This Week in Matrix 2020-04-24

24.04.2020 19:39 β€” This Week in Matrix β€” Ben Parsons
Last update: 24.04.2020 19:23

Matrix Live πŸŽ™

Some snapshots of what the team has been working on. Look out for a clear explanation from Erik about Synapse performance (and what will be done about it!), and lots of other goodies

Dept of Status of Matrix 🌑

Tchap used by French fire and rescue services

Brendan announced:

Tchap, the Matrix deployment in the French government, recently opened to French fire and rescue services:

Rescue18 (a French non-governmental news website for emergency services) echoed this announcement earlier this month, praising the security aspect of the platform and the possibility it offers to improve social and professional exchanges throughout the hierarchy as well as the rest of the government and public services.

Article is all in some other language - thanks Brendan for providing this summary.

Dept of Spec πŸ“œ

anoa said:

Here's your weekly spec update! The heart of Matrix is the specification - and this is modified by Matrix Spec Change (MSC) proposals. Learn more about how the process works at

MSC Status

Merged MSCs:

  • No MSCs were merged this week

MSCs in Final Comment Period:

  • No MSCs are currently in FCP

Well, MSC2457 should be. It's waiting for a redeployment of mscbot.

New MSCs:

Spec Core Team

We've switched up our focus to the following MSCs: MSC2366 (verification flows), MSC2454 (SSO UI Auth), and MSC2472 (Symmetric SSSS). Expect a blog post next week describing the new MSC categories.

Dept of Servers 🏒


Neil said:

Last week

  • Shipped 1.12.4 a patch release to fix some cross signing related bugs.

  • Redis support to replace our existing cross replication system, merged to develop. This is a precursor to the sharding project. We have a PR to support cache invalidation across workers which, once merged should make it relatively easy to pull off event persistence from the master process. Just removing event persistence could give some decent perf wins, but the prize is then splitting persistence to run across across multiple workers.

  • A final PR to support SSO for user interactive auth will merge imminently, thereby freeing up full cross signing support for worker installs.

  • Aside from that we’ve been working on fixing a weird bug where rooms can end up with zero forward extremities and generally showing Sygnal some love.


  • Put Redis into production

  • Ship 1.13.0 which will contain Redis support as well as a host of SSO bug fixes.

  • Merge our new caching config logic to give finer granularity on cache settings.

  • Merge cache invalidation and try to get events persistence running in its own worker.

Ben added:

Cross signing, oh cross signing! Can you believe itβ€½ Cross signing!!!

Matrix Corporal

matrix-corporal manages your Matrix server according to a configuration policy

Slavi reported:

matrix-corporal v1.9.0 has been released. It adds support for preventing certain users from creating rooms (that is, from using the /createRoom API). I've been thinking about developing this feature for a while now, as people have been requesting it frequently.


matrix-media-repo is a highly customizable multi-domain media repository for Matrix

TravisR announced:

v1.1.2 is out with a bunch of fixes to the Docker image. Check out for details, and for support.


Conduit is a Matrix homeserver written in Rust

timo told us:

Conduit is a Matrix homeserver written in Rust

This week I worked a lot on getting the first bit of federation working. My goal was to query the public room list of another server and forward it to a client.

This involved setting up a keypair to sign the json I send to the server and putting authorization headers into my requests. Most of the work is already done and reports it's all good.


Sadly there seems to be a problem with the signing, because other homeservers reject requests: Unable to verify signature: <class 'nacl.exceptions.BadSignatureError'> Signature was forged or corrupt. I'll continue to work on this in the next week(s).

Thanks to my supporters on Liberapay.

Dendrite / gomatrixserverlib

Dendrite is a next-generation homeserver written in Go

Neil Alexander said:

  • Dendrite now supports perspective key fetching as a configurable option, and will automatically attempt to use the perspective key servers for keys that couldn't be fetched directly

  • Dendrite now uses a newer version of the Sarama library

  • Some caching has been added to the roomserver API for room versions, which should help quite a bit with performance over federation and handling transactions

  • Auth checks for /send_join are now quite a bit more robust

  • A bug has been fixed where the default state filter limited the amount of room state that was visible after a join

  • gomatrixserverlib has quite a bit of new support for backfilling now, which will be wired into Dendrite soon

  • gomatrixserverlib has new primitives for v2 invite responses and /get_missing_events requests

  • Invite support is being worked on currently, which should also enable support for creating DMs in Riot

Synapse Deployment πŸ“₯


Ananace told us:

A bit late to the party - was rebuilding my cluster at home to EL8 - but pushed the Kubernetes-optimized docker images for Synapse 1.12.4


Mathijs reported:

The image for synapse v1.12.4 including jemalloc and mjolnir anti-spam has been released to avhost/docker-matrix:v1.12.4.

Dept of Clients πŸ“±


aa13q told us:

Matrix native integration for the Sailfish OS, KDE and other linux systems called telepathy-tank got attertion from the community this week and @aa13q updated it a bit thanks to @Kaffeine. Writing the post for the TWIM has grown into the small blog post, so @aa13q shared it sepatetely:


Nheko is a desktop client using Qt, Boost.Asio and C++17. It supports E2EE (with the notable exception being device verification for now) and intends to be full featured and nice to look at

Nico ( offered:

Nheko released two new version, 0.7.0 and 0.7.1. The second one mostly fixes some minor issues in the 0.7.0 release, which we got from all the people trying it out. Thanks for reporting them!

Since 0.7.0 is pretty big, please read the release notes on github:

Some of the highlights:

  • Support for rich replies

  • Support for encrypted media

  • .well-known support

  • Mute/Unmute rooms

  • Key import compatibility fixes for Riot

  • Reduced memory usage, performance optimizations and fixes for some nasty memory corruption and crashes

You can get the latest release on github or maybe someone actually packaged it already for your distro.

We hope you will try it out and have a good experience! If you don't, you can complain to us in or open an issue in our bugtracker.


gomuks is a terminal based Matrix client written in Go. Source on GitHub

Tulir announced:

gomuks got a fancy initial sync loading bar so it no longer looks like it's broken after you log in. Implementing end-to-end encryption in mautrix-go has also been slowly progressing, might have something working in a few weeks.

Riot Web

A glossy Matrix collaboration client for the web.

Ryan offered:

This week we released a fourth RC for Riot Web 1.6, the upcoming release with cross-signing, addressing a few issues found through everyone's testing and feedback. Please do continue to test, the latest RiotX build, and also E2EE search in Riot Desktop Nightly.


Dept of SDKs and Frameworks 🧰


Benedict told us:

I created an client-sdk to interact with matrix in Spring Boot. It is written in kotlin and should also work with Java. You can find the repo here:

It contains also a bot-sdk to write bots by adding a dependency and a few lines of code only. It is tested with unit-tests, but integration-tests against a real matrix-server are currently missing. A simple ping bot works and is also integrated in the repo as example.

Currently I'm working on getting this to Maven Central.

Dept of Ops πŸ› 


This Ansible playbook is meant to easily let you run your own Matrix homeserver.

Slavi told us:

Thanks to Rodrigo Belem's efforts, matrix-docker-ansible-deploy now supports bridging to Slack via the mx-puppet-slack bridge. See our Setting up MX Puppet Slack bridging documentation page for getting started.

Dept of Interesting Projects πŸ›°

Doctor Who watchalongs

Brendan offered:

As per the previous edition of TWIM, we had a blast on Sunday watching and reacting to Doctor Who episodes The Stolen Earth and Journey's End.

The next watchalong will be this Friday (Apr 24th), and we'll be watching another two-parter together, Human Nature & The Family of Blood, starting from 7PM BST! Guests such as Paul Cornell (writer), Charles Palmer (director) & Lor Wilson (Lucy Cartwright aka Daughter of Mine) will also be discussing the episode along for even more fun and behind the scenes!

This means that if you're reading this when this edition of TWIM goes out, and you fancy watching some Doctor Who this evening, join the fun at πŸ˜€

And if not, feel free to join the room anyway to find out when the next watchalong is happening πŸ™‚

Dept of Ping πŸ“

Here we reveal, rank, and applaud the homeservers with the lowest ping, as measured by pingbot, a maubot that you can host on your own server. Join to experience the fun live, and to find out how to add YOUR server to the game.

RankHostnameMedian MS

That's all I know 🏁

See you next week, and be sure to stop by with your updates!

Synapse 1.12.4 released

23.04.2020 19:04 β€” Releases β€” Neil Johnson

A small patch release containing features and bugs to support the upcoming launch of cross signing. We are very close now :)

Get 1.12.4 from github or any of the sources mentioned at

Changelog since v1.12.3

Synapse 1.12.4 (2020-04-23)

No significant changes.

Synapse 1.12.4rc1 (2020-04-22)


  • Always send users their own device updates. (#7160)
  • Add support for handling GET requests for account_data on a worker. (#7311)


  • Fix a bug that prevented cross-signing with users on worker-mode synapses. (#7255)
  • Do not treat display names as globs in push rules. (#7271)
  • Fix a bug with cross-signing devices belonging to remote users who did not share a room with any user on the local homeserver. (#7289)

This Week in Matrix 2020-04-17

17.04.2020 00:00 β€” This Week in Matrix β€” Ben Parsons

Matrix Live πŸŽ™

Matthew & Amandine update on cross-signing

Dept of Spec πŸ“œ

anoa offered:

Here's your weekly spec update!

MSC Status

Merged MSCs:

  • No MSCs were merged this week

MSCs in Final Comment Period:

  • No MSCs are currently in FCP

New MSCs:

Spec Core Team

We had our first Spec Core Team retro in a very long time this week, with a new regular schedule of every month. It ran about an hour overtime - there was a lot to talk about. We'll post the conclusion in a separate blog post soon.

