🔗Matrix Live 🎙

• On Apple Podcasts
• On Spotify
• On Pocket Casts
• or by hitting the RSS feed directly

🔗Dept of Spec 📜

anoa said:

Here's your weekly spec update!

🔗MSC Status

Merged MSCs:

• MSC2451: Remove query_auth federation endpoint.
• MSC2422: Allow color on font tag
• MSC2432: Updated semantics for publishing room aliases

MSCs in Final Comment Period:

• No MSCs are currently in FCP

New MSCs:

• MSC2475: API versioning
• MSC2474: Add key backup version to SSSS account data
• MSC2472: Symmetric SSSS

Closed MSCs:

• MSC2261: Allow m.room.aliases events to be redacted by room admins
• Superseded by MSC2432, which provides the same functionality.

Finally some merged MSCs, and so much activity in other areas! Thanks for everyone getting involved :)

🔗Spec Core Team

Next week the Spec Core Team is focusing on MSC2457 (password invalidation), MSC2454 (SSO UI Auth), and MSC2472 (Symmetric SSSS).

🔗Dept of Servers 🏢

🔗Dendrite / gomatrixserverlib

Neil Alexander reported:

• Backfill over federation and room history visibility are now mostly implemented in Dendrite
• Most of the room version support code is now merged into gomatrixserverlib
• More of Dendrite has been converted to use new headered events from gomatrixserverlib
• Room version support code has now been merged into Dendrite

🔗Synapse

Neil told us:

We released 1.12.0 this week which contains some decent performance wins. Our theme for the moment is to continue working on performance, and the sharding project is starting to make some real progress. Hopefully we get onto breaking out event persistence next week.

Aside from that you'll see a lot of work to improve SSO support, in particular the ability for SSO and User Interactive Auth to work together is just around the corner.

Sorry for all the matrix.org slowness, we're doing everything we can!

🔗Thoughts on matrix.to

julian told us:

The current http://matrix.to/ link handler is centralized and unfriendly. Before real matrix: URIs are done ( https://github.com/matrix-org/matrix-doc/pull/2312 ), I decided matrix.to needs redesigning, so I've written about it and am working on mock-ups and changes: https://blog.foad.me.uk/2020/03/24/improving-matrix-to-links/ Feedback would be appreciated. Please discuss in [#matrix.to:matrix.org.

🔗Synapse Deployment 📥

🔗Kubernetes

Ananace announced:

Updated the Kubernetes-optimized images of Synapse to 1.12.0. Both the alpine and debian-based - with jemalloc support - tags use the latest twisted package.

NB; If you're using both workers and application services, make sure that your application service config files are mounted into the worker pods as well.

🔗Various updates on Debian packaging

andrewsh reported:

Debian backports for Buster will see updated synapse and Twisted around the weekend when packages migrate to testing

Debian packages for synapse have been updated and now pull the patched version of Twisted with CVE-2020-10108, CVE-2020-10109 and other security vulnerabilities fixed

the patched version of Twisted in Debian is 18.9.0-8, Ubuntu ships security fixes in 18.9.0-6ubuntu1; both include all necessary security fixes 20.3.0 is currently in Debian experimental and hopefully will be uploaded to unstable by the end of the week

🔗synapse-purge

Ananace announced:

Submitted a PR that adds support for running the Synapse state compression tool to the synapse-purge utility written by djmaze. So that it's able to both launch purges for all rooms, as well as compress their state afterwards.

🔗Dept of Bridges 🌉

🔗mx-puppet-skype

mx-puppet-bridge is a general bridging library that supports (double)bridging and relays. The goal is to make it as easy as possible for others to bridge new third-party protocols to matrix. Support room Donate

sorunome said:

There is a new skype bridge! mx-puppet-skype, also based on mx-puppet-bridge.

It already features:

• Sending normal and rich formatted text in both directions
• Sending images, audio and other media in both directions
• Some skype emoji are parsed to normal emoji
• Skype->Matrix typing and read indicators
• Skype->Matrix user updates

Please note that skype seems to be having some issues lately where sometimes messages aren't received (also in the official client), and that sadly also affects the bridge.

🔗Icinga GoNotify Matrix v2.0.1

Oleg offered:

• A simple client to send notifications from Icinga to a [matrix] room.
• This is a rewrite of a Perl version (https://github.com/oleg-fiksel/matrix_icinga_notify).
• New and fancy notification template (thanks @micha:msqu.de !).
• Written in Go and uses mautrix-go (thanks @tulir:maunium.net !).
• Doesn't need any dependencies other than ca-certificates.
• Support/Feedback: #icinga-gonotify-matrix:fiksel.info

🔗Dept of Clients 📱

🔗Mirage

miruka told us:

Mirage is a new fancy Matrix client written in Qt/QML + Python, currently in alpha and available on Linux. Some of its main features are:

• A fluid interface that adapts to any size
• Keyboard shortcuts for (almost) everything, including filtering/switching rooms, scrolling, sending files, selecting and copying messages...
• A dynamic, programmable theming system
• Multiple accounts in one client
• Support for end-to-end encryption

🔗Nheko

Nheko is a desktop client using Qt, Boost.Asio and C++17. It supports E2EE (with the notable exception being device verification for now) and intends to be full featured and nice to look at

Nico (@deepbluev7:neko.dev) told us:

• The image overlay you get, when you click on an image, should now stay out of your way, when downloading an image (adasauce)
• Nheko now shouldn't show a console on launch on Windows anymore (abma)
• Typing notifications now won't sanitize users twice. This shouldn't increase Corona infections, just make special characters like < and & show up correctly, so you can put more <3 into your names. (Emi)
• A lot of edge cases, where avatars didn't show up correctly were fixed. One issue with dynamic thumbnailing and synapse is still waiting for a synapse pr to be merged.
• If you restart your server, Nheko should now use less CPU in the time the server is down. It may take a bit longer to reconnect though.

I'd like to thank all the contributors, that contribute seemingly random, small patches. It really helps make Nheko better in the long term and I really appreciate your help! <3

🔗Quotient 0.5.3 RC

kitsune reported:

Quotient 0.5.3 RC goes out - this is a backwards-compatible release that you can safely use with your Quaternion 0.0.9.4. Packagers are welcome to do all the preparations necessary - 0.5.3 release will happen right after the weekend! Despite back-compatibility, this version sports quite a few recent improvements backported from the master branch, including SSO, support of reactions and message editing, .well-known and, of course, quite a few bug fixes. Check it out at https://github.com/quotient-im/libQuotient/releases/tag/0.5.3-rc. P.S. For those who want more, Quotient 0.6 (and Quaternion 0.0.9.5) are coming real-soon-now, too!

🔗Riot-iOS

Manu told us:

We are still working on cross-signing but we see the end :). Gossiping of cross-signing private keys is now automatically done in background. We have a new modal that pops up on unverified sign-ins. We started to make cross-platform tests and fixed issues. Next week will be all about polishing this feature.

🔗riot.swedneck.xyz (Riot on IPFS)

swedneck reported:

I have started maintaining riot.swedneck.xyz again, so riot will once again be available on IPFS! You can try it out at https://ipfs.io/ipns/riot.swedneck.xyz, or via a local IPFS gateway at http://127.0.0.1:8080/ipns/riot.swedneck.xyz Expect updates a couple of days after every new riot version is released.

