, tries to join a large room like #matrix:matrix.org, and then looks on in horror as it takes 10+ minutes to join the room, promptly despairs of Matrix being slow and complains bitterly about it all over HN and Reddit :)

The reason for the current behaviour is that the Matrix rooms are replicated between the servers who participate in them - and in the initial design of the protocol we made that replication atomic. In other words, a new server joining a room picks a server from which to acquire the room (typically the one in the room’s alias), and gets sent a copy of all the state events (i.e. structural data) about the room, as well as the last 20 or so messages. For a big room like Matrix HQ, this can be massive - right now, there are 79,969 state events in the room - and 126,510 auth_chain events (i.e. the events used to justify the existence of the state events). The reason there are so many is typically that the act of a user joining or parting the room is described by a state event - and in the naive implementation, the server needs to know all current state events in the room (e.g. including parted users), in order to keep in sync with the other servers in the room and faithfully authorise each new event which they receive for that room.

However, each event is typically around 500 bytes in size, and so the act of joining a big room could require generating, transmitting, receiving, authenticating and storing up to 100MB of JSON 😱. This is why joining big rooms for the first time is so painfully slow.

Happily, there is an answer: much as Sliding Sync lets clients synchronise with the bare minimum of data required to render their UI, we’ve created MSC3706 (and its precursor MSC2775) in order to rework the protocol to let servers receive the bare minimum of state needed to join a room in order to participate. Practically speaking, we only really care about events relevant to the users who are currently participating in the room; the 40,000 other lurkers can be incrementally synced in the background so that our membership list is accurate - but it shouldn’t block us from being able to join or read (or peek) the room. We already have membership lazyloading in the client-server API to support incrementally loaded membership data, after all.

The problem with this change is that Synapse was written from the outset to assume that each room’s state should be atomically complete: in other words, room state shouldn’t incrementally load in the background. So the work for Faster Joins has been an exercise in auditing the entirety of Synapse for this assumption, and generally reviewing and hardening the whole state management system. This has been loads of work that has been going on since the end of last year - but the end is in sight: you can see the remaining issues here.

As of right now, faster joins work (although aren’t enabled by default) - with the main proviso that you can’t speak in the room yet until the background sync has completed, and the new implementation has not yet been optimised. However, thanks to all the preparation work, this should be relatively straightforward, so the end is in sight on this one too.

In terms of performance: right now, joining Matrix HQ via the unoptimised implementation of faster joins completes on a fresh server in roughly 30 seconds - so a ~25x improvement over the ~12 minutes we’ve seen previously. However, the really exciting news is that this only requires synchronising 45 state events and 107 auth_chain events to the new server - a ~1400x improvement! So there should be significant scope for further optimising the calculation of these 152 events, given 30 seconds to come up with 152 events is definitely on the high side. In our ideal world, we’d be getting joins down to sub-second performance, no matter how big the room is - once again, watch this space to see how we do.

Finally, alongside faster remote joins, we’re also working on faster local joins. This work overlaps a bit with the optimisation needed to speed up the faster remote join logic - given we are seeing relatively simple operations unexpectedly taking tens of seconds in both instances. Some of this is needing to batch database activity more intelligently, but we also have some unknown pauses which we’re currently tracking down. Profiling is afoot, as well as copious Jaeger and OpenTracing instrumentation - the hunt is on!

Ratcheting up testing

All the work above describes some pretty bold changes to speed up Matrix and improve usability - but in order to land these changes with confidence, avoiding regressions both now and in future, we have really levelled up our testing this year.

Looking at matrix-react-sdk as used by Element Web/Desktop: all PRs made to matrix-js-sdk must now pass 80% unit test coverage for new code (measured using Sonarqube, enforced as a GitHub PR check). All matrix-react-sdk PRs must be accompanied by a mix of unit tests, end-to-end tests (via Cypress) and screenshot tests (via percy.io). All regressions (in both nightly and stable) are retro’d to ensure fixed things stay fixed (usually via writing new tests), and we have converted fully to typescript for full type safety.

Concretely, since May, we’ve increased js-sdk unit test coverage by ~10% globally, increased react-sdk coverage by ~17%, and added ever more Cypress integration tests to cover the broad strokes. Cypress now completely replaces our old Puppeteer-based end-to-end tests, and Sliding Sync work in matrix-react-sdk is being extensively tested by Cypress from the outset (the Sliding Sync PR literally comes with a Cypress test suite).

In mobile land, the situation is more complex given our long-term strategy is to deprecate matrix-ios-sdk and matrix-android-sdk2 in favour of matrix-rust-sdk. matrix-rust-sdk has always had excellent coverage, and in particular, adopting the crypto module in the current matrix-{js,ios,android}-sdk will represent a night and day improvement for quality (not to mention perf!). We’ll also be adopting PR checks, and screenshot testing for the mobile SDKs.

On the backend, we continue to build out test cases for our new integration tester Complement (in Golang), alongside the original sytest integration test suite (in Perl). In particular, we can now test Synapse in worker mode. The intention with Complement is that it should be homeserver agnostic so that any homeserver implementation can benefit. Indeed the project was initiated by Kegan wearing his Dendrite hat.

Finally, we’ve had a huge breakthrough with true multi-client end-to-end testing in the form of Michael Kaye’s brand new Traffic Light project. For the first time, we can fully test things like cross signing and verification and VoIP calls end-to-end across completely different platforms and different clients. It’s early days yet, but this really will be a game changer, especially for crypto and VoIP.

Next up, we will turn our attention to a performance testing framework so that we can reliably track performance improvements and regressions in an automated fashion - heavily inspired by Safari’s Page Load Test approach. This will be essential as we build out new clients like Element X.

A whole new world

All the stuff above is focused on improving the core performance and usability of Matrix - but in parallel we have also been making enormous progress on entirely new features and capabilities. The following isn’t a comprehensive list, but we wanted to highlight a few of the areas where new development is progressing at a terrifying rate…

Native VoIP Conferencing

2022 is turning out to be the year that Matrix finally gets fully native voice/video conferencing. After speccing MSC3401 at the end of last year, Element Call Beta 1 launched as a reference implementation back in March, followed by enabling E2EE, spatial audio and walkie-talkie mode in Element Call Beta 2 in June.

However, the catch was that Element Call beta 1 and 2 only ever implemented “full mesh” conferencing - where every participant calls every other participant simultaneously, limiting the size of the conference to ~7 participants on typical hardware, and wasting lots of bandwidth (given you end up sending the same upstream multiple times over for all the other participants). Element Call has been working surprisingly well in spite of this, but the design of MSC3401 was always to have “foci” (the plural of ‘focus’ - i.e. conference servers) to optionally sit alongside homeservers in order to aggregate the participating calls, a bit like this:

MSC3401 Architecture

With foci, clients only need to send their upstream to their local focus, rather than replicating it across all the other participants - and the focus can then fan it out to other foci or clients as required. In fact, if no other clients are even watching your upstream, then your client can skip sending an upstream to its focus entirely!