Dept of Servers 🏒

Dendrite / gomatrixserverlib

Dendrite is a next-generation homeserver written in Go

Neil Alexander reported:

  • Rooms now default to version 4

  • Backfill messages are now topologically ordered

  • Searching for backward extremities when backfilling is now improved by preventing duplicate prev events

  • HTTP tracing and SQL tracing environment variables have now been added

  • Direct key requests are now parallelised (which can help to speed up room joins substantially)

  • Events in /messages responses are now topologically ordered

  • gomatrixserverlib can now perform signature checks with strict validity checking as optional

  • We now return far less 500 errors over federation which helps federation with Synapse

kegan announced:

New version released which supports v4 rooms as well as improvements in how we publish rooms into directories of local nodes.

Conduit (Rust Homeserver)

A Matrix homeserver written in Rust

timo announced:

This week I spent some time improving Riot support. Now there should be a lot less warnings and some new features: typing events, read receipts, better room directory, invites, user search.

The only bigger bug that exists currently is that the message history is not automatically loaded when you join a room. Sometimes reloading the page helps, but not always. The reason for that is that Riot calls the deprecated /initialSync endpoint, which I do not support (I hope someone works on Riot to fix that).

In the next few weeks I plan to improve the single-homeserver experience further and add permission management, while also working on federation.

Check out the repository on and our Matrix room on If you want to try out the server yourself, you can try to connect to it using (though it might be offline when you read this).

I also want to thank my supporters on Liberapay for their kindness 😊.

I tested the performance of Conduit yesterday by running a ruma client that sends a /send request in a for loop 10k times, which took ~46.8 seconds (all locally on my pc). This means the server can handle ~210 /sends per second under these circumstances.


The flamegraph shows what the cpu is spending most of its time doing. Plateaus are things that take time. You can see most of the time is used for a function in sled::io (I spoke with one of the devs and they said this is expected, but will be improved in the next release)


Neil told us:

We continue to focus on performance and spent a good chunk of time improving worker replication test coverage to build confidence that our upcoming changes will work as expected. Erik has been working on how to how to factor out cache invalidation which is now starting to take good shape. Once we have that, factoring out things like event persistence are next on the horizon.

Aside from that we’ve been working with the Riot client teams as they near release for cross signing, fixing bugs and improving performance on key actions.

SSO support continues to improve, and more fixes for user inactive auth for worker'd installs will land next week. Poor old Rich has been banging his head against a sync bug blocking develop, but hopefully he has broken its back now, and we'll get that merged asap.

Finally we experienced some operational issues with push over the weekend, so we spent some time cleaning up and figuring out how to make things more resilient.

Coming up, performance, cross signing support, SSO improvements.

The Construct

Construct is a performance-focused homeserver written in C++

Tulir reported:

Update from Jason:

The Construct server made significant progress this week with end-to-end encryption, client compatibility, application services support, and build-related enhancements. I'd like to thank Yan Minari for contributing spec-compliant code paths for application services in the user registration system. Special thanks this week to Tony O. for continued work on the NixOS ( derivation for reproducible builds, in addition to contributing fixes to Nio for optimal compatibility with Construct. I'd also like to thank Wessel for contributing a much needed reorganization of the Dockerfiles in preparation for Construct operating on many more platforms. Many thanks to Nico for working with the team this week in on various compatibility fixes to mtxclient and Nheko; the responsiveness when using Nheko with Construct is mind-blowing. I'd also like to thank David Vo (a.k.a. auscompgeek) for also contributing to Nio toward Construct compatibility.

Finally, I owe much appreciation to tulir, jochen, qy and others for setting up brand new installations this week and providing feedback in Construct is the first and only federating alternative to Synapse. It is written in C++ for maximum performance, the lowest possible TCO, and designed for horizontal scaling with Construct Cluster. If you are interested in starting a low-cost Matrix hosting service, Construct may be your ideal choice. To stay informed and show your support please visit us in today!

Dept of Bridges πŸŒ‰ bridges bumper pack edition

Half-Shot announced:

Hello, this week has been busy for us over in bridge corner. We've released:

matrix-appservice-bridge 1.12.2

Which includes a bunch of small fixes, including a performance improvement to StateLookup hits. Apparently it's bad to hit the homeserver with 1000s of concurrent /state requests on startup. Most importantly it also includes a critical fix to the addAppServicePath function, which previously did not authenticate requests, see the CHANGELOG for more information on that.

matrix-appservice-irc 0.17.0-rc3

We're still working on the RCs for this release, having discovered and fixed a bunch of failures that can happen around getting connected to IRC. Be aware that the above security fix is applied in this release, which means provisioning requests will now be authenticated.

matrix-appservice-slack 1.2.0-rc1

This is another big load of bug fixes, with many thanks to our new bridge crew member, Christian!. This release includes the above security fixes, as well as some metrics improvements to track activity on the bridge.

matrix-appservice-gitter 0.1.1

The gitter bridge has been updated to include the changes from the matrix-appservice-bridge releases, as well as updating some dependencies.

Dept of Clients πŸ“±


WIP Command line Matrix client using matrix-rust-sdk

devinr528 announced:

A clickable command-line client Matrix written in Rust. Although, still in the early stages, enough has been implemented to show a working demo. rumatui uses tui to power the UI and matrix-rust-sdk for all communication with the server. So far the message formatting has been the most visually satisfying feature, although implementing it was not much fun. The goal of the project is to have a UI driven command-line client, useable from either keyboard and/or mouse.

Big thanks to @poljar for allowing me to work on matrix-rust-sdk, @jplatte for the opportunity to work with the ruma crates and everyone in the Matrix community for being so helpful!

Check it out! Help is welcome, although as matrix-rust-sdk develops the design and structure of rumatui will evolve quickly. is the room to join.



Nheko is a desktop client using Qt, Boost.Asio and C++17. It supports E2EE (with the notable exception being device verification for now) and intends to be full featured and nice to look at

Nico ( reported:

Nheko is preparing for the 0.7.0 release! You can find the first release candidate here:

0.7.0 will contain a lot of work, including replies, e2ee attachments and a completely rewritten timeline (the full changelog is too big for TWIM, but you can find it in the github releases). It also fixes a lot of issues. We should probably released it a lot earlier, but we always had one more feature we wanted to finish... For the future we plan to do smaller, more regular releases!

If you want to see Nheko translated to your language, you can translate it here:

If you are a packager, it would be awesome if you can check, that you don't have any build issues. If you need support, just message us in !

Riot Web

Ryan reported:

Cross-signing and E2EE by default for private rooms is nearly here! πŸŽ‰ It would be great to have more people testing this, as we're very close to release, and extra testing will help reveal those last issues. Please help test cross-signing on (suggesting develop since there's already some fixes there beyond the RC on staging) and the latest RiotX build. It would also be great to test E2EE search in Riot Desktop Nightly.

Matthew added:

e2ee by default and cross signing and encrypted search is almost here - please test the release candidates! (urls at


benoit announced:

We are finalizing cross-signing, QuadS and bootstrap. We will release a new version next week. We are still working on migration of the database from Realm to sqldelight solution.


Manu reported:

Let me copy Riot-Web and RiotX-Android: Cross-signing and E2EE by default for private rooms is nearly here! πŸŽ‰.

A TestFlight will be available over the weekend. Here is the link if you want to join the program. This release candidate still needs some polish but a new release will be definitely available on the AppStore next week.

In parallel of that, the maintenance work is going well. We are erasing our technical debt as much as possible. The new Apple Push API raises some privacy concerns. We may no longer be able to offer CallKit as it requires events to go in clear between servers.

Dept of SDKs and Frameworks 🧰


Ruma is a Rust project to create a comprehensive set of APIs for Matrix. Previously there was a Ruma homeserver project.

jplatte said:

Many of you will probably have heard already, but Ruma is now officially dead. The homeserver, that is. Outside of that, the API definitions in ruma-client-api have seen some work and our first two endpoints in ruma-federation-api have been written! ruma-api and ruma-identifiers are also being worked on, with the following new releases being published in the past week:

  • ruma-api 0.15.1 was released with a small bugfix

  • ruma-identifiers 0.15.0 was released with loads of changes; this might be the last 0.x release!

  • identifiers are now stored as strings (with minimal additional data)

  • before, we would parse the server name into a url::Host

  • this means that parsing now doesn't allocate at all under some circumstances, and obtaining the string representation of one of our identifier types is essentially a no-op

  • there no longer is a single non-optional dependency, everything that requires them is now behind a feature flag

  • some new helper functions have been made available, mostly around user IDs

Dept of Bots πŸ€–

CovBot v0.1.4

Peter Roberts reported:

  • When there are a lot of matches ask the user to be more specific rather than sending a huge list.

  • Let user know if we can't make sense of the age given to !risk.

  • Fix formatting of !compare tables on old Riot for android.

  • Refactor into separate files for bot and data sourcing.


Dept of Interesting Projects πŸ›°

Doctor Who confinement watchalongs

Brendan offered:

We've been doing Matrix editions of Emily Cook's Doctor Who watchalongs since confinement started around Europe. The concept is pretty simple: on a given day, at a given time, everyone presses play on the same episode. Folks are then free to then watch it on their own, or discuss the episode as they watch it in the Matrix room and/or in the Jitsi call. We're also bridging tweets sent from directors, writers, comedians, etc. watching the episode at the same time to Matrix.

If folks are interested in joining in, head over to!

The next watchalong is planned for next Sunday (Apr 19th) at 7PM BST; and we'll be watching the epic two-episode long season finale "The Stolen Earth" & "Journey's End", with Russell T Davies (writer), Graeme Harper (director), David Tennant (The Doctor) and Catherine Tate (Donna Noble) tweeting along (and possibly more to come) πŸ˜€

Tweetalong bot

Brendan reported:

To relay the tweets from guests during Doctor Who watchalongs, I've written a simple bot that reads the timeline of a Twitter list, optionally filters it by a hashtag, and posts the tweet to a Matrix room.

