🔗Matrix Live 🎙

Demo time! Threads and SwiftUI on the agenda this week!

🔗Dept of Spec 📜

🔗Spec

anoa told us:

Here's your weekly spec update! The heart of Matrix is the specification - and this is modified by Matrix Spec Change (MSC) proposals. Learn more about how the process works at https://spec.matrix.org/unstable/proposals.

🔗MSC Status

New MSCs:

• MSC3442: move the prev_content key to unsigned
• MSC3440: Threading via m.thread relation

MSCs with proposed Final Comment Period:

• MSC3442: move the prev_content key to unsigned

MSCs in Final Comment Period:

• No MSCs are in FCP.

Merged MSCs:

• No MSCs were merged this week.

🔗Spec Updates

The actual spec changes for MSC2844: Global version number for the whole spec have now been merged [one, two]. You can take a look at this section of the unstable spec to now see an explanation of the Matrix spec version numbering scheme.

Additionally, take a look at the Client-Server API, where all current APIs have been bumped from /r0/... to /v3/.... See this bit of MSC2844 for the rationale behind this change.

The pieces are starting to fall into place for the upcoming Matrix 1.1 spec release!

🔗Random Spec of the Week

The random spec of the week is... MSC1840: Typed rooms!

This is a concept that was used in the Spaces MSCs to allow servers and clients to denote a room as a Space vs. a typical Matrix room (and set up their UI appropriately). Only the type for a Space has been specified so far, but there are many different applications room types could serve; for example profile rooms!

This MSC aims to create a general concept for a typed room, whereas future MSCs would identify those types and their meaning.

🔗Dept of Servers 🏢

🔗Synapse

callahad told us:

Happy Friday! The Synapse team has been sorting out what we hope to accomplish before the end of the year, and it's looking like our main focus will remain research and experimentation towards making large room joins go very fast. We don't yet see an incremental path from where we are now to where we want to end up, so progress will likely come as a few discrete milestones, rather than a gradual acceleration over time.

Aside from room joins, we expect to spend a good bit of time time on bug fixes and preventative maintenance. For example, we hope to get Sydent passing mypy --strict by this time next week. Doing so would have prevented recent production issues, including one which caused phone number verification to silently fail.

Preparations for releasing 1.45.0 continue apace; I'm looking forward to telling you about it next week!

🔗Homeserver Deployment 📥️

🔗Kubernetes

Ananace told us:

And as has come to be routine for TWIM, this week too has seen an update of my Helm Charts - with element-web being updated to 1.9.2

🔗Dept of Bridges 🌉

🔗matrix-appservice-pstn

chandi reported:

let's bridge everything! Have you ever wished you could make and receive phone calls with matrix?

The beginnings of a matrix <-> SIP bridge are done :) If you can imagine to live with bugs or even help with the development yourself, feel free to give it a try! :) https://github.com/alangecker/matrix-appservice-pstn

Discussions: #matrix-voip-bridging:kb1rd.net

🔗Dept of Clients 📱

🔗FluffyChat 0.42.0 has been released

FluffyChat is the cutest cross-platform matrix client. It is available for Android, iOS, Web and Desktop.

krille said:

This release fixes several bugs and makes E2EE enabled by default.

• feat: Enable E2EE by default for new rooms

• feat: Display all private rooms without encryption as red

• feat: New design for bootstrap

• feat: New design for emoji verification

• feat: Display own MXID in the settings

• feat: More finetuning for font sizes

• chore: Updated translations (Thanks to all translators!)

• fix: App crash on logout

• fix: Temporary disable sign-up for matrix.org (Currently gives "500: Internal Server Error" while FluffyChat should send the same requests like Element)

• fix: Implement Roboto font to fix font issues on Linux Desktop and mobile

• fix: QR Code scanning

🔗Nheko

Nheko is a desktop client using Qt and C++17. It supports E2EE and intends to be full featured and nice to look at

Nico (@deepbluev7:neko.dev) offered:

Making steps towards stable E2EE, we have now implemented bootstrapping cross-signing on a new account. This allowed me to finally enable cross-signing on my Nico (nheko.im) account (which I intended to only use with Nheko). Thulinma also added a way to refresh the current device list as well as highlighting your current device in the device list, which should make it easier to recover, if a misscommunitcation with the server lead to an outdated device list. Meanwhile LorenDB has been plugging away on converting more dialogs to Qml and we merged like 3 converted dialogs!

🔗Element

Web

• Released Element Web 1.9.2 featuring chat export, Spaces and E2EE improvements, updates to Electron 13.5.1
• More progress on the client side of threads, published an MSC and started work on Synapse support
• Fixed some bugs in registration, Windows icons, phone number confirmation

Delight team

• On iOS, we’ve been implementing support for pagination of the Space Summary API, to support larger spaces, as well as improving performance. We’ve also started implementing support for creating Spaces.
• We’re also exploring larger changes to make to the layouts of Element on all platforms to surface simpler and more intuitive navigation all round and tackle some of the feedback we couldn’t get to during the Spaces beta. Watch this space!

iOS

• We failed to publish the app on the app store this week because of observed crashes. RC 1.6.5 is available on TestFlight. We should be able to release on the App Store on Monday
• User auto completion has landed on develop
• Message forward is in the horizon
• Settings got lipstick by reviewing headers and footers
• It is now possible to copy and paste an image

🔗Dept of Widgets 🧩

🔗New Widgets: Spanners!

Can you believe we didn’t have a dept. of Widgets yet? We do now!

Half-Shot told us:

Hi folks! This week I took a bit of time out of my day to create a new widget for Matrix. We have the concept of "Spanners" at Matrix where one person wants to take control of a resource, and they will say "I am taking the spanner". This prevents other people (verbally at least) from trying to use the resource at the same time.

For years we have been getting by with sending messages into Matrix, but no more! For now anyone can use the Spanner widget to set up a similar system in their room.

You can try this out now with /addwidget https://half-shot.uk/spanner?spannerName=YourSpannerName (although no promises about the uptime of half-shot.uk)

The repo can be found https://github.com/Half-Shot/matrix-spanner-widget.

You will need to ensure that all users who plan to use it must be able to send state events of type uk.half-shot.spanner. Otherwise, it should be ready to go!

🔗Dept of Ops 🛠

🔗Rager

I heard CLI tools are all the rage, so here is one!

janshai reported:

Rager is a CLI tool for matrix client developers to easily view and parse rageshake logs. It handles syncing (with many parameters to sync only the logs you want), searching through downloaded logs, and paging through any log on your device (with peudo-syntax highlighting to make it easier to understand), right from the comfort of your terminal. It has been in development for a few months (being used/tested by devs at beeper.com) but I feel like it's now in a good enough state to release for everyone else to use. If it's something that may help you, try it out and let me know if it works for you!

Get it here

🔗Dept of Services 🚀

🔗Hingst

Andreas told us:

Hi everyone!

We believe that having your own homeserver should be easy and require little technical knowledge. That's why we launched Hingst, a privacy focused Matrix hosting service which takes care of (almost) everything for you.

Our goal is that our users spend no time whatsoever on maintaining the actual server so they can focus on what matters - chatting with friends and colleagues.

All servers are located in Sweden and of course they run entirely on renewable energy!

That's all for now. Thanks for reading :)

If getting your own homeserver was hinging on the availability of such a service, you don’t have an excuse anymore!

🔗Dept of Events and Talks 🗣️

🔗Finnish Community Meetup

Cos offered:

First annual Finnish Matrix community meet is to be held 20.11 in Tampere, Finland. Infos and registration at https://mobilizon.be/events/5c9ce49d-83de-41d1-b824-8950293d3fd1

🔗Berlin Meetup

Christian told us:

Heads up for those in Berlin 🐻🇩🇪. You're welcome to join us Tuesday evening at 7:00 PM chatting about Matrix development and hosting. We're going to meet in person at c-base. In compliance with the hackerspace's house rules this is a strict 2G event.

If possible, join our #matrix-berlin:matrix.org room.

🔗Dept of Guides 🧭

🔗French User Guide

Henri Carnot announced:

Matrix user guide [French]

Hi !! I'm building a matrix user guide for my school. It is not finished yet, but feel free modify/repurpose it !

Preview : https://minitel.emse.fr/move-to-matrix/emse

source : https://gitlab.com/henri2h/move-to-matrix

The goal is to build an easy user guide which could be easily adapted to other matrix instances.

🔗Final Thoughts 💭

🔗Room of the week

timokoesters offered:

Hi everyone! Did you ever feel lost in the Matrix world? The room directory is big, but it's still hard to find something you like. Or are you a room moderator, but there is not much activity in your room because it doesn't have enough users?

This is why I want to share rooms (or spaces) I find interesting.

---

This week's room is: #chess2:matrix.org

"Everything related to chess."

---

If you want to suggest a room for this section, tell me in #roomoftheweek:fachschaften.org

🔗Dept of Ping 🏓

Here we reveal, rank, and applaud the homeservers with the lowest ping, as measured by pingbot, a maubot that you can host on your own server.

🔗#ping:maunium.net

Join #ping:maunium.net to experience the fun live, and to find out how to add YOUR server to the game.

Rank	Hostname	Median MS
1	maescool.be	517
2	boba.best	530
3	envs.net	552.5
4	trolla.us	934
5	almum.de	1236
6	spooks.cyou	1319.5
7	halogen.city	1864
8	matrix.markshorten.co.uk	1970
9	ewsandor.com	2018.5
10	diasp.in	2408

🔗#ping-no-synapse:maunium.net

Join #ping-no-synapse:maunium.net to experience the fun live, and to find out how to add YOUR server to the game.

Rank	Hostname	Median MS
1	conduittestfigyel.gq	312.5
2	sspaeth.de	323
3	envs.net	421
4	dendrite.thomcat.rocks	701
5	grin.hu	744
6	spooks.cyou	790
7	0x1a8510f2.space	869
8	jae.su	878
9	matrix.awesomesheep48.me	1533
10	weber.world	3921

🔗That's all I know 🏁

See you next week, and be sure to stop by #twim:matrix.org with your updates!

🔗Matrix Live 🎙

This week, I had the great pleasure of chatting with a lovely bunch from Element about Spaces. This feature just got out of beta and they tell us all about it.

🔗Dept of Spec 📜

🔗The Spec

TravisR offered:

Hello TWIM, it's me, not-anoa, again with your weekly spec update. I unfortunately didn't get a chance to figure out how to run the tooling which generates fancy graphs, but it looks like you'll have a more qualified person next week 😇

This week we saw a couple new MSCs:

• MSC3419 - Letting guests do more things (which is needed for things like full mesh conference calling)

• MSC3429 - A room preview API. Turns out this is more or less a duplicate of another MSC, but has a different approach. Be sure to check both out 🙂

We've also been making progress on trying to get the spec release out by formally specifying all the new global version numbering and new endpoint versioning (see this and this), and have been experimenting with how room versions are represented by the spec.