Most importantly, foci are decentralised, just like Matrix: there is no single conference server as a single point of control or failure responsible for powering the group call - users connect to whichever focus is closest to them, and so you automatically get a standards-based heterogeneous network-split-resilient geographically distributed cascading conferencing system with end-to-end-encryption, powered by a potentially infinite number of different implementations. To the best of our knowledge, this is the first time someone’s proposed an approach like this for decentralised group calling (watch out, Zoom, we’re coming for you!)

Now, the VoIP team have been busy polishing Element Call (e.g. chasing down end-to-end encryption edge cases and reliability), and also figuring out how to embed it into Element and other Matrix clients as a quick way to get excellent group VoIP (more on that later). As a result, work on building out foci for scalable conferencing had to be pushed down the line.

But in the last few months this completely changed, thanks to an amazing open source contribution from Sean DuBois, project lead over at Pion - the excellent Golang WebRTC implementation. Inspired by our initial talk about MSC3401 at CommCon, Sean independently decided to see how hard it’d be to build a Selective Forwarding Unit (SFU) focus that implemented MSC3401 semantics using Pion - and published it at https://github.com/sean-der/sfu-to-sfu (subsequently donated to github.com/matrix-org). In many ways this was a flag day for Matrix: it’s the first time that a core MSC from the core team has been first implemented from outside the core team (let alone outside the Matrix community!). It’s the VoIP equivalent of Synapse starting off life as a community contribution rather than being written by the core team.

Either way: Sean’s SFU work has opened the floodgates to making native Matrix conferencing actually scale, with Šimon Brandner and I jumping in to implement SFU support in matrix-js-sdk… and as of a few weeks ago we did the first ever SFU-powered Matrix call - which worked impressively well for 12 participants!

12 person Element Call

Now, this isn’t released yet, and there is still work to be done, including:

  • We actually need to select the subset of streams we care about from the focus
  • We need to support thumbnail streams as well as high-res streams
  • We need rate control to ensure clients on bad connections don’t get swamped
  • We need to hook up cascading between foci (although the SFU already supports it!)
  • We need E2EE via insertable streams
  • Faster signalling for switching between streams

You can see the full todo list for basic and future features over on GitHub. However, we’re making good progress thanks to Šimon’s work and Sean’s help - but with any luck beta 3 of Element Call might showcase SFU support!

Meanwhile it’s worth noting that Element Call is not the only MSC3401 implementation out there - the Hydrogen team has added native support to Hydrogen SDK too (skipping over the old 1:1 calling), so expect to see Element <-> Hydrogen calling in the near future. The Hydrogen implementation is also what powers Third Room (see below…)

Matryoshka VoIP Embedding

Elsewhere on VoIP, we’ve also been hard at work figuring out how to embed Element Call into Matrix clients in general, starting with Element Web, iOS & Android. Given MSC3401 is effectively a superset of native 1:1 Matrix VoIP calling, we’d ideally like to replace the current 1:1-only VoIP implementation in Element with an embedded instance of Element Call (not least so we don’t have to maintain it in triplicate over Web/iOS/Android, and because WebRTC-in-a-webview really isn’t very different to native WebRTC). To do this efficiently however, the embedded Element Call needs to share the same underlying Matrix client as the parent Element client (otherwise you end up wasting resources and devices and E2EE overhead between the two). Effectively Element Call ends up needing to parasite off the parent’s client. We call this approach “matryoshka embedding”, given it resembles nested Russian dolls. 🪆

In practice, we do this by extending the Widget API to let Matrix clients within the widget share the parent’s Matrix client for operations such as sending and receiving to-device messages and accessing TURN servers (c.f. MSC3819 and MSC3846). This in turn has been implemented in the matrix-widget-api helper library for widget implementers - and then a few days ago Robin demonstrated the world’s first ever matryoshka embedded Element Call call, looking like this:

Matryoshka embedded Element Call

Note that the MSC3401 events are happening in the actual room where the widget has been added, sent by the right users from Element Web rather than from Element Call, and so are subject to all the normal Matrix access control and encryption semantics. This is a huge step forwards from embedding Jitsi widgets, where the subsequent call membership and signalling happens in an entirely separate system (XMPP via Prosody, ironically) - instead: this is proper native Matrix calling at last.

Moreover, the same trick could be used to efficiently embed other exotic Matrix clients such as Third Room or TheBoard - giving the user the choice either to use the app standalone or within the context of their existing Matrix client. Another approach could be to use OIDC scopes to transparently log the embedded client in using the parent’s identity; this has the advantage of no code changes being needed on the embedded client - but has the disadvantage that you needlessly end up running two Matrix clients for the same account side by side, and adding another device to your account, which isn’t ideal for a performance sensitive app like Element Call or Third Room.

Matryoshka embedding isn’t live yet, but between scalable calls via SFU and native Element Call in Element Web/iOS/Android, the future is looking incredibly exciting for native Matrix VoIP. We hope to finish embedding Element Call in Element Web/iOS/Android in Sept/Oct - and if we get lucky perhaps the SFU will be ready too and then Element Call can exit beta!

Finally, we also added Video Rooms to Element Web - adding the user interface for an “always on” video room that you can hop into whenever you want. You can read about it over on the Element blog - the initial implementation uses Jitsi, but once Element Call and Matryoshka embedding is ready, we’ll switch over to using Element Call instead (and add Voice Rooms too!)

Video Rooms

Third Room

Just as MSC3401 and Element Call natively adds decentralised voice/video conferences to boring old textual Matrix chatrooms, MSC3815 and Third Room go the whole enchilada and adds a full decentralised 3D spatial collaboration environment into your Matrix room - letting you turn your Matrix rooms into a full blown interconnected virtual world.

I can’t overstate how exciting this is: one of the key origins of Matrix was back in Oct 2013 when Amandine and myself found ourselves in Berlin after TechCrunch Disrupt, debating why Second Life hadn’t been more successful - and wondering what you’d have to do to build an immersive 3D social environment which would be as positive and successful as a wildly popular chat network. Our conclusion was that the first key ingredient you’d need would be a kick-ass open decentralised communication protocol to build it on - providing truly open communication primitives that anyone could build on, much like the open web… and that was what got us thinking about how to build Matrix.

Fast forward 9 years, and Third Room is making spectacular progress in building out this dream, thanks to the incredibly hard work of Robert, Nate and Ajay. The goal of Third Room is to be an open platform layered directly on Matrix for spatial collaboration of any kind: effectively a blank canvas to let folks create freeform collaborative 3D (and in future 2D, VR or AR) experiences, either by using existing assets or building their own user-generated content and functionality. Just like the open web itself, this unlocks a literally infinite range of possibilities, but some of the obvious uses include: spatial telepresence, social VR, 3D visualisation of GIS or weather data, 3D simulated environments, search and rescue and disaster response operations (imagine streaming LIDAR from a drone surveying hurricane devastation into Third Room, where you can then overlay and collaborate on GIS data in realtime), and of course 3D gaming in all its various forms.

