Hi all,

We're just back from an incredible time at FOSDEM 2020 - Europe's biggest Free & Open Source Software conference. Huge huge thanks to everyone who came to our talks (sorry if you couldn't get in :/), came to talk to us at the stand, or flagged us down to give feedback, chase PRs, file bugs, or just say thanks. Thanks also to FOSDEM to accepting all of our talks this year, and to the FOSDEM organisers for pulling together yet another amazing event :)

We ended up with three talks:

• Making and Breaking Matrix's E2E Encryption
• The Path to Peer-to-Peer Matrix
• Crossing the Bifröst - Bridging All The Things with Matrix

We'll do a proper blog write-up on enabling E2E encryption by default, cross-signing, and all the other E2E encryption work that's been going on once we ship the stable release - but as of Saturday(!) it has landed on Riot/Web Develop, RiotX/Android (0.14.2) and Riot/iOS develop TestFlight, but we're still debugging and we need a bit longer before cutting the final releases.

So, until then, please take a look at the videos if you missed the livestream or weren't at the event!

The FOSDEM video recording lost the slides for the bridging talk - but luckily the presentation itself is a Matrix client and so you can view the slides yourself right here!.

Here's to FOSDEM 2021!

Dept of Status of Matrix 🌡

This weekend Matrix will be well represented at FOSDEM! We'll have a stand (come visit!), but also note that we have THREE speaking slots (all on Sunday):

• Half-Shot will discuss Bridging All The Things with Matrix in UD2.208 (Decroly) at 11:15
• Matthew will present The Path to Peer-to-Peer Matrix in UA2.220 (Guillissen) at 14:30
• Matthew again will give a talk titled Making & Breaking Matrix's E2E encryption in K.1.105 (La Fontaine) at 16:00

No Matrix Live today - look out for a special edition this weekend!

Dept of Spec 📜

Spec

anoa told us:

Here's your weekly spec update!

MSC Status

Merged MSCs:

No MSCs were merged this week.

MSCs in Final Comment Period:

No MSCs entered FCP this week.

New MSCs:

• MSC2427: Proposal for JSON-based message formatting
• MSC2425: Remove Authentication on /submitToken Identity Service API

Random happenings

MSC2260: Update the auth rules for m.room.aliases events and MSC2261: Allow m.room.aliases events to be redacted by room admins are being progressed to help address ongoing alias spam, while [WIP] MSC1543: Key verification using QR codes has been updated as the feature is being implemented for cross-signing - to be demoed as FOSDEM this weekend! Sorunome's MSC2403: Add "knock" feature

Spec Core Team update

The Spec Core Team is still working on implementation. Expect things to ramp up again after FOSDEM! (Looking forward to seeing some of you there!)

Dept of Servers 🏢

Synapse

Neil offered:

This week we’ve been continuing our E2EE UX bug hunt, getting Sydent ready for python 3, working on alias rules (MSC2260, 2261) and fixing some bugs in our ACME support.

Next week, we’ll ship the new improved Sydent, keep going with alias rules and dust off our master process sharding plans.

Synapse Deployment

Many projects updated:

Ananace announced:

Just pushed updated 1.9.1 tags for the K8s-optimized Synapse images, including support - and example config - for running with securityContext features enabled. With a separate media repo, it's now fully possible to run these images without root, and in completely read-only environment.

Mathijs announced:

The synapse 1.9.1 release images are available on avhost/docker-matrix:v1.9.1 and mvgorcum/docker-matrix:v1.9.1 The latter image also contains simple-antispam

and then

A docker image for synapse 1.10.0rc1 is available on mvgorcum/docker-matrix:v1.10.0rc1

ma1sd 2.3.0 released

ma1uta announced:

ma1sd 2.3.0 https://github.com/ma1uta/ma1sd/releases/tag/2.3.0 Changes:

• Load DNS overwrite config on startup (from https://github.com/NullIsNot0)
• Remove duplicates from identity store before email notifications (from https://github.com/NullIsNot0)
• Fix room name retrieval after Synapse dropped table room_names (from https://github.com/NullIsNot0)
• Add logging configuration. Add --dump and --dump-and-exit options to just print the full configuration.
• Add the postgresql backend for internal storage.
• Improve logging configuration. Introduce the root and the app log levels.

Dept of Bridges 🌉

mx-puppet-bridge

sorunome offered:

mx-puppet-bridge got some updates!

• way more tests (still not good enough test coverage, though!)
• enhanced reaction support (reaction deletions/redactions are now properly bridged from and to matrix)
• presence status now sets im.vector.user_status event to be in line with riots status labs feature (why doesn't riot just use the spec on presence status here?!)
• add a message deduplicator class that protocol implementations with echo back can easily implement
• fix various small bugs

As always, if you have any questions check out the support channel and please consider to donate! (Thanks sooooo much to everyone who donated so far!) 🦊

matrix-slack-parser

matrix-slack-parser is, similar to matrix-discord-parser, a parser for slack->matrix and matrix->slack messages. It has been created over this week and does proper parsing (meaning HTML parsing and slack blocks, etc.). mx-puppet-slack already implements this, which leaves matrix-appservice-slack to follow suit! (cadair expressed interest, so looking forward to that!)

Dept of Clients 📱

Nheko

@deepbluev7:neko.dev offered:

Nheko has added support kicking, inviting and banning/unbanning via the commands /kick, /invite, /ban and /unban with an optional reason specified after the userid. Kick and Ban buttons were also enabled for the userprofile. Furthermore some shortcuts for switching rooms (Ctrl+Up/Down) and paginating the timeline (PgUp/PgDown) were added. The shortcuts may change in the future though, so if those don't work for you, please give us feedback in #nheko-reborn:matrix.org or via the issue!

RiotX cross-signing implementation

benoit said:

RiotX: the team is mainly working on cross-signing implementation and device verification with QR code. It's nearly there https://twitter.com/matrixdotorg/status/1223205391531683845 !

FluffyChat Flutter is getting a Dark Mode

MTRNord said:

Sneak Peak of the next FluffyChat Flutter Update :)

FluffyChat Flutter is getting a Dark Mode for both mobile and web. Including a AMOLED compatible color version.