From page 6 of the open MSCs there's MSC2723. The MSC is relatively small, but solves a fairly important problem with forwarded messages in Matrix: where were they forwarded from? From a glance, it has minor technical feedback and could do with an implementation (psst: client authors, this should be easy and fit well into a North American Long Weekend project 😇).

That's all I have for you today, but if I've missed something: sorry, and you should be in capable hands next week.

🔗Dept of P2P 👥

🔗P2P Matrix

Neil Alexander said:

This week I have completely rewritten the Pinecone router with the aim of improving code quality and boosting performance. It now uses significantly less resources, making it much easier to simulate larger networks and using less battery power on mobile devices.

While there is still some work to be done to ensure the Pinecone network gracefully handles large-scale mobility events, protocol development is slowly progressing and we will soon be looking at how Matrix federation can be made more efficient by using routing intelligence from the overlay network.

If you have a passion for routing protocols and/or peer-to-peer systems, we're looking to hire engineers to work in the P2P Matrix space — get in touch by emailing your resume to us!

We also have our very own P2P Matrix room where you can follow along with the latest discussions and also occasionally pick up experimental iOS and Android builds of Element with an embedded P2P-enabled Dendrite homeserver.

🔗Dept of Servers 🏢

🔗Synapse

callahad told us:

We released Synapse 1.44 this week! The release was mainly focused on bug fixes and internal cleanups. In particular, we've made significant strides toward enforcing static type annotations across several more Synapse modules, we continue to remove "magic" code from our configuration handler, and we've landed significant refactors to both the user directory and federated event authentication. These changes pay off significant technical debt, reduce Synapse's maintenance cost, and ease future bug fixes.

But that's not all. This release also includes performance improvements around JSON serialization, new capabilities for extension modules, and better metrics around cache evictions. See the announcement for more details.

🔗Homeserver Deployment 📥️

🔗Kubernetes

Ananace said:

And for the regularly scheduled Helm Chart update this week; matrix-synapse has been updated to 1.44.0

🔗Dept of Bridges 🌉

🔗Rocket.chat

Pascal reported:

Hi! Rocket.chat is working on a bridge with Matrix !!!! So nice 😊

https://youtu.be/jBtBiUXLqAk?t=1691

🔗matrix-appservice-irc 0.32.0-rc1

Half-Shot told us:

Hello one and all! We've got a minor-yet-MAJOR release candidate of the IRC bridge up for grabs. https://github.com/matrix-org/matrix-appservice-irc/releases/tag/0.32.0-rc1 is now based upon the 3.X matrix-appservice-bridge library, and so all the innards have been replaced with matrix-bot-sdk.

Please try it out, and the full release should be out next week.

🔗Dept of Clients 📱

🔗Element clients

Updates from the teams:

Web

• Released Element Web RC 1.9.1 RC2, containing Spaces papercut fixes among other things
• Threads is continuing to steadily progress
• Cross signing bug fixes and usability improvements
• Ran another community testing session, which has thrown up many suggestions for improvements to our onboarding experience

Delight team

• Following the release of Spaces from Beta, we're fixing bugs and things which might have slipped through the cracks in the 1.0 release!

iOS

• Released 1.6.1 with Spaces and URLs preview on the App Store.
• RC1.6.2 is being built. This is mainly a maintenance release
• Updated libs and tools dependencies
• Improved Spaces performance

Android

• Element Android 1.3.2 is getting released today. It adds support to Android Auto (thanks https://github.com/abaker !) and lots of other features and bug fixes. Full changelog will be here: https://github.com/vector-im/element-android/releases/tag/v1.3.2
• The team is working on several tasks:
  • Cleanup the code managing the notifications. It should fix some related issues
  • Implement Presence support
  • Upgrade framework libraries, starting by Mavericks 2
  • Fix as many issues as possible

🔗Quaternion

kitsune told us:

The first maintenance release of Quaternion 0.0.95 is here, plugging more HTML injections (quite limited this time), with tweaks in positioning of the timeline to really return to the message you last read before closing the room, colourful display names in the timeline and not just in the user list, and one particular crash fix for a case when you made a typo in your password but then did it right - only to see Quaternion falling down to pieces. The release notes, together with self-contained binaries, are in a usual place, the Flathub repo has a new Flatpak too - just go and update!

🔗Cinny

ajbura said:

Cinny v1.3.2 got released this week. It fixes unwanted "Password don't match" error on register page along with small improvements in Public room modal and message input (Thanks to Empty2k12). We also released v1.3.1 last week which fixed unnecessary CPU usages on idle and infinite spinner after login.

Check it out at: https://cinny.in

Join the matrix room: #cinny:matrix.org

🔗SchildiChat

qg said:

SchildiChat is a fork of Element that focuses on UI changes such as message bubbles and a unified chat list for both direct messages and groups, which is a more familiar approach to users of other popular instant messengers.

Both the Web/Desktop and the Android variant have received a couple of new features during the last weeks, so it's time again to share some of the highlights with you!

🔗Web/Desktop

The Web/Desktop variant has received plenty of love for the last few weeks, so best to list some of the bigger changes:

• Added a setting for the room list style: you can now choose between "roomy" with big avatars and two-line previews, "intermediate" for a smaller avatar and a single line preview, or "compact" to get a tiny avatar and the room preview in the same line of the room name

• Added a setting how to color usernames in the chat: either uniform, based on the MXID, or based on the user's power level (Android has this feature for some time already, too!)

• Added a setting to not open automatically the most recent chat when switching spaces

• Improved theme settings: you can now choose custom themes independently for both light and dark mode

• Workaround for switching between light and dark mode together with the system on Linux

• macOS builds are now signed

• ... and many more (read the release announcements on GitHub or join our announcement room (#schildichat-web-announcements:matrix.org) to stay informed)

The following screenshot showcases the compact room list and user name color mode based on PL:

So take that, IRC style lovers! 😁

🔗Android

We added support for MSC2654 for server-reported unread counts. This means that we can now display the number of unread messages even for muted chats, if your homeserver supports it (synapse does)!

Feel free to join the SchildiChat space (#schildichat:matrix.org), and visit our discussion rooms!

🔗Dept of SDKs and Frameworks 🧰

🔗Halcyon

gen3 said:

Hello! Halcyon is a Matrix bot library created with the intention of being easy to install and use. My goal is to lower the barrier of entry currently required to write and maintain a bot. I do not intend you to need a database, or have to juggle encryption keys.

With the initial release of the library we currently have:

• A CLI tool for creating and revoking tokens

• Hooks for new messages, message edits

• Hooks for room invites, and leaving rooms

• Sending messages as text, markdown, and HTML

• Sending replies to messages

• Ever improving documentation Please check out the example in https://github.com/WesR/Halcyon and join us over in #halcyon:blackline.xyz

🔗jOlm

brevilo said:

Hi! Just a quick one: this week saw the first stable release of jOlm - Olm bindings for Java

🔗libQuotient

kitsune told us:

This week has seen two maintenance releases of libQuotient - just after 0.6.10 went out, fixing an issue with invites not showing up, another issue with URLs that have unescaped double-hashes (coincidentally, matrix.to URLs to some IRC channels are exactly those). Those URLs are not quite following the RFC but are accepted widely enough to warrant a fix, and a new release. Get 0.6.11 from here (or better, just checkout the respective Git tag).

🔗Dept of Bots 🤖

🔗Standupbot

Sumner said:

A few weeks ago, I posted about the standupbot that I wrote to help assist with creating and sending standup posts to a room. I'm excited to announce today that you can choose to interact with the standupbot using threads! Instead of asking you about each part of the standup post individually, it creates threads for each of the parts that you can fill in. Your replies get added to the standup post like before, but it's a bit more interactive of a process. Here's a picture of how it looks (ignore all the display bugs due to Element).

If you are interested in learning more, the source code is here: https://sr.ht/~sumner/standupbot and you can join the development matrix room #standupbot-dev:sumnerevans.com

🔗Dept of Events and Talks 🗣️

🔗Running conferences on Matrix: A post-mortem of Ansible Contributor Summit

Gwmngilfen reported:

Following the Matrix-powered Ansible conference featured in TWIM-2, @gwmngilfen:ansible.im has written up some thoughts on how it was structured, how it went, and why he thinks it worked (spoiler! It worked quite well!).

🔗Dept of Interesting Projects 🛰️

🔗Newgrounds MVS (Matrix adVancement Server)

mr_johnson22 offered:

🔗An (unofficial) Matrix server for the Newgrounds community.

Since I was pressed for time last week, I didn't go much in depth on how this server works. Here is a brief overview of its components:

• https://app.ngmvs.one: A self-hosted Element Web with some theming tweaks, and the easiest way to visit the server.

• https://matrix.ngmvs.one: the homeserver itself (Synapse). It has open registration, but only for Newgrounds Supporters (ie. patrons) via SSO logins with Newgrounds accounts. But Newgrounds doesn't have its own "Log in with Newgrounds" capability, so that leads me to the next component:

• ng-saml-idp: middleware built on PySAML2 for using Newgrounds logins as a SAML2 Identity Provider. The code is tailored for my Synapse installation, but it can easily be tweaked to allow Newgrounds SSO logins to any SAML2-compatible service!

• W-Bot: a Matrix appservice/bot built on mautrix-python that serves two purposes:

  1. Creates Matrix rooms for Newgrounds movie/game submission pages (ie. maps #portal_view_<ID>:ngmvs.one to https://www.newgrounds.com/portal/view/<ID>), and adds a widget containing the submission itself to these rooms (but only if it's a movie--widgets for games will only have a link)

  2. Restricts membership of any room it moderates to logged-in Newgrounds Supporters. Users without a :ngmvs.one account can authenticate to the bot via the "login" bot command, which lets them log into their Newgrounds account.

  Point 2 also means that anyone on the Matrix network can make a room that's restricted to Newgrounds Supporters. Just make sure the bot has a high enough power level to kick users!

  Public (and federation-accessible) instance is at @w-bot:ngmvs.one.

  (PS: The "W" stands for "double"--because of its job of "copying" rooms into Matrix.)

• MVSX: a Firefox extension that, when visiting a Newgrounds movie/game submission page, puts a button in the URL bar that sends you to the Matrix room created for that submission by W-Bot.

This week's updates:

• W-Bot now has the inviteme command to invite the issuing user to the invite-only space room for logged-in Newgrounds Supporters. (Users should be invited there automatically, but this command is for people who leave / reject invites to that space & want to re-join it later.)

• The MVSX extension has been updated to allow joining rooms with Matrix clients other than app.ngmvs.one. Right-clicking the URL bar icon now shows a drop-down list of alternative clients, and lets you set which one to use by default (on left-clicks of the icon).

Discussion: #ngmvs-public-discussion:ngmvs.one

🔗Final Thoughts 💭

🔗Room of the week

timokoesters offered:

Hi everyone! Did you ever feel lost in the Matrix world? The room directory is big, but it's still hard to find something you like. Or are you a room moderator, but there is not much activity in your room because it doesn't have enough users?

This is why I want to share rooms (or spaces) I find interesting.