Now, we’re hoping to give Third Room a proper launch in a few weeks, so I’m not going to spoil too much right now - but the final pieces which are currently coming together include:

  • Finalising the initial version of Manifold, the multi-threaded game engine which powers Third Room (built on Three.JS, bitECS and Rapier), using SharedArrayBuffers as triple-buffers to synchronise between the various threads. See this update for a bit more detail on how the engine works.
  • Finalising the Matrix client interface itself, powered by Hydrogen SDK in order to be as lightweight as possible
  • Adding in full spatial audio and game networking via MSC3401 and Hydrogen SDK (currently full mesh, but will go SFU as soon as SFUs land!)
  • Adding in animated avatars (currently using Mixamo animations)
  • Adding in name tags and object labels
  • Adding in 3D Tile support in order to incrementally load 3D map tiles à la Google Earth
  • Building an asset pipeline from Unity and Blender through to the glTF assets which Third Room uses.
  • Initial framework for an in-world direct-manipulation editor
  • Lightmap support for beautiful high-performance static lighting and shadows
  • Full post-processing pipeline (bloom, depth-of-field, anti-aliasing etc)
  • Integrating with OIDC for login, registration, and account management (see OIDC below)

As a quick teaser - here’s an example of a Unity asset exported into Third Room, showing off lightmaps (check out the light and shadows cast by the strip lighting inside, or the shadow on the ground outside). Ignore the blurry HDR environment map of Venice in the background, which is just there to give the metals something to reflect. Check out the stats on the right-hand side: on Robert’s M1 Macbook Pro we’re getting a solid 60fps at 2000x1244px, with 13.12ms of unused gametime available for every 16.67ms frame, despite already showing a relatively complicated asset!

Meanwhile, here are some shots of Robert and Nate chasing each other around the UK City demo environment (also exported from Unity), showing off blended Mixamo animations and throwing around crates thanks to the Rapier physics engine.


And don't forget, it's just a Matrix client - with no infrastructure required other than a normal Matrix server:

Third Room Overlay

As you can see, we are rapidly approaching the point where we’ll need support from technical artists to help create beautiful scenes and avatars and assets in order to make it all come to life - especially once the Blender and Unity pipelines, and/or the Third Room editor are finished. If you’re interested in getting involved come chat at #thirdroom-dev:matrix.org!

WYSIWYG

Back in the real world, a recent new project that we haven’t spoken about much yet is adding consistent WYSIWYG (What You See Is What You Get) editing to the message composer in matrix-{react,ios,android}-sdk as used by Element Web/iOS/Android - as well as publishing the resulting WYSIWYG editor for the greater glory of the wider ecosystem.

This is a bit of a contentious area, because we’ve tried several times over the years to add a rich text editor to matrix-react-sdk - firstly with the Draft.js implementation by Aviral (which we abandoned after Facebook de-staffed Draft), and then later with a Slate implementation by me (which we abandoned thanks to the maintenance burden of keeping up with Slate’s API changes). Finally, burnt by the experience with third party solutions, Bruno wrote his own editor called CIDER, which was a great success and is what Element Web uses today to author messages including ‘pills’ for structured rooms/users etc… but this deliberately didn’t provide full WYSIWYG functionality. Meanwhile, Slack added WYSIWYG, forced it on, and screwed it up - and apps like WhatsApp and Discord seem to get by fine without WYSIWYG.

However, given that users are now used to WYSIWYG in Teams and Slack, we’ve now decided to have another go at it, inspired by CIDER’s success - and with the novel twist that the heavy lifting of modelling and versioning the document and handling Unicode + CJK voodoo will be provided by a cross-platform native library written in Rust, ensuring that matrix-{react,ios,android}-sdk (and in future matrix-rust-sdk-based apps like Element X) all have precisely the same consistent semantics, and we don’t spend our lives fixing per-platform WYSIWYG bugs unless it really is a platform-specific issue with the user interface provided on that particular platform.

The project is fairly young but developing fast, and lives over at https://github.com/matrix-org/matrix-wysiwyg (better name suggestions welcome ;) - we’re aiming to get it into clients by the end of October. The editor itself is not Matrix specific at all, so it’ll be interesting to see if other projects pick it up at all - and meanwhile, if we’ve done a good job, it’ll be interesting to see if this can be used to power Matrix-backed collaborative-editing solutions in future…

Update: we should have mentioned that the WYSIWYG editor project is being built out by staff at Element, who very kindly have been sponsored to work on it by one of Element's Big Public Sector Customers in order to get to parity with Teams. Thank you!!

Are We OIDC Yet?

On the other hand, a project we recently yelled about a lot is Matrix’s transition to Open ID Connect for standards-based authentication and account management. We announced this at the end of the year and the project has built up huge momentum subsequently, culminating with the release of https://areweoidcyet.com last week to track the progress and remaining work.

Our plan is to use native OIDC in production for the first time to provide all the login, registration and account management for Third Room when it launches in a few weeks (using a branded Keycloak instance as the identity provider, for convenience). After all, the last thing we wanted to do was to waste time building fiddly Matrix-specific login/registration UI in Third Room when we’re about to move to OIDC! This will be an excellent case study to see how it works, and how it feels, and inform the rest of the great OIDC experiment and proposed migration.

Dendrite + P2P

Meanwhile, the Next Generation team has continued to focus on their mission to make Dendrite as efficient and usable as possible. Within recent months, Dendrite has matured dramatically, with a considerable list of bugs fixed, performance significantly improved and new features added - push notifications, history visibility and presence to name a few notable additions.

Neil Alexander, Kegan and Till have continued to streamline the Dendrite architecture and to refactor areas of the codebase which have long needed attention, as well as moving from Kafka to NATS JetStream, an all-new caching model and some other fairly major architectural changes. We’ve also seen an increase of code contributions from the community and outside organisations, which is exciting, and the gomatrixserverlib library which underpins much of Dendrite is also seeing more active development and attention thanks to its use in the Complement integration testing suite.

With the most recent 0.9.3 release, we are proud to announce that Dendrite now passes 90% of Client-Server API tests and 95% of Server-Server API tests and has support for all specced room versions in use today. We have a growing community of users who are (quite successfully) trialling using Dendrite homeservers day-to-day, as well as our own public dendrite.matrix.org homeserver, which is open to the public for registration for anyone who wants to experiment with Dendrite without running their own deployment.

Dendrite plays an important role in our future strategy as it is also the homeserver implementation used for embedded homeservers, P2P development and experimentation. In addition to being able to scale up, we have also successfully scaled down, with the Element P2P demos proving that an embedded Dendrite homeserver can run comfortably on an iOS or Android device.