Dept of Bots 🤖

New Project: Pluggable Chatbot (PCB) written in Go

@sava:chat.zorbiro.com announced:

I started a new Pluggable Chatbot (PCB) written in Go. Still early development, but working hard on it. Bot is pluggable, meaning more functionality can be easily added to it. Check it out at https://github.com/srados/pcb.
Currently there are two examples available: echo and uppercase.

Dept of Ping 🏓

Here we reveal, rank, and applaud the homeservers with the lowest ping, as measured by pingbot, a maubot that you can host on your own server. Join #ping:maunium.net to experience the fun live, and to find out how to add YOUR server to the game.

Final Thoughts 💭

Half-Shot offered:

I know it's a bit naughty to post rooms in here, but for developers looking to play around with Vue.js (with matrix), we've created a support room over at #vue:half-shot.uk

That's all I know 🏁

See you next week, and be sure to stop by #twim:matrix.org with your updates!

A quick bug fix release that affects admins making use of monthly active user limits. You will know if you are affected because 1.9.0 will not start up. Apologies if you were bitten by this one!

Get the new release from github or any of the sources mentioned at https://github.com/matrix-org/synapse/blob/master/INSTALL.md.

Changelog since Synapse 1.9.1

Synapse 1.9.1 (2020-01-28)

Bugfixes

• Fix bug where setting mau_limit_reserved_threepids config would cause Synapse to refuse to start. (#6793)

Matrix Live 🎙

Half-Shot talks to Neil about his new(ish) project, matrix-presents

Dept of Spec 📜

anoa reported:

Here are your spec updates for this week!

Merged MSCs:

• No MSCs were merged this week.

MSCs in Final Comment Period:

• No MSCs currently in Final Comment Period

New MSCs:

• MSC2422: Allow color on font tag
• MSC2416: Enhance m.login.token authentication type
• MSC2414: Make reason optional for reporting content
• MSC2413: Remove client_secret
• MSC2425: Remove Authentication on /submitToken Identity Service API

The Spec Core Team is still working on implementation, and likely will continue to be until after FOSDEM.

Dept of Servers 🏢

Dendrite / P2P

Neil Alexander announced:

A fairly big PR was merged into Dendrite yesterday (and some more fixes today) which gets /sync working better and adds the /messages endpoint, so it's now actually possible to paginate around in channels and to see room history. This massively improves the user experience when logging into a Dendrite homeserver.

In addition, another small PR was merged to fix Riot user login in the normal login workflow (not registration) and the public rooms API has been wired up for roomserver events.

A couple of changes have also been merged into gomatrixserverlib, mostly fixing the creation of /backfill requests and allowing the use of custom http.Transports for federation traffic.

P2P work is continuing - stay tuned!

Synapse 1.9.0

Neil said:

This week we shipped 1.9.0 which contained new admin API endpoints as well as bug fixes for existing ones. Aside from that, we’ve been continuing on our E2EE UX bug hunt and python3ing sydent.

Next week, we’ll keep going on the e2ee ux bug hunt and sydent work. As well as dusting off MSCs 2260 2261 to improve room aliases management.

Deploying Synapse

Several packaging projects have been updated to deploy the new version:

• matrix-docker-ansible-deploy from Slavi
• avhost/docker-matrix and mvgorcum/docker-matrix from Mathijs
• Kubernetes from Ananace
• multi-arch synapse docker image from Black Hat
• also from the Debian repos thanks to @andrewsh:matrix.org

Dept of Bridges 🌉

matrix-appservice-IRC hits 0.14.1

Half-Shot said:

Hello wannabe IRC and Matrix users! Today the bridge team bring you the 0.14.X series of the irc bridge. This is the mammoth release featuring all the Typescript changes and postgres stuff. The Postgres changes aren't as essential as they are for Synapse, but useful if you run a ~20k Freenode bridge.

The highlights are:

• Typescript is now used everywhere across the project, bringing a range of refactors.
• Postgresql support has landed, while still retaining NeDB support for the present.
• Storing your password will now cause a seamless reconnect to the IRC network, allowing you to set a password without having to bother NickServ.
• Sentry.io support has landed, to trace errors in the bridge.
• Added a reapUsers API endpoint, which allows the bridge to automatically prune users who have not interacted with the bridge for a long time.

Some of these features are still more experimental than others, so the next release hopes to clean up a lot of the outstanding bugs. That's all from us for now :)

mx-puppet-bridge

sorunome said:

A lot happened on the mx-puppet-bridge front! Mostly documentation and code cleanup to make future development easier.

• Introduce better documentation and a sample config
• Introduce a demonstration protocol implementation, mx-puppet-echo, meant to help those out who want to write their own protocol implementation
• Eliminate triple-usage of room/channel/chan, it's just called "room" everywhere now
• Split matrix event handling and remote event handling into their own files/classes
• Eliminate all usage of the any keyword, with the help of matrix-bot-sdk's event models
• Start writing tests to, well, auto-test the library
• Various small bugfixes

As always, feel free to drop by the support room and please consider to donate!

matrix-discord-parser

sorunome also added:

matrix-discord-parser is the joint matrix->discord and discord->matrix parser that both mx-puppet-discord and matrix-appservice-discord use. For sending messages matrix->discord optional auto-detection of code language for code blocks using highlight.js has been implemented.

Dept of Clients 📱

Riot WebExt 🧩

stoic announced this pretty cool project:

Always wanted to host your own version of Riot Web locally but never came around doing it? Meet Riot WebExt, an unofficial proof of concept Browser Extension that bundles Riot Web, so everything is locally served with the click of a button. Available for Firefox and Chrome!

Firefox AMO: https://addons.mozilla.org/firefox/addon/riot Chrome Store: https://chrome.google.com/webstore/detail/lgpdpggoahhnlmaiompkgghldllldcjh GitHub: https://github.com/stoically/riot-webext Room: #riot-webext:matrix.org

Ditto Chat [v0.2.0] released!

Annie announced Ditto Chat v0.2.0!

Ditto Chat is a Matrix Client in React Native.

