Synapse 1.11.1 is a security release which contains a fix impacting installations using Single Sign-On (i.e. SAML2 or CAS) for authentication. Administrators of such installations are encouraged to upgrade as soon as possible.
Admins not using Single Sign-On to authenticate users are not affected though may wish to upgrade anyway to pull in some unrelated bug fixes.
Thanks to Rhys Davies for the responsible disclosure.
Get the new release from github or any of the sources mentioned at https://github.com/matrix-org/synapse/blob/master/INSTALL.md.
Changelog since Synapse 1.11.0
Synapse 1.11.1 (2020-03-03)
This release includes a security fix impacting installations using Single Sign-On (i.e. SAML2 or CAS) for authentication. Administrators of such installations are encouraged to upgrade as soon as possible.
The release also includes fixes for a couple of other bugs.
Bugfixes
Add a confirmation step to the SSO login flow before redirecting users to the redirect URL. (b2bd54a2, 65c73cdf, a0178df1)
Fixed set a user as an admin with the admin API PUT /_synapse/admin/v2/users/<user_id>. Contributed by @dklimpel. (#6910)
Fix bug introduced in Synapse 1.11.0 which sometimes caused errors when joining rooms over federation, with 'coroutine' object has no attribute 'event_id'. (#6996)
This week Matrix held a Meetup Event in London! There were presentations demonstrating E2E Cross-Signing (including the next, sleeker QR codes), P2P in the browser with Dendrite, Message retention, and Github bridging. There was also plenty of P2E* and B2D**.
Last week we announced that Google had selected Matrix for the Google Summer of Code progamme, and requested projects get involved under the Matrix banner. We had a great response to this call: Ditto, Ruma, opsdroid and Nheko are all offering projects this year, as well as projects under the core Matrix team.
We updated suggested projects list (more to come), so if you're a student please take a look. Think about what you'd like to work on, get involved with suggested projects, and join #gsoc:matrix.org to discuss.
Matrixmon, the perl based c2s probe with metrics to track your Synapse server client API responses is now at v0.5.0 and now allows using an access_token for the probe user.
This week Erik been tackling the work on sharding the master process in Synapse, Patrick has been working on the new room alias semantics while richvdh has been doing some background preparation to allow us to change the way events are redacted in future room versions.
Next week: SSO/User Interactive auth is still in the pipeline, alongside an option to allow users to change their password without logging out their other devices, and of course, more sharding.
The docker images of my projects (specifically mautrix-{telegram,whatsapp,facebook,hangouts} bridges, maubot and mautrix-manager) now support arm64 in addition to amd64. They're multiarch images, so the same tag will work with both architectures.
adasauce fixed the settings page to properly display on narrow screens, like the PinePhone or Librem5
We fixed rooms being stuck on unread. This only applies for rooms, where you receive an event after you updated.
Avatars should now render in high res on high dpi screen with display scaling enabled.
We fixed some smaller annoyances regarding what happens, when clicking elements of replies and the reply button now only shows on hover (or tap on the right side, like the timestamp, on mobile)
We fixed the logic around user interactive authentication needed for registration, which means you should be able to register on servers using recaptcha and other registration requirements again! Note that this currently doesn't seem to work on servers, that use workers. This may be because of a synapse bug, but the jury is still out, it may still be our fault ;-)
We wrote some proposals for GSoC, which Nheko was invited to participate in under the matrix.org umbrella.
nheko-reborn is now available on the guix package manager!
Guix feature reproducible builds, allowing users to verify the binary cache correctness, and the possibility to create tarball/docker images
to easily share the build results with all dependencies to systems without guix package manager.
Guix also aims at reducing bootstrap binaries to a minimum (see this blog post for example), reducing the effect of trusting trust attacks. Those properties led guix to be the package manager of choice for bitcoin development.
Our current Outreachy intern implemented many nice media related things. Videos now have a preview playing directly in the room history and clicking on them opens a player view with the usual controls.
Audio messages have a nicer presentation too. The audio player downloads the whole file to make seeking possible.