Research on the Pinecone overlay network for P2P Matrix has also continued, with Devon and Neil having experimented with a number of protocol iterations and spent considerable time bringing the Pinecone Simulator up to scratch to help us to test our designs more rapidly. Our work in this area is helping us to form a better direction and strategy for P2P Matrix as a whole, which is moving more towards a hybridised model with the current Matrix federation — a little different to our original vision, but will hopefully result in a much smoother transition path for existing users whilst solving some potential scaling problems. The arewep2pyet.com site is a living page which contains a high level overview of our goals and all the progress being made.

What’s left?

Comparing all of the above with the predictions for 2022 section of the end-of-year blog post, we’re making very strong progress in a tonne of areas - and the list above isn’t comprehensive. For instance, we haven’t called out all the work that the Trust & Safety team are doing to roll out advanced moderation features by default to all communities - or the work that Eric has been doing to close the remaining gap between Gitter and Matrix by creating new static archives throughout Matrix. Hydrogen has also been beavering away to provide a tiny but perfectly formed web client suitable for embedding, including the new embeddable Hydrogen SDK. We haven’t spoken about the work that the Cryptography team have been doing to adopt vodozemac and matrix-rust-sdk-crypto throughout matrix-{js,ios,android}-sdk, or improve encryption stability and security throughout. We’ve also not spoken about the new initiative to fix long-term chronic bugs (outside of the work above) in general - or all the work being done around Digital Markets Act interoperability

Other things left on the menu for this year include getting Threads out of beta: we’ve had a bit of an adventure here figuring out how to get the right semantics for notification badges and unread state in rooms with threads (especially if you use a mix of clients which support and don’t support threads), and once that’s done we’ll be returning to Spaces (performance, group permissions etc).

Matrix 2.0?

Looking through this post (and congratulations if you’re still reading it at this point ;P), it really feels that Matrix is on the verge of shifting into a new phase. Much as MacOS X started off as a promising but distinctly unoptimised operating system, and then subsequently got unrecognisably faster year by year (even on the same hardware!) as Apple diligently worked away optimising the kernel… similarly: we are now landing the architectural changes to completely transform how Matrix performs.

Between protocol changes like Sliding Sync, Faster Joins, native OIDC and native VoIP conferencing all landing at roughly the same time - and alongside new implementations like matrix-rust-sdk and vodozemac, let alone Third Room - it feels unquestionably like we have an unrecognisable step change on the horizon. Our aim is to land as much of this as possible by the end of the year, and if we pull it off, I’m tempted to suggest we call the end result Matrix 2.0.

To the future! 🚀

Matthew, Amandine & the whole core team.

This Week in Matrix 2022-08-12

12.08.2022 00:00 — This Week in Matrix Andrew Morgan

Matrix Live 🎙

Dept of Spec 📜

Matrix Spec

Andrew Morgan (anoa) announces

Here's your weekly spec update! The heart of Matrix is the specification - and this is modified by Matrix Spec Change (MSC) proposals. Learn more about how the process works at https://spec.matrix.org/proposals/.

MSC Status

New MSCs:

MSCs in Final Comment Period:

  • No MSCs entered FCP this week.

Accepted MSCs:

  • No MSCs were accepted this week.

Merged MSCs:

Spec Updates

The Spec Core Team had another retro this week, and part of what we talked about was how most of the spec PR writing falls to just a few people. Starting this week, we're going to try and diversify that work across the Spec Core Team, both for reducing bus factor and increasing bandwidth of spec PRs. Hopefully the results of that will be noticeable!

Random MSC of the Week

The random MSC of the week is... MSC3783: Fixed base64 for SAS verification!

For those that don't know, "SAS verification" refers to the act of two devices verifying each other through the use of Short Authentication Strings (SAS). This is the backbone of emoji verification when you verify with another user or one of your own devices.

It turns out that libolm, the olm and megolm encryption library, originally incorrectly encoded the base64 output of the message authentication code (MAC) calculation, which is a values that's passed between devices. Due to trying to maintain backwards-compatibility with older clients, this has not been fixed in newer clients yet.

This MSC proposes bumping the MAC algorithm identifier (which is agreed upon between devices when verifying) to a something new, which allows newer clients to know when to use the new or old (and incorrect) method of calculating the base64 encoding of MAC values.

As far as I can tell, this has no security implications. It's just unfortunate to have incorrect base64 encoding when interfacing with other, non-libolm, implementations of olm and megolm.

Dept of Servers 🏢

Synapse (website)

Synapse is a Matrix homeserver implementation developed by the matrix.org core team

Shay reports

The Synapse team is hard at work making Synapse faster and leaner. Work continues apace on faster room joins over federation, and it seems that the work might land sooner rather than later, although there are no solid dates yet. In other news, profiling work is being done to determine ways to hopefully increase the speed of local room joins and DM creation. Stay tuned for more information in the future on that. Finally, it was an RC release week. Synapse 1.65.0rc2 was released, and it contains some fun features and bugfixes. Check it out!

Dendrite / gomatrixserverlib (website)

Dendrite is a second-generation Matrix homeserver

neilalexander says

This week we released Dendrite 0.9.2 which contains the following updates:

  • Dendrite now supports history visibility on the /sync, /messages and /context endpoints
    • It should now be possible to view the history of a room in more cases (as opposed to limiting scrollback to the join event or defaulting to the restrictive "join" visibility rule as before)
  • The default room version for newly created rooms is now room version 9
  • New admin endpoint /_dendrite/admin/resetPassword/{userID} has been added, which replaces the -reset-password flag in create-account
  • The create-account binary now uses shared secret registration over HTTP to create new accounts, which fixes a number of problems with account data and push rules not being configured correctly for new accounts
  • The internal HTTP APIs for polylith deployments have been refactored for correctness and consistency
  • The federation API will now automatically clean up some EDUs that have failed to send within a certain period of time
  • The /hierarchy endpoint will now return potentially joinable rooms (contributed by texuf)
  • The user directory will now show or hide users correctly
  • Send-to-device messages should no longer be incorrectly duplicated in /sync
  • The federation sender will no longer create unnecessary destination queues as a result of a logic error
  • A bug where database migrations may not execute properly when upgrading from older versions has been fixed
  • A crash when failing to update user account data has been fixed
  • A race condition when generating notification counts has been fixed
  • A race condition when setting up NATS has been fixed (contributed by brianathere)
  • Stale cache data for membership lazy-loading is now correctly invalidated when doing a complete sync
  • Data races within user-interactive authentication have been fixed (contributed by tak-hntlabs)

This brings our current test compliance figures to:

  • Client-server APIs: 90%
  • Server-server APIs: 95%

As always, please feel free to join us in #dendrite:matrix.org for Dendrite-related discussion.

Dept of Bridges 🌉

matrix-appservice-discord (website)

ChristianP reports

Announcing matrix-appservice-discord 3.0.0!

What? Another week, another major release? Yes, we want to make breaking changes obvious, and the bridge now requires Node.js 16+.

The release fixes the outdated yarn.lock file. Thanks to the package maintainers of NixOS to point this out! 👋 Furthermore, mentioning Matrix users in Discord got fixed.