---

This week's space is: #retro:nil.im

"I‘m in plenty of retro computing and gaming related Discords and got annoyed that there was no such thing on Matrix. So, I created a Matrix Space for all things retro computing and gaming, hoping there might be enough like-minded people on Matrix to build a community. There should hopefully be rooms for everything now, although a few are still missing room icons - that will come over the next days. Here’s to hoping that the retro computing community can also thrive outside of Discord 😁."

---

If you want to suggest a room for this section, tell me in #roomoftheweek:fachschaften.org

🔗Dept of Ping 🏓

Here we reveal, rank, and applaud the homeservers with the lowest ping, as measured by pingbot, a maubot that you can host on your own server.

🔗#ping:maunium.net

Join #ping:maunium.net to experience the fun live, and to find out how to add YOUR server to the game.

Rank	Hostname	Median MS
1	boba.best	504
2	trolla.us	588
3	maunium.net	606
4	aria-net.org	716.5
5	ziroh.be	882
6	maescool.be	910
7	fff.chat	936
8	thomcat.rocks	1157
9	envs.net	1442
10	wallace.sh	2480.5

🔗#ping-no-synapse:maunium.net

Join #ping-no-synapse:maunium.net to experience the fun live, and to find out how to add YOUR server to the game.

Rank	Hostname	Median MS
1	bwitch.me	352
2	sspaeth.de	416.5
3	spacedn.com	588
4	0x1a8510f2.space	887
5	jae.su	965
6	pixelthefox.net	1074.5
7	matrix.awesomesheep48.me	1145
8	envs.net	1930
9	dendrite01.fiksel.info	2305.5
10	weber.world	2993.5

🔗That's all I know 🏁

See you next week, and be sure to stop by #twim:matrix.org with your updates!

Synapse 1.44.0 is out now!

🔗Loads of Bug Fixes

This release primarily includes fixes for over a dozen long-standing bugs. For example:

• Messages containing null bytes are now properly indexed for search.
• The Room Search Admin API now allows searching for rooms with non-ascii titles.
• URL preview caches, which are meant to be ephemeral, are no longer mirrored from the local media store into other media providers.

🔗Faster JSON Responses

We now stay within C code while generating large JSON objects for responses, which should be substantially faster than the previous technique, which fell back to Python for encoding.

🔗New Extension Module APIs

Spam checker modules can now use a user_may_create_room_with_invites callback to inspect room creation events which include invitations to users via Matrix or other media (email, etc.).

Additionally, the ModuleApi can now inspect IP and User Agent data, as well as checking whether Rooms and MXIDs are local to the current homeserver.

🔗Everything Else

We've also been busy refactoring. For example:

• Prometheus stats now distinguish between cache evictions due to entries expiring, and cache evictions due to the cache being full.
• The synapse.handlers, synapse.rest, and synapse.storage.databases.state modules are now fully type annotated and checked by mypy, among others.
• The user directory search code was cleaned up in preparation for future fixes.
• Another half dozen pull requests were merged with an aim toward clarifying federated event authentication code (and associated logging).

Lastly, this release has seen considerable work toward supporting MSC2716: Incrementally importing history into existing rooms, along with an update to match the current state of MSC3231: Token authenticated registration.

These are just the highlights; please see the Upgrade Notes and Release Notes for a complete list of changes in this release.

Synapse is a Free and Open Source Software project, and we'd like to extend our thanks to everyone who contributed to this release, including aaronraimist, cvwright, govynnus, Kokokokoka, and tulir.

🔗Matrix Live 🎙

This week in Matrix, William tells us about the State Compressor he wrote during his internship to reduce the size of Synapse's database, and so much more. William being a former intern of the backend team, who else than his mentor Brendan could lead the interview?

🔗Dept of Spec 📜

🔗The Spec

TravisR told us:

Hello! It is not-anoa here with the spec update this week, which unfortunately means no pretty graph of MSCs (sorry). I do however have some curated updates to the spec for you:

This week we saw a couple new MSCs get opened:

• WIP: MSC3417: Call room room type from SimonBrandner

• WIP: MSC3414: Encrypted state events

Though WIP, both are exciting steps towards much larger goals - looking forward to see how they progress! We also saw FCP finish on MSC3231: Token authenticated registration, part of Callum's GSOC project this summer - congratulations! MSC2918: Refresh tokens also finished FCP this week, making it a good time for clients to consider that access tokens might expire or appear in a different format in upcoming versions of the spec. MSC2582: Remove mimetype from EncryptedFile object was also merged to the spec - thanks Sorunome for finding the duplicated field which was duplicated!

Behind the scenes, the Spec Core Team (SCT) has been thinking about how we can release the spec as we've been talking about doing so for months. We're declaring a bit of a freeze on new things entering the spec for the time being, but that doesn't stop MSCs from completing FCP or being opened - they just might miss the v1.1 cut (sorry). Most of the work needed to release is deployment stuff rather than Matrix stuff, so the hope is is we can get it all worked out soon.

I don't have the random MSC script on hand, but I do have access to the MSC list and found WIP: MSC3030: Jump to date API endpoint. It's listed as work in progress, but is one of the MSCs I personally look forward to being accepted in time!

That's all for spec this week. I'm not sure about next week, but you might be stuck with me again. Maybe I can find those fancy graph tools in time...

Thanks a lot not-anoa, that was a great spec update!

🔗Dept of Servers 🏢

🔗Synapse

callahad reported:

Lots of work in preparation for Synapse 1.44 which is due out next week. Notably, we've found a few small regressions in rc1, so expect another release candidate on Monday followed by a formal release on Tuesday or Wednesday.

I look forward to telling you all about that, and our plans for Q4, next week. 🙂

Now that's some teasing! I can't wait for next week!

🔗Homeserver Deployment 📥️

🔗Kubernetes

Ananace told us:

This week too sees some Helm Chart updating, with element-web having been bumped to 1.9.0

🔗Dept of Bridges 🌉

🔗Heisenbridge

hifi told us:

Heisenbridge is a bouncer-style Matrix IRC bridge.

Release v1.2.1 🥳

• Use read receipts to track messages

• Don't prefix all lines in relaybot mode (regression)

• Fix formatter recursion context un-pillify (regression)

Go grab your fix from PyPI or matrix-docker-ansible-deploy!

Thanks!

🔗Slack bridge 1.9.0-rc1, with a PSA

Half-Shot said:

Hey folks, it's been a while since we released changes to the Slack bridge but here we are on our next RC. This one includes a few new things, most notably:

• The bridge now automatically invites users to private rooms if there is a message and they are not joined. (#613)

• Update bridge to matrix-appservice-bridge 3.1.0 (#614)

Also, a PSA: If you were struggling to bridge your rooms to matrix while using the matrix.org bridge, this should now be fixed. An update made to the Slack APIs silently broke the oauth flow, which has since been fixed. This was a misconfiguration-gone-unnoticed in our Slack app configuration, so self hosters don't need to upgrade. The details are in https://github.com/matrix-org/matrix-appservice-slack/issues/617#issuecomment-932047990

🔗Dept of Clients 📱

🔗Nheko

Nheko is a desktop client using Qt and C++17. It supports E2EE and intends to be full featured and nice to look at

Nico (@deepbluev7:neko.dev) told us:

While I am a bit busy at the moment, Nheko is getting a lot of valuable smaller contributions:

• Updated the emoji pickers to Unicode 14, so that you can properly troll people.

• Pasting images should now work properly again on Windows and macOS, including pasting SVGs!

• The help and version command line parameters now work properly, even if an instance of Nheko is already running.

There has also been a lot of progress on the translations! We just cracked 50% translated, but since that includes a lot of languages with only a few percent, this is actually much more than it sounds! We actually have 8 languages with over 90% translations now. If you speak one of the languages at 70% or so, any help translating the remaining bits is very much appreciated. You can easily translate without an account here: https://weblate.nheko.im/projects/nheko/nheko-master/#translations If you want to translate without having to rely on the upvote mechanism, feel free to ask for translation permissions directly in #nheko:nheko.im. That is also the right room to ask questions about the translation process or translations themselves.

Nheko is also participating at Hacktoberfest this year. Translations done using the webinterface won't get counted for that though, you would need to submit a pull request manually for that. If you always felt like contributing to Nheko would be fun, but you had no reason to, now you can do it to let someone plant a tree for you (or get a T-shirt)!

That's all, I need to get back on my train!

🔗Hydrogen

A minimal Matrix chat client, focused on performance, offline functionality, and broad browser support. https://github.com/vector-im/hydrogen-web/

Bruno said:

Hydrogen saw a few bug fixes (0.2.14, 0.2.15 and 0.2.16) this week again, and also gained the possibility to recover from low-storage scenarios where the browser would clear indexedDB.

One of the bugs fixed might have caused a timeline corruption, so when you get the 0.2.16 update the history cache will be cleared and you'll notice a bit of delay as you do an initial sync again.

Aside from working on Hydrogen as a standalone app, I'm also making it easier to embedded in other projects. More info to come on that!

We've also had a priority planning this week, which spawned an updated backlog. Have a look if you're interested what can be expected next (although be aware that the backlog has proven volatile in the past 🙂).

Hydrogen embedded! I'm looking forward to that. Great work Bruno!

🔗Element Clients

🔗Delight team

• Released spaces out of Beta on Web and Android..!
• Following through on the beta release of Spaces - fixing more bugs and polishing on all platforms.

🔗Web

• Released Element Web 1.9.0 with Spaces enabled
• Threads
  • Working with the Synapse team to work out what backend support will be required for threads
  • Steadily improving the UI
• Added the ability to expand truncated quotes in replies
• Cross-signing bug fixes

🔗iOS

• We refrained from releasing 1.6.0 to the App Store because of regression issues reported by TestFlight users. Huge thanks for that!
• 1.6.1 (Spaces and URLs preview) with all the bug fixes is being reviewed by Apple. It should be on the App Store on Monday
• The implementation of user mentions in the composer has started (in SwiftUI!)
• Last message types displayed in room lists have been aligned with other platforms
• Tweaks to URL Previews and Contacts Access
• New app navigation code architecture is coming. It will be possible soon to navigate through permalinks without losing rooms previously visited
• RoomSummary storage in CoreData is still in progress

🔗Android

• Element Android is now in the 500k - 1M downloads category on the PlayStore!
• Element Android 1.3.1 has been released on Thursday on the PlayStore
• Now we are working on fixing issues, improving performance, and upgrading some important libraries.
• The Presence support has made good progress too, it will maybe be merged for the next release.

🔗Dept of Bots 🤖

🔗matrix-email-bot

TravisR told us:

After 4 years, matrix-email-bot finally got an update. Now at v2, the bot has been rewritten using TypeScript and matrix-bot-sdk (farewell, js-sdk from 2017). It still requires manual setup and the behaviour overall should be the same as before, though the amount of testing is somewhat minimal - please complain in #email:t2bot.io if something goes wrong.

The bot also now supports encrypted rooms out of the box, including on the t2bot.io instance. Check out t2bot.io/emailbot for information on how to get the bot set up in your room.