The narrow view (used e.g. on the Pinephone and Librem 5) gained a new swipe-back gesture to go back from room to room list
RiotX: We have released version 0.17.0: new attachment management, with media preview and edition. This release also contains a lot of bug fixes. We are also still working on cross-signing implementation.
...is a template repo based on the matrix-nio library that you can use to get quickly up and running with making simple, yet powerful matrix bots in Python!
ποΈ Encryption Support is now built-in π! This does shift the login model from access token to username/password. Note that by entering a device id however, you won't be creating a new device every time you start up the bot!
Other notable fixes:
/sync is no longer spammed! This should take some load off of your homeserver.
Config file parsing is a lot simpler now by way of a _get_cfg method, which allows you to easily device down into yaml dictionaries, set default values, mark whether a config value is required etc.
Thanks to alturiak for motivating me to make these changes :)
tulir made a PR to add a provisioning API - said PR is already merged. Thanks a lot!
Way better relay mode: You can now configure individual puppets to be a relay rather than a puppet. Additionally you can configure default room visibility and autoinvite.
Don't unbridge a room on leaving anymore - it will remain bridged. You can get invites to rooms via the new invite command. With the knock MSC it will also be possible to get an invite via a knock.
If you have any questions, please join our support chat and maybe consider to donate. Thank you!
mx-puppet-slack
tulir made a PR for custom provisioning API endpoints. It is already merged. Thanks a lot!
mx-puppet-tox
mx-puppet-tox is finally functional again! It is updated to the latest mx-puppet-bridge library, giving it all the new features. Yay!
Hemppa the bot gained ability to run shell commands via Matrix. It's a small feature but enables a lot of possibilities in system management and monitoring, home automation, and whatever you can do in linux shell. As an example project I plan to use it for running a script to open hackerspace door with Raspberry Pi's GPIO if sender is a member. https://github.com/vranki/hemppa
remindbot got support for reacting when mentioned. This allows the bot to be used in rooms with more than 2 participants. The timespec got a minor update, supporting now the variant tomorrow HH:MM. Furthermore, the bot now sends a reaction when a notification has been scheduled instead of a noisy message.
Dept of Ping π
Here we reveal, rank, and applaud the homeservers with the lowest ping, as measured by pingbot, a maubot that you can host on your own server. Join #ping:maunium.net to experience the fun live, and to find out how to add YOUR server to the game.
Rank
Hostname
Median MS
1
gottliebtfreitag.de
334
2
envs.net
349.5
3
imninja.net
425.5
4
swag.industries
427
5
maunium.net
431
6
maescool.be
594
7
shortestpath.dev
632
8
matrix.vgorcum.com
657
9
utzutzutz.net
688
10
matrix.m31.zone
712
That's all I know π
See you next week, and be sure to stop by #twim:matrix.org with your updates!
Synapse 1.11 landed on Friday (sorry for running late on blogging the release notes!)
The main change is to introduce an experimental API MSC2432 for managing aliases for rooms on your local server. In Synapse 1.10 we removed support for m.room.aliases events, which were a way to try to track which aliases a room had on the room itself (but were vulnerable to abuse). In this release we've re-added the ability to query which aliases a given server has for the room, giving visibility for managing aliases, without having them spray all over the room state itself. Riot/Web 1.5.10 supports the new API, giving a way to manage aliases on your local server while we finish off the remaining work to improve alias safety & maintenance.
We've also changed the default power levels for new rooms so that room upgrades and ACLs require you to be an Admin (PL100), and invites in public rooms now require you to be a moderator (PL50).
Get the new release from github or any of the sources mentioned at https://github.com/matrix-org/synapse/blob/master/INSTALL.md.