Added

• Ability to Create a New Room & Search for Users
• Notifications for Android
• Improved Timeline Rendering (support for m.notice)

Changed

• Color scheme is darker / night mode
• Improved Direct Message vs Group Detection
• Settings Screen Design (smaller, scrolls now)
• Loads fewer events, thus initial sync is faster

Fixed

• Various Visual Bugs

Download Links: https://dittochat.org
Room: #ditto:elequin.io

koma and Continuum, Kotlin Matrix projects

yuforia said:

koma, Kotlin library for building clients:

• Responses of the sync API can be received continuously using Flow (async lazy sequence) now. Compared to previous method which used Channel, Flow can be transformed and combined in a much more flexible way, and Flow stops when it's no longer being consumed, so no coroutine will be left running accidentally.

Continuum desktop client based on Koma:

• Improve startup speed a bit more (Render more UI widgets without waiting for IO operations to finish).

FluffyChat-Flutter is now available as a web app!

MTRNord reported:

Check it out at: https://christianpauly.gitlab.io/fluffychat-flutter/

It includes everything that the Android App does except for currently notifications and file sharing.

Riot iOS

Manu told us:

This week, in the cross-signing side, we updated e2e decoration, replacing padlocks with shields. We started working on the new device list in the room member screen.

RiotX, rainbows and other new features

benoit said:

RiotX: We are making progress on cross-signing and verification by QRCode. Also we are working to improve the network detection and paused sync thread issue. But the most important is: "/rainbow" command will be available soon 🌈 !

Riot Web

TravisR told us:

We've done a lot this week, and probably even more next week:

• Continuing on the cross-signing front with support for QR code verification, verification in the right panel, a bunch of shields to indicate trust, some bootstrapping in the secret store, and more!
• A release candidate for 1.5.8-rc.2 (please give this a test on riot.im/staging)
• An all-new invite dialog for creating DMs and bringing people into rooms.

Dept of Interesting Projects 🛰

Tampere Hacklab information display powered by Matrix

Cos reported:

tsw from Tampere Hacklab has made a read-only client for information displays. It's still in early development but can already be tried out. https://github.com/tswfi/matrix-viewer/

Dept of Jobs 💰

Neil announced:

Are there any French speaking Sys Admins reading this? If that's you then I want you to know that https://apply.workable.com/new-vector/j/766008FB0D/ exists and if you are interested to know more you should DM me. Remote is fine - though full time only.

Dept of Ping 🏓

Here we reveal, rank, and applaud the homeservers with the lowest ping, as measured by pingbot, a maubot that you can host on your own server. Join #ping:maunium.net to experience the fun live, and to find out how to add YOUR server to the game.

That's all I know 🏁

See you next week, and be sure to stop by #twim:matrix.org with your updates!

Synapse 1.9.0 contains a bunch of new admin APIs as well as bug fixes to existing ones. In particular we have a new end point that allows admins to query which rooms their server participates in.

Aside from that it is worth noting that we have officially dropped support for SQLite versions < 3.11. Though more generally we would recommend that all admins migrate to Postgres for anything other than test and evaluation purposes.

Get the new release from github or any of the sources mentioned at https://github.com/matrix-org/synapse/blob/master/INSTALL.md.

Changelog since Synapse 1.8.0

Synapse 1.9.0 (2020-01-23)

WARNING: As of this release, Synapse no longer supports versions of SQLite before 3.11, and will refuse to start when configured to use an older version. Administrators are recommended to migrate their database to Postgres (see instructions here).

If your Synapse deployment uses workers, note that the reverse-proxy configurations for the synapse.app.media_repository, synapse.app.federation_reader and synapse.app.event_creator workers have changed, with the addition of a few paths (see the updated configurations here). Existing configurations will continue to work.

Improved Documentation

• Fix endpoint documentation for the List Rooms admin API. (#6770)

Synapse 1.9.0rc1 (2020-01-22)

Features

• Allow admin to create or modify a user. Contributed by Awesome Technologies Innovationslabor GmbH. (#5742)
• Add new quarantine media admin APIs to quarantine by media ID or by user who uploaded the media. (#6681, #6756)
• Add org.matrix.e2e_cross_signing to unstable_features in /versions as per MSC1756. (#6712)
• Add a new admin API to list and filter rooms on the server. (#6720)

Bugfixes

• Correctly proxy HTTP errors due to API calls to remote group servers. (#6654)
• Fix media repo admin APIs when using a media worker. (#6664)
• Fix "CRITICAL" errors being logged when a request is received for a uri containing non-ascii characters. (#6682)
• Fix a bug where we would assign a numeric user ID if somebody tried registering with an empty username. (#6690)
• Fix purge_room admin API. (#6711)
• Fix a bug causing Synapse to not always purge quiet rooms with a low max_lifetime in their message retention policies when running the automated purge jobs. (#6714)
• Fix the synapse_port_db not correctly running background updates. Thanks @tadzik for reporting. (#6718)
• Fix changing password via user admin API. (#6730)
• Fix /events/:event_id deprecated API. (#6731)
• Fix monthly active user limiting support for worker mode, fixes #4639. (#6742)
• Fix bug when setting account_validity to an empty block in the config. Thanks to @Sorunome for reporting. (#6747)
• Fix AttributeError: 'NoneType' object has no attribute 'get' in hash_password when configuration has an empty password_config. Contributed by @ivilata. (#6753)
• Fix the docker-compose.yaml overriding the entire /etc folder of the container. Contributed by Fabian Meyer. (#6656)

Improved Documentation

• Fix a typo in the configuration example for purge jobs in the sample configuration file. (#6621)
• Add complete documentation of the message retention policies support. (#6624, #6665)
• Add some helpful tips about changelog entries to the GitHub pull request template. (#6663)
• Clarify the account_validity and email sections of the sample configuration. (#6685)
• Add more endpoints to the documentation for Synapse workers. (#6698)

Deprecations and Removals

• Synapse no longer supports versions of SQLite before 3.11, and will refuse to start when configured to use an older version. Administrators are recommended to migrate their database to Postgres (see instructions here). (#6675)