The full changelog is available on the repo: https://github.com/t2bot/matrix-email-bot/releases/tag/v2.0.0

Useful to watch a security mailing-list from the comfort of a Matrix room!

🔗Dept of Interesting Projects 🛰️

🔗Newgrounds MVS (Matrix adVancement Server)

mr_johnson22 announced:

An (unofficial) Matrix server by and for the Newgrounds community.

This is a Matrix server with membership restricted to Newgrounds Supporters. Newgrounds is an independent arts & entertainment site that has been around for over 20 years, and I felt that its spirit of independence is a perfect match with the openness of Matrix!

The most notable feature of the server is comment rooms for Newgrounds submissions. Unlike other content-sharing sites, Newgrounds submissions don't have comment sections, but review sections, which let you post a single comment (and optional rating) for a submission. This encourages reviews to be focused on providing constructive feedback instead of being a place for off-topic discussions. With that said, open comment systems are nice too, so this Matrix server provides it! Simply visit #portal_view_SUBMISSION_ID:ngmvs.one to view!

These comment rooms are world-visible, but (at least for the time being) only Newgrounds Supporters may join these rooms & post comments in them.

To help along with this, I made a Firefox extension to make joining these rooms a breeze: NG MVSX. Simply view a Newgrounds submission page, and click on the icon that appears in your URL bar!

Code for all components is open-sourced on GitLab.

This is all very new, so things might break! If they do, tell me in #ngmvs-public-discussion:ngmvs.one

🔗Final Thoughts 💭

LorenDB remembers us:

if you need an excuse to contribute to Matrix... It's Hacktoberfest! Get hacking!

🔗Dept of Ping 🏓

Here we reveal, rank, and applaud the homeservers with the lowest ping, as measured by pingbot, a maubot that you can host on your own server.

🔗#ping:maunium.net

Join #ping:maunium.net to experience the fun live, and to find out how to add YOUR server to the game.

Rank	Hostname	Median MS
1	envs.net	424
2	mangwiro.net	508
3	matrix.kalleeen.fi	555
4	trolla.us	567.5
5	maunium.net	667.5
6	maescool.be	733.5
7	rollyourown.xyz	751.5
8	smeken.nl	816.5
9	aria-net.org	861.5
10	conduit-test.searx.monster	890

🔗#ping-no-synapse:maunium.net

Join #ping-no-synapse:maunium.net to experience the fun live, and to find out how to add YOUR server to the game.

Rank	Hostname	Median MS
1	bwitch.me	277
2	pixelthefox.net	619
3	jae.su	869
4	matrix.awesomesheep48.me	1858.5
5	0x1a8510f2.space	2677

🔗That's all I know 🏁

See you next week, and be sure to stop by #twim:matrix.org with your updates!

🔗Matrix Live 🎙

🔗Dept of Spec 📜

🔗The latest in appservice proposals: Synthetic events

Half-Shot told us:

Hi folks, I've been let loose on more spec things: This time I'm looking at synthetic events. The goal with this proposal is to give appservices more visibility over the innards and actions of a homeserver. When a user registers, we want an appservice to know (perhaps to send them a little greeting, or to provision some resources) or perhaps you want to clear up bridge resources when the user deactivates their account.

The hope with this proposal is that it's going to set the foundations for services to be able to hook into and provide richer functionality based upon user actions outside of rooms. It might sound a little dry right now, but eventually I'm hoping this can be extended in lots of ways and potentially do away with per-implementation modules, instead writing services that work with all homeservers.

Please give the proposal some love/feedback :)

When asked if that was a specification change he drafted because of limitations faced when trying to implement a bridge, he said:

Yeah, so it's something I've been plotting for a while, but internally we wanted the ability to "act" based upon signups to a homeserver i.e. sending a welcome. In the past this has been implemented client-side in Element, but that has obvious caveats.

The traditional response has usually been to write a Synapse module, but I wanted to do something that could be used on other homeserver implementations and also not have to have it co-located with the homeserver, so the natural home for this kind of logic was appservices.

There are other things there too like logouts / deactivations which are good for erasing data on a service too. Generally I'm hoping it can be extended further once it's stable, for other use cases too

🔗Spec

anoa announced:

Here's your weekly spec update! The heart of Matrix is the specification - and this is modified by Matrix Spec Change (MSC) proposals. Learn more about how the process works at https://spec.matrix.org/unstable/proposals.

🔗MSC Status

New MSCs:

• [WIP] MSC3401: Native Group VoIP Signalling

MSCs with proposed Final Comment Period:

• No MSCs entered proposed FCP state this week.

MSCs in Final Comment Period:

• MSC3231: Token authenticated registration (merge)
• MSC2918: Refresh tokens (merge)

Merged MSCs:

• No MSCs were merged this week.

🔗Spec Updates

MSC3401 (Native Group Voip Signalling) has been receiving positive feedback over the course of the week. The MSC spells out how one would go about implementing native, decentralised group voice and video calls over Matrix without the need for a third-party service. This is the next step forward after the full-mesh group signalling work, as demoed in previous editions of TWIM, lands. Quite exciting stuff!

Otherwise there was another Spec Core Team retro this week. Discussion focused mainly on how to handle event types that not every implementation using Matrix may need (think pinned messages and how that might not be very useful for IoT networks...). Watch this space!

🔗Random Spec of the Week

The random spec of the week is... MSC2666: Get rooms in common with another user!

This is actually already implemented and enabled by default in Synapse, believe it or not. But no clients have support for it yet (there is an outstanding matrix-react-sdk PR...).

This is a pretty cool feature in my opinion, any client want to be the first?

MSC3401 looks like there's a lot of work going on on the native VoIP side. I can't wait to see what the future holds!

🔗Dept of Servers 🏢

🔗Synapse

callahad said:

This week we released Synapse 1.43! This mainly contains internal changes, including those in preparation for Spaces leaving beta, but it's worth calling out that this version of Synapse now uses the MSC3244: room version capabilities API to ask clients to prefer room version 9 when creating restricted rooms.

Support for room version 9 was introduced in Synapse 1.42, so we'd strongly encourage administrators to upgrade.

Perhaps more notably for Synapse developers, we've spent quite a lot of time over the past few weeks improving the SyTest suite of integration tests. Several of the tests had race conditions which would cause them to occasionally fail when testing a multi-worker deployment of Synapse. These flakey tests have plagued our continuous integration pipelines, and are finally being fixed.

The long term plan is still to transition to Complement (written in Go) and away from SyTest (written in Perl), but we still need to ensure that SyTest is reliable in the meantime.

🔗Homeserver Deployment 📥️

🔗Kubernetes

Ananace offered:

This week - like all weeks - brings some Helm Chart updates, with matrix-synapse being updated to 1.43.0.

The chart store has been redone to track multiple versions now too, so older versions of the charts will stick around for a while.

Ananace always answering the call on TWIMday!

🔗etke.cc

Aine announced:

etke.cc now offers hosting options (and some more stuff)

Hi there, Didn't post updates about the etke.cc service for a while. If somebody not familiar - we setup and maintain matrix servers (based on awesome spantaleev/matrix-docker-ansible-deploy)... and setup VPN... and DNS recursive resolver, and... AND!!!! Provide hosting, yes. So, starting today that's available for everyone (we offer it for some time in "well, you know, we don't provide hosting, but if you want it so hard..." way and it works good)

Even with that update (literally the most requested thing, was in every third order we got), provided hosting considered as your own server, the only difference that you don't pay hosting provider directly, but through us. So, you get root access to the server and we treat it as any other customer's infrastructure

Join #announcements:etke.cc room and say hello in #discussion:etke.cc

🔗Dept of Bridges 🌉

🔗Heisenbridge

hifi offered:

Heisenbridge roundup!

Heisenbridge is a bouncer-style Matrix IRC bridge.

Release v1.2.0 🥳

• Message formatting (from HTML to text) has been drastically improved

• CTCP replies are now shown correctly but still ignored

• Mentions/pills always honor room nick

• Plumb notices don't loop around anymore

• Self replies don't prefix with own nick

• Single line truncation works when max lines is 1

• Multiple fixes to displaynames or messages containing control characters leaking to IRC

• New dependency: mautrix-python

• Minimum Python version requirement has been bumped to 3.7

I've also started releasing source archives as GitHub releases for distribution packagers and the project is published to PyPI to have more installation options.

matrix-docker-ansible-deploy has also been updated with the new release, thanks again Slavi 🍻!

Thanks!

What improvements did hifi bring to the formatting you may ask? I asked, and hifi answered:

the fallbacks are inconsistent and usually are markdown which is a lie 😅 replies and mentions are completely all over the place in the fallback in addition to being markdown the unformatted html is now something in between and doesn't do code blocks at all because those ticks are just noise on irc it tries to look like more that you pasted long text rather than sending markdown

That's very considerate for IRC user, thanks hifi!

🔗Dept of Clients 📱

🔗FluffyChat 0.41.0 has been released

FluffyChat is the cutest cross-platform matrix client. It is available for Android, iOS, Web and Desktop.

krille said:

This release features a lot of bug fixes and the new multi account feature which also include account bundles.

🔗All changes:

• feat: Multiple accounts

• feat: New splash screen

• fix: Password reset

• fix: Dark text in cupertinodialogs

• fix: Voice messages on iOS

• fix: Emote settings

• chore: update flutter_matrix_html, Matrix Dart SDK and other libraries

• chore: Update to Flutter 2.5.1

• chore: Updated translations

Multiple accounts and voice messages on iOS, in a single release, no less! Fluffychat is not only cute but also powerful.

🔗Quaternion

kitsune announced:

After 2+ years of development, Quaternion makes a leap from 0.0.9.4 all the way to 0.0.95. The release notes list some key improvements: reactions, Markdown, revamped timeline, user profile dialog and a lot of other things. It’s the same small and fast client that blends nicely into your desktop environment, it just got much better. Go and get it!

Congrats on the release, kitsune!

🔗Element Clients

🔗Delight team

• We’re testing & polishing Spaces, releasing them out of beta in the upcoming release cycle next week!
• On iOS
  • We’re anticipating some performance issues on a very small number of accounts which participate in a very large number of rooms. After trying the next release, if this affects you, please let us know as it’ll help inform whether we cut an off-cycle hotfix or prep changes for the next release.
  • iOS doesn’t support pagination in the Space Summary API yet, so will only return the first 50 rooms in large Spaces when browsing. Support for this is planned for the following release.

🔗Web

• Released Element Web 1.8.6 RC2.
• Fixing bugs and cosmetic issues with our Threads feature, currently in Labs.
• Cross-signing bug fixes.
• This week we Ran our first community testing session on 1.8.6 with members of the community. We were very pleased with how this went and intend to continue the sessions. You can help making Element even better by participating in our fortnightly testing sessions. Join #element-community-testing:matrix.org, and learn how to make the most useful feedback

🔗iOS

• The RC 1.6.0 with spaces is being reviewed by Apple
• Element iOS requires now iOS 12.1 minimum
• URL preview and voice message refinements
• SwiftUI templates have been merged

🔗Android

• The RC 1.3.0, with Spaces, will be prepared today.
• We have started to work on Presence
• We are still working to improve the overall performance of the application and the SDK
• Also we are doing lots of maintenance on the whole code base, and we are improving the CI.