Synapse 1.11.0 (2020-02-21)
Improved Documentation
Small grammatical fixes to the ACME v1 deprecation notice. (#6944)
Synapse 1.11.0rc1 (2020-02-19)
Features
Admin API to add or modify threepids of user accounts. (#6769)
Limit the number of events that can be requested by the backfill federation API to 100. (#6864)
Add ability to run some group APIs on workers. (#6866)
Reject device display names over 100 characters in length to prevent abuse. (#6882)
Add ability to route federation user device queries to workers. (#6873)
The result of a user directory search can now be filtered via the spam checker. (#6888)
Implement new GET /_matrix/client/unstable/org.matrix.msc2432/rooms/{roomId}/aliases endpoint as per MSC2432. (#6939, #6948, #6949)
Stop sending m.room.aliases events when adding / removing aliases. Check alt_aliases in the latest m.room.canonical_alias event when deleting an alias. (#6904)
Change the default power levels of invites, tombstones and server ACLs for new rooms. (#6834)
Bugfixes
Fixed third party event rules function on_create_room's return value being ignored. (#6781)
Allow URL-encoded User IDs on /_synapse/admin/v2/users/<user_id>[/admin] endpoints. Thanks to @NHAS for reporting. (#6825)
Fix Synapse refusing to start if federation_certificate_verification_whitelist option is blank. (#6849)
Fix errors from logging in the purge jobs related to the message retention policies support. (#6945)
Return a 404 instead of 200 for querying information of a non-existent user through the admin API. (#6901)
Updates to the Docker image
The deprecated "generate-config-on-the-fly" mode is no longer supported. (#6918)
Improved Documentation
Add details of PR merge strategy to contributing docs. (#6846)
Spell out that the last event sent to a room won't be deleted by a purge. (#6891)
Update Synapse's documentation to warn about the deprecation of ACME v1. (#6905, #6907, #6909)
Fix worker docs to point /publicised_groups API correctly. (#6938)
Clean up and update docs on setting up federation. (#6940)
Add a warning about indentation to generated configuration files. (#6920)
Databases created using the compose file in contrib/docker will now always have correct encoding and locale settings. Contributed by Fridtjof Mund. (#6921)
Update pip install directions in readme to avoid error when using zsh. (#6855)
Deprecations and Removals
Remove m.lazy_load_members from unstable_features since lazy loading is in the stable Client-Server API version r0.5.0. (#6877)
Wise Google have again selected Matrix as a GSOC Mentor Organisation. Matrix has been successful with GSOC for several years now, so please think about what you'd like to work on, get involved with suggested projects, and join #gsoc:matrix.org for more insights.
If you have a Matrix project of your own, and think that you would benefit from mentoring a GSOC student, then let me know. We are very happy to have Matrix-related students working on your project under the Matrix umbrella. (Just like we did with kitsune last year.)
This week weβve been working on managing alias abuse, and also improved performance for state res v2. The perf work massively improved average send times on matrix.org. Hereβs the heat map.
More excitingly weβre working on sharding out the master process in Synapse, so that worker based installations can scale more efficiently.
Next week itβs all about more alias abuse mitigations, fixing some SSO/User Interactive Auth bugs and continuing with our performance work.
Hola. I wrote the matrix-github bridge a while back to support bridging issues and pullrequests into Matrix as rooms, so that the history of an issue can be tracked within a room, and users can comment on them within Matrix. As of today, you can now bridge in your own notifications into Matrix. It's early days, but is actually proving to be useful.
More news! This week matrix-appservice-slack has reached 1.1.0-rc1 and included is a whole bunch of puppeting and membership sync features. The headline features are:
Add ability to sync Slack channels and users automatically to Matrix
Sync Slack membership changes to Matrix
Add whoami user command.
Create private rooms on demand if they do not exist
...and then...
has reached 1.1.0. Nothing has changed. It's just not called 1.1.0-rc1 anymore.
matrix-xmpp-filter can now handle multiple XMPP clients per process and multiple Matrix accounts per XMPP client. It's like matrix-ircd, but with XMPP instead of IRC. Made with libQuotient and libqxmpp. Available at https://k2c42.dy.fi/matrix-xmpp-filter.git Feedback to #matrix-xmpp-filter:ellipsis.fi
matrix-discord-parser now utilizes https://mau.lu/ to neatly bridge inline matrix images / custom matrix emojis over to discord! mx-puppet-discord already includes the new version.