And, for the fans of containers, we've re-added the release of Docker images. 🐳 The URL changed and we don't plan to update halfshot/matrix-appservice-discord on Docker Hub. The image can be pulled from ghcr.io/matrix-org/matrix-appservice-discord:v3.0.0.

https://github.com/matrix-org/matrix-appservice-discord/releases/tag/v3.0.0

Dept of Clients 📱

Nheko (website)

Desktop client for Matrix using Qt and C++17.

Nico reports

Nheko now shows you a pretty preview for rooms you are trying to join. This uses MSC3266, which you might need to enable in your synapse config, if you want to see more than the roomid of the room you are trying to join. It tries to fall back to the /hierarchy endpoint, but that won't work over federation.

Similarly you can now somewhat edit what rooms are in a space. I grew up with Windows 98, so this is a very nested right click menu. We are still discussing some of the wording choices for the options there, so if you have any opinions about it, feel free to give feedback about it! This is part of the bigger goal to be able to manage your communities from within Nheko, so stay tuned for more features coming in that area.

red_sky (nheko.im) also improved our notifications code on macOS. You can now disable the notification sound in the system settings, which for some reason requires badge permissions to show that option... macOS will always remain a mystery to us! Similarly we fixed the source text for notifications on Windows, which should now not show a stray %1 anymore as well as a few other cleanups.

Element Web/Desktop (website)

Secure and independent communication, connected via Matrix. Come talk with us in #element-web:matrix.org!

kittykat says

  • Ever started a DM with someone, only to get distracted and leave them staring into an empty timeline wondering who you are and what you want. Well, it is no more! In this update new DMs will only notify the person you’re messaging once you’ve sent your first message.
  • That’s not the only exciting update in EleWeb/Desktop this week, including the newly extended voice messages! Instead of voice messages capped at 2 minutes, users are now able to send a voice note of up to 15 minutes long. Go forth and record 🎤
  • In upcoming releases we’re also looking at how to improve a user’s first few days in Element. We know that it can be daunting to stare at an empty screen and wonder how to get going, which is why we’ve designed and built a checklist for new users. This checklist will help them to get off the ground and messaging friends in no time.

In labs (you can enable labs features in settings on develop.element.io or on Nightly):

  • Threads improvements are still very much underway. We have a proof of concept (PoC) for improving notifications that we’re testing to ensure scalability and performance.

Element iOS (website)

Secure and independent communication for iOS, connected via Matrix. Come talk with us in #element-ios:matrix.org!

Doug says

  • Our release this week was rejected by Apple. Their feedback? Our info.plist comments do not provide enough context as to why we’re asking for access to things like the camera, photos, or contacts. Never fear! We’ve updated our copy and we’re confident that it’s clearer than ever.
  • Also in the upcoming release:
    • Fixing the crashes that some users were running into when switching space.
    • The new in-app notifications now also appear in the notification centre
    • And a bug fix for the rare issue of sending duplicate images to a timeline when sending multiple photos
  • We’re also working on changing the layout of our mobile apps, and work is well underway on iOS. We’re excited to share these big changes with you so keep your eyes peeled on our socials and in other TWIM notes.
  • Join us over at #element-community-testing:matrix.org on Tuesday 16th August at 12:00 BST to try out the new app layout on iOS! There’s a little bit of setup required so check out the room ahead of time for instructions :)

Element Android (website)

Secure and independent communication for Android, connected via Matrix. Come talk with us in #element-android:matrix.org!

Danielle says

  • In the upcoming Android release we’ve fixed some crashes; including where the app would crash if a user attempted putting non-ASCII characters in their MXID during account creation.
  • Biometric login is now disabled if the device you’re on does not support biometrics.
  • We’ve also been working hard on adding unit tests to increase coverage.
  • There’s work being done on the modularisation of languages that may help decrease the complexity of translation and move us towards a set of common strings between platforms.
  • Join us over at #element-community-testing:matrix.org on Tuesday 16th August at 15:00 BST to try out the new app layout on Android! There’s a little bit of setup needed so check out the room ahead of time for instructions 🙂

Cinny (website)

Cinny is a Matrix client focused on simplicity, elegance and security

ajbura says

v2.1: Custom emojis and stickers (Birthday edition)

Hello everyone,

On July 28 project marked its one-year milestone. During this time it has grown at an unexpected rate, both in terms of development as well as popularity. This is great news, so let's celebrate that with this birthday edition.

In this update, we have added Custom emoji and sticker support to Cinny. Custom emoji and stickers were not in our roadmap but that's the surprise. Aren't they cool? Apart from the emoji and stickers, there are tons of other features such as Blurhash, Mark entire space as read, user pills, and bug fixes. Check out the release page for a detailed changelog.

In the case of the roadmap, we are still on that, work on the "Rich input editor" is in progress and will come as the next release. Stay tuned for that!

The update is live on https://app.cinny.in and the desktop app can be downloaded from Github.

Pro-Tip: Join #cinny-space:matrix.org to check out some cool sticker packs. There are some great packs in #stickers-and-emojis:pixie.town too.

Thank you. See you all next time!

Dept of SDKs and Frameworks 🧰

libkazv (website)

tusooa reports

We released a bugfix v0.2.1 . Thanks to nannanko who discovered and fixed this bug. There are also docker images.

0.2.1

  • Fix crash when receiving a redacted encrypted event. https://lily-is.land/kazv/libkazv/-/commit/98870fa04fa78361f5092cd77f88895e4a228d34

ruby-matrix-sdk (website)

Ruby SDK for the Matrix communication protocol

Ananace says

A new version of the Ruby Matrix SDK has now been released, adding a new abstraction in the form of a Sinatra-inspired bot DSL, as well as general fixes and improvements. Making a Ruby-based Matrix bot can now be as simple as;

#!/usr/bin/env ruby

require 'matrix_sdk/bot'

command(:praise, desc: 'Gives you praise', only: -> { room.user_can_send? client.mxid, 'm.reaction' }) do
  room.send_notice "#{sender}, you tha' man!"
  room.send_event 'm.reaction', {
    'm.relates_to': {
      rel_type: 'm.annotation',
      event_id: event[:event_id],
      key: '👍️'
    }
  }
end

Dept of Ops 🛠

matrix-docker-ansible-deploy (website)

Matrix server setup using Ansible and Docker.

Slavi reports

Thanks to Charles Wright, matrix-docker-ansible-deploy now has optional experimental Conduit homeserver support for new installations. This comes as a follow-up to the playbook getting Dendrite support earlier this year.

For more details, see our Conduit support changelog entry.

Dept of Events and Talks 🗣️

One week until FrOSCon (website)

ChristianP announces

Next weekend, Sat 20th and Sun 21st, FrOSCon will be taking place. It's a conference about open source software near Bonn, Germany.

There will be some program around Matrix, though I'm still looking for volunteers to help me with a stand and DevRoom.

For the stand we want a small group to explain Matrix to others. For the DevRoom we want some talks and workshops. Anyone's welcome to ask me for more info or to get involved.