🔗Dept of Ops 🛠

🔗matrix-docker-ansible-deploy optionally supports jitsi

Slavi announced:

matrix-docker-ansible-deploy can now optionally install the Jitsi video-conferencing platform and integrate it with riot-web. See our Jitsi documentation page to get started.

You need to tell the playbook to use the :develop riot-web though. The documentation page instructs people to do that (for now).

I did a 4-person video conference the other day and all Jitsi components combined seemed to take some ~500MB of memory and quite a lot of CPU, while the call was ongoing.

🔗Dept of Bots 🤖

🔗CovBot v0.1.1

Peter Roberts offered:

• Add Public Health England data for more granular stats in the UK.
• Available on WhatsApp and Telegram.
• Send a welcome message to new rooms.
• Improve !help messages.
• Add !announce to notify all rooms.
• Gracefully handle rate limiting.
• Cleanup empty rooms once per day.
• Send m.text instead of m.notice so it plays nicely with WhatsApp bridge.

MIT licensed on GitHub.

🔗CovBot v0.1.2

Peter Roberts offered:

• Add !compare - thanks to @bertieb:matrix.bertieb.org. Works like !compare china;uk;spain. See !help for more info.
• Improve readability of !help on mobile.

MIT licensed on GitHub

🔗CovBot v0.1.3

Peter Roberts said:

Now comes with a !risk command that takes an age and calculates some outcome probabilities for that age group. Thanks to @dctremblay:matrix.org for adding this in!

MIT licensed on GitHub.

🔗reminder maubot plugin

Tulir said:

v0.2.0 of the reminder plugin for maubot was released recently. The primary change was a new custom date parser, which should have less weird results than before.

It also has a locale system. You can set locales with !reminder locale <list of locales>. The system is fairly simple: it just tries to parse the input with each locale in the order specified and uses the first match. It doesn't have many locales so far, so contributions are welcome if you're not afraid of regexes (contributions for reducing the number of regexes are also welcome :D)

🔗Matrix in the News 📰

Matthew said:

for those who quite understandably couldn’t endure listening to 90 minutes of waffle about Matrix on The Changelog, the transcript is now up at https://changelog.com/podcast/384!

🔗New Public Rooms 🏟

nico said:

To help people stay in contact in times of coronavirus, there are now coronavirus rooms in 4 languages (German: #covid-19-de:ungleich.ch , English: #covid-19:ungleich.ch, French: #covid-19-fr:ungleich.ch and Korean #covid-19-kr:ungleich.ch) They are all listed on https://ungleich.ch/u/blog/coronavirus-chats/ to give new matrix users an easy entrance

🔗Dept of Ping 🏓

Here we reveal, rank, and applaud the homeservers with the lowest ping, as measured by pingbot, a maubot that you can host on your own server. Join #ping:maunium.net to experience the fun live, and to find out how to add YOUR server to the game.

Rank	Hostname	Median MS
1	servicedesk-ttc.com	343
2	ccc.ac	419
3	gottliebtfreitag.de	421.5
4	envs.net	476
5	maunium.net	478
6	c-base.org	484
7	mailstation.de	506
8	maescool.be	576
9	encom.eu.org	585.5
10	matrix.vgorcum.com	648

🔗Final Thoughts 💭

Next Tuesday is the student submission deadline for GSoC! Check out our list of projects and come and chat to us.

🔗That's all I know 🏁

See you next week, and be sure to stop by #twim:matrix.org with your updates!

Synapse 1.12.0 is here.

The most important reason to upgrade to 1.12.0 is that it contains performance improvements to boost the efficiency of state resolution in room versions greater than v1 (#7095).

It also contains an implementation of (MSC2432) designed to limit room alias abuse. The MSC contains the full details, but in short admins now have more control over aliases as they appear on their local server.

There is also plenty of ground work for our master process sharding project. Nothing that can be used today unfortunately, but expect big improvements for worker based deployments over the coming weeks.

Please pay special attention to the security advisory in the changelog, TL;DR make sure your installation is using Twisted 20.3.0.

Also, note that once Synapse 1.13.0 is released, the default branch will change to being develop rather than master. Again more details follow in the changelog.

Get the new release from github or any of the sources mentioned at https://github.com/matrix-org/synapse/blob/master/INSTALL.md.

Changelog since Synapse 1.11.1

🔗Synapse 1.12.0 (2020-03-23)

No significant changes since 1.12.0rc1.

Debian packages and Docker images are rebuilt using the latest versions of dependency libraries, including Twisted 20.3.0. Please see security advisory below.

🔗Security advisory

Synapse may be vulnerable to request-smuggling attacks when it is used with a reverse-proxy. The vulnerabilities are fixed in Twisted 20.3.0, and are described in CVE-2020-10108 and CVE-2020-10109. For a good introduction to this class of request-smuggling attacks, see https://portswigger.net/research/http-desync-attacks-request-smuggling-reborn.

We are not aware of these vulnerabilities being exploited in the wild, and do not believe that they are exploitable with current versions of any reverse proxies. Nevertheless, we recommend that all Synapse administrators ensure that they have the latest versions of the Twisted library to ensure that their installation remains secure.

• Administrators using the matrix.org Docker image or the Debian/Ubuntu packages from matrix.org should ensure that they have version 1.12.0 installed: these images include Twisted 20.3.0.
• Administrators who have installed Synapse from source should upgrade Twisted within their virtualenv by running:

  <path_to_virtualenv>/bin/pip install 'Twisted>=20.3.0'
  

• Administrators who have installed Synapse from distribution packages should consult the information from their distributions.

The matrix.org Synapse instance was not vulnerable to these vulnerabilities.

🔗Advance notice of change to the default git branch for Synapse

Currently, the default git branch for Synapse is master, which tracks the latest release.

After the release of Synapse 1.13.0, we intend to change this default to develop, which is the development tip. This is more consistent with common practice and modern git usage.

Although we try to keep develop in a stable state, there may be occasions where regressions creep in. Developers and distributors who have scripts which run builds using the default branch of Synapse should therefore consider pinning their scripts to master.