In addition to the SSO support mentioned earlier, gomuks now has initial support for rendering reactions and full support for edits (both sending and rendering). Some bugs have also been added and/or fixed.
it's not actually running in the browser, it uses native messaging to spawn a local rust binary and talk to it over stdio
poljar did a great job with seshat, so it wasn't much left for me to do π
Support for traditional Riot Web over HTTP landed in v0.1beta7, so you can use Radical Native with every Riot instance on the web. We're still in early beta, so no official Firefox AMO install available yet, if you want to give it a try you can follow these install instructions
RiotX: this has been a good week on RiotX. We are making progress on cross-signing and SSSS implementation. We are fixing many small annoying issues and also starting to implement little missing features to improve users' life! The big next coming feature is improvement of attachment and share to RiotX flow, already merged in the develop branch, so available in the next release.
This week a pull request has been pushed to integrate directly the SQL persistence backend inside the SDK, using Moor instead of sqflite. The code is smaller and a lot more readable, and it opens some nice perspectives: Moor has a web backend using sql.js, and now uses FFI by default instead of iOS/Android bindings, which should be faster (untested).
https://git.pattle.im/MatMaul/matrix-dart-sdk/tree/moor
This week is still about cross-signing. We added support of self key verification by to_device and we are currently implementing verification by QR code at SDK level.
ruma-api 0.14.0 (and ruma-api-macros 0.11.0) has been released, fixing a bug where it would fail to deserialize most matrix requests if used server-side (bug found by timokoesters while experimenting with a new Rust homeserver implementation)
ruma-client-api is also continually being worked on to bring us up to date with r0.6.0 (thanks iinuwa!), but no new release was made this week.
Here we reveal, rank, and applaud the homeservers with the lowest ping, as measured by pingbot, a maubot that you can host on your own server. Join #ping:maunium.net to experience the fun live, and to find out how to add YOUR server to the game.
Rank
Hostname
Median MS
1
imninja.net
365
2
shortestpath.dev
384
3
maescool.be
405
4
envs.net
421
5
matrix.vgorcum.com
535
6
gottliebtfreitag.de
535.5
7
maunium.net
545.5
8
queersin.space
657
9
asra.gr
672
10
saces.de
795
That's all I know π
See you next week, and be sure to stop by #twim:matrix.org with your updates!
You will know Matrix Live as a weekly video produced by the Matrix team and shared on YouTube. We are now offering the same content as an audio-only podcast, as a way of reaching more people. You can find the podcast:
I (anoa) am still working on the re-write of mscbot. Only needs a few more touches (concern parsing [in comment threads!] and review commands) before it's ready for use.
Spec Core Team
Next week the Spec Core Team is focusing on MSC implementation.
A big chunk of early SQLite work has been merged into master this week, providing support in the client API, room server, sync API, account/device/key databases, federation APIs, appservice API, public room APIs and media API. Much of this is experimental at this stage.
Some missing device management features have been merged (#835)
Configuration is now passed by reference rather than by copy (#819)
A number of defer-closes have been added to SQL queries (#844)
Some gomatrixserverlib types have been updated (#808)
Some initial work on retrying failed federation requests has been done, although not merged yet
Made it through quite a few PR reviews finally, and will be continuing to do so!
In Synapse land this week we shipped 1.10.0. Which contains a temporary hack to mitigate room alias abuse and an important bug fix for anyone trialling cross signing.
Aside from that weβre working on fixing alias abuse properly. Improving User Interactive Auth for SSO customers and rolled out our new py3 compatible sydent version.
Coming up, more e2ee UX bug fixing, and weβll start hacking on sharding out event persistence on Synapseβs master process, which basically accounts for 40% of the CPU. The idea is to scale this function horizontally such that Matrix.org is no longer CPU bound after which point much rejoicing can occur.
Just pushed the 1.10.0 K8s-optimized images for Synapse, this release contains the necessary scripts to also run signing key generation and upload as a step towards one-click install support for Synapse without any requirements on storage classes.
Hey! This week we have a minor release for the IRC bridge, 0.15.2. It contains a few fixes that have been plaguing the matrix.org instances, and will hopefully smooth out some of the reconnection troubles.
Notes from the changelog:
The bridge will now notify you if a DM recipient is offline. (#978)
Fix "User did not rejoin" error when bridge debounces QUITs (#977)
Fix an issue where users were not rejoined to channels on netsplit/password change. (#979)
Iam happy to announce some of the new features the Matrix-EmailBridge got recently.