The code is available at, and there's already an instance running in if folks want to see it live.

Dept of Guides 🧭

Lots of new guides this week! I particularly encourage you to read neilalexander's guide to state resolution - I found it very approachable.

Matthew said:

neilalexander wrote a kickass guide to how state resolution works and should be implemented:

and then

Kaushik Chakraborty wrote an awesome NixOS tutorial for setting up Synapse+Riot+Jitsi as a response to my Debian one!


...and Pablo Fredrikson recorded a fantastic video run-through in Spanish of setting up Synapse on Docker!

Dept of Ping πŸ“

Here we reveal, rank, and applaud the homeservers with the lowest ping, as measured by pingbot, a maubot that you can host on your own server. Join to experience the fun live, and to find out how to add YOUR server to the game.

RankHostnameMedian MS

Final Thoughts πŸ’­

While discussing the use of QML in Nheko, aa13q became extremely energised, so I'm including this piece:

Qt/QML fanboy here, feel free to skip, just a love letter to the framework :D

Qt/QML is super-awesome, it's hard to describe how pretty declarative syntax is and how beautiful MVC approach with native Qt C++ side integration %) It is very hard to contribute to HTML/CSS/JS projects when you have seen QML once.

Talking about resources, there are even projects for very low-level embedded boards with arm cortex m7 core [1,2]

I'm actually thinking Qt is the bright future of very wide development areas. I'm both frightened and intrigued looking at relatively low popularity of the project. Since I want it to live and prosper even more but afraid of the possible mistakes for even harder tasks. The better popularity of the project will be harder to coordinate and the future tasks will be even harder. Similar to other cool projects (like matrix! :) I guess it's very challenging to balance between running as hard as you can and not to "die" from exhaustion %)

I don't even know is there something similar comparing to the Qt project, that's also why I'm worried about the future of the project %)

So-called software crisis (the late 60s – mid-80s [3,4]) was successfully overcome by introducing Object-Oriented Programming (it's always funny to see some people who are more into functional programming hates OOP in that context [5]) And notably Alan Kay is not only OOP pioneer (Smalltalk language) but also a first GUI applications developer. While the current OOP languages like Java and C++ are quite imperative, OOP is not only about the objects but also about the messages between them (Smalltalk is probably a nice example here too).

Qt in that context restores interesting balance to quite imperative C++ introducing the so-called meta-object system (for the messaging between objects). After that in ~Qt5, the declarative QML approach was introduced to develop these ideas even more. Not only GUI subject matter could be expressed with QML (like Qt Quick), but the others too (for example, QBS build system).

Sorry for typos and poor style, not a native speaker :) And I could be wrong in my views.

[3]: Cox, Brad J. There Is a Silver Bullet // BYTE Magazine, October 1990.
[4]: Dahl, Ole-Johan. The Birth of Object Orientation: the Simula Languages / Owe, Olaf; Krogdahl, Stein; Lyche, Tom (eds.). From Object-Orientation to Formal Methods. Essays in Memory of Ole-Johan Dahl. New York: Springer, 2004.

That's all I know 🏁

See you next week, and be sure to stop by with your updates!

This Week in Matrix 2020-04-09

09.04.2020 00:00 β€” This Week in Matrix β€” Ben Parsons

Open Tech Will Save Us #1

This week we held the first in a series of virtual meetup events, Open Tech Will Save Us.

We were really excited to make this event feel like a real meetup - with a live chat, and interactivity from the chance to ask questions of the speakers. There was a great response, with participants in a 100+ user room chatting about the talks and generally adding to the atmosphere.

Lineup included:

Dept of Spec πŸ“œ

anoa said:

Here's your weekly spec update!

MSC Status

Merged MSCs:

  • No MSCs were merged this week

MSCs in Final Comment Period:

  • No MSCs are currently in FCP

New MSCs:

Spec Core Team

This week the Spec Core Team will be focusing on MSC2457 (password invalidation), MSC2454 (SSO UI Auth), and MSC2472 (Symmetric SSSS), which each have proposed FCPs in flight.

Before next TWIM we'll be carrying out a long-overdue retro to go over how we've been doing in the last few months. We'll then continue to do those regularly once a month and post conclusions from those meetings here.

Dept of Servers 🏒

Conduit (New Rust Homeserver)

timo told us:

This week was really successful for the homeserver project. Not only does event sending and syncing work properly, but creating/joining rooms, state events and the public room directory works as well. But the biggest archievement I made this week is Riot support.

Big thanks to MTRNord for fixing bugs in Riot web and deploying an instance of Riot with all patches applied and to jplatte and @iinuwa for improving the ruma libraries.

Today we did the first actual test of the new homeserver. We had ~5 people sending and syncing messages in a room and all of them were able to send messages almost instantly. We'll see how well that scales when we implement federation in the future.

Check out the repository on and our Matrix room on If you want to try out the server yourself, you can try to connect to it using (though it might be offline when you read this)


Dendrite / gomatrixserverlib

Neil Alexander told us:

  • Support code for version 3 and version 4 rooms has now been merged.


Neil told us:

The main focus continues to be performance and we are starting to make good progress in figuring out how to split out and shard the event streams. This is a project where most of the bang will come all at once, rather than there being multiple small incremental improvements.

Aside from that we continue to improve the SSO experience, landing UIA support for CAS providers. We also made a small change to the default behaviour so that only room admins can enable e2ee (applies to new rooms only).

Next week, is more of the same. Expect a few short term performance improvements (specifically to help with cross signing UX) and more SSO support.

Dept of Bridges πŸŒ‰

Gitea webhooks bridge

s7evink told us:

As of this PR Gitea has the ability to directly send webhooks to Matrix. Currently it's only in the master branch, but should be in Gitea 1.12.0 which is due by May.

script for forwarding unread Wilma messages to Matrix

mijutu said:

I wrote a script for forwarding unread Wilma messages to Matrix. Wilma is a website and mobile app for teacher-parent communication. Download the script from and give feedback at

mijutu seems to lament:

Recently Wilma usage increased from occasional messages to everyday messages, so I had to do something.

vurpo gave us some background:

Wilma has been widely used and well-known in Finland for over a decade, but not sure how well-known it is elsewhere?
There was just an article (not in English) about the origins of Wilma, that was interesting
So someone got an Amiga in the 80s and decided to make a scheduling program for their local school, and add a bit of time and now there is a web interface, login for students, teachers, and parents with messaging, homeworks, grades and everything

mautrix-facebook and mautrix-hangouts

Tulir told us:

As promised last week, mautrix-facebook and mautrix-hangouts now support end-to-bridge encryption. It works the same way in all bridges, so the instructions from the mautrix-telegram wiki work for all of them.

πŸ‘¨β€πŸ’» IRC Bridge

Half-Shot reported:

Hello everyone. The IRC bridge has hit 0.17.0-rc1. This release is lighter than past releases, but fixes a few nasty bugs. Please test and report back :)

Highlights include:

  • Disconnect a PM room from IRC when another user is invited, and disallow invites to PM rooms.

  • On name change, inform Matrix users, if their preferred IRC name is taken.

  • Add ability to deactivate users permanently via the DebugAPI.

  • Two bugfixes on the !storepass feature, both bugs would cause the user to be unable to use the bridge 😟.


mx-puppet-bridge is a general bridging library that supports (double)bridging and relays. The goal is to make it as easy as possible for others to bridge new third-party protocols to matrix. Support room Donate

sorunome offered: also supports plumbed rooms now. That means that this one little library supports all types of bridges mentioned in Yay!

Skype bridge in matrix-docker-ansible-deploy

Slavi told us:

Thanks to Rodrigo Belem's efforts, matrix-docker-ansible-deploy now supports bridging to Skype via the mx-puppet-skype bridge. See our Setting up MX Puppet Skype bridging documentation page for getting started.

ofono SMS/MMS bridge

Somehow it seems we never previously featured untidylamp's ofono SMS/MMS bridge. This is a Python3 project to bridge Matrix and SMS/MMS messages via ofono.

They say:

I'm running this with ubuntu touch on my nexus 5. The goal is to have this hosted on my PinePhone.

integration for Kallithea

andrewsh announced:

speaking of integrations, I wrote an infra-basic integration for Kallithea three years ago:

Dept of Clients πŸ“±

Riot Web

Ryan said:

v1.5.16-rc.1 is now available at with quite a few things, including:

  • default in-app home page for new users

  • a simpler SSO sign in flow

  • SSO user authentication support for flows like removing sessions (requires homeserver support as well)

  • better read marker behaviour for grouped events like room creation

  • support for Jitsi configuration via .well-known from the homeserver

  • lots of cross-signing polish

Overall, the team is focused on finishing up cross-signing which is targeting release next week (assuming there are no surprises). πŸŽ‰


valere said:

Wild SQLDelight migration branches popup'ed in PR

Main Focus is still on getting cross-signing out No release this week, but here is develop change log:

Develop Change log:

Features ✨:

  • Cross-Signing | Bootstrapping cross signing with 4S from mobile (#985)

Improvements πŸ™Œ:

  • Cross-Signing | Setup key backup as part of SSSS bootstrapping (#1201)

  • Cross-Signing | Gossip key backup recovery key (#1200)

  • Show room encryption status as a bubble tile (#1078)

Bugfix πŸ›:

  • Cross- Signing | After signin in new session, verification paper trail in DM is off (#1191)

  • Failed to encrypt message in room (message stays in red), [thanks to pwr22] (#925)

  • Cross-Signing | web <-> riotX After QR code scan, gossiping fails (#1210)


Tulir told us:

gomuks got some minor improvements:

  • commands to download and open any files (rather than just images like before)

  • a toggle for markdown and html input


Manu said:

We continued to improve the implementation of cross-signing. One of added features is the gossip of the private key of the key backup: when you complete the security on a new sign-in, this new device automatically retrieves all message keys from your key backup. All your e2ee history is available with no additional effort.