🔗Hydrogen

A minimal Matrix chat client, focused on performance, offline functionality, and broad browser support. https://github.com/vector-im/hydrogen-web/

Bruno told us:

Multiple (0.2.12 & 0.2.13) bugfix releases this week for timeline and sync issues, and also some minor UX issues. Get them while they are hot!

🔗Dept of Ops 🛠

🔗synadm is the Synapse admin CLI

jojo offered:

A little synadm release went out this week. Thanks a lot to @govynnus for contributing "Registration token management", it's available as a new subcommand regtok. Also some tiny improvements here and there were brought in to make admin experience even more convenient.

Have a look at the release notes: https://github.com/JOJ0/synadm/releases

PyPI: https://pypi.org/project/synadm/0.31/

Upgrade: https://github.com/JOJ0/synadm#update

Those are the same registration tokens GSoC intern Callum implemented and told us about in this Matrix Live episode.

🔗Dept of Events and Talks 🗣️

🔗Ansible Contributor Summit 2021.09

cybette announced:

Ansible Contributor Summit 2021.09 is happening next week! It will be held over 2 days, on Tuesday September 28 and Friday October 1, from 13:00-21:00 UTC, and will be held on the Matrix platform.

The Ansible Community has recently adopted Matrix as an official chat platform and this is our first Matrix-powered conference. Feedback welcome! You will need a Matrix account to participate in the conversations. For more information, please see Communication - Real-time chat and the Ansible Community Matrix FAQ.

Join the Ansible Social Room anytime before or during the event and say hi! During the presentations, join the Main Conference Room to participate in the discussions. We will also have a session on How we are rolling out Matrix to the Ansible Community.

If you're interested, check out the details and register on Eventbrite. We look forward to seeing you on Matrix at the Ansible Contributor Summit!

Gwmngilfen added:

there's a mix of stuff going on to try out, we have hack sessions on Tues that may use the embedded Jitsi etc, and talks on Friday that will be more presenter/spectator

It's exciting to see an organisation holding an online conference on Matrix!

Gwmngilfen also promised:

I will blog about the setup as a post mortem

We count on that, others are interested in this kind of set-up too!

🔗Dept of Ping 🏓

Here we reveal, rank, and applaud the homeservers with the lowest ping, as measured by pingbot, a maubot that you can host on your own server.

🔗#ping:maunium.net

Join #ping:maunium.net to experience the fun live, and to find out how to add YOUR server to the game.

Rank	Hostname	Median MS
1	envs.net	440.5
2	trolla.us	540
3	boba.best	551.5
4	matrix.vilni.space	580.5
5	aria-net.org	928
6	yfe.re	943
7	wallace.sh	1414
8	here.in.ua	1490
9	tchncs.de	1531
10	nordgedanken.dev	1768

🔗#ping-no-synapse:maunium.net

Join #ping-no-synapse:maunium.net to experience the fun live, and to find out how to add YOUR server to the game.

Rank	Hostname	Median MS
1	here.in.ua	295
2	dendrite.nordgedanken.dev	305
3	sspaeth.de	484
4	weasy-is-my.name	537
5	spacedn.com	684.5
6	jae.su	760
7	kath-zollern.v6.rocks	1028.5
8	matrix.awesomesheep48.me	2165
9	0x1a8510f2.space	3030
10	weber.world	3885.5

🔗That's all I know 🏁

See you next week, and be sure to stop by #twim:matrix.org with your updates!

Synapse 1.43.0 is out now!

🔗Preparing for Spaces

Quite a lot of work has gone into preparing for Spaces to graduate from beta testing. For example, Synapse now:

• Asks clients to prefer room version 9 when creating restricted rooms (#10772), via the API defined in MSC3244: room version capabilities.
• Allows the Spaces Summary APIs to be handled by worker processes.
• Omits rooms with unknown room versions from the Spaces Summary.
• Properly handles upgrades of Spaces to different room versions.

🔗Everything Else

This release of Synapse also:

• Includes initial work toward fully supporting oEmbed for embedding URL previews (#10714, #10759).
• Slightly speeds up room joins over federation (#10754, #10755, #10756, #10780, #10784).
• Somewhat improves service restart times for large Synapse deployments.
• Significantly refactors federation event authentication code for greater clarity (#10744, #10745, #10746, #10771, #10773, #10781).
• Adds further static type hints to various modules.

We've also spent quite a lot of time on SyTest, our integration test suite. In particular, many of the tests made assumptions about event processing which were not correct when targeting a multi-worker Synapse deployment. These flakey tests have plagued our continuous integration pipelines, and are finally being fixed.

These are just the highlights; please see the Release Notes for a complete list of changes in this release.

Synapse is a Free and Open Source Software project, and we'd like to extend our thanks to everyone who contributed to this release, including AndrewFerr, BramvdnHeuvel, and cuttingedge1109.

🔗Matrix Live 🎙

We've been chatting with Denis about the vulnerabilities disclosed by Element this Monday.

🔗Dept of Spec 📜

🔗Spec

anoa said:

Here's your weekly spec update! The heart of Matrix is the specification - and this is modified by Matrix Spec Change (MSC) proposals. Learn more about how the process works at https://spec.matrix.org/unstable/proposals.

🔗MSC Status

New MSCs:

• MSC3395: Synthetic appservice events
• MSC3394: New auth rule that only allows someone to post a message in relation to another message

MSCs with proposed Final Comment Period:

• MSC2918: Refresh tokens

MSCs in Final Comment Period:

• No MSCs are in FCP.

Merged MSCs:

• No MSCs were merged this week.

🔗Spec Updates

If MSC2918 above is giving you feelings of déjà vu, don't worry. It already had FCP proposed, but due to a resolved concern being incorrectly processed by mscbot on github, a new FCP proposal was carried out.

In other news, MSC3381 (Polls - mk II) receive a fair amount of attention this week. It implements inline polls via a new m.poll type and makes use of the concept of extensible events. Do check it out if you're interested in voting through means other than message reactions!

Otherwise Alexandre Franke and myself will be looking at cleaning up the CI of the matrix-org/matrix-doc repo next week, as well as continue to move the infrastructure for the new spec release forwards.

🔗Random Spec of the Week

The random spec of the week is... MSC1235: Proposal for Calendar Events.

This one is entirely new to me, and has some slight overlap with some work for MSC2762: Allowing widgets to send/receive events, where we were thinking about how a widget could act as a calendar using Matrix rooms and events as a calendar backend.

The more you know 🌠

🔗Dept of Servers 🏢

🔗Synapse

callahad said:

The Synapse team is busy gearing up for 1.43.0 next week, which will make room version 9 the default for newly created restricted rooms, among other things.

We've also been doing quite a lot of work on Sydent. Notably, last week's 2.4.0 release introduced a few regressions which have been resolved in subsequent point releases. The one-shot case folding migration script for Sydent is still performing unexpectedly slowly; look for that to be resolved soon.

As the end of the year approaches, now is a good time to ensure you're ready for the deprecation of PostgreSQL 9.6 (November) and Python 3.6 (December). Do you have plans to upgrade to Pg 10 and Py 3.7 or newer? If not, there's no time like the present! 🗓

Lastly, Hacktoberfest 2021 is less than two weeks away! Many Matrix projects intend to participate, including Synapse.

With rooms version 9 as the default, it feels like Spaces are trying hard to escape beta!

🔗Homeserver Deployment 📥️

🔗Kubernetes

Ananace said:

And yet again more Kubernetes Helm Chart updates this week, with element-web being bumped first to 1.8.4 and then 1.8.5. More improvements for the new ingress object in K8s 1.19 also landed.

🔗Dept of Bridges 🌉

🔗Heisenbridge

Heisenbridge is a bouncer-style Matrix IRC bridge.

hifi told us:

Heisenbridge roundup!

Release v1.1.1 🥳

• Message edits are now supported and use stupid context aware "compact enough" edit format (+ - *)

• Media will be quarantined if you redact them and the bridge is an admin on the HS

• Public media URL can now be overridden in control room if auto-detection fails

• New plumbs respect the default member sync setting

• ; is included in pill separators

Better message formatting coming up in v1.2.0, I hope 🤔

matrix-docker-ansible-deploy has also been updated with the new release, thanks Slavi!

Thanks!

🔗mautrix-googlechat

Tulir said:

mautrix-hangouts has turned into mautrix-googlechat. It's still in alpha stage, but text messages work in both directions, media from google chat works and threads from google chat are bridged as replies.

🔗Dept of Clients 📱

🔗Cinny v1.3.0: Initial Space support and notifications

ajbura announced:

🔗Features

• Cinny now support Spaces. They are still in early development phase but you can see nesting and pin/unpin to sidebar.

• There're options to control room notifications now.

• Also added notification badges to sidebar so now there will be a visual notification of any message in Home/People/Spaces in sidebar.

• And after a month discussion also renamed 'Channels' to 'Rooms' so don't get confused on finding rooms all over.

• James (we got new contributor 🎉) added options to change avatar and display names. He also added support for uploading image by copy-pasting.

• Edit message input now saves message on enter.

• There now a toggle to view your password on login/register page.

• And there will be an error message when client disconnect to server.

🔗Bugs

• Fixed scroll on login page.

• Fixed notification badge color in dark themes.

🔗Others

• We are also started shipping an official docker image which you can find on DockerHub ajbura/cinny.

Find more about Cinny at https://cinny.in/

Join our channel at: #cinny:matrix.org Github: https://github.com/ajbura/cinny

Twitter: https://twitter.com/@cinnyapp

I’m thrilled about Spaces support and I'm certain we’ll hear more about Cinny shortly!

🔗Fractal

Alexandre Franke got a bit carried away and announced in French:

La grande nouvelle de la semaine est l’arrivée du chargement de l’historique, implémenté par Julian. Nous avons également 2 nouveaux contributeurs :

• djenren a corrigé l’écran de connexion et mis à jour la version de Rust suggérée

• Dave Patrick a amélioré le style du code en remplaçant des appels à nth() par get_index()

🔗Hydrogen

A minimal Matrix chat client, focused on performance, offline functionality, and broad browser support. https://github.com/vector-im/hydrogen-web/

Bruno told us:

Released 0.2.9 & 0.2.10 this week with the main thing being improvements in preventing scroll jumps when resizing or loading more content in the timeline. Not 100% of scroll jumps will be solved with this release, but it should be improved a lot. Please report any issues you may encounter in this area! There were also a few bugs fixed, see the linked release notes. Try it out at hydrogen.element.io!

🔗Beeper

Brad Murray offered:

Beeper is a unified chat app built on top of Matrix. We've created 10+ open source Matrix bridges and integrated them into an easy to use all-in-one service which does not require setting up your own homeserver. You can learn more at beeper.com.