It's been some time since the last update came out because I had some other projects to do first.
A Docker image is available for the bridge which gets updated instantly.
Blocklist of email addresses (prevent displaying emails from certain email addresses)
A new Android developer joined the RiotX team! Onuray has started working on Monday on issues and features to get used to the codebase and the process in place.
We are currently preparing a release (v0.16.0) which contains a first implementation of poll (here is a demo), and some bugfixes.
We are still working on stabilizing the cross-signing feature, and optimizing the overall performance and stability of the application.
If you're looking forward to using seshat to index and search your encrypted message history, you may be interested in this work from stoic. The working title is "Riot Booster Pack" - but we're looking out for a better name!
Searching in encrypted rooms in the browser would be nice? I agree, so that's something I'm working on (powered by seshat). If you want to give it an early experimental spin, beware of the dragons and follow these secret steps (Riot Firefox Add-on + Linux & MacOS only, for now):
Install the latest Riot Add-on Prerelease for Firefox (and don't mind the huge red warning page from Riot, skipping that is fine, it'll be gone in the next release)
Adjust the Riot config.json in the Add-on preferences to include the feature_event_indexing labs feature
We have been spending most of our time on cross-signing to manage the m.verification.ready event and the verification by QR code. In parallel, we have fixed some issues and merged some PRs from the community.
v1.5.9-rc.1 is now available at https://riot.im/staging. This includes some security improvements (adding a CSP) for self-hosted installs, options to hide typing notifications, a redesigned invite experience, as well as various bug fixes.
The team's main focus continues to be getting cross-signing ready for release, including polishing the verification experience, building Riot with Seshat for desktop platforms, and improving QR codes
Cadair and me (the Matrix Doctors) have been working to make it easy to build the development version of riot-desktop.
This resulted in a docker container and an azure pipeline.
The latter also builds riot-desktop versions with seshat included for both linux and macOS though currently this requires manually installing sqlcipher (use brew on macOS).
sorairolake contributed a complete japanese translation! (#116)
adasauce fixed an issue, where the image overlay opened always on your primary screen instead of your current screen (#114)
Multiple people have been trying out nheko on their PinePhone or Librem 5. There were some successes, but part of the UI was never intended for that size and there is a nasty crash in the recent nightly, probably related to the networking code/library. We've been working on fixing those issues.
There are now nightly flatpak bundles. Stable releases will still be on Flathub, but if you want to try out the development builds, you can download and install those bundles manually.
Just pushed version 2.0(.0) of the Ruby SDK, coming with a few backwards-incompatible changes as well as a whole bunch more endpoints exposed as methods on the low-level API client. Docs have been improved tremendously, some internal methods have been properly exposed to make it easier to use in a bot context, and another example's now provided which shows a different way to use the higher-level Client abstraction.
After entirely too much time, I finally present my 5 new and improved matrix ansible modules.
matrix-notification: This is a port of my upstream matrix module over to matrix-nio and async/await syntax
matrix-login: New module to log in and create an access token
matrix-logout: New module to log out and invalidate an access token
matrix-room: New module to idempotently join or create a room based on an alias
matrix-state: New module to idempotently set state in a room
The work on this also included sending a few patches upstream to matrix-nio, so if you want to use the last two modules, you will need to install nio from source from my PR there.
This one is a little meta: I've made some improvements to twim-o-matic, the tooling I use to generate TWIM. One of the improvements is that the bot will now sort the output per-section, in descending order of how many reactions the entry received when posted in #twim:matrix.org. So, if you see something you think should be at the top, made sure to react to it!
Even as I'm typing right now I can't think this will lead to any unforeseen consequences at all.
Here we reveal, rank, and applaud the homeservers with the lowest ping, as measured by pingbot, a maubot that you can host on your own server. Join #ping:maunium.net to experience the fun live, and to find out how to add YOUR server to the game.
Rank
Hostname
Median MS
1
imninja.net
394
2
gottliebtfreitag.de
408.5
3
shortestpath.dev
470
4
maunium.net
491
5
matrix.vgorcum.com
557
6
finallycoffee.eu
561
7
queersin.space
585
8
envs.net
624
9
andresco.de
633.5
10
kittenface.studio
687
That's all I know π
See you next week, and be sure to stop by #twim:matrix.org with your updates!