Internal Changes

• Add local_current_membership table for tracking local user membership state in rooms. (#6655, #6728)
• Port synapse.replication.tcp to async/await. (#6666)
• Fixup synapse.replication to pass mypy checks. (#6667)
• Allow additional_resources to implement IResource directly. (#6686)
• Allow REST endpoint implementations to raise a RedirectException, which will redirect the user's browser to a given location. (#6687)
• Updates and extensions to the module API. (#6688)
• Updates to the SAML mapping provider API. (#6689, #6723)
• Remove redundant RegistrationError class. (#6691)
• Don't block processing of incoming EDUs behind processing PDUs in the same transaction. (#6697)
• Remove duplicate check for the session query parameter on the /auth/xxx/fallback/web Client-Server endpoint. (#6702)
• Attempt to retry sending a transaction when we detect a remote server has come back online, rather than waiting for a transaction to be triggered by new data. (#6706)
• Add StateMap type alias to simplify types. (#6715)
• Add a DeltaState to track changes to be made to current state during event persistence. (#6716)
• Add more logging around message retention policies support. (#6717)
• When processing a SAML response, log the assertions for easier configuration. (#6724)
• Fixup synapse.rest to pass mypy. (#6732, #6764)
• Fixup synapse.api to pass mypy. (#6733)
• Allow streaming cache 'invalidate all' to workers. (#6749)
• Remove unused CI docker compose files. (#6754)

Matrix Live 🎙

Dept of Status of Matrix 🌡

Google Summer of Code 2020

Sometimes it seems like existence is a constant loop. Cycles within cycles are replayed, with only minor differences to help us discern the current and the foregoing.
How can we endure it?

It's not all bad though! Google have announced the return of the Summer of Code programme, and have updated their website with the current year (2020) and latest information.

Matrix will be applying to be a Mentoring Organisation, as we have for several years now. This year, we'd like to open the umbrella a little. If you think your (Matrix-related) project could help mentor a student, and that you could offer a meaningful project to that student, please contact me directly. For reference, there were four students under the Matrix heading last year, of which one was assigned to work with Kitsune on encryption support in libQuotient.

FOSDEM 2020

Will you be at FOSDEM this year? Matrix will be very well represented, so please come and see us at our stand, plus attend all of the three talks we'll be conducting. Many more details to follow!

Dept of Services 🚀

New from bit.nl, a public Matrix Homeserver focused on the Dutch market. Read the announcement and sign up here.

Dept of Spec 📜

anoa offered:

Here are this week's spec 🐕️ updates!

Merged MSCs:

No MSCs were merged this week.

MSCs in Final Comment Period:

No MSCs are in Final Comment Period.

New MSCs:

• MSC2413: Remove client_secret
• MSC2409: Proposal to send EDUs to appservices
  • This is a continuation of MSC1888

The Spec Core Team is still working on implementation, and likely will continue to be until after FOSDEM.

Dept of Servers 🏢

Dendrite / P2P

Neil Alexander reported:

I've spent some time this week experimenting with integrating libp2p into dendrite and gomatrixserverlib to understand if we can get link-local homeserver discovery working along with direct or indirect federation. It's still early at the moment but I have had success with early federation requests working over libp2p—hopefully I'll have something interesting to show soon!

Synapse

Neil reported:

This week we’ve been continuing to work on migrating sydent to py3, improving admin tooling and working on fixing e2ee bugs. We’re also looking to make changes to allow admins the power to remove room aliases (MSCs 2260 2261).

Dept of Built on Matrix 🏗

Matrix Presents 📽️

Half-Shot told us:

What is it? Slideshows in Matrix, basically using the matrix room / event primitives to construct presentable federated slide shows.

What's new this week you ask? Well, it breaks less. It also does other neat things.

• Supports guests for viewing presentations, including the ability to specify a guest HS via the URL.
• Supports code highlighting in the presentation.
• Lots of CSS fixes to make slides line up properly.
• A fullscreen mode, which is actually unobstructive and quite handy.
• Presenter mode, which allows you to switch between following the presenters view of the room, and being able to view at your own leisure.
• Room joins now actually work, so you can be linked to a slide and expect to be able to view it.

Come check us out at #presents:half-shot.uk

Dept of Bridges 🌉

matrix-imposter-bot, interesting relay idea

@mr_johnson22:matrix.org said:

matrix-imposter-bot - A bot that uses your account to repeat other people's messages. This gives relay-bot capabilities to puppet-only bridges. For more details, see https://github.com/mrjohnson22/matrix-imposter-bot

mx-puppet-bridge and other soru adventures

sorunome told us:

Will the development ever stop? Who knows! Here's the latest mx-puppet-bridge updates:

• Fix unbridging of direct chats
• Allow room-specific ghost avatar and name overrides
• Enhanced logging config
• Ability to configure name patterns for users/rooms/groups

mx-puppet-discord

Of course mx-puppet-discord received some updates, too!

• Receive notification on friends request
• Add optional profile syncing
• Implement guild-specific nicknames
• Implement variables for name patterns

mx-puppet-slack

What, mx-puppet-slack updates? Yay!

• Set external_url field
• Implement variables for name patterns

As always, if you have any questions, please drop by the support chat and consider to donate! 🦊🦊🦊

Dept of Clients 📱

Nheko replies rendering

@deepbluev7:neko.dev said:

I added pretty rendering of replies to nheko. It uses the same rendering as for normal messages, so you will see an image being replied to and you can even play a replied to video. You can also click on the reply to navigate to that part of the history.

RiotX: Release v0.13.0

benoit said:

RiotX: Release v0.13.0 has been uploaded today to the PlayStore and should follow in F-Droid store. It contains typing notification feature, and new screens for Room profile and room members list, and new screen for Room Member profile. Those new screens are still missing a lots of features, that will be implemented in the next weeks. For F-Droid version, it contains a fix on the broken background sync. We are also making big progress on cross-signing implementation, and we have started to write integration tests on the SDK.

@bubu:bubu1.eu told us:

RiotX is now available via the f-droid.org repository here: https://f-droid.org/packages/im.vector.riotx/

Riot iOS

Manu announced:

We are still working hard on the implementation of cross-signing.

Riot Web Cross-signing update

Thanks to Ryan from the team:

All of this is part of cross-signing:

• Room shield decoration added
• New post-login device verification flow
• Toasts added to verify a new session
• Will begin working on post-login / registration bootstrapping flows

Fractal

Alexandre Franke reported:

In the past month, a few things happened:

• When redacting messages, they get removed from history view.
• Thumbnail for pasted images have been fixed.
• A handful of languages got updated.
• Moar refactoring.

koma + Continuum: kotlin lib and client

yuforia told us:

koma, Kotlin library for building clients:

• Update network library ktor to latest release 1.3.0
• Add option to use authentication with GET /_matrix/client/r0/publicRooms to fix HTTP Unauthorized errors with newer Synapse versions which may have allow_public_rooms_without_auth set to False.