Dept of Interesting Projects 🛰️

matrix-locust (website)

cvwright says

Announcing matrix-locust, a new tool for load testing Matrix homeservers, based on the Python load testing framework Locust. It's very early days for this project, but we're already discovering some interesting results. There isn't an official tagged "release" yet, but anyone interested in this topic is encouraged to stop by #load-testing:matrix.org and say hello.

Room of the Week 📆

ssorbom ⚡️ says

Have you ever felt lost in the Matrix world? Too many rooms and spaces to manage? Well, back by popular demand (with Timo's blessing), I present, The Room of the Week! Every week we strive to highlight a room or a space that we believe deserves attention for discussing interesting going on across the Matrix Network.

This week, we are highlighting: #coffee-discuss:matrix.org

A place to discuss buying, brewing, and drinking everyone's favorite morning beverage of choice! I had no idea there was so much Nuance to this topic until I joined this room . For example, did you know there was a correct way to distribute coffee grounds when you first pour to ensure maximum flavor? Neither did I! Whether you are new to the world of coffee drinking, or a seasoned connoisseur of morning Joe, this room has something for everyone who loves coffee.

If you have a room you wish to see highlighted, join us at: https://matrix.to/#/!bIyiUUnriVoHtYzuPS:fachschaften.org?via=chat.shawnsorbom.net&via=matrix.org&via=fachschaften.org to get your favorite room of the week highlighted.

That's all I know 🏁

See you next week, and be sure to stop by #twim:matrix.org with your updates!

areweoidcyet.com - Matrix and OpenID Connect

10.08.2022 16:23 — General Hugh Nimmo-Smith

TL;DR: we’ve just launched areweoidcyet.com to track the project to adopt OpenID Connect (OIDC) as the authentication method used by Matrix. It has a load of useful resources (FAQs, status etc.) so do please check it out!

Hey folks,

As you may know, there is a proposal and project afoot to change the way authentication is done in Matrix…

Currently Matrix uses a custom authentication protocol baked into the Matrix spec. This poses a number of drawbacks. To overcome these drawbacks the project proposes migrating to use the industry standard authentication protocol OpenID Connect (OIDC) instead.

In terms of why this is a good idea: MSC3861 has all the details - please check it out!

The bottom line is that Matrix should focus on being a decentralised communication protocol - not an authentication protocol… and by adopting a dedicated authentication protocol we can benefit from all sorts of goodies such as easy 2FA and MFA, passwordless-auth via WebAuthn, Login via QR-code, alternative CAPTCHAs and so much more.

In support of this the proposal extends to the Matrix.org Foundation joining the OpenID Foundation as a non-profit member to support the work that the OpenID Foundation is doing to build a robust and audited ecosystem for open authentication.

Whilst this project proposes a significant change to the Matrix ecosystem that would take some time to migrate to, we believe that it will better support the continued growth and adoption of Matrix in the years to come.

Today we are launching the areweoidcyet.com website which is packed with information and resources on the project:

  • What? Why? When?
  • MSC proposals
  • Status of homeservers, clients, auth servers (OIDC Providers/OPs)
  • A client implementation guide
  • Links to the Matrix OIDC Playground environment where you can try out the latest progress

Please do take a look and come join us at #matrix-auth:matrix.org!

Best wishes,

Hugh & Quentin

This Week in Matrix 2022-08-05

05.08.2022 19:46 — This Week in Matrix Andrew Morgan

Matrix Live 🎙

Dept of Spec 📜

Andrew Morgan (anoa) says

Here's your weekly spec update! The heart of Matrix is the specification - and this is modified by Matrix Spec Change (MSC) proposals. Learn more about how the process works at https://matrix.org/docs/spec/proposals.

MSC Status

New MSCs:

MSCs in Final Comment Period:

  • No MSCs are currently in FCP.

Accepted MSCs:

Merged MSCs:

Spec Updates

This week saw the merge of three MSCs from first-time MSC authors! MSC3818 (Copy room type on upgrade) from @Mikaela and both MSC3786 (Add a default push rule to ignore m.room.server_acl events) and MSC3827 (Filtering of /publicRooms by room type) from @SimonBrandner. Nice work to both of them!

Random MSC of the Week

The random MSC of the week is... MSC2499: Fixes for Well-known URIs!

A bundle of small quality-of-life changes to the .well-known server and client endpoints. Removing some ambiguities, replacing old and deprecated endpoints as well as a potential size cap suggestion.

Looks like a good contender for one to push over the line given a bit of review and response!

tulir reports

TWIM: someone in #matrix:matrix.org complained that the image in the spec section is always the same, so I made this gif (actually webp) out of all those images:

Dept of Servers 🏢

hghs (website)

thejhh reports

We've started work on our HG HomeServer written in pure TypeScript, compilable as a single JS file, with no dependencies except NodeJS. It's intended for a special use cases when Matrix is used as a backbone for custom apps. It's lightweight, minimal and for the moment isn't even planned to support full Matrix spec. We might make it possible to run it on browser later. https://github.com/heusalagroup/hghs

Synapse (website)

Synapse is a Matrix homeserver implementation developed by the matrix.org core team

Shay reports

Another week, another release! Synapse 1.64.0 was released this week, featuring a host of new features, bugfixes, and internal changes aimed at reducing memory usage, increasing performance, and improving the developer experience. Check out the full list of changes here. In addition, work continues on faster room joins. The goal gets closer every day!

Dendrite (website)

Second generation Matrix homeserver

neilalexander announces

This week we released Dendrite 0.9.0 and Dendrite 0.9.1. There are quite a few big changes, including an all-new caching model and several optimisations. This release also moves our baseline supported Go version up to Go 1.18.

The following changes are included across both releases:

  • Dendrite now uses Ristretto for managing in-memory caches
    • Should improve cache utilisation considerably over time by more intelligently selecting and managing cache entries compared to the previous LRU-based cache
    • Defaults to a 1GB cache size if not configured otherwise
    • The estimated cache size in memory and maximum age can now be configured with new configuration options to prevent unbounded cache growth
  • Added support for serving the /.well-known/matrix/client hint directly from Dendrite
  • Refactored membership updater, which should eliminate some bugs caused by the membership table getting out of sync with the room state
  • The User API is now responsible for sending account data updates to other components, which may fix some races and duplicate account data events
  • Optimised database query for checking whether a remote server is allowed to request an event over federation without using anywhere near as much CPU time (PostgreSQL only)
  • Database migrations have been refactored to eliminate some problems that were present with goose and upgrading from older Dendrite versions
  • Media fetching will now use the /v3 endpoints for downloading media from remote homeservers
  • HTTP 404 and HTTP 405 errors from the client-facing APIs should now be returned with CORS headers so that web-based clients do not produce incorrect access control warnings for unknown endpoints
  • Some preparation work for full history visibility support
  • Upgrades a dependency which caused issues building Dendrite with Go 1.19
  • The roomserver will no longer give up prematurely after failing to call /state_ids
  • Removes the faulty room info cache, which caused of a number of race conditions and occasional bugs (including when creating and joining rooms)
  • The media endpoint now sets the Cache-Control header correctly to prevent web-based clients from hitting media endpoints excessively
  • The sync API will now advance the PDU stream position correctly in all cases (contributed by sergekh2)
  • The sync API will now delete the correct range of send-to-device messages when advancing the stream position
  • The device list changed key in the /sync response should now return the correct users
  • A data race when looking up missing state has been fixed
  • The /send_join API is now applying stronger validation to the received membership event
  • Fixes a crash that could occur during event redaction
  • The /members endpoint will no longer incorrectly return HTTP 500 as a result of some invite events
  • Send-to-device messages should now be ordered more reliably and the last position in the stream updated correctly
  • Parsing of appservice configuration files is now less strict (contributed by Kab1r)
  • The sync API should now identify shared users correctly when waking up for E2EE key changes
  • The federation /state endpoint will now return a HTTP 403 when the state before an event isn't known instead of a HTTP 500
  • Presence timestamps should now be calculated with the correct precision
  • A race condition in the roomserver's room info has been fixed
  • A race condition in the sync API has been fixed