The whole Matrix project is racing towards enabling e2ee by default. Synapse is no different and v1.10.0 contains multiple e2ee UX improvements, as well as a bug fix that prevented cross signing requests over federation to work reliably.
If any of your users are on the bleeding edge and have already started using cross signing (by enabling labs flags in Riot), then it will be necessary for them to force Synapse to re-send device updates by renaming all of their devices.
We've also included a temporary fix to address alias abuse. The idea is that until #6898 lands, servers will refrain from sharing events of type m.room.aliases with clients. Most admins will not be affected, but if you are present in rooms subject to alias abuse, then upgrading provides a pragmatic short term solution.
Finally, as of this release Synapse validates client_secret parameters in the Client-Server API as per the spec. See #6766 for details.
Get the new release from github or any of the sources mentioned at https://github.com/matrix-org/synapse/blob/master/INSTALL.md.
Changelog since Synapse 1.9.0
Synapse 1.10.0 (2020-02-12)
WARNING to client developers: As of this release Synapse validates client_secret parameters in the Client-Server API as per the spec. See #6766 for details.
Updates to the Docker image
Update the docker images to Alpine Linux 3.11. (#6897)
Synapse 1.10.0rc5 (2020-02-11)
Bugfixes
Fix the filtering introduced in 1.10.0rc3 to also apply to the state blocks returned by /sync. (#6884)
Synapse 1.10.0rc4 (2020-02-11)
This release candidate was built incorrectly and is superseded by 1.10.0rc5.
Synapse 1.10.0rc3 (2020-02-10)
Features
Filter out m.room.aliases from the CS API to mitigate abuse while a better solution is specced. (#6878)
Internal Changes
Fix continuous integration failures with old versions of pip, which were introduced by a release of the zipp library. (#6880)
Synapse 1.10.0rc2 (2020-02-06)
Bugfixes
Fix an issue with cross-signing where device signatures were not sent to remote servers. (#6844)
Fix to the unknown remote device detection which was introduced in 1.10.rc1. (#6848)
Internal Changes
Detect unexpected sender keys on remote encrypted events and resync device lists. (#6850)
Synapse 1.10.0rc1 (2020-01-31)
Features
Add experimental support for updated authorization rules for aliases events, from MSC2260. (#6787, #6790, #6794)
Bugfixes
Warn if postgres database has a non-C locale, as that can cause issues when upgrading locales (e.g. due to upgrading OS). (#6734)
Minor fixes to PUT /_synapse/admin/v2/users admin api. (#6761)
Validate client_secret parameter using the regex provided by the Client-Server API, temporarily allowing : characters for older clients. The : character will be removed in a future release. (#6767)
Fix persisting redaction events that have been redacted (or otherwise don't have a redacts key). (#6771)
Every month (in theory), we do an in-office wrap-up of some interesting project work from the team. This Matrix Live was recorded this afternoon in the Matrix Office, and features Valere explaining Cross-Signing, and Matthew demonstrating P2P/dendrite. (Apologies for the incorrect recorded screen at times! Video came straight from a live demo!)
Dept of Spec π
Here's your weekly spec update!
MSC Status
Merged MSCs:
No MSCs were merged this week.
MSCs in Final Comment Period:
No MSCs entered FCP this week.
New MSCs:
No new MSCs have been created.
Random happenings
I (anoa) have been re-writing mscbot as it hasn't gotten much development love in the past year and there's lots of features we'd like to implement. Expect to see some of that next week. First feature the new implementation has is being able to track who is in the Spec Core Team via github teams instead of a config file.
Spec Core Team update
The Spec Core Team is working on MSC2260, MSC2261, and a QR-via-SAS thing which uhoreg is currently working on (this means less complicated, easier-to-scan QR codes for verification, which may have the side effect of FOSDEM demos being slightly less hilarious).
Dept of Events and Talks π£
FOSDEM 2020
FOSDEM happened, Matrix had a great time! Was awesome to see so many people at the stand, and the talks, and even at our social on Saturday night.