🔗Synapse 1.12.0rc1 (2020-03-19)

🔗Features

• Changes related to room alias management (MSC2432):
  • Publishing/removing a room from the room directory now requires the user to have a power level capable of modifying the canonical alias, instead of the room aliases. (#6965)
  • Validate the alt_aliases property of canonical alias events. (#6971)
  • Users with a power level sufficient to modify the canonical alias of a room can now delete room aliases. (#6986)
  • Implement updated authorization rules and redaction rules for aliases events, from MSC2261 and MSC2432. (#7037)
  • Stop sending m.room.aliases events during room creation and upgrade. (#6941)
  • Synapse no longer uses room alias events to calculate room names for push notifications. (#6966)
  • The room list endpoint no longer returns a list of aliases. (#6970)
  • Remove special handling of aliases events from MSC2260 added in v1.10.0rc1. (#7034)
• Expose the synctl, hash_password and generate_config commands in the snapcraft package. Contributed by @devec0. (#6315)
• Check that server_name is correctly set before running database updates. (#6982)
• Break down monthly active users by appservice_id and emit via Prometheus. (#7030)
• Render a configurable and comprehensible error page if something goes wrong during the SAML2 authentication process. (#7058, #7067)
• Add an optional parameter to control whether other sessions are logged out when a user's password is modified. (#7085)
• Add prometheus metrics for the number of active pushers. (#7103, #7106)
• Improve performance when making HTTPS requests to sygnal, sydent, etc, by sharing the SSL context object between connections. (#7094)

🔗Bugfixes

• When a user's profile is updated via the admin API, also generate a displayname/avatar update for that user in each room. (#6572)
• Fix a couple of bugs in email configuration handling. (#6962)
• Fix an issue affecting worker-based deployments where replication would stop working, necessitating a full restart, after joining a large room. (#6967)
• Fix duplicate key error which was logged when rejoining a room over federation. (#6968)
• Prevent user from setting 'deactivated' to anything other than a bool on the v2 PUT /users Admin API. (#6990)
• Fix py35-old CI by using native tox package. (#7018)
• Fix a bug causing org.matrix.dummy_event to be included in responses from /sync. (#7035)
• Fix a bug that renders UTF-8 text files incorrectly when loaded from media. Contributed by @TheStranjer. (#7044)
• Fix a bug that would cause Synapse to respond with an error about event visibility if a client tried to request the state of a room at a given token. (#7066)
• Repair a data-corruption issue which was introduced in Synapse 1.10, and fixed in Synapse 1.11, and which could cause /sync to return with 404 errors about missing events and unknown rooms. (#7070)
• Fix a bug causing account validity renewal emails to be sent even if the feature is turned off in some cases. (#7074)

🔗Improved Documentation

• Updated CentOS8 install instructions. Contributed by Richard Kellner. (#6925)
• Fix POSTGRES_INITDB_ARGS in the contrib/docker/docker-compose.yml example docker-compose configuration. (#6984)
• Change date in https://github.com/matrix-org/synapse/blob/master/INSTALL.md for last date of getting TLS certificates to November 2019. (#7015)
• Document that the fallback auth endpoints must be routed to the same worker node as the register endpoints. (#7048)

🔗Deprecations and Removals

• Remove the unused query_auth federation endpoint per MSC2451. (#7026)

🔗Internal Changes

• Add type hints to logging/context.py. (#6309)
• Add some clarifications to README.md in the database schema directory. (#6615)
• Refactoring work in preparation for changing the event redaction algorithm. (#6874, #6875, #6983, #7003)
• Improve performance of v2 state resolution for large rooms. (#6952, #7095)
• Reduce time spent doing GC, by freezing objects on startup. (#6953)
• Minor performance fixes to get_auth_chain_ids. (#6954)
• Don't record remote cross-signing keys in the devices table. (#6956)
• Use flake8-comprehensions to enforce good hygiene of list/set/dict comprehensions. (#6957)
• Merge worker apps together. (#6964, #7002, #7055, #7104)
• Remove redundant store_room call from FederationHandler._process_received_pdu. (#6979)
• Update warning for incorrect database collation/ctype to include link to documentation. (#6985)
• Add some type annotations to the database storage classes. (#6987)
• Port synapse.handlers.presence to async/await. (#6991, #7019)
• Add some type annotations to the federation base & client classes. (#6995)
• Port synapse.rest.keys to async/await. (#7020)
• Add a type check to is_verified when processing room keys. (#7045)
• Add type annotations and comments to the auth handler. (#7063)

🔗Matrix Live 🎙

Matrix Live S04E30 - Matthew updates on Synapse perf, P2P and new Jitsi

• On Apple Podcasts
• On Spotify
• On Pocket Casts
• or by hitting the RSS feed directly

🔗Dept of Spec 📜

anoa announced:

Here's your weekly spec update!

🔗MSC Status

Merged MSCs:

• No MSCs were merged this week

MSCs in Final Comment Period:

• MSC2422: Allow color on font tag
• MSC2451: Remove query_auth federation endpoint.

New MSCs:

• MSC2463: Exclusion of MXIDs in push rules content matching
• MSC2461: Proposal for Authenticated Content Repository API

🔗Spec Core Team

Next week the Spec Core Team is focusing MSC2432 (alias changes), MSC2451 (remove query_auth), and implementation.

🔗Dept of Servers 🏢

🔗Dendrite / gomatrixserverlib

Neil Alexander announced:

• P2P work is continuing at p2p.riot.im, with various fixes and a new public room directory
• Room version work is continuing with new headered event support in Kafka, the internal APIs and the sync API in Dendrite, and in the event code in gomatrixserverlib
• Joining rooms over federation is a bit more reliable now, as prev events are handled properly in this case and therefore the first message into the room doesn't get lost
• Some improved error handling work has been merged - thanks to prateek2211 and abbyck
• The /joined_rooms endpoint is now implemented - thanks to prateek2211

Notes on usage:

In order to try p2p.riot.im, do I need to create an account or should I be signing in to some user?

Just register as normal. Be aware you are registering into your local in-browser Homeserver, rather than a remote service.

Neil Alexander also mentioned:

We've also created #homeservers-dev:matrix.org as a general non-implementation-specific channel for homeserver developers :-)

🔗matrix-media-repo

TravisR offered:

v1.1.0 has been released with experimental (incomplete) IPFS support, memory leak fixes, and other improvements. This is a highly recommended upgrade if you use expireAfterDays or have memory problems.

🔗Synapse

Neil reported:

This week we have seen a huge increase in traffic and so we are spending a lot of time battling with scaling. Most notably we shipped an optimisation to improve state resolution for room versions > 1. Our sharding effort continues and we are working towards backing matrix.org with redis for pub sub which is prerequisite for the project.

Aside from that we had some problems with push reliability, this should now be fixed. Sorry if you were bitten!

We also put out 1.12.0rc1 expect a full release early next week.

Next week performance performance performance. We’ll also complete improvements to user Interactive Auth for SSO installations.

🔗Synapse Deployments

Mathijs told us:

The docker image for synapse v1.12.0rc1 is now on mvgorcum/docker-matrix:v1.12.0rc1

🔗Dept of Bridges 🌉

🔗Welcome Christian!

Welcome to Christian, who is joining the Bridges team as an employee. He'll start out on the Slack bridge but will be working more generally with Half-Shot on all bridges.

🔗mx-puppet-bridge

mx-puppet-bridge is a general bridging library that supports (double)bridging and relays. The goal is to make it as easy as possible for others to bridge new third-party protocols to matrix. Support room Donate

sorunome told us:

• add adminme thanks to dhmf
• more tests
• unified namespaces!

Unified namespaces is a big update! This means that, if the remote protocol has globally unique IDs (e.g. as discord has the case) it will only create one room on matrix for any amount of puppets. Combining this with the advanced relay option, this means that protocol implementations (e.g. discord) now can act like a normal relay bridge only with super awesome puppeting! As in, the for the puppets, the DMs work and channels&guilds that the relay bot is not in. All this is possible without any changes to the protocol implementation, should the protocol have unique global IDs.