Meanwhile, we have been updating the Riot iOS codebase to better support iOS 13 SDK and Xcode 11.x. Check for the progress of this work.

Dept of SDKs and Frameworks 🧰

libQuotient 0.6 beta

kitsune announced:

libQuotient 0.6 beta is out - developers and packagers are most welcome to try it out and iron the wrinkles before the release. This release is not too different from libQMatrixClient 0.5.3 that already incorporated many fixes from the main line; however, it includes: the new name (libQuotient, that is); proper rate-limiting (wait times advised by the homeserver are respected); the library is less prone to crash at logout and closing a connection; and, finally, initial work on E2EE done over the last year's Google Summer of Code is included in the library now. The list is fairly brief, as I didn't have too much time to work on Quotient in the last 6 months; but now that my switching jobs and continents is more or less complete, we're going to move faster.


jplatte reported:

Endpoints are continually being updated, and instead of just repeating this vague statement again and again, here is a number: at least 60% of our endpoint definitions are up-to-date with r0.6.0.

We're also getting lots of feedback from conduit's development. Some of things we're now planning to change based on that will require large-scale refactorings that haven't yet started, but will hopefully happen in the coming months.

matrix-rust-sdk progress

poljar said:

The matrix-rust-sdk is steadily progressing, improvements have been made on many fronts thanks to devinr528 (better event emitting, easier tests, room name calculation...).

The encryption side of things has been going on as well and a sneak peek can be found here

Dept of Ops πŸ› 

matrix-docker-ansible-deploy Jitsi

Slavi announced:

matrix-docker-ansible-deploy's Jitsi setup has seen lots of improvements around authentication, thanks to teutat3s. Refer to our Jitsi docs page for getting started or to learn how to rebuild your existing Jitsi installation in a more secure manner.

I asked: does this include the most recent version?

Slavi said:

it should! We've updated all Jitsi images today and reworked some things, due to a new release from the Jitsi guys, which fixes some security issues.

Dept of Bots πŸ€–

Send Sentry issues to a Matrix room

jaywink offered:

If you want your Sentry issues to a Matrix room, there is now a new bot for that: . Currently it supports a simple "projects to rooms" mapping and should work with both legacy webhook integrations and integration platform webhooks.

Dept of Ping πŸ“

Here we reveal, rank, and applaud the homeservers with the lowest ping, as measured by pingbot, a maubot that you can host on your own server. Join to experience the fun live, and to find out how to add YOUR server to the game.

RankHostnameMedian MS

That's all I know 🏁

See you next week, and be sure to stop by with your updates!

Running your own secure communication service with Matrix and Jitsi

06.04.2020 00:00 β€” General β€” Matthew Hodgson

Hi all,

Over the last few weeks there's been huge increase in interest from folks wanting the security and autonomy of running their remote collaboration services, rather than being at the mercy of traditional proprietary centralised apps. Meanwhile, the homeserver has been very overloaded (although we're at last making excellent progress in radically improving Synapse's performance) - so it's particularly important right now to help folks run their own servers.

Therefore we're very happy to announce that it's easier than ever before now to self-host your own video conferencing alongside Riot & Synapse: as of Riot/Web 1.5.15 (released last week), it's now a single config option to point Riot at a specific Jitsi rather than needing to hook up to an integration manager!

Meanwhile, over the last 18 months, it's got easier and easier to run your own Matrix deployments: the Debian packages are unrecognisably better now, and with .well-known URL support it's trivial to set up federation without needing to worry about complicated DNS, TLS or load balancer configurations.

So, to try to show off just how smooth this has become, we thought we'd do a run-through video showing installing Synapse, Riot & Jitsi on a completely fresh Debian install. It's (almost) filmed in a single shot, and takes about 20 minutes from beginning to end.

Please note that this does assume you're pretty familiar with Linux system administration. If you're not, then we'd recommend using a Matrix hosting provider such as (which directly supports development of the core team),, or StartupStack.

Finally, while the video shows how to install on Debian via Debian packages, there are many many other environments and architectures (e.g. installing under Docker) - this is just one relatively easy way to skin the cat. Perhaps there will be other 'speed-run' videos in future :)

If you want to follow along at home without listening to the video (and I can't blame you if you do ;) the high level steps are as follows:

Debian & DNS

  • Take one fresh Debian 10 install.
  • Point the DNS for your domain to it. You should use separate subdomains for the various services as a hygiene measure to make cross-site scripting attacks less effective. In this example, we set up DNS for:
    • (general website, and for hosting a .well-known path to advertise the Matrix service)
    • (Synapse)
    • (Riot/Web)
    • (Jitsi video conferencing)
    • In practice, we used a * wildcard DNS record for the three subdomains in this instance.

Nginx and LetsEncrypt

  • Install nginx as a webserver: apt-get update && apt -y install nginx
  • Go to /etc/nginx/sites-enabled and copy the vhost configuration block from the bottom of default to new files called,, and We don't set up at this point as the jitsi installer handles it for us.
    • Rename the server_name field in the new files to match the hostname of each host, and point root to an appropriate location per domain (e.g. /var/www/ for the main domain, or /var/www/ for riot)
    • For the Synapse domain ( here), you should replace the contents of the location block with proxy_pass http://localhost:8008; - telling nginx to pass the traffic through to synapse, which listens by default for plaintext HTTP traffic on port 8008. (N.B. do not put a trailing slash on the URL here, otherwise nginx will mangle the forwarded URLs.)
  • Enable TLS via LetsEncrypt on nginx, by: apt install -y python3-certbot-nginx && certbot --nginx -d -d -d (or whatever your domains are).
  • You should be able to go to at this point and see a page with valid HTTPS.


  • Then, install Synapse via Debian packages using the instructions at (see below). If you're not on Debian, keep an eye out for all the other OSes we support too!
    • You should specify the server name to be the domain you want in your matrix IDs - i.e. in this example.
    • Please report anonymous aggregate stats to us so we can gauge uptake and help justify funding for Matrix!
sudo apt install -y lsb-release wget apt-transport-https
sudo wget -O /usr/share/keyrings/matrix-org-archive-keyring.gpg
echo "deb [signed-by=/usr/share/keyrings/matrix-org-archive-keyring.gpg] $(lsb_release -cs) main" |
    sudo tee /etc/apt/sources.list.d/matrix-org.list
sudo apt update
sudo apt install matrix-synapse-py3
  • You should now be able to go to and see a valid "It works! Synapse is running" page.

  • Then, you should enable registration on your synapse by switching enable_registration: true in /etc/matrix-synapse/homeserver.yaml and restarting synapse via systemctl restart matrix-synapse.

  • Now you need to tell the rest of Matrix how to find your server. The easiest way to do this is to publish a file at which tells everyone the hostname and port where they can find the synapse for - in this instance, it's

mkdir -p /var/www/
cd /var/www/
echo '{ "m.server": "" }' > server
  • Alternatively, you could advertise the server via DNS, if you don't have write access to /.well-known on your main domain. However, to prove you are allowed to host the Matrix traffic for, you would have to configure nginx to use the TLS certificate for the vhost (i.e. the "wrong" one), and in general we think that /.well-known is much easier to reason about. In this case you would advertise the server with an SRV record like this: 300    IN  SRV 10 5 443


  • Then, install Riot/Web. Grab the latest .tgz release from You should check its GnuPG signature too:
mkdir /var/www/
cd /var/www/

# check its GnuPG signature (particularly advisable, given Riot is what stores
# your end-to-end encryption keys)
apt install -y gnupg

# grab the signing key for the riot releases repository, ideally from a keyserver...
gpg --keyserver --search-keys [email protected]

# ...and/or you can grab or cross-check the signing key from
gpg --import riot-release-key.asc

gpg --verify riot-v1.5.15.tar.gz.asc
# hopefully this will report "Good signature", even though it won't know to trust the riot release key.

# you could also choose to explicitly trust the key by editing it, entering 'trust' and then '5' for ultimate trust.
gpg --edit-key 74692659bda3d940

tar -xzvf riot-v1.5.15.tar.gz
ln -s riot-v1.5.15 riot
chown www-data:www-data -R riot
cd riot
cp config.sample.json config.json
  • You then tweak the config.json to change the base_url of the homeserver to be (i.e. where to find the Client Server API for your server), and change the server_name to be (i.e. the name of your server).
  • You should then be able to go to, register for an account, sign in, and talk to the rest of Matrix!


echo 'deb stable/' >> /etc/apt/sources.list.d/jitsi-stable.list
wget -qO - | sudo apt-key add -
apt-get update
apt-get -y install jitsi-meet
  • We give the installer the hostname Make sure this DNS is already set up, otherwise the installer will fail!

  • The installer magically detects you have nginx installed and adds in an appropriate vhost!

  • We select a self-signed certificate for now, and then upgrade it to LetsEncrypt after the fact with /usr/share/jitsi-meet/scripts/

    • Alternatively, you could have specified manual certificates, and then used certbot alongside the rest of nginx to create a certificate for - both work.
  • You should now be able to go to and use the Jitsi directly.

  • Finally, and this is the cool new bit: you can now point Riot to use the new Jitsi by going to its config.json at /var/www/ and changing the preferredDomain of the jitsi block from to your own self-hosted

  • You then refresh your Riot/Web, and you should be all set to use Jitsi from within your new Riot - as Riot/Web 1.5.15 and later has the ability to natively embed Jitsi straight into the app without needing to use an integration manager.