Continuum desktop client based on Koma:

• Fix empty room directory list by always using the authenticated API POST /_matrix/client/r0/publicRooms

Dept of Ops 🛠

matrix-docker-ansible-deploy updates

Slavi told us:

matrix-docker-ansible-deploy can now easily configure automatic Double Puppeting for all of its Mautrix bridges (Facebook, Hangouts, Whatsapp, Telegram). This is possible due to those bridges' integration with matrix-synapse-shared-secret-auth - yet another component that the playbook can install. Our documentation page for each bridge provides relevant information on how to get it enabled.

Also:

matrix-docker-ansible-deploy can now install and configure matrix-appservice-webhooks, thanks to a contribution from Björn Marten from netresearch. Our documentation page about Appservice Webhooks tells you how to get started.

auto-update Riot-Web script

@murz:ru-matrix.org said:

I have created simple Bash script for auto-update Riot-Web to latest version. Because https://github.com/vector-im/riot-web now have no public Wiki, I publish it as Gist here: https://gist.github.com/MurzNN/ee64f98ab2e71b886c41d55594e5dd9e

ruby-grafana-matrix ingress updates

Ananace said:

My Grafana notification ingress gem received the missing piece of functionality for configuring it for posting both m.text as well as the original m.notice messages (as well as defaulting to m.text now as the more common expectation) - for those that want the messages to also provide Matrix notifications instead of just acting as an added history/flow. This can also be configured per-rule, so that you are able to have multiple notification ingresses configured with different message types.

It's always so lovely when people - other than myself - use my projects, especially when providing feedback on them. So many simple-to-implement features that get forgotten just because they weren't part of the original MVP.

Dept of Bots 🤖

TWIM bot updated for opsdroid 0.17

@cadair:cadair.com offered:

TWIM bot has been updates to use all the new features of opsdroid 0.17 it now supports Edits, both in updating it's database and by editing messages which get posted to #twim_updates:cadair.com . Also it supports 'TWIMing' a post by the user who posted it reacting with ⭕️, this is mainly designed as an easy way to mark images as TWIM posts. 🚀

Dept of Ping 🏓

Here we reveal, rank, and applaud the homeservers with the lowest ping, as measured by pingbot, a maubot that you can host on your own server. Join #ping:maunium.net to experience the fun live, and to find out how to add YOUR server to the game.

That's all I know 🏁

See you next week, and be sure to stop by #twim:matrix.org with your updates!

Matrix Live 🎙

Dept of Spec 📜

anoa informed us:

We've had a slight lull from people crawling out from winter holiday hibernation caves, but there's likely more to come as everyone gets back into the swing of things.

Merged MSCs

No MSCs were merged this week.

MSCs in Final Comment Period

No MSCs are currently in FCP.

New MSCs

• MSC2403: Add "knock" feature
• MSC2399: Reporting that decryption keys are withheld

The Spec Core Team is continuing to work on implementation of existing MSCs.

Dept of Servers 🏢

Synapse 1.8.0 is out now

Get the latest news here!

Synapse 1.8.0 has arrived, it contains a whole host of bug fixes and tweaks, most notably fixing some long standing problems with search.
More generally we are spending a lot of time improving the e2ee experience ahead of switching on e2ee by default, so watch this space.

Deploying Synapse

Several packaging projects have been updated to deploy the new version:

• matrix-docker-ansible-deploy from Slavi
• avhost/docker-matrix and mvgorcum/docker-matrix from Mathijs
• Kubernetes from Ananace
• multi-arch synapse docker image from Black Hat
• also from the Debian repos thanks to @andrewsh:matrix.org

matrix-media-repo v1.0.0 - repeat, v1.0.0!!

TravisR offered:

matrix-media-repo v1.0.0 has been released! If it is suitable for your environment, please give it a go.

Dendrite federation work!

Neil Alexander announced:

Federation fixes have been pushed to gomatrixserverlib and Dendrite's master branches, that include the following tweaks:

• Using the v2 endpoints for /send_join and /send_leave
• Fixing the resolution of room aliases to room IDs in the Dendrite federation API
• A rewrite of the auth chain functions which should be a bit smoother
• A couple of other minor tweaks to some of the types

In addition, I've spent the last few days working on Dendrite's storage backends, adding somewhat-hacky support for SQLite and investigating ORM modelling for some of the simpler components, as a part of getting Dendrite to run as a "true monolith" for the P2P work.

cortex (synapse worker in Rust) supports e2ee rooms

Black Hat offered:

cortex's federation sender finally supports e2ee rooms! I'm testing its performance on an Intel Atom z8350 and it looks great.

Dept of Bridges 🌉

Matrix App for Zapier

@coppero1237 appeared to us, then announced:

The MVP is now available: https://zapier.com/developer/public-invite/77712/033209ffe96c0c0cdd618c8071355c01/

Use the Zapier App to integrate your Matrix room with any of Zapier's 1500+ apps, including:

• Github
• Trello
• Pagerduty
• Google calendar
• Jira
• Salesforce

Currently the MVP supports sending messages to a room. Reading messages from a room is future work.

If you're interested providing feedback, requesting a feature, future development, or just understanding how it works, please join the matrix room, #zapier:matrix.org

Source code: https://github.com/tyleradams/Zapier-Matrix

matrix-zammad bridge

Half-Shot offered:

matrix-zammad now supports reacting to tickets to close them, provided you've set up your puppeted token in the config. It's useful if you get a lot of spam tickets :p

mx-puppet-bridge

sorunome reported:

Lots of changes in mx-puppet-bridge!

• Allow sending status messages into bridged rooms
• add a bridgeChannel function for protocol implementations
• add config options to set displayname and avatar url of the AS bot
• leave the bridge bot of a bridged room, whenever possible
• auto-leave a puppeted ghost after an hour inactivity (to prevent DMs having three users in them)
• automatically dedupe media when uploading
• matrix group to remote protocol group mapping

mx-puppet-discord

Along with mx-puppet-bridge, things got implemented in mx-puppet-discord!