Congratulations to everyone who was able to buy a limited edition Matrix FOSDEM 2020 t-shirt! Check out our round-up here.
Quite a lot has been happening in the Dendrite space, both in terms of general development, usability improvements and also further P2P experimentation post-FOSDEM. The main highlights are:
We have decided to require Go 1.13 for Dendrite going forward (our CI and tools have been updated to reflect this requirement)
Some federation testing has taken place between Dendrite and Synapse and it's looking reasonably good bar a few bugs
Initial support for distinguishing room versions has been added - this is the foundation work for being able to implement state resolution v2 and later room versions soon
The /capabilities endpoint has been implemented and now contains information about m.room_versions
Account data GET endpoints have been implemented
Guest registration should now be working - thanks to prateek2211 for the contribution!
The public rooms API is now wired up for roomserver events and (mostly) works for local rooms
Some more /sync fixes are in now
SQLite work is continuing thanks to Kegan's on-going efforts
We've also been really encouraged by the number of people at FOSDEM who came to speak to us about Dendrite and P2P. We're hoping to strategise further about the P2P work further in the coming weeks once Dendrite is in better shape, so watch this space!
Synapse
This week weβve been working on alias auth rules, acme v2 support and moving groups apis onto a worker to aid performance. Sorry matrix.org has been a bit slow these past few days, weβre working on it and shipped some fixes earlier today.
Coming up are more perf improvements, more alias rules, getting sydent running in production on python 3. Weβll also ship v1.10.0 which contains some cross signing bug fixes.
Good people, 0.15.0 is out!. Please go ahead and read the changes and see if there is something you like :). We will be shipping this out to all the other bridges in due course :)
I released v0.7.1 that includes some minor bugfixes, then added a !tg backfill command to backfill all history since the last bridged message. Future improvements may include more control over how many messages to backfill, automatically backfilling for new portals and freezing incoming message handling when a backfill is in progress.
Dept of SDKs and Frameworks π§°
maubot
There's a new maubot plugin to post http.cat pictures to a room. It's installed into Cat Disruptor 6000 and can of course be self-hosted too. It has one command: !http \<status\>, that gets https://http.cat/<status>.jpg and posts it to the room.
mautrix-manager
Some time ago I also made this thing: https://github.com/tulir/mautrix-manager. It might theoretically do something useful in the future, such as allowing users to log into bridges from a single website instead of by talking to many bots. Currently it only does telegram and maybe facebook, but at least it has a fancy login UI. It could also support being embedded into Riot as a widget and/or integration manager at some point, since I made the auth thing with Matrix's OpenID feature and MSC1961.
The Quotient project is back from hibernation now that its lead developer settled in another half of the globe; commits and PRs start moving around again. Thanks to all those patiently waiting!
Riot-Android (yes, the legacy app!): We have fixed the issue with SSO login with Firefox accounts, and issue with Video Call. Expect a release at the beginning of next week.
RiotX: we are still stabilizing the cross-signing implementation. Many other fixes are coming. Also SSO issue with Firefox accounts has been fixed, and we will also release a new version of the application next week.
QR codes now render if you are the presenter, for easy joining.
You can react to slides as a guest, and they show up on the presenters screen :).
Slides and their contents are cached in indexedeb (browser storage), to lessen the load on homeservers.
Add UI to create rooms in the client, albeit without an editor just yet.
Various CSS tweaks to try and make life better.
Dept of Ping π
Here we reveal, rank, and applaud the homeservers with the lowest ping, as measured by pingbot, a maubot that you can host on your own server. Join #ping:maunium.net to experience the fun live, and to find out how to add YOUR server to the game.
Rank
Hostname
Median MS
1
imninja.net
435
2
helsinki-systems.de
449
3
lyseo.edu.ouka.fi
450.5
4
encom.eu.org
463.5
5
matrix.vgorcum.com
525
6
maunium.net
547
7
gottliebtfreitag.de
563
8
neko.dev
716
9
openastronomy.org
736
10
t2bot.io
755
That's all I know π
See you next week, and be sure to stop by #twim:matrix.org with your updates!