Matrix nowadays provides an excellent alternative to the centralised solutions. It gives:

  • Full autonomy over how to host and store your own conversations
  • Full freedom to talk to anyone else on the wider global Matrix network (or indeed anyone else bridged into Matrix)
  • Full privacy via full end-to-end-encryption for chats, file transfer and 1:1 voice/video calls (when enabled)
  • Full transparency by being 100% open source (as well as benefiting from the overall open source community)

Hopefully this gives some confidence that it's pretty easy to run your own fully functional Matrix instance these days. If not, then hopefully someone will do a similar one to show off Docker! And if that's still too scary, please take a look at a hosting services like

(Comments over at HN and here too)

This Week in Matrix 2020-04-03

03.04.2020 00:00 β€” This Week in Matrix β€” Ben Parsons

Matrix Live πŸŽ™

Featuring p2p, E2EE, FTUE, Open Tech Will Save Us and Mirage

Dept of Status of Matrix 🌑

Open Tech Will Save Us

Open Tech Will Save Us is a virtual meetup, taking the form of a monthly live video stream broadcasting on the second Wednesday of every month at 5pm UTC.

The first event will have speakers from Jitsi, IPFS and Matrix.

We'll cover the importance of preserving privacy and ways to keep your communications under control. Read more at

GSoC Student Applications closed

Google closed the door to applications on Tuesday, and we have an absolute bounty of proposals. More information will be shared when the announcements are made in a few weeks.

Dept of Spec πŸ“œ

anoa said:

Here's your weekly spec update!

MSC Status

Merged MSCs:

  • No MSCs were merged this week

MSCs in Final Comment Period:

  • No MSCs are currently in FCP

New MSCs:

Not much changing state this week as most people are focusing on implementation and existing MSCs.

Spec Core Team

Next week the Spec Core Team is focusing on the same as last week: MSC2457 (password invalidation), MSC2454 (SSO UI Auth), and MSC2472 (Symmetric SSSS).

Dept of Servers 🏒

Dendrite / gomatrixserverlib

Neil Alexander offered:

  • Dendrite now has support for sending v2 invites, and partial support for receiving them

  • The typing server in Dendrite has now been renamed to a more general-purpose EDU server and support for sending/receiving typing notifications has been fixed

  • Room version v3 and v4 support in Dendrite is mostly finished, hopefully will be merged soon

  • A new version of the P2P demo was released yesterday with some fixes (more information and discussion in

  • gomatrixserverlib now has new types and support for the new invite format, as used in the v2 endpoint

  • gomatrixserverlib has received some bugfixes, including with event ID generation and avoiding null in marshalled JSON for auth_events and prev_events


Update from Jason:

End-to-end encryption support has landed in Construct. The server now supports cross-signing, secret storage, and key backups for clients. I'm pleased with how this all came together on schedule for the upcoming transition to e2ee by default for Matrix. If you haven't been paying attention in last week full support for push-rules including efficient highlight-counting also landed. Next week Application Service support is scheduled.

Construct is quickly nearing complete coverage over the full breadth of the Matrix protocol, and the transition into release packaging is fast approaching. Construct is the C++ homeserver built for maximum performance with the lowest possible cost of ownership. If you're in need of a faster homeserver please show your support in and tell all your friends to lend a hand today!

Thanks Tulir for relaying

New Rust Homeserver

timo announced:

Hello! This week I worked on a Matrix homeserver written in Rust. Registering and logging in works already and I am currently adding support for sending events and inserting them into the event graph. I spent most of my time reading the Matrix specification to understand how this process works, because with federation (which I plan to add to my homeserver in the future) servers might disagree on which event was created first and there are strictly defined rules to resolve this. The Matrix homeserver uses the Ruma libraries as it's base and handles requests and responses using the Rocket crate. I use sled to store information as (key, value) pairs in a database. Most of these libraries are still experimental and I take this attitude myself by straying off from the reference implementations and changing algorithms in hopes of better performance. If you want to help, check out


Tulir offered:

mautrix-asmux wasn't made this week, but I haven't mentioned it on TWIM before. Basically, it acts as a proxy between appservices and the homeserver. The primary point is to make it possible to dynamically provision appservices.

The dynamically provisioned appservices connect to mautrix-asmux with individual access tokens, which asmux checks and then proxies the requests to Synapse with its own global access token. Synapse is only aware of one appservice, which will have a large user ID and alias namespace (e.g. everything starting with _). In the other direction, mautrix-asmux maintains a room ID -> appservice mapping, which it uses to send incoming events to the correct appservice. As a side effect, mautrix-asmux implements MSC2190, which is needed for end-to-bridge encryption.

πŸ“‘ Sygnal 0.4.0

Half-Shot told us:

Hey, some non-bridge news from me. We've released Sygnal v0.4.0 which allows folks to use postgresql to store state rather than sqlite3.

...and then...

another release,


Neil told us:

We continue on our performance drive. We’ll get Redis into production early next week replacing our home grown TCP based replication system. We also landed some SSO fixes for user interactive auth. Additionally we shipped a bug fix release in 1.12.3.

Synapse Deployment πŸ“₯


Ananace offered:

Just bumped the K8s-optimized Synapse image to 1.12.1


Mathijs told us:

The docker image for synapse v1.12.1rc1 is now on mvgorcum/docker-matrix:v1.12.1rc1

Dept of Bridges πŸŒ‰


Tulir said:

mautrix-telegram now has experimental support for end-to-bridge encryption. It's intended for cases where you don't want the homeserver to have access to messages, e.g. user-hostable appservices. It's currently on the e2be branch and should be merged to master soon. You can find setup instructions on the wiki:‐to‐bridge-encryption

The same feature will make its way to mautrix-facebook and mautrix-hangouts in the near future. After that, I'm going to start working on porting matrix-nio's crypto code to Go to bring end-to-bridge encryption to mautrix-whatsapp and possibly also general e2ee support for gomuks.

New tooling for plumbing IRC rooms

Cos announced:

I got annoyed by how difficult plumbing IRC rooms is and wrote a simple Python script to do it more easily from command line. Also cleaning old rooms and chats in Riot is quite tedious so I added support for easily leaving rooms to the script. I decided to creatively call it matrixtools and created a github repo for it for others to enjoy. It's still in infancy but more features are already planned such as more IRC management stuff and creating tombstone events to point rooms to other rooms. The tool uses Python and matrix-nio library. Contributions welcome!


mx-puppet-bridge is a general bridging library that supports (double)bridging and relays. The goal is to make it as easy as possible for others to bridge new third-party protocols to matrix. Support room Donate

sorunome said:

The bridge bot now sends read indicators for messages successfully delivered to the remote network - only supported on protocol implementations with event synchronising. 🦊


Advanced relay support! Similar to the discord bridge, you can now make an advanced relay, where, if in relay mode, the messages from matrix users appear correctly with username+avatar on the slack side. This works for both classic slack apps and new slack apps, via the events API.

For that the underlying slack client connection had to be significantly re-written, which became its own repository.


The skype puppet received a couple of bugfixes, so that it shouldn't need to be manually restarted every day anymore.


mx-puppet-voipms is a puppeting bridge for the SMS functionality provided by It is based on mx-puppet-bridge.

zoe reported:

Initial release of mx-puppet-voipms, a puppeting bridge for the SMS api built on top of the amazing mx-puppet-bridge framework.

πŸ€™ node-jitsi

Half-Shot told us:

Hey folks! I've not posted a proper bridge update in a while, so let's go into another project that isn't a bridge. I've started working on a new project called node-jitsi, which will allow people to connect their services to Jitsi Meet conferences. It's designed to allow bridges to start bridging across actual calls into Matrix via Jitsi, but could really be used by any project which is Node.JS based and wants Jitsi call functionality. The goal is to keep the interface clean and simple, and do all of the heavy lifting (WebRTC negotiations, XMPP handling) itself.

Currently the project has just started, although progress should hopefully be swift! Come check us out in and get chatting

Dept of Clients πŸ“±


valere reported:

Main focus in on getting cross-signing out (bootstrap will soon be merged)

But we also started efforts on database migration from Realm to SQLDelight!

Develop Change log:

Features ✨:

  • Cross-Signing | Support SSSS secret sharing (#944)

  • Cross-Signing | Verify new session from existing session (#1134)

Improvements πŸ™Œ:

  • Verification DM / Handle concurrent .start after .ready (#794)

  • Cross-Signing | Update Shield Logic for DM (#963)

  • Cross-Signing | Complete security new session design update (#1135)

Bugfix πŸ›:

  • Missing avatar/displayname after verification request message (#841)

  • Crypto | RiotX sometimes rotate the current device keys (#1170)

  • RiotX can't restore cross signing keys saved by web in SSSS (#1174)

Nio for iOS

kilian said:

Nio for iOS has been getting some attention this week. Message display is now much better (visually grouped by sender) and I added some preliminary support for contextual event actions. For the time being emoji reactions and redactions have been implemented. (The context menu does trigger the best result of the visual flipping workaround in SwiftUI though πŸ˜…)

What's new on the fluffy side?

krille told us:

FluffyChat 0.11.0 is now available in the F-Droid repo:

New features

  • Voice messages

  • New message bubble design

  • Share content with FluffyChat


  • Use SnackBars instead of Toasts


  • Minor fixes in the SDK

  • Loading dialog when sending files is displayed too long

  • Fixed device settings list

  • Fix a lazy loading bug

  • Improve app icon

The current version in the PlayStore is outdated. I need to write a privacy policy first and this can take some time. A TestFlight version for iOS is planned too but not yet ready. Here is a screenshot of the new voice messages feature:


Quotient project

kitsune reported:

The Quotient project has made two "sustaining" releases this week, and then three^Wfour more to fix foolish mistakes - right on the Fools' Day! Long story short - if you're on Quaternion* (with any trailing letter) and, respectively, libQMatrixClient 0.5.x, make sure to upgrade to Quaternion and libQMatrixClient because, as of this writing, these are the latest and fixedest in the breed. Aside from many backend bugfixes (mostly described in release notes from 0.5.3), this refreshed pair can handle SSO and no more interferes with Pantalaimon in encrypted rooms. Further plans include scrapping the whole Quotient thing and switch to Python because it's so much easier. Just kidding :) the plans didn't change, Quotient 0.6 is the next milestone, and the backend for the next Quaternion release. And you won't need to wait another year for them, I promise.


miruka reported:

Mirage 0.4.3 was released today, AppImage and Flatpak included.