• allow bridging of single channels in a guild
• display an error if sending a message to discord fails
• add joinentireguild command
• handle webhooks properly
• map discord guilds to matrix groups

If you enjoy this software, please consider to donate, thank you! 🦊

And another mx-puppet-discord update!

• [User Tokens] Proper User-Agent spoofing - friends management now seems mostly safe! Leaving the warning thing in just-in-case, though

Dept of Clients 📱

📽️ Matrix Presents!

I'm adding this to the client section because it behaves like a client, but it's not what we'd normally think of...

Half-Shot reported:

Work has resumed on matrix-presents, newly rewritten in Vue.js! The project was first demoed back in Oggcamp 2018 where I gave a meta presentation on the virtues Matrix for other mediums. This time around, it's being brought back with:

• A user interface for managing, joining and creating slideshows.
• Control over how slides are advanced (pinned to the presenters view, or unlocked)
• Finer control over how slides are laid out, using a fragments system to build slides out of submessages.

This is currently in heavy development and will debut at Fosdem 2020!

A regularly updated version of the app is hosted at https://presents.half-shot.uk/.

(And for those of you expecting a form of table tennis, there is an easter egg in progress 😃)

Continuum, desktop client in Kotlin

yuforia offered:

Continuum, a desktop client in Kotlin:

• Update README to include information on building from source
• Fix: database not updated after leaving a room
• Move user's access token and list of joined rooms from database to more lightweight key-value storage

RiotX v0.12.0

benoit reported:

RiotX v0.12.0 has been released with some performance improvement, especially on initial sync and on timeline loading time. The release also contains bugfixes and a cleanup in the application settings. A new "developer mode" has been added to show advanced features only to power users. We are now working on the room profile screen, and we are making progress on the cross-signing implementation. Besides that, we are working to make RiotX available on the F-Droid store.

I must say RiotX is getting a lot more stable and reliable recently!

Riot iOS

Manu told us:

We are still working on the implementation of cross-signing and verification by DM.

Dept of Ops 🛠

K8s

In addition to mentioning Synapse 1.8.0 support, Ananace said:

Synapse 1.8.0 Kubernetes-optimized images are pushed, I've also updated the example manifests as part of some work on making it easier to deploy - expect a MVP of a Helm Chart some time Soon™

Also, to add a bit of context/information to this;

Helm is the de-facto standard package manager for Kubernetes clusters, where a Chart is a package for an application that can be installed and configured. The Helm Chart I'm working on won't be a one-click install to begin with, for the Minimum Viable Product it will require manually generating and storing the Synapse signing key - though I have thoughts on how to later delegate that to a small one-time job that Helm can run if necessary

Opsdroid 0.17

Cadair offered:

Opsdroid 0.17 was released in December, it comes with many changes but the main matrix improvements are support for extra event types like Replies, Edits, Reactions, Room Name changes, Room Topic changes, Alias changes, Room avatar changes, Power levels, and support for generic matrix state events. All these events are supported for both sending and implementing skills based on receiving them.

Dept of Ping 🏓

Let's reveal, rank, and applaud the homeservers with the lowest ping, as measured by pingbot, a maubot that you can host on your own server. Join #ping:maunium.net to experience the fun live, and to find out how to add YOUR server to the game.

That's all I know 🏁

See you next week, and be sure to stop by #twim:matrix.org with your updates!

Synapse 1.8.0 has arrived, it contains a whole host of bug fixes and tweaks, most notably fixing some long standing problems with search.

More generally we are spending a lot of time improving the e2ee experience ahead of switching on e2ee by default, so watch this space.

Get the new release from github or any of the sources mentioned at https://github.com/matrix-org/synapse/blob/master/INSTALL.md.

Synapse 1.8.0 (2020-01-09)

Bugfixes

• Fix GET request on /_synapse/admin/v2/users endpoint. Contributed by Awesome Technologies Innovationslabor GmbH. (#6563)
• Fix incorrect signing of responses from the key server implementation. (#6657)

Synapse 1.8.0rc1 (2020-01-07)

Features

• Add v2 APIs for the send_join and send_leave federation endpoints (as described in MSC1802). (#6349)
• Add a develop script to generate full SQL schemas. (#6394)
• Add custom SAML username mapping functionality through an external provider plugin. (#6411)
• Automatically delete empty groups/communities. (#6453)
• Add option limit_profile_requests_to_users_who_share_rooms to prevent requirement of a local user sharing a room with another user to query their profile information. (#6523)
• Add an export_signing_key script to extract the public part of signing keys when rotating them. (#6546)
• Add experimental config option to specify multiple databases. (#6580)
• Raise an error if someone tries to use the log_file config option. (#6626)

Bugfixes

• Prevent redacted events from being returned during message search. (#6377, #6522)
• Prevent error on trying to search a upgraded room when the server is not in the predecessor room. (#6385)
• Improve performance of looking up cross-signing keys. (#6486)
• Fix race which occasionally caused deleted devices to reappear. (#6514)
• Fix missing row in device_max_stream_id that could cause unable to decrypt errors after server restart. (#6555)
• Fix a bug which meant that we did not send systemd notifications on startup if acme was enabled. (#6571)
• Fix exception when fetching the matrix.org:ed25519:auto key. (#6625)
• Fix bug where a moderator upgraded a room and became an admin in the new room. (#6633)
• Fix an error which was thrown by the PresenceHandler _on_shutdown handler. (#6640)
• Fix exceptions in the synchrotron worker log when events are rejected. (#6645)
• Ensure that upgraded rooms are removed from the directory. (#6648)
• Fix a bug causing Synapse not to fetch missing events when it believes it has every event in the room. (#6652)

Improved Documentation

• Document the Room Shutdown Admin API. (#6541)
• Reword sections of docs/federate.md that explained delegation at time of Synapse 1.0 transition. (#6601)
• Added the section 'Configuration' in docs/turn-howto.md. (#6614)

Deprecations and Removals

• Remove redundant code from event authorisation implementation. (#6502)
• Remove unused, undocumented /_matrix/content API. (#6628)