As always, please feel free to join us in #dendrite:matrix.org for more Dendrite-related discussion.

Homeserver Deployment 📥️

Helm Chart (website)

Matrix Kubernetes applications packaged into helm charts

Ananace announces

This week has seen the usual updates to my Helm Charts - with element-web being updated to 1.11.2 and matrix-synapse to 1.64.0. Additionally, the matrix-synapse chart now also allows for adding entirely custom .well-known data - along with an example on how to use that for MSC1929.

Dept of Bridges 🌉

matrix-appservice-discord

ChristianP announces

This bridge connects users on Matrix and Discord – or other platforms, if combined with other bridges. Earlier this year the community bridge has been adopted by the Matrix.org bridge team to give it some attention. Its most recent update dated back to December 2020 and some fixes waited for a new release.

Well, here it is! v2.0.0 Its breaking changes are the requirement of NodeJS 14 or newer and the usage of yarn instead of npm install. Furthermore, the update introduces a changelog and rolls out the guidelines we use for developing other matrix.org bridges.

https://github.com/matrix-org/matrix-appservice-discord/releases/tag/v2.0.0

Dept of Clients 📱

Element Web/Desktop (website)

Secure and independent communication, connected via Matrix. Come talk with us in #element-web:matrix.org!

kittykat reports

Element iOS (website)

Secure and independent communication for iOS, connected via Matrix. Come talk with us in #element-ios:matrix.org!

Doug announces

  • Version 1.8.24 is available on the App Store with our new Sign Up and Sign In flows. The update is rolling out slowly and should be available to everyone by Monday.
  • The work on our new app layout is coming along nicely with much of it merged into the repo (but disabled behind a build flag).
  • In-app notifications will now also be delivered to Notification Centre.
  • Continuous improvements are being made to the Live Location sharing feature.
  • Integration tests are now run for every PR on matrix-ios-sdk more than doubling the reported test coverage!

Element Android (website)

Secure and independent communication for Android, connected via Matrix. Come talk with us in #element-android:matrix.org!

adam announces

  • 1.4.31 is rolling out which includes the new and improved FTUE onboarding experience along with fixes for markdown lists no longer always starting from 1 and html entities showing up in messages.
  • The new app layout is starting to materialise with PRs available on github for anyone interested in having a sneak peek!
  • We’re continuing to make improvements to Live Location sharing and cross signing verification as well as investigating performance issues.

Dept of Non Chat Clients 🎛️

Effektio (website)

ben reports

Development marches forward, with the focus on getting chat into a usable state and task's up as the first MVP app on top: Effektio now support sending multiple images at once in chat, has seen fixes to the chat in widescreen mode, and now support markdown for chat messages. Meanwhile device verification is drawing to a close with a few remaining UI fixes being implement and the state machine for tasks being fleshed out slowly but steadily.

📰 You want updates more frequently and close to when they actually happen? Join our Effektio Matrix News room, discuss general aspect in our foyer or hang out with the devs in our tech channel.

Populus Viewer (website)

A Social Annotation Tool Powered by Matrix

gleachkr reports

After a short vacation, I've done some new work on populus-viewer. Most of this has been UX and bugfixes, but I've added one new feature that I wanted to share. MSC3775: Markup Locations for Audiovisual Media gives a spec for annotating audio and video on matrix, but it also allows you to annotate images. So, for completeness sake, I've added support for annotating image files in Populus! This might be useful for discussing publication layouts, product designs, or for teaching art history. So populus can now annotate: video, audio, images and pdfs.

As always, if you want to learn more, follow populus development, or discuss the future of decentralized social annotation on Matrix, come join us at #opentower:matrix.org.

Dept of Widgets 🧩

matrix-widget-api

Robin says

matrix-widget-api v1.0.0 was released yesterday, reflecting the fact that we're not expecting any big changes to the library's architecture for the foreseeable future, and that it's more or less ready for wider use.

It also comes with a couple of new features ✨ for widget authors: Sending and receiving to-device messages with MSC3819, and getting TURN servers from the client with MSC3846. Together, these features enable some new complex use-cases, such as doing VoIP from inside a widget. See Matrix Live for a preview of what that looks like with Element Call! 📹️

This is as good a time as any to mention that matrix-widget-api doesn't have to just be for web-based apps. If you're building mobile apps with Matrix and want to make use of widgets, running matrix-widget-api inside a web view to liaison with the actual widget can make it a lot simpler to start supporting widget API features. If you're curious, watch Element iOS+Android for upcoming examples of this.

Dept of VoIP 🤙

Element Call (website)

Dave reports

  • This week we've been building on the initial work on the pion call server (SFU) from Sean, and have made our very first call through it with Element Call! It's still very early and there's still lots of work to do, but this will allow Element Call to scale up to much higher numbers of people.
  • The VoIP team are also looking after widgets now, and in our quest to embed Element Call into the Element apps, we've hit the milestone of releasing matrix-widget-api 1.0.0. We're also making great progress towards embedding into Element Web.

Dept of SDKs and Frameworks 🧰

matrix-rust-sdk (website)

Matrix Client-Server SDK for Rust

ben reports

This week saw a few major improvements on the dev-ex of the Rust SDK (among others): support for refresh tokens landed; we have a setup for integration tests against an actual synapse instance now (and started writing tests); our docs for main now contain the js bindings, too; event handlers can now be unregistered and we've added an API for room specific event handlers. Further more, we've refactored the examples (now to be found in /examples rather than some sub-sub-directory no one finds) and created two more: getting-started combines the autojoin and command-example with a lot more additional inline comment to explain what is going on and custom-events showcases how to use the sdk and ruma types to send any custom events (in that case a ping-ack example) over matrix!