🔗Dept of Clients 📱

🔗Quotient / Quaternion SSO support

kitsune told us:

In preparation to the upcoming (long-awaited) releases for Quotient and Quaternion, the library has gained full-blown support of SSO flow, such as the one used by the Mozilla's homeserver, and adventurous Mozilla Matrix users can use the master branch of Quaternion to login to their accounts. Next step - official releases and backports.

🔗gomuks

Tulir said:

gomuks now supports markdown formatting in rainbow messages.

Or if you prefer:

gomuks now supports markdown formatting in rainbow messages.

🔗Nheko

Nheko is a desktop client using Qt, Boost.Asio and C++17. It supports E2EE (with the notable exception being device verification for now) and intends to be full featured and nice to look at

Nico (@deepbluev7:neko.dev) told us:

Emi added a new sorting method to the room list, that keeps rooms with unread messages on top, even when the messages are older than the messages in silenced or read rooms. It makes the room list a lot nicer to use and after being skeptical at the start, I now use it on all my systems. Huge thanks to Emi for bearing with my long and confusing review!

🔗Riot Web

Ryan reported:

• Keyboard shortcuts are more discoverable with a help popup that explains them
• Jitsi support for voice and video is moving into Riot itself (the integration manager is no longer used for this)
• Self-hosted Riots can be configured to use a different Jitsi server if desired
• Encrypted messages are faster to encrypt and send
• The room directory server selector has been reworked and is much easier to use and understand
• Many cross-signing polish fixes continue to land, hoping to ship cross-signing in a few weeks

🔗RiotX, Quick corrective release 0.18.1

valere told us:

Improvements 🙌:

• Implementation of /join command

Bugfix 🐛:

• Message transitions in encrypted rooms are jarring #518
• Images that failed to send are waiting to be sent forever #1145
• Fix / Crashed when trying to send a gif from the Gboard #1136
• Fix / Cannot click on key backup banner when new keys are available

🔗Riot-iOS

Manu told us:

We are still working on cross-signing. QR code screens have landed on develop like storing and gossiping of cross-signing private keys.

🔗Dept of SDKs and Frameworks 🧰

🔗py-matrix-utils

swedneck offered:

I'm working on a Gtk GUI for py-matrix-utils, progress can be followed at https://gitlab.com/Swedneck/py-matrix-utils This isn't going to be a fully fledged matrix client, it's just a graphical interface for various matrix tools.

🔗Dept of Ops 🛠

🔗matrix-docker-ansible-deploy Raspberry Pi support

Slavi offered:

Thanks to Gergely Horváth's efforts, matrix-docker-ansible-deploy now supports installing at least some of its services to a Raspberry Pi server.

See our Self-building documentation page to learn how to get started.

🔗Dept of Bots 🤖

🔗CovBot v0.0.10

Peter Roberts announced:

• Search by country code.
• Better handling of issues in the data.
• Do more things with asyncio.

MIT licensed on GitHub.

Thanks to the super awesome bridging powers of Matrix anyone on WhatsApp can now chat with the bot! Feel free to chat with it and share with anyone who prefers to use WhatsApp!

More magic bridging means Telegram users can now chat with the bot! Please feel free to share with anyone who prefers to use Telegram!

Additionally:

CovBot has a couple of contributors working on it now too 🙂

Check the repo for details!

🔗Final Thoughts 💭

🔗Organising IT Support via Riot

Karl told us:

We are mid in building a team to give free IT support and security help to critical infrastructure operators during Corona times organized via Riot. Added a local alias for this room here at #helpeurope:matrix.org . room where we started creation #helpeurope:matrix.ctseuro.com. Everybody wanting to help is welcome.

Join the room and get involved for more info.

🔗Dept of Ping 🏓

Here we reveal, rank, and applaud the homeservers with the lowest ping, as measured by pingbot, a maubot that you can host on your own server. Join #ping:maunium.net to experience the fun live, and to find out how to add YOUR server to the game.

Rank	Hostname	Median MS
1	maescool.be	369
2	imninja.net	379.5
3	envs.net	380
4	gottliebtfreitag.de	382.5
5	swag.industries	423
6	maunium.net	449
7	shortestpath.dev	452
8	lyseo.edu.ouka.fi	454.5
9	ilmari.org	464
10	nct08.de	485

🔗That's all I know 🏁

See you next week, and be sure to stop by #twim:matrix.org with your updates!

🔗Matrix Live 🎙

Matthew talks to Kegan and Neil about the status of P2P Matrix, and about Dendrite development.

You will know Matrix Live as a weekly video produced by the Matrix team and shared on YouTube. We are now offering the same content as an audio-only podcast, as a way of reaching more people. You can find the podcast:

• On Apple Podcasts
• On Spotify
• On Pocket Casts
• or by hitting the RSS feed directly

🔗Dept of Status of Matrix 🌡

🔗Matthew on The Changelog podcast

Matthew announced:

The Changelog invited me to do a podcast on all things Matrix - the 90 minutes of high density braindump can be found over at https://changelog.com/podcast/384

🔗Google Summer of Code

We are still welcoming GSoC students who want to apply to work on Matrix projects this summer. You can browse the suggested projects list or submit your own by chatting in the appropriate project room or #gsoc:matrix.org. Student applications begin on Monday!

🔗Dept of Servers 🏢

🔗Dendrite / gomatrixserverlib

Neil Alexander announced:

• The P2P in-browser demo has been improved to use a single set of keys, like the previous Go demo
• The P2P code no longer performs unnecessary federation requests to find server keys when they can be derived from the node ID
• Other hardening bits for the P2P demo
• Fixed a race condition in Dendrite when creating guest accounts
• Room version work is progressing still

🔗Dendrite/P2P

Matthew also mentioned the work that is going on with Dendrite P2P:

• We've got our first ever public Riot running with P2P Matrix, by compiling Dendrite to WASM and embedding it in the browser as a service worker. It's still quite early, but you can try to play with it now at https://p2p.riot.im. You can hear (and see!) all about it in this week's Matrix Live.
• It's using libp2p (IPFS's network layer) for P2P, coordinating via our shiny new libp2p websocket rendezvous server at https://rendezvous.matrix.org:8443
• Lots of limitations still: the room directory isn't hooked up; it doesn't persist your database yet; and no store-and-forward for users who are offline.
• Meanwhile Neil has been making good progress on v3, v4 and v5 room versions in Dendrite
• Spent a few days in London discussing the shape of P2P and Dendrite to come... watch this space ⭕️

🔗Synapse

Neil reported:

This week we’ve been working on alias abuse support, fixing a SSO limitation with user interactive auth which will allow SSO users to deactivate devices etc. We’ve also fixed a few SSO registration bugs and are currently investigating a push problem causing push to be delayed for certain users.

Next week more of the same, plus a return to Synapse performance work.

🔗Synapse available on OpenBSD

Synapse is now available on OpenBSD from ports. https://marc.info/?l=openbsd-ports-cvs&m=158368701415531&w=2

Thanks Linda for making us aware.