We've been hard at work for the last few weeks and have a number of updates we'd like to share across all our clients and bridges.

For detailed release notes, check out our changelog here: https://beeper.notion.site/Beeper-Product-Changelog-cdbc7b68526d45f7b8ced8d4ba170c8d

🔗All clients

• New verification flow for Desktop, Android, and iOS! Logging in and verifying your session is now super easy to do. This is extra important for Beeper because we enable secure backup by default and require all users to set up a security key.

🔗Desktop

• Added the ability to view your rooms using our Smart Inbox that places the most important messages at the top, or with Classic which leaves the room in a reverse chronological order.

• You can now select network by network which messages should appear in your inbox using our Inbox Filtering feature

• We now have beta support for Custom CSS theming! Check out some of the themes that have already been made by the community. https://gitlab.com/beeper/beeper-themes

• Previously we only supported DMs for Discord out of the box, but now you can pick and choose which Discord servers to sync into Beeper

🔗iOS

• A complete beautiful rewrite of the Room List using SwiftUI. The room list now looks much more native to iOS, while still feeling like Beeper.

🔗Android

• Redesigned room list: we started a redesign of our Android app and adopted the Material design language.

• Integrated Android SMS bridge: Our previous Android Messages bridge was built on a shakey puppeteer foundation, so we rewrote it. Our new Android SMS uses native APIs to send/receive SMS. RCS remains elusively out of our grasp for now. We open sourced our bridge at https://gitlab.com/beeper/android-sms

🔗Bots

• Wrote a bot for managing Linear issues from Matrix: https://gitlab.com/beeper/linear-maubot

• Wrote a bot to mirror chats into Chatwoot (an open source Intercom-like customer support platform): https://gitlab.com/beeper/chatwoot

🔗Hiring

• We are hiring! Come join many other Matrix community members who have joined the Beeper team including @tulir:maunium.net, @annie:beeper.com, @kilian:beeper.com, @spiritcroc:beeper.com and @sumner:beeper.com (who replied to our last TWIM job post and got a job at Beeper within a week!)

• We are hiring senior iOS, Android developers and a DevOps/SRE (preferably in North/South America timezone)

Check out our Jobs page here https://beeper.notion.site/Jobs-Beeper-ff5da486daed462ebfc4b21eacc48cae. Apply via that page or just send a DM @eric:beeper.com

🔗Nheko

Nheko is a desktop client using Qt and C++17. It supports E2EE and intends to be full featured and nice to look at

Nico (@deepbluev7:neko.dev) reported:

Nheko got a lot more colorful this week. red_sky (nheko.im) and LorenDB finished up the jdenticon support. This means instead of the first character of a users display name, you now have the option to see a colorful avatar for users without an explicit avatar. You may have seen something similar on Github and other platforms. Currently this needs the qt-jdenticon plugin, which is a bit troublesome to install correctly, but we should improve that in the near future.

Prezu added a homeserver entry field to the room directory, making it much more useful (no history yet though). Thulinma added a /goto command to navigate to specific events or room and fixed scrolling to a specific event (in the past it only approximately scrolled to the right location). Symphorien added the Alt+A shortcut to navigate between rooms with active mentions and notifications. Additionally Priit completed the Estonian translation.

Additionally we released a security fix on Monday (together with a few other clients). We only released a fix for the master branch in Nheko instead of also the latest stable release. This confused a few people, but I hope my explanations made sense. The gist of it is:

• On the master branch the local homeserver admin could force Nheko to forget which identity keys it saw for a user and as such insert a new device with the same device id, but attacker controlled identity keys and request old encryption keys from Nheko. In Nheko's case we had some protections against that, but if the server sent a device_list.left event for that user, Nheko would delete those protections. From our understanding this could not be abused over federation.

• On 0.8.2 this can also be abused, but 0.8.2 does not implement key sharing completely. It can only forward the currently in use encryption key, not historical ones. As such the impact in our opinion was too limited to release a security fix. 0.8.2 does not allow you to send encrypted messages only to verified devices as such the homeserver admin could always insert just a different device to get access to new encrypted messages. Because of that we have a big warning in the README and when enabling encryption in 0.8.2, that one should not rely on the security of the E2EE implementation in it. We are aiming to have stable and secure E2EE in the next release (and so far it is looking good), but if you are using 0.8.2 I can only repeat, that it won't protect you from an attacker even without the disclosed security issue.

I hope this clears up some of the confusion. Feel free to visit us in #nheko:nheko.im and tell me, that I am wrong.

🔗Element Clients

🔗Delight team

• Testing and polishing of Spaces.

🔗Web

• Released Element Web 1.8.4, with an important security fix
• Released Element Web 1.8.5.
• Improvements to replies.
• Continuing discovery of threads.
• Cross-signing bug fixes.
• We’re going to involve the community in testing the product. More details to come early next week if you want to lend a hand!

🔗iOS

• Made another Release candidate 1.5.4 because of reported regressions. It will be available on the app store on Monday
• URL preview moved out from LABS
• New screen templates with SwiftUI, mocked data, unit and UI tests are almost there
• There was a new version of OLMKit with the support of fallback keys
• The crypto part of the SDK now support fallback keys, key backup cross-signing and device dehydration

🔗Android

• Released Element Android 1.2.2, with an important security fix
• Working on improving the build time and the dependency management
• Investigated performance issue on incremental sync
• Start working to implement presence support

🔗Dept of SDKs and Frameworks 🧰

🔗libolm

uhoreg told us:

This week saw two releases of libolm, a library that implements olm, megolm, and some other Matrix-related encryption functions. The main changes in version 3.2.5 are new functions for getting error codes rather than error strings so that implementations don't need to rely on string parsing to decode errors, and added support for fallback keys in the Android and iOS bindings. There were also improvements in error handling in the unpickling functions, and the shared library no longer exports certain private symbols, which caused problems when those same symbols were exported by other libraries. The initial implementation of this last change caused build failures in some environments, so version 3.2.6 was released to fix this.

🔗Polyjuice Client

Polyjuice Client is a Matrix library for Elixir

uhoreg announced:

Polyjuice is a collection of Matrix libraries in Elixir.

🔗Polyjuice 🧙

A few from the wizarding world this week.

The Polyjuice project wades further into bad pun territory with a new project: Polyjuice Draughts, a set of checkers to verify that a homeserver is set up correctly and is accessible for clients and federation. It is similar in goal to the Matrix Federation Tester, but also checks client connections. It can either be run from the command line, or it can be used in a Matrix room, thanks to Igor, by sending a message of the form !servertest <servername> in a room that has an appropriately-configured bot in it. There is currently a bot in #synapse:matrix.org that can be used.

As you can see from the screenshot, my server isn't quite set up correctly, and I should fix it some day...

Polyjuice Client 0.4.3 has been released. This release adds functions for getting room membership (thanks to multi prise) and checking the server spec versions, along with some bug fixes.

Finally, the Polyjuice libraries have moved their git repositories from https://gitlab.com/uhoreg to https://gitlab.com/polyjuice. The old locations should automatically redirect to the new locations.

🔗Dept of Ops 🛠

Alexey reported:

I have converted the script for auto updating the Element-web instance to latest version from Gist to the full Git repo MurzNN/element-web-update and added support for .env file to set desired variables.

This is a bash script that checks the new released version of Element from official Github repo and if it differs from installed - updates the local files with deleting old version (to cleanup old files) and unpacking new one, but with keeping the config files by mask config*.json.

You can put it to your crontab.daily and got an always fresh Element with forgetting about manual update routine.

🔗Dept of Bots 🤖

🔗Standupbot

Sumner said:

I created a bot to assist with sending standup posts to a room. It reminds you to write a standup post, and then asks you what you did the previous day, what you intend to do today, if you have any blockers, and if you have any other notes. Then it posts a nicely formatted standup post to a room which you can configure.

You can find the source code here: https://sr.ht/~sumner/standupbot/

🔗Dept of Events and Talks 🗣️

🔗Berlin Meetup

Christian offered:

Are you in Berlin 🐻🇩🇪? Why not join us on Tuesday evening at 7:30 PM for a beer or two while chatting about Matrix development and hosting. We're going to meet at Schoenbrunn. This is a small 3G (self-tests are ok) event in an outdoor beer garden.

If possible, join our Matrix Meetup Berlin room.

🔗Dept of Interesting Projects 🛰️

🔗The Board

Timo said:

I am super happy to finally give you another update on TheBoard, due to holidays during the last weeks I had less time to work on TheBoard. But now there still accumulated enough changes for a little Update:

I experimented what technologies I could use for the still required GUI elements. A new User List was implemented using Vue.js. Vue seemed to be a little overkill for the kind of GUI required in the case of TheBoard. So I re-implemented the user list with react-no-js. I am happy with react-no-js and it is used for a user list plus a tool settings menu on the right hand side of the canvas.

The tool panel in particular opens up a lot of possibilities. The eraser already makes use of it by giving the option to only delete specific item types (Image, stroke or text). This can be very handy if you want to delete strokes drawn on top of an image without deleting the image as well. What can be deleted is highlighted by a new filter system which allows to make any modification to objects selected by a filter function (see the attached image)

Other small changes:

• Animated camera movement (for a upcoming "follow other user" feature) currently used for the Go Home Button

• Opening a board now loads at the last edited location

• The touchscreen navigation (zoom/pan) was re-implemented and should now work much better

Links and further reading:

Play with it at: https://toger5.github.io/TheBoard/ (feel free to join: https://matrix.to/#/#PublicWhiteboardTest_TheBoard:matrix.org with the account used for testing to join the first collaborative board) Join the matrix room: https://matrix.to/#/#TheBoard:matrix.org

GitHub: https://github.com/toger5/TheBoard Technical Details: https://github.com/toger5/TheBoard/blob/main/spec.md

The Board is very exciting! I could see in the planned use cases that Timo already intends to make a widget out of it. It would be very useful for real-time collaboration, but that's not all! When asked if a standalone app will come, Timo confirmed:

Indeed. I wasn't thinking about a builtin home-server yet. But a standalone app is still planned because I want the app to be able to manage different boards. Therefore I need to be able to control room creation and listing rooms. It should basically feel like onenote if you intend to use it like that.

🔗Dept of Built on Matrix 🏗️

🔗AAGRINDER

Maze announced:

@s7evink The game is called AAGRINDER, hosted at aagrinder.xyz, the code is here, the bridge implementation is here, wiki is here. The game is a text-based sandbox multiplayer browser game that I (Maze) have been building for the past 3 years. Built from nothing, no game engine. It generates an infinite procedural terrain to venture in. The integrated chatbox is nothing special but it's really nice to have it bridged to Matrix now, it's less lonely when playing alone. The appservice bridge creates users matching player name and color. Display names from Matrix are presented in the same color as in Element.

Hopefully you're able to extract some useful information out of this ^^

I love the retro vibe of the game, it's really cool!

🔗Third Room

Robert Long announced:

Third Room is an experimental metaverse client I've been working on for the past couple weeks. It combines three.js and Matrix to create 3D voice chat rooms where you embody an avatar.