Some of the most notable changes:

  • Redactions support: individual or selected messages can now be removed from the context menu or using keyboard shortcuts

  • New shortcuts for inviting to, leaving or forgetting a room

  • Support for environment variables to specify config and user data folders

  • Fixed the crash after login for KDE users

Riot Web

Ryan announced:

Riot Web 1.5.14 and 1.5.15 were released this week with a simpler Jitsi integration, new keyboard shortcuts (along with shortcut help via Cmd / Ctrl+/), and layout performance fixes. 1.5.14 has a security issue with the Jitsi widget wrapper, so please remove any copies of 1.5.14 if you installed it. Lots of cross-signing polish work continues as we get closer to release.


Manu announced:

We made a hot fix release (0.10.5) this week. Cross-signing work is still progressing well. We will run much more tests next week with other Riots to finish the feature.

Ismail, who joined the team mid-week πŸ₯³πŸŽ‰, has started to do some maintenance work required by iOS 13 SDK.

Dept of SDKs and Frameworks 🧰


jplatte announced:

Through a steady increase in demand thanks to GSoC, matrix-rust-sdk and timokoesters' homeserver, our foundational crates are receiving more attention than ever before, resulting in the following releases last week:

  • ruma-events 0.18.0

  • ruma-api 0.15.0

    • This release contains a change that allows endpoint definitions to have an associated error type
  • ruma-client-api 0.7.0

    • This release once again gets us closer to r0.6.0 compatibility

    • We now use the standard libraries Duration type for a few things including the /sync request's timeout parameter

    • We now have an Error type that error responses from the homeserver will be deserialized into

New PHP library

a_v_p announced:

Hello! I'm working on a PHP library (GPL v3.0+) that allows to communicate with a Matrix instance. Currently the library allows to create users, rooms, login to the Matrix server and send messages, although more work needs to be done:

I created the library due to my own needs, but probably it will be of some interest for others.

Apparently the author has a need for Matrix-Moodle integration, sounds interesting! An update! Late breaking:

I've updated Matrix-PHP, now there's documentation in on how to use the library. If anyone wants to use it/contribute, this should make the things easier.

There's no release yet though. But for now, the library is capable of:

  • creating users with on the servers where registration is disabled;
  • changing users passwords (by users themselves or by admins);
  • logging in to the server using m.login.password method;
  • sending text messages to rooms;
  • checking if a username is available for registration on a server (only for admins.)

Dept of Ops πŸ› 


Slavi said:

A few interesting matrix-docker-ansible-deploy updates this week:

Thanks to Christian Lupus's efforts, the playbook now supports installing to an Archlinux server.

Thanks to Marcel Partap's efforts, the mxisd identity server, which has been deprecated for a long time, has finally been replaced by ma1sd.


Typo Kign reported:

I've just released v1.0 of my Matrix helm chart, to help deploy a complete homeserver stack in Kubernetes. Partially inspired by spantaleev's wonderful ansible playbook, dacruz21/matrix-chart aims to be an all-in-one installation of Synapse, Riot, bridges, and other services. It includes a number of Kubernetes security and scalability features, and is ideal for anyone running a large homeserver, or a homeserver in a corporate environment where security is paramount.

More details at, and visit for any questions or support.

Dept of Bots πŸ€–


Peter Roberts said:

Lives in the cloud now so should be more reliable.

Fairly sure Peter is referring to his tracking bot being on new hosting. He could mean that he has ascended to the clouds, and is therefore more reliable, but perhaps he wouldn't have posted to TWIM in that case.

dice bot

Tulir told us:

The maubot dice plugin got a new release. The primary change was a config option to show results of individual rolls.

OBS bot v0.5

msirringhaus announced:

In addition to some performance fixes, the chat bot integration in Rust for openSUSEs Open Build Service can now listen also to openQA events.

openQA is an operating system level integration testing framework that makes it possible to test the installation process, GUIs and TUIs by simulating user interaction on different hardware or virtualization technologies. OBS is used for development of the openSUSE distribution and can build packages from the same sources for Fedora, Debian, Ubuntu, SUSE Linux Enterprise and other distributions.

Sources can be found here, RPMs exist as well.

Dept of Hackathons πŸ•

Mozilla is hosting a Fix-the-Internet Lab

Aaron told us:

Mozilla is hosting a Fix-the-Internet Lab from April 15th - June 15th that specifically calls out decentralization and messaging.

Mozilla’s Fix-The-Internet MVP Lab is an 8 week-long incubator-style program this Spring to mobilize & fund around products and technologies that enable everyone to connect and build a better society.

Sounds like it could be a good fit for a Matrix community project. Each participant would get a $2500 stipend and access to mentorship. There are also significant prizes.

Applications are due Monday April 6 at 11:59PM ET.

Swedish government launching a three-day remote hackathon

Ananace reported:

Maybe more tangentically relevant, but the Swedish government is launching a three-day remote hackathon starting tomorrow (3rd-6th of April) focusing on saving lives, communities, and businesses. A Matrix solution may very well be interesting to develop for this, perhaps something taking another look at the CoAP/CBOR work.

Dept of Ping πŸ“

Here we reveal, rank, and applaud the homeservers with the lowest ping, as measured by pingbot, a maubot that you can host on your own server. Join to experience the fun live, and to find out how to add YOUR server to the game.

RankHostnameMedian MS

That's all I know 🏁

See you next week, and be sure to stop by with your updates!

Synapse 1.12.2 released

02.04.2020 00:00 β€” Releases β€” Neil Johnson

A small patch release to fix regressions introduced in v1.11.0 and v1.12.0.

Update 1.12.3 is a fast follow release from 1.12.2

Get 1.12.3 (not 1.12.2) from github or any of the sources mentioned at

Changelog since v1.12.0

Synapse 1.12.3 (2020-04-03)

  • Remove the the pin to Pillow 7.0 which was introduced in Synapse 1.12.2, and correctly fix the issue with building the Debian packages. (#7212)

Synapse 1.12.2 (2020-04-02)

This release fixes an issue with building the debian packages.

Synapse 1.12.1 (2020-04-02)

No significant changes since 1.12.1rc1.

Synapse 1.12.1rc1 (2020-03-31)


  • Fix starting workers when federation sending not split out. (#7133). Introduced in v1.12.0.
  • Avoid importing sqlite3 when using the postgres backend. Contributed by David Vo. (#7155). Introduced in v1.12.0rc1.
  • Fix a bug which could cause outbound federation traffic to stop working if a client uploaded an incorrect e2e device signature. (#7177). Introduced in v1.11.0.

This Week in Matrix 2020-03-27

27.03.2020 00:00 β€” This Week in Matrix β€” Ben Parsons

Matrix Live πŸŽ™

Dept of Spec πŸ“œ

anoa said:

Here's your weekly spec update!

MSC Status

Merged MSCs:

MSCs in Final Comment Period:

  • No MSCs are currently in FCP

New MSCs:

Closed MSCs:

Finally some merged MSCs, and so much activity in other areas! Thanks for everyone getting involved :)

Spec Core Team

Next week the Spec Core Team is focusing on MSC2457 (password invalidation), MSC2454 (SSO UI Auth), and MSC2472 (Symmetric SSSS).

Dept of Servers 🏒

Dendrite / gomatrixserverlib

Neil Alexander reported:

  • Backfill over federation and room history visibility are now mostly implemented in Dendrite
  • Most of the room version support code is now merged into gomatrixserverlib
  • More of Dendrite has been converted to use new headered events from gomatrixserverlib
  • Room version support code has now been merged into Dendrite


Neil told us:

We released 1.12.0 this week which contains some decent performance wins. Our theme for the moment is to continue working on performance, and the sharding project is starting to make some real progress. Hopefully we get onto breaking out event persistence next week.

Aside from that you'll see a lot of work to improve SSO support, in particular the ability for SSO and User Interactive Auth to work together is just around the corner.

Sorry for all the slowness, we're doing everything we can!

Thoughts on

julian told us:

The current link handler is centralized and unfriendly. Before real matrix: URIs are done ( ), I decided needs redesigning, so I've written about it and am working on mock-ups and changes: Feedback would be appreciated. Please discuss in [

Synapse Deployment πŸ“₯


Ananace announced:

Updated the Kubernetes-optimized images of Synapse to 1.12.0. Both the alpine and debian-based - with jemalloc support - tags use the latest twisted package.

NB; If you're using both workers and application services, make sure that your application service config files are mounted into the worker pods as well.

Various updates on Debian packaging

andrewsh reported:

Debian backports for Buster will see updated synapse and Twisted around the weekend when packages migrate to testing

Debian packages for synapse have been updated and now pull the patched version of Twisted with CVE-2020-10108, CVE-2020-10109 and other security vulnerabilities fixed

the patched version of Twisted in Debian is 18.9.0-8, Ubuntu ships security fixes in 18.9.0-6ubuntu1; both include all necessary security fixes 20.3.0 is currently in Debian experimental and hopefully will be uploaded to unstable by the end of the week


Ananace announced:

Submitted a PR that adds support for running the Synapse state compression tool to the synapse-purge utility written by djmaze. So that it's able to both launch purges for all rooms, as well as compress their state afterwards.

Dept of Bridges πŸŒ‰


mx-puppet-bridge is a general bridging library that supports (double)bridging and relays. The goal is to make it as easy as possible for others to bridge new third-party protocols to matrix. Support room Donate

sorunome said:

There is a new skype bridge! mx-puppet-skype, also based on mx-puppet-bridge.