🔗Dept of Clients 📱

🔗Quotient prgressing to 0.6

kitsune announced:

Quotient is getting traction again, with 0.6 release finally in sight. This week a long standing PR from aa13q has been merged with a few (still very much work-in-progress) E2EE additions. One notable change is that by default the master branch (and the upcoming release) now builds without E2EE. This is to relieve packagers from a chore of adding E2EE dependencies (QtOlm and olm) for not much merit, while the work on E2EE stack for Quotient continues. In the meantime, the recommended way of using E2EE with Quotient-backed clients is to use pantalaimon next to your client application.

🔗Nheko

Nheko is a desktop client using Qt, Boost.Asio and C++17. It supports E2EE (with the notable exception being device verification for now) and intends to be full featured and nice to look at

Nico (@deepbluev7:neko.dev) reported:

One could say not much exciting stuff happened. Emily contributed a fix, that drops the filesystem access requirement from the nheko flatpaks. Otherwise I've heard someone working on hiding events in the timeline and some random branches named device-verification appeared. We'll see, where that will lead...

🔗Riot Web

Ryan announced:

v1.5.13-rc.1 available on staging with some more goodies like an option for alphabetically sorted room list, an option to dismiss the read marker and a fix for the right panel causing scroll jumps. Cross-signing work continues and is tantalisingly close to completion for release!

🔗Interesting article about using matrix-client.el with Pantalaimon

gergely offered:

Some folks over at #matrix-client.el:matrix.org suggested i should submit my article here. Itʼs about making matrix-client.el able to participate in encrypted rooms via Pantalaimon.

🔗FluffyChat for Android

krille said:

There is a new FluffyChat for Android version in the F-Droid repository:

• Improved design
• Minor bug fixes
• End2End encryption for normal messages (not yet files)
• Key sharing
• Device keys verification UI

The encryption feature still needs some testing but should be fully compatible with Riot so far.

Paul added this link which krille previously wrote: https://ko-fi.com/post/FluffyChat-for-Android-and-iOS-S6S71BMEY

And finally:

You can find the F-Droid repository at http://fluffy.chat

🔗RiotX

valere announced:

RiotX 0.18.0 has been released:

Improvements 🙌:

• Share image and other media from e2e rooms (#677)
• Add support for /plain command (#12)
• Detect spaces in password if user fail to login (#1038)
• FTUE: do not display a different color when encrypting message when not in developer mode.
• Open room member profile from avatar of the room member state event (#935)
• Restore the push rules configuration in the settings

Bugfix 🐛:

• Fix crash on attachment preview screen (#1088)
• "Share" option is not appearing in encrypted rooms for images (#1031)
• Set "image/jpeg" as MIME type of images instead of "image/jpg" (#1075)
• Self verification via QR code is failing (#1130)

SDK API changes ⚠️:

• PushRuleService.getPushRules() now returns a RuleSet. Use getAllRules() on this object to get all the rules.

Build 🧱:

• Upgrade ktlint to version 0.36.0
• Pipeline file for Buildkite is now hosted on another Github repository: https://github.com/matrix-org/pipelines/blob/master/riotx-android/pipeline.yml

Other changes:

• Restore availability to Chromebooks (#932)
• Add a documentation to run integration tests

🔗Riot-iOS

Manu said:

We have been working mainly on cross-signing verification. The QR code verification code has landed in the SDK. Now we are attacking the UI.

🔗Dept of SDKs and Frameworks 🧰

🔗Ruby SDK

Ananace reported:

Just released version 2.0.1 of the Ruby SDK - which should probably by 2.1.0 but I'm apparently quite tired today - adding support for non-final MSCs without polluting the main APIs. Currently only MSC2108 - Sync over Server Sent Events - is implemented, but more MSCs can easily be plugged in as wanted.

As always, #ruby-matrix-sdk:kittenface.studio is available for discussion and questions.

🔗Dept of Bots 🤖

🔗auto-invite-matrix-bot

MTRNord reported:

The auto-invite-matrix-bot utility bot now not only can relay invites to one primary account but it also is relaying mentions from your secondary accounts to your primary account now!

Check it out at: https://github.com/MTRNord/auto-invite-matrix-bot

🔗CoV Tracking Bot

You may have learned that recorded cases of COVID-19 are increasing exponentially. Also increasing exponentially are updates from Peter Roberts, who has developed a maubot to help provide information:

My first maubot! It tracks SARS-COV-2 statistics using data from https://offloop.net/covid19/ and was inspired by BrainstormBot on freenode IRC.

It's running as @covbot:shortestpath.dev. Send !cases for world-wide stats or !cases <location> for something more specific. E.g. !cases US.

v0.0.1 MIT licensed and on GitHub.

he continued

I've done a flurry of updates today:

• Searching is now limited to countries until search is improved more. I'll add region breakdowns back in soon!
• When the bot has multiple matches for your search it will let you know what they are and ask for more details.

It's running as @covbot:shortestpath.dev. Send !cases for world-wide stats or !cases <country> for more specifics. E.g. !cases Italy.

v0.0.4 MIT licensed and on GitHub.

and then

Another update:

• Search within states / regions / counties.
• Better feedback on ambiguous matches.
• Made unreliability of recoveries clear in the messaging.
• Made the messaging clearer when there are no matches.

v0.0.5 MIT licensed and on GitHub

and most recently

A few more changes:

• Improve search for provinces / regions / states / counties / areas.
• Add case numbers as well as percentages.
• Format numbers nicely for humans to read.
• Add a !help command.
• Add a !source command to get details on the bot source code and data.
• Improve handling when fetching the latest data fails.
• Improve handling of malformed data.

v0.0.9 MIT licensed on GitHub.

You can invite @covbot:shortestpath.dev to your own room to catch the latest.

🔗Dept of Ping 🏓

Here we reveal, rank, and applaud the homeservers with the lowest ping, as measured by pingbot, a maubot that you can host on your own server. Join #ping:maunium.net to experience the fun live, and to find out how to add YOUR server to the game.

Rank	Hostname	Median MS
1	imninja.net	341
2	envs.net	342
3	maescool.be	346
4	nct08.de	420
5	maunium.net	454
6	utzutzutz.net	463
7	pixie.town	496
8	shortestpath.dev	508
9	selfhosted.eu	618
10	swag.industries	684

🔗Final Thoughts 💭

Last week we featured a new stickerpack, Isabella, check out the composite image below!

I got to use a sneak preview of Riot nightly on Electron earlier, look out for more news on that soon if that's your thing.

🔗That's all I know 🏁

See you next week, and be sure to stop by #twim:matrix.org with your updates!

🔗Matrix Live 🎙

🔗Dept of Servers 🏢

🔗Dendrite / gomatrixserverlib

Neil Alexander said:

• Initial support for building for WASM with the P2P demo has been merged into the Dendrite master branch
• Initial State Resolution v2 code has been merged into gomatrixserverlib master branch, with wiring for Dendrite to follow shortly
• Further room version support is in progress
• Error logging now actually reports where errors happened
• A minor bug in the sync API has been fixed
• gomatrixserverlib now doesn't make unnecessary key requests over federation

🔗matrix-media-repo

TravisR told us:

matrix-media-repo has early support for IPFS! Currently it's only gateway support, but in the coming days it should be possible to also upload into the IPFS world. See https://github.com/turt2live/matrix-media-repo/issues/115#issuecomment-593772429 for details.