There's a lot more info in my talk from last night at the Open Metaverse Interoperability Demo Night (my talk starts at 37:43)

https://youtu.be/e26UJRCGfGk?t=2263

If you want to chat more about Third Room, you can join our Matrix room: #thirdroom-dev:matrix.org

The future is now, I'm really thrilled about Third Room!

🔗Final Thoughts 💭

Beeper mentioned they have several positions open, and Element is also talents hungry. I’m particularly ecstatic to see that developing skills around Matrix can get people jobs. Of course I encourage strongly people to experiment with the protocol and use it in all sorts of crazy ways!

🔗Dept of Ping 🏓

Here we reveal, rank, and applaud the homeservers with the lowest ping, as measured by pingbot, a maubot that you can host on your own server.

🔗#ping:maunium.net

Join #ping:maunium.net to experience the fun live, and to find out how to add YOUR server to the game.

Rank	Hostname	Median MS
1	boba.best	438
2	aria-net.org	696.5
3	dodsorf.as	808.5
4	jae.fi	936
5	helderferreira.io	955.5
6	blackline.xyz	994
7	heitkoetter.net	1641
8	trolla.us	1719
9	spooks.cyou	1823
10	eisfunke.com	2014

🔗#ping-no-synapse:maunium.net

Join #ping-no-synapse:maunium.net to experience the fun live, and to find out how to add YOUR server to the game.

Rank	Hostname	Median MS
1	dendrite.nordgedanken.dev	221
2	tomsmeding.com	289
3	spooks.cyou	303
4	sspaeth.de	323
5	weasy-is-my.name	519
6	jae.su	650
7	rcp.tf	661
8	matrix.awesomesheep48.me	760.5
9	conduit.rs	1140.5
10	0x1a8510f2.space	2421

🔗That's all I know 🏁

See you next week, and be sure to stop by #twim:matrix.org with your updates!

Today we are disclosing a critical security issue affecting multiple Matrix clients and libraries including Element (Web/Desktop/Android), FluffyChat, Nheko, Cinny, and SchildiChat. Element on iOS is not affected.

Specifically, in certain circumstances it may be possible to trick vulnerable clients into disclosing encryption keys for messages previously sent by that client to user accounts later compromised by an attacker.

Exploiting this vulnerability to read encrypted messages requires gaining control over the recipient’s account. This requires either compromising their credentials directly or compromising their homeserver.

Thus, the greatest risk is to users who are in encrypted rooms containing malicious servers. Admins of malicious servers could attempt to impersonate their users' devices in order to spy on messages sent by vulnerable clients in that room.

This is not a vulnerability in the Matrix or Olm/Megolm protocols, nor the libolm implementation. It is an implementation bug in certain Matrix clients and SDKs which support end-to-end encryption (“E2EE”).

We have no evidence of the vulnerability being exploited in the wild.

This issue was discovered during an internal audit by Denis Kasak, a security researcher at Element.

🔗Remediation and Detection

Patched versions of affected clients are available now; please upgrade as soon as possible — we apologise sincerely for the inconvenience. If you are unable to upgrade, consider keeping vulnerable clients offline until you can. If vulnerable clients are offline, they cannot be tricked into disclosing keys. They may safely return online once updated.

Unfortunately, it is difficult or impossible to retroactively identify instances of this attack with standard logging levels present on both clients and servers. However, as the attack requires account compromise, homeserver administrators may wish to review their authentication logs for any indications of inappropriate access.

Similarly, users should review the list of devices connected to their account with an eye toward missing, untrusted, or non-functioning devices. Because an attacker must impersonate an existing or historical device, exploiting this vulnerability would either break an existing login on the user’s account, or a historical device would be re-added and flagged as untrusted.

Lastly, if you have previously verified the users / devices in a room, you would witness the safety shield on the room turn red during the attack, indicating the presence of an untrusted and potentially malicious device.

🔗Affected Software

Given the severity of this issue, Element attempted to review all known encryption-capable Matrix clients and libraries so that patches could be prepared prior to public disclosure.

Known vulnerable software:

• matrix-js-sdk < 12.4.1 (CVE-2021-40823), including:
  • Element Web / Desktop < 1.8.3
  • SchildiChat (Web / Desktop) ≤ 1.7.32-sc1
  • Cinny < 1.2.1
• matrix-android-sdk2 < 1.2.2 (CVE-2021-40824), including:
  • Element (Android) < 1.2.2
  • SchildiChat (Android) < 1.2.2.sc43
• matrix-rust-sdk < 0.4.0:
  • fractal-next is not vulnerable due to depending on a recent enough commit.
  • weechat-matrix-rs, a rewrite of the original weechat-matrix script, had no tagged releases, but some commits did depend on vulnerable versions of the matrix-rust-sdk. Users should ensure to update to the latest master of weechat-matrix-rs, presently 2b093a7.
• FamedlySDK < 0.5.0, including:
  • Famedly < 0.45.0
  • FluffyChat < 0.40.0
• Nheko ≤ 0.8.2

We believe the following software is not vulnerable:

• matrix-android-sdk (deprecated!)
• matrix-ios-sdk
• matrix-nio, including its use in Pantalaimon and weechat-matrix.

We believe the following are not vulnerable due to not implementing key sharing:

• Chatty
• Hydrogen
• mautrix
• purple-matrix
• Syphon

🔗Background

Matrix supports the concept of “key sharing”, letting a Matrix client which lacks the keys to decrypt a message request those keys from that user's other devices or the original sender's device.

This was a feature added in 2016 in order to address edge cases where a newly logged-in device might not have the necessary keys to decrypt historical messages. Specifically, if other devices in the room are unaware of the new device due to a network partition, they have no way to encrypt for it—meaning that the only way the new device will be able to decrypt history is if the recipient's other devices share the necessary keys with it.

Other situations where key sharing is desirable include when the recipient hasn't backed up their keys (either online or offline) and needs them to decrypt history on a new login, or when facing implementation bugs which prevent clients from sending keys correctly. Requesting keys from a user's other devices sidesteps these issues.

Key sharing is described here in the Matrix E2EE Implementation Guide, which contains the following paragraph:

In order to securely implement key sharing, clients must not reply to every key request they receive. The recommended strategy is to share the keys automatically only to verified devices of the same user.

This is the approach taken in the original implementation in matrix-js-sdk, as used in Element Web and others, with the extension of also letting the sending device service keyshare requests from recipient devices. Unfortunately, the implementation did not sufficiently verify the identity of the device requesting the keyshare, meaning that a compromised account can impersonate the device requesting the keys, creating this vulnerability.

This is not a protocol or specification bug, but an implementation bug which was then unfortunately replicated in other independent implementations.

While we believe we have identified and contacted all affected E2EE client implementations: if your client implements key sharing requests, we strongly recommend you check that you cryptographically verify the identity of the device which originated the key sharing request.

🔗Next Steps

The fact that this vulnerability was independently introduced so many times is a clear signal that the current wording in the Matrix Spec and the E2EE Implementation Guide is insufficient. We will thoroughly review the related documentation and revise it with clear guidelines on safely implementing key sharing.

Going further, we will also consider whether key sharing is still a necessary part of the Matrix protocol. If it is not, we will remove it. As discussed above, key sharing was originally introduced to make E2EE more reliable while we were ironing out its many edge cases and failure modes. Meanwhile, implementations have become much more robust, to the point that we may be able to go without key sharing completely. We will also consider changing how we present situations in which you cannot decrypt messages because the original sender was not aware of your presence. For example, undecryptable messages could be filed in a separate conversation thread, or those messages could require that keys are shared manually, effectively turning a bug into a feature.

We will also accelerate our work on matrix-rust-sdk as a portable reference implementation of the Matrix protocol, avoiding the implicit requirement that each independent library must necessarily reimplement this logic on its own. This will have the effect of reducing attack surface and simplifying audits for software which chooses to use matrix-rust-sdk.

Finally, we apologise to the wider Matrix community for the inconvenience and disruption of this issue. While Element discovered this vulnerability during an internal audit of E2EE implementations, we will be funding an independent end-to-end audit of the reference Matrix E2EE implementations (not just Olm + libolm) in the near future to help mitigate the risk from any future vulnerabilities. The results of this audit will be made publicly available.

🔗Timeline

Ultimately, Element took two weeks from initial discovery to completing an audit of all known, public E2EE implementations. It took a further week to coordinate disclosure, culminating in today's announcement.

• Monday, 23rd August — Discovery that Element Web is exploitable.
• Thursday, 26th August — Determination that Element Android is exploitable with a modified attack.
• Wednesday, 1 September — Determination that Element iOS fails safe in the presence of device changes.
• Friday, 3 September — Determination that FluffyChat and Nheko are exploitable.
• Tuesday, 7th September — Audit of Matrix clients and libraries complete.
• Wednesday, 8th September — Affected software authors contacted, disclosure timelines agreed.
• Friday, 10th September — Public pre-disclosure notification. Downstream packagers (e.g., Linux distributions) notified via Matrix and e-mail.
• Monday, 13th September — Coordinated releases of all affected software, public disclosure.

Hi all,

A critical security vulnerability impacting several popular Matrix clients and libraries was recently discovered. A coordinated security release of the affected components will be happening in the afternoon (from an UTC perspective) of Monday, Sept 13th.

We will be reaching out to downstream packagers to ensure they can prepare patched versions of affected packages at the time of the release. The details of the vulnerability will be disclosed in a blog post on the day of the release. There is so far no evidence of the vulnerability being exploited in the wild.

Please be prepared to upgrade as soon as the patched versions are released.

Thank you for your patience while we work to resolve this issue.

🔗Matrix Live 🎙

Chatting with Manu about iOS, Mobile, team growth and more. See video description for agenda!

🔗Dept of Status of Matrix 🌡️

🔗Incoming security fix

As just blogged there is an important security fix coming for several Matrix clients. More news, and patched versions will be announced on Monday. Though there is no evidence this vulnerability has been exploited, please be ready to upgrade on Monday.

🔗Dept of Spec 📜

🔗Spec

anoa announced:

Here's your weekly spec update! The heart of Matrix is the specification - and this is modified by Matrix Spec Change (MSC) proposals. Learn more about how the process works at https://spec.matrix.org/unstable/proposals.

🔗MSC Status

New MSCs:

• MSC3391: Removing account data

• MSC3389: Relation redactions

• [WIP] MSC3386: Unified Join Rules

• [WIP] MSC3385: Bulk small improvements to room upgrades

• MSC3383: Include destination in X-Matrix Auth Header

• MSC3382: Inline message Attachments

• [WIP] MSC3381: Polls (mk II)

MSCs with proposed Final Comment Period:

• MSC2946: Spaces Summary
• MSC3231: Token authenticated registration

MSCs in Final Comment Period:

• No MSCs are in FCP.

Merged MSCs:

• No MSCs were merged this week.

🔗Spec Updates

Lots of new MSCs this week. Thanks to everyone contributing!

🔗Random Spec of the Week

The random spec of the week is... MSC2832: HS -> AS authorization header!