Internal Changes

• Add experimental support for multiple physical databases and split out state storage to separate data store. (#6245, #6510, #6511, #6513, #6564, #6565)
• Port sections of code base to async/await. (#6496, #6504, #6505, #6517, #6559, #6647, #6653)
• Remove SnapshotCache in favour of ResponseCache. (#6506)
• Silence mypy errors for files outside those specified. (#6512)
• Clean up some logging when handling incoming events over federation. (#6515)
• Test more folders against mypy. (#6534)
• Update mypy to new version. (#6537)
• Adjust the sytest blacklist for worker mode. (#6538)
• Remove unused get_pagination_rows methods from EventSource classes. (#6557)
• Clean up logs from the push notifier at startup. (#6558)
• Improve diagnostics on database upgrade failure. (#6570)
• Reduce the reconnect time when worker replication fails, to make it easier to catch up. (#6617)
• Simplify http handling by removing redundant SynapseRequestFactory. (#6619)
• Add a workaround for synapse raising exceptions when fetching the notary's own key from the notary. (#6620)
• Automate generation of the sample log config. (#6627)
• Simplify event creation code by removing redundant queries on the event_reference_hashes table. (#6629)
• Fix errors when frozen_dicts are enabled. (#6642)

Get the new release from github or any of the sources mentioned at https://github.com/matrix-org/synapse/blob/master/INSTALL.md.

Matrix Live 🎙

Dept of Status of Matrix 🌡

Responses to The Ecosystem is Moving

Matthew wrote a response to https://signal.org/blog/the-ecosystem-is-moving/ : https://matrix.org/blog/2020/01/02/on-privacy-versus-freedom/.

This is in response to a talk Moxie Marlinspike gave at 36c3. There is another response here from the XMPP community.

Dept of Servers 🏢

Dendrite and gomatrixserverlib

Neil Alexander announced:

My first TWIM update as a member of NV but I'm happy to announce that with some experimental changes to Dendrite and gomatrixserverlib, I've been able to get Dendrite-to-Dendrite federation working, which is a key component for the P2P work that we are planning!

matrix-media-repo v1.0.0-rc.2

TravisR reported:

matrix-media-repo has received its first ever release candidate (finally): v1.0.0-rc.1. It's complicated to set up, but please do give it a go if it suites your environment and use case, and report any bugs along the way.

v1.0.0-rc.2 was released later in the week to fix a small bug with exports in v1.0.0-rc.1.

Synapse 1.7.3 released

Synapse 1.7.3 includes an important bugfix, hosts are encouraged to upgrade.

Ananace reported that the K8s optimized Synapse 1.7.3 images have been updated, but you should find that all distributors have the latest version now.

Dept of Bridges 🌉

mx-puppet-bridge

sorunome said:

mx-puppet-bridge received some updates!

• Automatic Puppeting, thanks to tulir PR!
• Allow protocol implementations to specify an external_url as per spec
• Double Puppeting: Option to specify a custom homeserver -> URL map for local setups where .well-known resolution isn't possible
• Fix unbridging of rooms (remove alias correctly)
• Set filename of uploaded avatars to circumvent a synapse bug
• Update matrix-bot-sdk dependency to 0.4.0

mx-puppet-discord and mx-puppet-slack

sorunome again:

Both mx-puppet-discord and mx-puppet-slack updated to the newest library version and implemented the setting of an external URL.

If you like these projects, please check out the support chat and consider to donate!

mautrix-telegram

Tulir said:

mautrix-telegram v0.7.0 was released.

Other than bugfixes, there were a few main changes since the first release candidate a month ago:

• Option for automatic custom puppeting using shared secret login
• version command to get the exact bridge version (also coming to my other bridges)
• Config checks to make sure important fields like permissions aren't left unconfigured

Full changelog available on GitHub: https://github.com/tulir/mautrix-telegram/releases/tag/v0.7.0

mautrix-whatsapp

Tulir again:

Sticker bridging works slightly better now and added automatic double puppeting here too.

mautrix-cookiemonster

Tulir again:

To make the mautrix-facebook and mautrix-hangouts login flow simpler, I'm making a browser extension to eat cookies automatically rather than having the user go into the devtools. It's currently in development and should be ready by next week.

maubot

Tulir, busiest fellow in the North, again:

I finally got around to actually making the maubot github plugin, which is now spamming commits and other github things in all my project rooms.

Next up is per-room config options for webhooks and more matrix -> github actions (currently it's mostly just the github -> matrix webhooks). I might also end up making a more advanced plugin configuration system that supports multiple files, since jinja2 templates in a yaml file isn't that nice.

Dept of Clients 📱

FluffyChat for Android and iOS in Flutter

@krille:ubports.chat said:

MTRNord and me are working on FluffyChat for Android and iOS based on Flutter. You can already check it out if you like. :-) Install using F-Droid: https://mtrnord.gitlab.io/fluffychat-flutter-fdroid/fdroid/repo/ More info here: https://www.ko-fi.com/post/FluffyChat-for-Android-and-iOS-S6S71BMEY

Continuum

yuforia said:

Continuum, desktop client based in Kotlin, version 0.9.34:

• Perform database operations in an async way on IO dispatcher
• Added loading indicator when loading messages from server

Dept of Ping 🏓

Let's reveal, rank, and applaud the homeservers with the lowest ping, as measured by pingbot, a maubot that you can host on your own server. Join #ping:maunium.net to experience the fun live, and to find out how to add YOUR server to the game.

Tulir:

The ping room was upgraded to v5 last weekend. People who joined early got some nice and low pings before everyone rejoined :D

Also, @lub:imninja.net told us:

I created a #ping:maunium.net compatible bot in PowerShell https://gitea.lubiland.de/lub/pingposh/src/branch/master

Very nice - we don't see a lot of PowerShell in this ecosystem.

Final Thoughts 💭

Work is still happening on Cross Signing, patience will be rewarded sooner than you know.

Half-Shot is working on a fun and genuinely useful non-chat Matrix application, more on this soon.

36c3 was exciting, exhausing and educational. Thanks to everyone who made the Matrix Assembly one of the liveliest places around. :D

That's all I know 🏁

See you next week, and be sure to stop by #twim:matrix.org with your updates!