🔗Synapse

richvdh said:

A busy week in Synapse this week! We've released Synapse 1.11.1 to fix a security problem with single-sign-on, Patrick has been putting the finishing touches to the room-alias-spam mitigation measures in MSC2432, and Erik has been doing some exciting work in replacing the inter-process replication protocol for worker-based deployments.

We've also started the design work on single-sign-on support for user-interactive-auth, which we'll be starting implementation work on next week.

Also:

Oh hello... is that Synapse replicating data streams using Redis, paving the way to multi-master Synapse clustering for arbitrary horizontal scalability!?! 😍 pic.twitter.com/E7pcFWQEgC

— Matrix (@matrixdotorg) March 6, 2020

🔗Synapse Deployment 📥

🔗multi arch synapse docker image

Black Hat announced:

I finally remembered to update my multi arch synapse docker image to 1.11.0. Now with more architectures!

🔗Docker-matrix

Mathijs offered:

The image for synapse 1.11.1 is now available as avhost/docker-matrix:v1.11.1 and mvgorcum/docker-matrix:v1.11.1. As always these images use jemalloc and mjolnir anti-spam.

🔗Dept of Bridges 🌉

🔗Matrix Icinga notifier

Oleg told us:

Send notifications from Icinga(1,2) to a Matrix room.

• https://github.com/oleg-fiksel/matrix_icinga_notify

🔗v1.2.0

• Changed POST to PUT for sending the message to comply with the spec (https://matrix.org/docs/api/client-server/#!/Room32participation/sendMessage)

🔗Roadmap

• New, cool templates from @micha:msqu.de
• Rewrite in Go and gomatrix (https://github.com/matrix-org/gomatrix) to have a static binary

🔗mx-puppet-slack

sorunome said:

mx-puppet-slack supports xoxc tokens now! That means you are able to bridge slack workspaces without the need of legacy tokens or oauth - no permission from the workspace admins are required for those!

🔗mx-puppet-bridge

mx-puppet-bridge is a general bridging library that supports (double)bridging and relays. The goal is to make it as easy as possible for others to bridge new third-party protocols to matrix. Support room Donate

sorunome offered:

• Added optional parsing of file metadata (filling in the info block) for images, video and audio (requires ffprobe to be installed)
• Adding advanced relays --> protocol implementations can e.g. use webhooks to display relayed messages more nicely
• Add userlist syncing options for rooms

🔗mx-puppet-discord

• Use the advanced relay to bridge relay messages using webhooks
• Implement userlist syncing: The userlist on matrix now accurately reflects the discord members in that room

🔗Mumble Bridge

There is a simple Mumble-Matrix Bridge available.

A simple Matrix to Mumble bridge. It sends messages between bridged rooms and tells you when people join / leave Murmur.

Written in TypeScript and based on matrix-appservice-bridge.

The creator, mymindstorm said:

Hello again, I made a public room at #mumble-bridge:evermiss.net

🔗Dept of Clients 📱

🔗gomuks

Tulir announced:

gomuks now supports sending replies, reactions and redactions with commands. You can either run the command (e.g. /react 👍️) first and then select the message with up/down arrows and enter, or you can click on a message to select it first and then run the command.

🔗Ditto v0.3.0 Release

Annie offered:

Ditto is a user-friendly Matrix client for iOS and Android.

🔗Updates

• Long press to show button for leaving a room
• Data is stored on the device, you can now browse offline
• More helpful error messages on login failure
• Show if a chat has unread messages in chat list
• Send typing notifications
• Send read receipts
• and a lot of other major code-quality things!

See the full list of changes here

🔗Help Wanted

In general, we'll welcome any help if someone would like to contribute - great way to get some experience with React Native! Just reach out!

If anybody has the skill set or interest, we are also looking at creating a React Native specific Matrix SDK to improve performance and allow others to develop RN clients easily.

🔗Website | #ditto:ditto.chat | Contact Annie

🔗RiotX

benoit said:

We have fixed several errors on file and media sending/downloading/sharing. Also we are still working on cross-signing and e2e stabilization.

🔗Riot-iOS

Manu said:

Riot-iOS: We have fixed an issue with push notifications but we are still investigating rageshake logs before doing the release. In parallel, we are still working on cross-signing: QR code and Secret Sharing.

🔗Nheko

Nheko is a desktop client using Qt, Boost.Asio and C++17. It supports E2EE (with the notable exception being device verification for now) and intends to be full featured and nice to look at

Nico (@deepbluev7:neko.dev) reported:

• We welcomed adasauce as an official member to the Nheko project on Github! Adasauce has been working on a lot of the smaller annoyances and layout issues.
• Adasauce started working on configuring what events get shown in the timeline on a per room or account wide basis.
• We have merged the dev branch to master, because it confused a lot of people. If your packages use 0.7.0-dev, now is the time to switch
• red_sky merged the dev branch and started updating everything, that depends on this branch. This includes the AUR package and our Weblate instance (for translations).
• Nheko now has experimental support for MSC2448. This adds a blurry preview for images (and videos) sent via nheko directly into the event body (at the cost of ~30 bytes). This considerably reduces latency until clients show something, that isn't an empty box, to preview media, since downloading the media over federation and generating a thumbnail has positive latency.
• Avatars should now not be blurry when using display scaling. Please report, if this is still happening to you (in the timeline or room list, there is a known issue with the user profile dialog and servers that don't do dynamic thumbnailing)
• Misc fixes and translation updates from multiple contributors.

🔗Various Riot-theme news

Dylan told us:

Selenized Light, Dark, and Black for Riot! If you have your own build of riot-web you can simply modify the config.json and add this theme to it!

• GitHub: https://github.com/aaronraimist/riot-web-themes#selenized-light-theme

I particularly like the Selenized Dark:

Nord Light Theme for Riot is also available from Dylan:

• GitHub: https://github.com/aaronraimist/riot-web-themes#nord-light-theme

Aaron said:

Dylan created #riot-web-themes:m.dhdf.dev

If you use https://github.com/spantaleev/matrix-docker-ansible-deploy/ it will automatically download and install all of the themes just by setting matrix_riot_web_themes_enabled: true

🔗Dept of SDKs and Frameworks 🧰

🔗simplematrixlib

swedneck reported:

i have updated simplematrixlib and py-matrix-utils adding (among other things) the ability to upload and download media, and send messages! Simplematrixlib is available on PyPi.

simplematrixlib now also has a matrix room, #simplematrixlib:matrix.org (also used for py-matrix-utils)

🔗Dept of Ops 🛠

🔗Kubernetes

Ananace announced:

Another image bump, this time to 1.11.1 The accompanying Helm chart I've been writing has sadly gotten rather delayed due to prioritisations at work, so might be a bit until then.

🔗Dept of Bots 🤖

🔗OBS bot

msirringhaus told us:

During last hackweek, I wrote a chat bot integration in Rust for openSUSEs Open Build Service. OBS is used for development of the openSUSE distribution and can build packages from the same sources for Fedora, Debian, Ubuntu, SUSE Linux Enterprise and other distributions.