I'm actually surprised myself that this wasn't part of the spec already! Looks like it would be a nice to-do to get this implemented and then checked off by approvers. Anyone want to submit some PRs to HS and AS implementations? 🙂

🔗Dept of Servers 🏢

🔗Dimension

TravisR said:

Dimension, an integration manager alternative for Element, got a refresh from @TimeWalker to bring the project up to modern day standards. Please give it a go if you've been running Dimension, and report bugs if there's problems! While I haven't personally had time to maintain it as much as I'd like, it's great to see people taking on 3 year old bad code and fixing it 😄

For TWIM readers, Dimension is an "integration manager" that replaces the default one shipped with Element. It's not entirely mobile-ready yet, but does give a user interface for managing various bots, bridges, and widgets. In practice, an integration manager isn't needed as most bots and bridges (and even widgets) can be set up without an integrations manager, like all of https://t2bot.io/ (ironically, given Dimension was originally targeted at t2bot.io). People do still use it though to configure self-hosted platforms with their very own Element, Synapse, bridges, and bots.

While I still probably won't have much time personally to maintain it, PRs are certainly accepted. Dimension is a bit complex to work within and test, but people in #dimension:t2bot.io should be able to help out.

🔗Synapse 1.42.0

callahad told us:

Synapse 1.42.0 is out now! This release includes support for Room Version 9, which fixes an issue with Version 8's support for restricted rooms. We also implement a bunch of new MSCs (including MSC3231: Token authenticated registration by Callum Brown as part of his Google Summer of Code project), improve efficiency, and sidestep a longstanding issue with users getting stuck in unsupported room versions. Read the announcement for details!

🔗Sydent

This week saw the release of Sydent 2.4 which finally implements MSC2265: mandating case folding when processing e-mail address local parts. After upgrading, Sydent administrators must manually run a script to retroactively case-fold existing email addresses in the Sydent database.

This Sydent release also includes support for Jinja2 templating, a complete overhaul of our CI/CD pipeline, and a comprehensive update to the codebase to follow modern Python practices including the addition of mypy type hints throughout.

Lastly, we'd like to welcome Shay to the Backend Team at Element. Her work as an Outreachy intern paved the way for the recent improvements to Sygnal and Sydent. Thanks, Shay, and welcome aboard!

🔗Homeserver Deployment 📥️

🔗Kubernetes

Ananace offered:

And another week, another Kubernetes Helm Chart update, this time seeing matrix-synapse updated to 1.42.0 - as well as a whole lot of fixes to support the new ingress object version introduced in Kubernetes 1.19

🔗Dept of Bridges 🌉

🔗matrix-appservice-bridge reaches 3.0.0!

Half-Shot told us:

Hi folks, we're massively pleased to announce the third major release of the TS/JS bridging library matrix-appservice-bridge. This release contains several large breaking changes to the previous way of life, most notably we have stopped using the matrix-js-sdk for most of our code, instead using the matrix-bot-sdk (Hi TravisR , we see you up there!).

There are several reasons why we went this way:

• Notably, this library focuses work on simply implementing APIs and bridge/bot logic. There is no additional cruft to support client use-cases or browsers.

• It's historically had a brilliant coverage of the CS and AS APIs, and has been extremely flexible to add new stable and unstable APIs to it.

• At the start of this project, it was the only library with a complete Typescript coverage. Typescript types continue to be extremely useful to us.

• We're hoping to make use of the upcoming encrypted appservices support, to replace the slightly janky pantalaimon support the bridge library currently uses.

Thanks to Travis and the matrix.org bridge team for working through these changes!

There are a bunch of common sense improvements that break API compatibility in this release also, so please be sure to check them out and update. We don't anticipate supporting 2.X except for extreme circumstances.

Finally, we'll be updating the matrix-org suite of bridges over the coming weeks so please watch for bugs and let us know how we're doing!

🔗Dept of Clients 📱

🔗SchildiChat for Android

SpiritCroc announced:

SchildiChat is a fork of Element that focuses on UI changes such as message bubbles and a unified chat list for both direct messages and groups, which is a more familiar approach to users of other popular instant messengers.

After a couple of weeks/months of internal testing and public beta testing, the latest stable version (1.2.0.sc42) now supports UnifiedPush!

This means that you can now choose your own push provider, if you do not want to use Google's FCM push notifications. Huge thanks to @sim_g:matrix.org for working on this!

🔗Nheko

Nheko is a desktop client using Qt and C++17. It supports E2EE and intends to be full featured and nice to look at

Nico (@deepbluev7:neko.dev) said:

You might remember my short story from last TWIM about the race between different translators? Seems like that one was good enough to motivate a few people to contribute translations. While those don't seem to be 100% complete yet, we saw a significant jump in translation percentages (especially Portuguese), so thank you to everyone who contributed to that!

Thulinma also made the whole userprofile scrollable, which improves the experience on small screens a lot. He also implemented message deduplication by event id, which is required by the spec to be done on the client side. This fixes a lot of duplicates when using conduit and your join event appearing 2~3 times on synapse.

We also fixed an issue with how different homeservers update one time key counts and added some additional code to remove old one time keys, if we ever uploaded to many (which might have happened in the past in a few edge cases). We also now escape img tags in usernames correctly in more places, redundant date separators when paginating back in a room should not appear anymore and tastytea decreased the margins on blockquotes, so that they look less jarring and take up less space.

🔗Fractal

Alexandre Franke announced:

So many merged requests have been merged since our previous update two weeks ago that I can’t even 😲.

The biggest news is that multi-account support landed in fractal-next (don’t be fooled by the title of the MR, it’s more than just a widget!). I feel like this is one of the most requested features across all clients, yet not many have it yet, and I’m ecstatic that we’re joining them 🎉. This work was done as part of GSoC by Alejandro under the mentorship of Julian 👏.

Kai made it so that rooms are sorted by activity in fractal-next, like they already are in stable ✔️. He also fixed module inception, for better code quality 🐛.

Julian landed a whole bunch of changes ❗️ He added scrolling and a scroll to bottom button, fixed keyboard shortcuts and a wrapping issue with long “words” that caused the timeline to jump to a wider size. But all this pales in comparison to loading previous events 🤯

🔗Element Clients

Updates from the teams.

Delight team

• Testing and polishing of Spaces.
• Room version 9 will be marked as the preferred version for MSC3083 restricted rooms on matrix.org and released in Synapse 1.43.

Web

• Released Element Web 1.8.3 RC2.
• Pushing forward with threads, improving on our Labs prototype. We’re exploring what backend and spec changes we will need to support threads robustly.
• Cross-signing bug fixes.

iOS

• 1.5.3 is available on TestFlight. It will be released on Monday with:
  • Startup optimisation. The duration is divided by 3 or 4
  • Media size selection on sending: the option must be enabled from settings
  • URL preview under a LABS setting
• We made good progress on SwiftUI screen templates. We will be able to use them soon for real views or screens
• Better app navigation is still in progress

Android

• The Matrix Android SDK2 is now available on MavenCentral!
  • Please upgrade your dependency to this library from ‘com.github.matrix-org:matrix-android-sdk2:v1.1.5’ to 'org.matrix.android:matrix-android-sdk2:1.2.1'. New badges has been added in the Readme of https://github.com/matrix-org/matrix-android-sdk2 and the sample (https://github.com/matrix-org/matrix-android-sdk2-sample) has been updated to use this new dependency.
• Element Android 1.2.1 has been release to the beta channel of the PlayStore and should be push on production on next Monday. It includes improvement for the Spaces (still in beta) and improvement for the VoIP. Full changelog can be found here: https://github.com/vector-im/element-android/releases/tag/v1.2.1

🔗Dept of SDKs and Frameworks 🧰

🔗matrix-bot-sdk

TravisR offered:

v0.6.0-beta.2 has been published of matrix-bot-sdk as an early version to support encryption on bots and improvements to appservices. It's a bit self-directed to figure out how it works, but #matrix-bot-sdk:t2bot.io is available to try and help out.

Please give it a go and report bugs. The final v0.6.0 release is expected to contain not only encryption support for bots, but also appservices and real documentation. For now though, it's just the bots.

🔗MRSBFH - Matrix-Rust-SDK-Bot-Framework-Helper

MTRNord announced:

After 6 Months I finally got a use for this again so I finally did update this.

Basically everything as before but now including recent tokio, recent (stable) matrix-rust-sdk and rust edition 2021.

Source as before over at https://github.com/MTRNord/mrsbfh

🔗Dept of Bots 🤖

🔗Mother Miounne v1.0.0 is here

Aine said:

Miounne? What is it?

It's an "automation backend" bot of etke.cc and has following features:

• send html forms from your website directly to matrix

• manage matrix-registration invite tokens in matrix chat

Miounne hits first stable release. I already shared some info about it here some time ago... but now it's stable! Source code has 83+% of unit tests coverage and some bizarre bug have been fixed.

Besides, now you can use pinned version of the bot (docker registry)

PS: we have #miounne:etke.cc room to discuss (whine) and post updates about it

🔗Dept of Interesting Projects 🛰️

🔗Patience

Ryan announced:

Patience, a full stack integration testing approach for Matrix clients and servers, has added initial support for Hydrogen this week. As it already supported Element Web, we now have a (basic) system for testing multiple clients together which is taking shape! 🥳 From here, we plan to add configuration options to express the permutations of clients you want to test together.

This project is still in its early stages, but we hope to eventually have support for many different clients and then use it to test common flows like user verification, which can differ quite a lot across clients. If you're interested in this topic, feel free to join the new #matrix-patience:matrix.org room.

🔗Final Thoughts 💭

Someone has been making Matrix fanfic! I'm not sure how federation ties in, and for some reason they feature rubber duck debugging at one point but otherwise it looks fun :) https://www.youtube.com/watch?v=9ix7TUGVYIo

🔗Dept of Ping 🏓

Here we reveal, rank, and applaud the homeservers with the lowest ping, as measured by pingbot, a maubot that you can host on your own server.

🔗#ping:maunium.net

Join #ping:maunium.net to experience the fun live, and to find out how to add YOUR server to the game.

Rank	Hostname	Median MS
1	envs.net	470.5
2	trolla.us	597
3	boba.best	612.5
4	helderferreira.io	878
5	stewart.zone	1001
6	xerbo.net	1344
7	dolphincastle.com	1575
8	matrix.org	1899
9	spooks.cyou	1987.5
10	nheko.im	2050

🔗#ping-no-synapse:maunium.net

Join #ping-no-synapse:maunium.net to experience the fun live, and to find out how to add YOUR server to the game.

Rank	Hostname	Median MS
1	tomsmeding.com	208
2	weasy-is-my.name	278.5
3	dendrite.nordgedanken.dev	294
4	sspaeth.de	296
5	vtilburg.net	559
6	jae.su	569
7	mtr.ceph3.us	957.5
8	caughtquick.tech	1120

🔗That's all I know 🏁

See you next week, and be sure to stop by #twim:matrix.org with your updates!