It already features:

  • Sending normal and rich formatted text in both directions
  • Sending images, audio and other media in both directions
  • Some skype emoji are parsed to normal emoji
  • Skype->Matrix typing and read indicators
  • Skype->Matrix user updates

Please note that skype seems to be having some issues lately where sometimes messages aren't received (also in the official client), and that sadly also affects the bridge.

Icinga GoNotify Matrix v2.0.1

Oleg offered:

  • A simple client to send notifications from Icinga to a [matrix] room.
  • This is a rewrite of a Perl version (
  • New and fancy notification template (thanks !).
  • Written in Go and uses mautrix-go (thanks ο»Ώ !).
  • Doesn't need any dependencies other than ca-certificates.
  • Support/Feedback:

Dept of Clients πŸ“±


miruka told us:

Mirage is a new fancy Matrix client written in Qt/QML + Python, currently in alpha and available on Linux. Some of its main features are:

  • A fluid interface that adapts to any size
  • Keyboard shortcuts for (almost) everything, including filtering/switching rooms, scrolling, sending files, selecting and copying messages...
  • A dynamic, programmable theming system
  • Multiple accounts in one client
  • Support for end-to-end encryption

Mirage client


Nheko is a desktop client using Qt, Boost.Asio and C++17. It supports E2EE (with the notable exception being device verification for now) and intends to be full featured and nice to look at

Nico ( told us:

  • The image overlay you get, when you click on an image, should now stay out of your way, when downloading an image (adasauce)
  • Nheko now shouldn't show a console on launch on Windows anymore (abma)
  • Typing notifications now won't sanitize users twice. This shouldn't increase Corona infections, just make special characters like < and & show up correctly, so you can put more <3 into your names. (Emi)
  • A lot of edge cases, where avatars didn't show up correctly were fixed. One issue with dynamic thumbnailing and synapse is still waiting for a synapse pr to be merged.
  • If you restart your server, Nheko should now use less CPU in the time the server is down. It may take a bit longer to reconnect though.

I'd like to thank all the contributors, that contribute seemingly random, small patches. It really helps make Nheko better in the long term and I really appreciate your help! <3

Quotient 0.5.3 RC

kitsune reported:

Quotient 0.5.3 RC goes out - this is a backwards-compatible release that you can safely use with your Quaternion Packagers are welcome to do all the preparations necessary - 0.5.3 release will happen right after the weekend! Despite back-compatibility, this version sports quite a few recent improvements backported from the master branch, including SSO, support of reactions and message editing, .well-known and, of course, quite a few bug fixes. Check it out at P.S. For those who want more, Quotient 0.6 (and Quaternion are coming real-soon-now, too!


Manu told us:

We are still working on cross-signing but we see the end :). Gossiping of cross-signing private keys is now automatically done in background. We have a new modal that pops up on unverified sign-ins. We started to make cross-platform tests and fixed issues. Next week will be all about polishing this feature. (Riot on IPFS)

swedneck reported:

I have started maintaining again, so riot will once again be available on IPFS! You can try it out at, or via a local IPFS gateway at Expect updates a couple of days after every new riot version is released.

Dept of Ops πŸ› 

matrix-docker-ansible-deploy optionally supports jitsi

Slavi announced:

matrix-docker-ansible-deploy can now optionally install the Jitsi video-conferencing platform and integrate it with riot-web. See our Jitsi documentation page to get started.

You need to tell the playbook to use the :develop riot-web though. The documentation page instructs people to do that (for now).

I did a 4-person video conference the other day and all Jitsi components combined seemed to take some ~500MB of memory and quite a lot of CPU, while the call was ongoing.

Dept of Bots πŸ€–

CovBot v0.1.1

Peter Roberts offered:

  • Add Public Health England data for more granular stats in the UK.
  • Available on WhatsApp and Telegram.
  • Send a welcome message to new rooms.
  • Improve !help messages.
  • Add !announce to notify all rooms.
  • Gracefully handle rate limiting.
  • Cleanup empty rooms once per day.
  • Send m.text instead of m.notice so it plays nicely with WhatsApp bridge.

MIT licensed on GitHub.

CovBot v0.1.2

Peter Roberts offered:

  • Add !compare - thanks to Works like !compare china;uk;spain. See !help for more info.
  • Improve readability of !help on mobile.

MIT licensed on GitHub

CovBot v0.1.3

Peter Roberts said:

Now comes with a !risk command that takes an age and calculates some outcome probabilities for that age group. Thanks to for adding this in!

MIT licensed on GitHub.

reminder maubot plugin

Tulir said:

v0.2.0 of the reminder plugin for maubot was released recently. The primary change was a new custom date parser, which should have less weird results than before.

It also has a locale system. You can set locales with !reminder locale <list of locales>. The system is fairly simple: it just tries to parse the input with each locale in the order specified and uses the first match. It doesn't have many locales so far, so contributions are welcome if you're not afraid of regexes (contributions for reducing the number of regexes are also welcome :D)

Matrix in the News πŸ“°

Matthew said:

for those who quite understandably couldn’t endure listening to 90 minutes of waffle about Matrix on The Changelog, the transcript is now up at!

New Public Rooms 🏟

nico said:

To help people stay in contact in times of coronavirus, there are now coronavirus rooms in 4 languages (German: , English:, French: and Korean They are all listed on to give new matrix users an easy entrance

Dept of Ping πŸ“

Here we reveal, rank, and applaud the homeservers with the lowest ping, as measured by pingbot, a maubot that you can host on your own server. Join to experience the fun live, and to find out how to add YOUR server to the game.

RankHostnameMedian MS

Final Thoughts πŸ’­

Next Tuesday is the student submission deadline for GSoC! Check out our list of projects and come and chat to us.

That's all I know 🏁

See you next week, and be sure to stop by with your updates!

Synapse 1.12.0 released

23.03.2020 00:00 β€” Releases β€” Neil Johnson

Synapse 1.12.0 is here.

The most important reason to upgrade to 1.12.0 is that it contains performance improvements to boost the efficiency of state resolution in room versions greater than v1 (#7095).

It also contains an implementation of (MSC2432) designed to limit room alias abuse. The MSC contains the full details, but in short admins now have more control over aliases as they appear on their local server.

There is also plenty of ground work for our master process sharding project. Nothing that can be used today unfortunately, but expect big improvements for worker based deployments over the coming weeks.

Please pay special attention to the security advisory in the changelog, TL;DR make sure your installation is using Twisted 20.3.0.

Also, note that once Synapse 1.13.0 is released, the default branch will change to being develop rather than master. Again more details follow in the changelog.

Get the new release from github or any of the sources mentioned at

Changelog since Synapse 1.11.1

Synapse 1.12.0 (2020-03-23)

No significant changes since 1.12.0rc1.

Debian packages and Docker images are rebuilt using the latest versions of dependency libraries, including Twisted 20.3.0. Please see security advisory below.

Security advisory

Synapse may be vulnerable to request-smuggling attacks when it is used with a reverse-proxy. The vulnerabilities are fixed in Twisted 20.3.0, and are described in CVE-2020-10108 and CVE-2020-10109. For a good introduction to this class of request-smuggling attacks, see

We are not aware of these vulnerabilities being exploited in the wild, and do not believe that they are exploitable with current versions of any reverse proxies. Nevertheless, we recommend that all Synapse administrators ensure that they have the latest versions of the Twisted library to ensure that their installation remains secure.

  • Administrators using the Docker image or the Debian/Ubuntu packages from should ensure that they have version 1.12.0 installed: these images include Twisted 20.3.0.
  • Administrators who have installed Synapse from source should upgrade Twisted within their virtualenv by running:
    <path_to_virtualenv>/bin/pip install 'Twisted>=20.3.0'
  • Administrators who have installed Synapse from distribution packages should consult the information from their distributions.

The Synapse instance was not vulnerable to these vulnerabilities.

Advance notice of change to the default git branch for Synapse

Currently, the default git branch for Synapse is master, which tracks the latest release.

After the release of Synapse 1.13.0, we intend to change this default to develop, which is the development tip. This is more consistent with common practice and modern git usage.

Although we try to keep develop in a stable state, there may be occasions where regressions creep in. Developers and distributors who have scripts which run builds using the default branch of Synapse should therefore consider pinning their scripts to master.