We're just back from an incredible time at FOSDEM 2020 - Europe's biggest Free & Open Source Software conference. Huge huge thanks to everyone who came to our talks (sorry if you couldn't get in :/), came to talk to us at the stand, or flagged us down to give feedback, chase PRs, file bugs, or just say thanks. Thanks also to FOSDEM to accepting all of our talks this year, and to the FOSDEM organisers for pulling together yet another amazing event :)
We'll do a proper blog write-up on enabling E2E encryption by default, cross-signing, and all the other E2E encryption work that's been going on once we ship the stable release - but as of Saturday(!) it has landed on Riot/Web Develop, RiotX/Android (0.14.2) and Riot/iOS develop TestFlight, but we're still debugging and we need a bit longer before cutting the final releases.
So, until then, please take a look at the videos if you missed the livestream or weren't at the event!
This weekend Matrix will be well represented at FOSDEM! We'll have a stand (come visit!), but also note that we have THREE speaking slots (all on Sunday):
This week weβve been continuing our E2EE UX bug hunt, getting Sydent ready for python 3, working on alias rules (MSC2260, 2261) and fixing some bugs in our ACME support.
Next week, weβll ship the new improved Sydent, keep going with alias rules and dust off our master process sharding plans.
Just pushed updated 1.9.1 tags for the K8s-optimized Synapse images, including support - and example config - for running with securityContext features enabled. With a separate media repo, it's now fully possible to run these images without root, and in completely read-only environment.
The synapse 1.9.1 release images are available on avhost/docker-matrix:v1.9.1 and mvgorcum/docker-matrix:v1.9.1 The latter image also contains simple-antispam
way more tests (still not good enough test coverage, though!)
enhanced reaction support (reaction deletions/redactions are now properly bridged from and to matrix)
presence status now sets im.vector.user_status event to be in line with riots status labs feature (why doesn't riot just use the spec on presence status here?!)
add a message deduplicator class that protocol implementations with echo back can easily implement
fix various small bugs
As always, if you have any questions check out the support channel and please consider to donate! (Thanks sooooo much to everyone who donated so far!) π¦
matrix-slack-parser
matrix-slack-parser is, similar to matrix-discord-parser, a parser for slack->matrix and matrix->slack messages. It has been created over this week and does proper parsing (meaning HTML parsing and slack blocks, etc.). mx-puppet-slack already implements this, which leaves matrix-appservice-slack to follow suit! (cadair expressed interest, so looking forward to that!)
Nheko has added support kicking, inviting and banning/unbanning via the commands /kick, /invite, /ban and /unban with an optional reason specified after the userid. Kick and Ban buttons were also enabled for the userprofile. Furthermore some shortcuts for switching rooms (Ctrl+Up/Down) and paginating the timeline (PgUp/PgDown) were added. The shortcuts may change in the future though, so if those don't work for you, please give us feedback in #nheko-reborn:matrix.org or via the issue!
I started a new Pluggable Chatbot (PCB) written in Go. Still early development, but working hard on it. Bot is pluggable, meaning more functionality can be easily added to it. Check it out at https://github.com/srados/pcb.
Currently there are two examples available: echo and uppercase.
Dept of Ping π
Here we reveal, rank, and applaud the homeservers with the lowest ping, as measured by pingbot, a maubot that you can host on your own server. Join #ping:maunium.net to experience the fun live, and to find out how to add YOUR server to the game.
I know it's a bit naughty to post rooms in here, but for developers looking to play around with Vue.js (with matrix), we've created a support room over at #vue:half-shot.uk
That's all I know π
See you next week, and be sure to stop by #twim:matrix.org with your updates!
A quick bug fix release that affects admins making use of monthly active user limits. You will know if you are affected because 1.9.0 will not start up. Apologies if you were bitten by this one!
Get the new release from github or any of the sources mentioned at https://github.com/matrix-org/synapse/blob/master/INSTALL.md.
Changelog since Synapse 1.9.1
Synapse 1.9.1 (2020-01-28)
Bugfixes
Fix bug where setting mau_limit_reserved_threepids config would cause Synapse to refuse to start. (#6793)