The bot follows given packages and pull requests and pings a room if any changes occur (build finished, PR got commented or accepted, ..).

Sources can be found here, RPMs exist as well.

🔗Dept of Interesting Projects 🛰

🔗Matrix Notepad v0.2.1

KB1RD reported:

• Fixes some bugs
• Adds a new theme
• Allows the editing of room names

Unfortunately, there still are bugs. Sorry ;(

🔗Final Thoughts 💭

There's a new stickerpack available in Riot, Diego "rehrar" Salazar offered:

Isabella the Monero Girl is a fun sticker pack made by Cypher Stack designed to be cute, fun, and used by anyone. We hope you enjoy emoting with Isabella.

We'll have a cool image and more info next week.

Tulir offered:

also working on mautrix-manager, although I'm not sure if/when that'll be ready for general usage

🔗Dept of Ping 🏓

Here we reveal, rank, and applaud the homeservers with the lowest ping, as measured by pingbot, a maubot that you can host on your own server. Join #ping:maunium.net to experience the fun live, and to find out how to add YOUR server to the game.

Rank	Hostname	Median MS
1	envs.net	378.5
2	maescool.be	379
3	gottliebtfreitag.de	391.5
4	dodsorf.as	397
5	imninja.net	418
6	maunium.net	437
7	shortestpath.dev	445
8	midov.pl	455.5
9	ocean.joedonofry.com	458
10	wcore.org	469

🔗That's all I know 🏁

See you next week, and be sure to stop by #twim:matrix.org with your updates!

Hi all,

Heads up that yesterday at 12:00 ET, the Mozilla IRC network was switched off after over 22 years of valiant service, and the mozilla.org Matrix instance is now in full production. You can get at it via the Riot instance at https://chat.mozilla.org, by pointing your client at https://mozilla.modular.im, or by joining rooms on the mozilla.org server over federation via its room directory.

We'd like to thank Mozilla again for putting their faith in Matrix, and are determined to do everything we can to ensure we're a more than worthy successor to IRC; we have big boots to fill :)

We've been gathering a huge amount of invaluable FTUE (first time user experience) feedback from the commentary in #synchronicity:mozilla.org - and we're in the process of implementing it over the coming weeks. In particular, we've already implemented alphabetic room ordering, custom theming support, and done a bunch more SSO work.

The immediate priorities include:

• Fixing a regression in jumps/jank when scrolling (fix PRed to develop today)
• Enabling Mozilla IAM SSO authentication on remaining "interactive user auth" flows (e.g. managing devices)
• Fixing the UX around selecting server when browsing the room directory.
• Fixing notification defaults, behaviour and settings UX
• Better educating users to connect to the mozilla.modular.im if using a random app.

Finally, it's worth noting that the matrix-ircd project is seeing some commits again, many thanks to jplatte from the Ruma project - so if you are currently despairing the demise of moznet, never fear: you may yet be able to connect to the Mozilla matrix server via IRC (authing via Mozilla IAM, of course) and pretend that none of this newfangled Matrix stuff exists :D

Please keep the feedback coming in #synchronicity:mozilla.org - we're gathering it all up into Github (under the mozilla label) as well as a high level Google Doc to help collate everything.

thanks,

- The Matrix Core Team.

(Comments over at HN)

Synapse 1.11.1 is a security release which contains a fix impacting installations using Single Sign-On (i.e. SAML2 or CAS) for authentication. Administrators of such installations are encouraged to upgrade as soon as possible.

Admins not using Single Sign-On to authenticate users are not affected though may wish to upgrade anyway to pull in some unrelated bug fixes.

Thanks to Rhys Davies for the responsible disclosure.

Get the new release from github or any of the sources mentioned at https://github.com/matrix-org/synapse/blob/master/INSTALL.md.

Changelog since Synapse 1.11.0

🔗Synapse 1.11.1 (2020-03-03)

This release includes a security fix impacting installations using Single Sign-On (i.e. SAML2 or CAS) for authentication. Administrators of such installations are encouraged to upgrade as soon as possible.

The release also includes fixes for a couple of other bugs.

🔗Bugfixes

• Add a confirmation step to the SSO login flow before redirecting users to the redirect URL. (b2bd54a2, 65c73cdf, a0178df1)
• Fixed set a user as an admin with the admin API PUT /_synapse/admin/v2/users/<user_id>. Contributed by @dklimpel. (#6910)
• Fix bug introduced in Synapse 1.11.0 which sometimes caused errors when joining rooms over federation, with 'coroutine' object has no attribute 'event_id'. (#6996)

🔗Dept of Status of Matrix 🌡

🔗Meetup Event in London

This week Matrix held a Meetup Event in London! There were presentations demonstrating E2E Cross-Signing (including the next, sleeker QR codes), P2P in the browser with Dendrite, Message retention, and Github bridging. There was also plenty of P2E* and B2D**.

You can catch up on what was missed by watching this week's Matrix Live (below), or check out the full event playlist, particularly the P2P with Dendrite demo.

* Pizza to eat
** Beer to drink

🔗version1 podcast featured Matrix!

Éibhear told us:

Hi TWIM, I don't know if you've noted this yet, but I got my company to interview Matthew and Amandine on their podcast: https://www.version1.com/one-zero-one/matrix-org/. Éibhear

🔗Matrix Live now available as an audio podcast

Reminder that Matrix Live is also available as an audio-only podcast. You can find the it:

• On Apple Podcasts
• On Spotify
• On Pocket Casts
• or by hitting the RSS feed directly

🔗Google Summer of Code

Last week we announced that Google had selected Matrix for the Google Summer of Code progamme, and requested projects get involved under the Matrix banner. We had a great response to this call: Ditto, Ruma, opsdroid and Nheko are all offering projects this year, as well as projects under the core Matrix team.

We updated suggested projects list (more to come), so if you're a student please take a look. Think about what you'd like to work on, get involved with suggested projects, and join #gsoc:matrix.org to discuss.

🔗Dept of Spec 📜

🔗Spec

anoa offered:

Here's your weekly spec update!

🔗MSC Status

Merged MSCs:

• No MSCs have been merged this week.

MSCs in Final Comment Period:

• No FCPs have entered Final Comment Period this week.

New MSCs:

• MSC2444: peeking over federation via /peek
• MSC2448: Using Blurhash in Media Events

🔗Spec Core Team

Next week the Spec Core Team is focusing on MSC implementation.

🔗Dept of Servers 🏢

🔗Dendrite / gomatrixserverlib

Neil Alexander told us:

• Experimental support for state res v2 (and, by extension, room version 2) is now in a PR and undergoing testing
• The hashing algorithm has been fixed which improves federation reliability with Synapse
• A significant number of SQLite bugs have been fixed and we now have the ability to run Sytest against Dendrite in SQLite mode
• Kegan has been doing great work on building Dendrite for WASM and running it in the browser as a Service Worker!
• Sending EDUs in transactions with no PDUs has been fixed, which also seems to fix sending outbound typing notifications

🔗Sydent

Brendan announced:

Sydent v2.0.0 has just been released! 🎉

The biggest changes in this release are the privacy improvements we've worked on last year, along with Python 3 support and improved documentation.