A few years ago, back when Matrix was originally implementing end-to-end encryption, we asked Moxie (the project lead for Signal) whether he’d ever consider connecting Signal (then TextSecure) to Matrix. After all, one of Matrix’s goals is to be an interoperability layer between other communication silos, and one of the reasons for us using Signal’s Double Ratchet Algorithm for Matrix’s encryption was to increase our chances of one day connecting with other apps using the same algorithm (Signal, WhatsApp, Google Allo, Skype, etc). Moxie politely declined, and then a few months later wrote “The ecosystem is moving” to elaborate his thoughts on why he feels he “no longer believes that it is possible to build a competitive federated messenger at all.”

At the time we didn’t respond via a blog post; instead we ended up talking it through a few times in person to see how misaligned we really were. The conclusion was that we agreed to disagree and Moxie said he’d be happy to be proved wrong, and wished us good luck. However, the subject has come up again thanks to Moxie’s talk on the same subject at 36C3 last week, and we keep getting asked to write a formal response on the Matrix side. So, here’s an attempt to do so. (Moxie didn’t want the 36C3 talk recorded, and I haven’t watched it, so this is responding to the original blog post).

From my perspective, the main points proposed in ‘The ecosystem is moving’ boil down to:

• Decentralised systems are harder to design and build than centralised ones, as coordination is harder if you don’t have a single authority to trust.

• Decentralised systems are harder and slower to evolve than centralised ones, as you can’t force participants to rapidly roll out (or even agree on) new features.

• Users in federated systems tend to coalesce around the best/biggest server that the bulk of people use - which means that server typically gets to see a disproportionate amount of communication metadata (who’s talking to who, and when), and has disproportionate power over the network, which could bully others away from running their own deployments.

• If users don’t trust their app provider, they can always go switch apps, which gives them freedom.

• Open systems are less secure because you have no control over the quality of the implementations - if anyone can bring their own client or server to the table, all it takes is one bad implementation to compromise everyone in the vicinity.

Now, all of these points are valid to some extent.

It’s absolutely true that decentralised systems are harder than centralised ones. Prior to Matrix we built centralised comms systems - we literally can do a side-by-side comparison for the same team to see how easily and fast we built our centralised comms system relative to Matrix. Empirically It took us around 6 times longer to get to the same feature-set with Matrix.

It’s also true that decentralised systems are harder to evolve than centralised ones - you can’t just push out a given feature with a single app update, but you have to agree and publish a public spec, support incremental migration, and build governance processes and community dynamics which encourage everyone to implement and upgrade. This is hard, but not impossible: we’ve spent loads of time and money on Matrix’s governance model and spec process to get it right. It’s still not perfect, but we haven’t seen much fragmentation so far, and when we’re pushing out a feature empirically we can and do go just as fast as the centralised alternatives. (E2E by default is a bit of a special case because we’ve had to go and reimplement many features users take for granted today in an E2E-capable manner, but we’re sprinting to get it done in the coming weeks). A bigger problem is that there are hundreds of spec change proposals which folks would like to see in the protocol, and finding a way to manage expectations and parallelise spec progress is hard - something we’re looking to improve in 2020 (although still figuring out how!)

It’s also fair that in a multi-server federated model, users naturally tend to sign up on the most prominent server(s) (e.g. the matrix.org homeserver in the case of Matrix). In practice, the matrix.org homeserver currently makes up about 35% of the visible Matrix network by active users. It’s also true that Matrix servers currently store metadata about who’s talking to who, and when, as a side-effect of storing and relaying messages on behalf of their users. And without an adequate protocol governance system in place, a large server could start pushing around smaller ones in terms of protocol behaviour. In practice, we’re looking into solving metadata protection in Matrix by experimenting with hybrid P2P / Client Server models - letting users store their metadata purely clientside if they so desire, and potentially obfuscating who’s talking to who via mixnets of blinded store & forward servers (more about this coming up at FOSDEM). Combined with nomadic accounts, this would let us eventually turn off the matrix.org server entirely and eliminate the pseudo-centralisation effect - the default ‘server’ would be the one running on your client.

It’s true that if a user doesn’t trust (say) Telegram, they are free to go switch to Signal or WhatsApp or whatever instead… at the massive expense of having to persuade all their friends to install yet another app, and fragmenting their conversation history across multiple apps.

Finally, it’s also true that because anyone can develop a Matrix client or server and connect to the global network, there’s a risk of bad quality implementations in the wild. There are many forks of Riot on the app stores - we simply can’t vouch for whether they are secure. Similarly there are Matrix clients whose E2E encryption is partial, missing, or unreviewed. And there are a wide range of different Matrix servers run by different people with different agendas in different locations, which may be more or less trustworthy.

HOWEVER: all of this completely ignores one critical thing - the value of freedom. Freedom to select which server to use. Freedom to run your own server (perhaps invisibly in your app, in a P2P world). Freedom to pick which country your server runs in. Freedom to select how much metadata and history to keep. Freedom to choose which apps to use - while still having the freedom to talk to anyone you like (without them necessarily installing yet another app). Freedom to connect your own functionality - bots, bridges, integrations etc. Freedom to select which identifiers (if any) to use to register your account. Freedom to extend the protocol. Freedom to write your own client, or build whole new as-yet-unimagined systems on top.

It’s true that if you’re writing a messaging app optimised for privacy at any cost, Moxie’s approach is one way to do it. However, this ends up being a perversely closed world - a closed network, where unofficial clients are banned, with no platform to build on, no open standards, and you end up thoroughly putting all your eggs in one basket, trusting past, present & future Signal to retain its values, stay up and somehow dodge compromise & censorship… despite probably being the single highest value attack target on the ‘net.

Quite simply, that isn’t a world I want to live in.

We owe the entire success of the Internet (let alone the Web) to openness, interoperability and decentralisation. To declare that openness, interoperability and decentralisation is ‘too hard’ and not worth the effort when building a messaging solution is to throw away all the potential of the vibrancy, creativity and innovation that comes from an open network. Sure, you may end up with a super-private messaging app - but one that starts to smell alarmingly like a walled garden like Facebook’s Internet.org initiative, or an AOL keyword, or Google’s AMP.

So, we continue to gladly take up Moxie’s challenge to prove him wrong - to show that it’s both possible and imperative to create an open decentralised messaging platform which (if you use reputable apps and servers) can be as secure and metadata-protecting as Signal… and indeed more so, given you can run your server off the grid, and don’t need to register with a phone number, and in future may not even need a server at all.

--Matthew

(Comments over at HN)