Synapse 1.12.0rc1 (2020-03-19)


  • Changes related to room alias management (MSC2432):
    • Publishing/removing a room from the room directory now requires the user to have a power level capable of modifying the canonical alias, instead of the room aliases. (#6965)
    • Validate the alt_aliases property of canonical alias events. (#6971)
    • Users with a power level sufficient to modify the canonical alias of a room can now delete room aliases. (#6986)
    • Implement updated authorization rules and redaction rules for aliases events, from MSC2261 and MSC2432. (#7037)
    • Stop sending events during room creation and upgrade. (#6941)
    • Synapse no longer uses room alias events to calculate room names for push notifications. (#6966)
    • The room list endpoint no longer returns a list of aliases. (#6970)
    • Remove special handling of aliases events from MSC2260 added in v1.10.0rc1. (#7034)
  • Expose the synctl, hash_password and generate_config commands in the snapcraft package. Contributed by @devec0. (#6315)
  • Check that server_name is correctly set before running database updates. (#6982)
  • Break down monthly active users by appservice_id and emit via Prometheus. (#7030)
  • Render a configurable and comprehensible error page if something goes wrong during the SAML2 authentication process. (#7058, #7067)
  • Add an optional parameter to control whether other sessions are logged out when a user's password is modified. (#7085)
  • Add prometheus metrics for the number of active pushers. (#7103, #7106)
  • Improve performance when making HTTPS requests to sygnal, sydent, etc, by sharing the SSL context object between connections. (#7094)


  • When a user's profile is updated via the admin API, also generate a displayname/avatar update for that user in each room. (#6572)
  • Fix a couple of bugs in email configuration handling. (#6962)
  • Fix an issue affecting worker-based deployments where replication would stop working, necessitating a full restart, after joining a large room. (#6967)
  • Fix duplicate key error which was logged when rejoining a room over federation. (#6968)
  • Prevent user from setting 'deactivated' to anything other than a bool on the v2 PUT /users Admin API. (#6990)
  • Fix py35-old CI by using native tox package. (#7018)
  • Fix a bug causing org.matrix.dummy_event to be included in responses from /sync. (#7035)
  • Fix a bug that renders UTF-8 text files incorrectly when loaded from media. Contributed by @TheStranjer. (#7044)
  • Fix a bug that would cause Synapse to respond with an error about event visibility if a client tried to request the state of a room at a given token. (#7066)
  • Repair a data-corruption issue which was introduced in Synapse 1.10, and fixed in Synapse 1.11, and which could cause /sync to return with 404 errors about missing events and unknown rooms. (#7070)
  • Fix a bug causing account validity renewal emails to be sent even if the feature is turned off in some cases. (#7074)

Improved Documentation

  • Updated CentOS8 install instructions. Contributed by Richard Kellner. (#6925)
  • Fix POSTGRES_INITDB_ARGS in the contrib/docker/docker-compose.yml example docker-compose configuration. (#6984)
  • Change date in for last date of getting TLS certificates to November 2019. (#7015)
  • Document that the fallback auth endpoints must be routed to the same worker node as the register endpoints. (#7048)

Deprecations and Removals

  • Remove the unused query_auth federation endpoint per MSC2451. (#7026)

Internal Changes

  • Add type hints to logging/ (#6309)
  • Add some clarifications to in the database schema directory. (#6615)
  • Refactoring work in preparation for changing the event redaction algorithm. (#6874, #6875, #6983, #7003)
  • Improve performance of v2 state resolution for large rooms. (#6952, #7095)
  • Reduce time spent doing GC, by freezing objects on startup. (#6953)
  • Minor performance fixes to get_auth_chain_ids. (#6954)
  • Don't record remote cross-signing keys in the devices table. (#6956)
  • Use flake8-comprehensions to enforce good hygiene of list/set/dict comprehensions. (#6957)
  • Merge worker apps together. (#6964, #7002, #7055, #7104)
  • Remove redundant store_room call from FederationHandler._process_received_pdu. (#6979)
  • Update warning for incorrect database collation/ctype to include link to documentation. (#6985)
  • Add some type annotations to the database storage classes. (#6987)
  • Port synapse.handlers.presence to async/await. (#6991, #7019)
  • Add some type annotations to the federation base & client classes. (#6995)
  • Port to async/await. (#7020)
  • Add a type check to is_verified when processing room keys. (#7045)
  • Add type annotations and comments to the auth handler. (#7063)

This Week in Matrix 2020-03-20

20.03.2020 00:00 β€” This Week in Matrix β€” Ben Parsons

Matrix Live πŸŽ™

Matrix Live S04E30 - Matthew updates on Synapse perf, P2P and new Jitsi

Dept of Spec πŸ“œ

anoa announced:

Here's your weekly spec update!

MSC Status

Merged MSCs:

  • No MSCs were merged this week

MSCs in Final Comment Period:

New MSCs:

Spec Core Team

Next week the Spec Core Team is focusing MSC2432 (alias changes), MSC2451 (remove query_auth), and implementation.

Dept of Servers 🏒

Dendrite / gomatrixserverlib

Neil Alexander announced:

  • P2P work is continuing at, with various fixes and a new public room directory
  • Room version work is continuing with new headered event support in Kafka, the internal APIs and the sync API in Dendrite, and in the event code in gomatrixserverlib
  • Joining rooms over federation is a bit more reliable now, as prev events are handled properly in this case and therefore the first message into the room doesn't get lost
  • Some improved error handling work has been merged - thanks to prateek2211 and abbyck
  • The /joined_rooms endpoint is now implemented - thanks to prateek2211

Notes on usage:

In order to try, do I need to create an account or should I be signing in to some user?

Just register as normal. Be aware you are registering into your local in-browser Homeserver, rather than a remote service.

Neil Alexander also mentioned:

We've also created as a general non-implementation-specific channel for homeserver developers :-)


TravisR offered:

v1.1.0 has been released with experimental (incomplete) IPFS support, memory leak fixes, and other improvements. This is a highly recommended upgrade if you use expireAfterDays or have memory problems.


Neil reported:

This week we have seen a huge increase in traffic and so we are spending a lot of time battling with scaling. Most notably we shipped an optimisation to improve state resolution for room versions > 1. Our sharding effort continues and we are working towards backing with redis for pub sub which is prerequisite for the project.

Aside from that we had some problems with push reliability, this should now be fixed. Sorry if you were bitten!

We also put out 1.12.0rc1 expect a full release early next week.

Next week performance performance performance. We’ll also complete improvements to user Interactive Auth for SSO installations.

Synapse Deployments

Mathijs told us:

The docker image for synapse v1.12.0rc1 is now on mvgorcum/docker-matrix:v1.12.0rc1

Dept of Bridges πŸŒ‰

Welcome Christian!

Welcome to Christian, who is joining the Bridges team as an employee. He'll start out on the Slack bridge but will be working more generally with Half-Shot on all bridges.


mx-puppet-bridge is a general bridging library that supports (double)bridging and relays. The goal is to make it as easy as possible for others to bridge new third-party protocols to matrix. Support room Donate

sorunome told us:

  • add adminme thanks to dhmf
  • more tests
  • unified namespaces!

Unified namespaces is a big update! This means that, if the remote protocol has globally unique IDs (e.g. as discord has the case) it will only create one room on matrix for any amount of puppets. Combining this with the advanced relay option, this means that protocol implementations (e.g. discord) now can act like a normal relay bridge only with super awesome puppeting! As in, the for the puppets, the DMs work and channels&guilds that the relay bot is not in. All this is possible without any changes to the protocol implementation, should the protocol have unique global IDs.

Dept of Clients πŸ“±

Quotient / Quaternion SSO support

kitsune told us:

In preparation to the upcoming (long-awaited) releases for Quotient and Quaternion, the library has gained full-blown support of SSO flow, such as the one used by the Mozilla's homeserver, and adventurous Mozilla Matrix users can use the master branch of Quaternion to login to their accounts. Next step - official releases and backports.


Tulir said:

gomuks now supports markdown formatting in rainbow messages.

Or if you prefer:

gomuks now supports markdown formatting in rainbow messages.


Nheko is a desktop client using Qt, Boost.Asio and C++17. It supports E2EE (with the notable exception being device verification for now) and intends to be full featured and nice to look at

Nico ( told us:

Emi added a new sorting method to the room list, that keeps rooms with unread messages on top, even when the messages are older than the messages in silenced or read rooms. It makes the room list a lot nicer to use and after being skeptical at the start, I now use it on all my systems. Huge thanks to Emi for bearing with my long and confusing review!

Riot Web

Ryan reported:

  • Keyboard shortcuts are more discoverable with a help popup that explains them
  • Jitsi support for voice and video is moving into Riot itself (the integration manager is no longer used for this)
  • Self-hosted Riots can be configured to use a different Jitsi server if desired
  • Encrypted messages are faster to encrypt and send
  • The room directory server selector has been reworked and is much easier to use and understand
  • Many cross-signing polish fixes continue to land, hoping to ship cross-signing in a few weeks

RiotX, Quick corrective release 0.18.1

valere told us:

Improvements πŸ™Œ:

  • Implementation of /join command

Bugfix πŸ›:

  • Message transitions in encrypted rooms are jarring #518
  • Images that failed to send are waiting to be sent forever #1145
  • Fix / Crashed when trying to send a gif from the Gboard #1136
  • Fix / Cannot click on key backup banner when new keys are available


Manu told us:

We are still working on cross-signing. QR code screens have landed on develop like storing and gossiping of cross-signing private keys.

Dept of SDKs and Frameworks 🧰


swedneck offered:

I'm working on a Gtk GUI for py-matrix-utils, progress can be followed at This isn't going to be a fully fledged matrix client, it's just a graphical interface for various matrix tools.

Dept of Ops πŸ› 

matrix-docker-ansible-deploy Raspberry Pi support

Slavi offered:

Thanks to Gergely HorvΓ‘th's efforts, matrix-docker-ansible-deploy now supports installing at least some of its services to a Raspberry Pi server.

See our Self-building documentation page to learn how to get started.

Dept of Bots πŸ€–

CovBot v0.0.10

Peter Roberts announced:

  • Search by country code.
  • Better handling of issues in the data.
  • Do more things with asyncio.

MIT licensed on GitHub.

Thanks to the super awesome bridging powers of Matrix anyone on WhatsApp can now chat with the bot! Feel free to chat with it and share with anyone who prefers to use WhatsApp!

More magic bridging means Telegram users can now chat with the bot! Please feel free to share with anyone who prefers to use Telegram!


CovBot has a couple of contributors working on it now too πŸ™‚

Check the repo for details!

Final Thoughts πŸ’­

Organising IT Support via Riot

Karl told us:

We are mid in building a team to give free IT support and security help to critical infrastructure operators during Corona times organized via Riot. Added a local alias for this room here at . room where we started creation Everybody wanting to help is welcome.

Join the room and get involved for more info.

Dept of Ping πŸ“

Here we reveal, rank, and applaud the homeservers with the lowest ping, as measured by pingbot, a maubot that you can host on your own server. Join to experience the fun live, and to find out how to add YOUR server to the game.

RankHostnameMedian MS

That's all I know 🏁

See you next week, and be sure to stop by with your updates!