This was also a week of fighting the ci. After the integration tests landed, coverage reporting broke and an investigation was kicked off to check whether llvm-cov is in a usable state for us by now (it is not), but a fix was found. We've also started regretting adding npm-based workflows in our repo, as we've found ourselves at the end of an upgrade bug and the saw CI failing without us changing anything :shakes_fist_at_sky: . A fix was found quickly by pinning a sub-dependency. On a similar note, we've postponed merging the kotlin bindings until the android team is back on it and available to answer some questions we have, and the wasm-js bindings showed build failures on CI, which the original author will have to take a look at after coming back from vacation - thus delaying crypto-js a bit further.

👉️ Wanna hack on matrix rust? Go check out our help wanted tagged issues and join our matrix channel at Matrix Rust SDK.

Polyjuice (website)

Elixir libraries related to the Matrix communications protocol.

uhoreg announces

It's been a while since I've made an update on Polyjuice Client Test. Since the last update:

  • several more tests have been added
  • there have been some some front-end improvements
  • I've also improved the documentation, done some refactoring, and added some helper/utility modules to make things clearer. My goal is to make it easier for people who don't know Elixir to be able to read and write tests without running away screaming.
  • compatibility with some Matrix clients has been improved
  • added some functions to make it easy for tests to completely override Matrix endpoints

I'm also happy to say that Polyjuice Client Test has helped find bugs in some clients, which have since been fixed.

Dept of Services 🚀

Matrix Public Archive (website)

madlittlemods (Eric Eastwood) announces

This week I'm showing off an early look at the Matrix public archive. As the name suggests, it acts as an archive of history for your world-readable Matrix rooms. This allows you to view historical content day-by-day and jump back years ago to see what your Matrix room was up to.

More importantly, it also allows Google to do the same thing so you’ll probably start finding Matrix content from your favorite search engine and be able to harness the massive knowledge base stored in Matrix. Imagine seeing Matrix logs instead of Stack Overflow answers when googling questions! The new portal into the Matrix ecosystem 🌌

You can also see this demoed in this week's Matrix Live video (at the top of the page).

Under the hood, we use the MSC3030 /timestamp_to_event endpoint to fetch the messages for a given day and then we sever-side render the events with the Hydrogen SDK. Re-using Hydrogen gets us pretty and native(to Element) looking UI and keeps the maintenance burden of supporting new event types in Hydrogen.

If you want to follow what’s going on and see how it's coming along, you can checkout the project on GitHub, https://github.com/matrix-org/matrix-public-archive

Dept of Bots 🤖

Matrix Registration Bot (website)

moanos [he/him] says

Thanks to @lifeofbrian:justprojects.de and @ben:rs485.network the Docker image of the bot was shrunk from 406.28 MB to 69 MB (nice)! You can get the new image from Dockerhub or install it via the matrix-docker-ansible-deploy.

Dept of Guides 🧭

jbara announces

I was able to to host a matrix-synapse server on termux app on an android device. I documented the process on termux-synapse github repo And started working on a script that automates the process (final commit is being currently tested before pushing). It was a "for fun" type of thing. But I can see it being useful for people who do not have access to a raspberry pi (such as myself at the moment) to use as a small homeserver. It can hold up in 1 to 1 Direct Messages and in small rooms.

Room of the Week 📆

ssorbom ⚡️ reports

Have you ever felt lost in the Matrix world? Too many rooms and spaces to manage? Well, back by popular demand (with Timo's blessing), I present, The Room of the Week! Every week we strive to highlight a room or a space that we believe deserves attention for discussing interesting goings on across the Matrix Network.

This week, we are highlighting: #libregaming-games:tchncs.de

A matrix space dedicated to finding all of the free open source games, engines, and assets in the Matrix world so that you don't have to. Helpfully organized, and well maintained, it is the Premier stop for open source gaming on The Matrix Network!

If you know of a room that you would like to see highlighted, please visit https://matrix.to/#/!bIyiUUnriVoHtYzuPS:fachschaften.org to let us know of the room that you would like to spotlight.

That's all I know 🏁

See you next week, and be sure to stop by #twim:matrix.org with your updates!

Synapse 1.64 released

03.08.2022 00:00 — Releases Brendan Abolivier

It's that time again: there's a new Synapse release, fresh out of the oven! Let's take a look at what's inside Synapse 1.64.

Delegating email verification is now deprecated

Synapse 1.4.0 introduced a configuration option (account_threepid_delegates.email) to allow homeservers to delegate validating the ownership of email addresses to an external identity server. This validation is used by Synapse when adding an email address to a Matrix account, or before performing a password reset.

As of Synapse 1.64, this option is deprecated, and Synapse will print a warning if it is used. This is because this option relies on old API endpoints that have since been removed from the Matrix specification.

Synapse can do this validation internally provided it is configured with details of an SMTP server. Administrators currently relying on account_threepid_delegates.email should therefore ensure that an SMTP server is correctly configured, and remove the account_threepid_delegates.email option. See the configuration guide for more information.

We plan to fully remove this configuration option in Synapse 1.66, which is expected to be released on August 30th.

Note that the equivalent option to validate the ownership of phone numbers (account_threepid_delegates.msisdn) can still be used, though we expect to deprecate it in a future release of Synapse.

Improved TLS support for sending emails

When configuring an SMTP server to use to send out emails to users, server administrators can configure Synapse to use TLS to communicate to that server. Until now, only STARTTLS was supported in this case.

Synapse 1.64 introduces a new force_tls configuration option in the email section of the configuration file. If this new setting is set to true Synapse will use TLS for the initial connection rather than upgrading via STARTTLS.

See the configuration guide for more information.

Memory leak in frozendict

A couple of weeks ago, we identified a memory leak within frozendict, which is a library that Synapse relies on. This would in turn cause Synapse instances to slowly leak memory when processing /sync requests.

We highly encourage server administrators who installed Synapse via pip to upgrade their local version of frozendict to version 2.3.3 or later, which includes a fix to this issue. The Docker image matrixdotorg/synapse and the Debian packages from packages.matrix.org already include the updated library.

Everything else

This version of Synapse introduces support for room version 10! This new room version enables support for the new knock_restricted join rule, to allow knocking into rooms which are otherwise restricted to members of a specific room (or space). See the Matrix specification about room version 10 for more information.

Additionally, Synapse 1.64 features a new rate limiter to limit the rate of joins to the same room. It is intended as a mitigation against abuse scenarios involving joining a lot of users from different homeservers to a room to then send spam across it. See the configuration guide for more information.

This release of Synapse also extends the List Rooms and Room Details admin APIs to include the type of a room in responses, allowing server administrators to differentiate spaces from other rooms.

See the full changelog for a complete list of changes in this release. Also please have a look at the upgrade notes for this version.

Synapse is a Free and Open Source Software project, and we'd like to extend our thanks to everyone who contributed to this release, including (in no particular order) Beeper, andrewdoh, Thomas Weston, jejo86, villepeh, Jörg Behrmann and Jacek Kuśnierz, as well as anyone helping us make Synapse better by sharing their feedback and reporting issues.