More details can be found in the full changelog, and folks can get their hands on this new version from PyPI or from GitHub 🙂

🔗matrix-media-repo v1.0.1 patch

TravisR reported:

matrix-media-repo got a v1.0.1 patch release to fix a memory leak. Downloads and the very small changelog available at https://github.com/turt2live/matrix-media-repo/releases/tag/v1.0.1

🔗Matrixmon v0.5.0

jaywink said:

Matrixmon, the perl based c2s probe with metrics to track your Synapse server client API responses is now at v0.5.0 and now allows using an access_token for the probe user.

🔗Synapse

anoa reported:

This week Erik been tackling the work on sharding the master process in Synapse, Patrick has been working on the new room alias semantics while richvdh has been doing some background preparation to allow us to change the way events are redacted in future room versions.

Next week: SSO/User Interactive auth is still in the pipeline, alongside an option to allow users to change their password without logging out their other devices, and of course, more sharding.

🔗Dept of Ops 🛠

🔗arm64 support for all Tulir-projects:

The docker images of my projects (specifically mautrix-{telegram,whatsapp,facebook,hangouts} bridges, maubot and mautrix-manager) now support arm64 in addition to amd64. They're multiarch images, so the same tag will work with both architectures.

🔗Dept of Clients 📱

🔗Nheko

Nico (@deepbluev7:neko.dev) offered:

• adasauce fixed the settings page to properly display on narrow screens, like the PinePhone or Librem5
• We fixed rooms being stuck on unread. This only applies for rooms, where you receive an event after you updated.
• Avatars should now render in high res on high dpi screen with display scaling enabled.
• We fixed some smaller annoyances regarding what happens, when clicking elements of replies and the reply button now only shows on hover (or tap on the right side, like the timestamp, on mobile)
• We fixed the logic around user interactive authentication needed for registration, which means you should be able to register on servers using recaptcha and other registration requirements again! Note that this currently doesn't seem to work on servers, that use workers. This may be because of a synapse bug, but the jury is still out, it may still be our fault ;-)
• We wrote some proposals for GSoC, which Nheko was invited to participate in under the matrix.org umbrella.
• Someone packaged Nheko for Guix!

🔗Nheko in Guix

That "someone" was nixo:

nheko-reborn is now available on the guix package manager! Guix feature reproducible builds, allowing users to verify the binary cache correctness, and the possibility to create tarball/docker images to easily share the build results with all dependencies to systems without guix package manager.

Guix also aims at reducing bootstrap binaries to a minimum (see this blog post for example), reducing the effect of trusting trust attacks. Those properties led guix to be the package manager of choice for bitcoin development.

🔗Riot Themes

Last week Aaron said:

I made a place where you can post Riot Web themes https://github.com/aaronraimist/riot-web-themes

Which like the flap of a butterfly wing has caused a series of events:

🔗A Nord Theme for Riot!

Dylan announced:

If you have your own build of riot-web you can simply modify the config.json and add this theme to it!

• GitHub: https://github.com/aaronraimist/riot-web-themes#nord-theme

🔗A wild Discord themed Riot has appeared!

Dylan reported:

If you have your own build of riot-web you can simply modify the config.json and add this theme to it!

• GitHub: https://github.com/aaronraimist/riot-web-themes#discord-dark-theme

🔗matrix-docker-ansible-deploy support

Slavi reported:

matrix-docker-ansible-deploy now makes it easy to install custom riot-web themes, either by having you manually define them or by automatically pulling whatever themes are available in aaronraimist/riot-web-themes. To learn more, take a look at our riot-web documentation on Themes.

🔗Fractal

Alexandre Franke announced:

Our current Outreachy intern implemented many nice media related things. Videos now have a preview playing directly in the room history and clicking on them opens a player view with the usual controls.

Audio messages have a nicer presentation too. The audio player downloads the whole file to make seeking possible.

The narrow view (used e.g. on the Pinephone and Librem 5) gained a new swipe-back gesture to go back from room to room list

🔗gomuks

Tulir said:

gomuks now has support for lazy-loading room members, which might mean that small servers won't explode when gomuks does an initial sync.

🔗RiotX 0.17.0

benoit reported:

RiotX: We have released version 0.17.0: new attachment management, with media preview and edition. This release also contains a lot of bug fixes. We are also still working on cross-signing implementation.

🔗Riot iOS

steve told us:

This week we continued to implement verification by QR code at application and SDK level.

🔗Dept of Interesting Projects 🛰

🔗Matrix Notepad

KB1RD offered:

Finally, version 0.2.0 is here, which...

• Introduces the new version of logootish-js
• Gets ready for conflict resolution systems
• Fixes some (but not all) bugs encountered (thanks to the new algo)
• Removes the debug panel in favor of native browser console based debug

🔗Dept of SDKs and Frameworks 🧰

🔗nio template

anoa told us:

...is a template repo based on the matrix-nio library that you can use to get quickly up and running with making simple, yet powerful matrix bots in Python!

🔒️ Encryption Support is now built-in 🎉! This does shift the login model from access token to username/password. Note that by entering a device id however, you won't be creating a new device every time you start up the bot!

Other notable fixes:

• /sync is no longer spammed! This should take some load off of your homeserver.
• Config file parsing is a lot simpler now by way of a _get_cfg method, which allows you to easily device down into yaml dictionaries, set default values, mark whether a config value is required etc.

Thanks to alturiak for motivating me to make these changes :)

The repo is https://github.com/anoadragon453/nio-template, and room is #nio-template:amorgan.xyz.

🔗Dept of Bridges 🌉

🔗mx-puppet-bridge

sorunome told us:

mx-puppet-bridge received a few additions:

• tulir made a PR to add a provisioning API - said PR is already merged. Thanks a lot!
• Way better relay mode: You can now configure individual puppets to be a relay rather than a puppet. Additionally you can configure default room visibility and autoinvite.
• Don't unbridge a room on leaving anymore - it will remain bridged. You can get invites to rooms via the new invite command. With the knock MSC it will also be possible to get an invite via a knock.

If you have any questions, please join our support chat and maybe consider to donate. Thank you!

🔗mx-puppet-slack

tulir made a PR for custom provisioning API endpoints. It is already merged. Thanks a lot!

🔗mx-puppet-tox

mx-puppet-tox is finally functional again! It is updated to the latest mx-puppet-bridge library, giving it all the new features. Yay!

🔗Dept of Bots 🤖

🔗Hemppa the bot

Cos reported:

Hemppa the bot gained ability to run shell commands via Matrix. It's a small feature but enables a lot of possibilities in system management and monitoring, home automation, and whatever you can do in linux shell. As an example project I plan to use it for running a script to open hackerspace door with Raspberry Pi's GPIO if sender is a member. https://github.com/vranki/hemppa

🔗remindbot the bot

stefan announced:

remindbot got support for reacting when mentioned. This allows the bot to be used in rooms with more than 2 participants. The timespec got a minor update, supporting now the variant tomorrow HH:MM. Furthermore, the bot now sends a reaction when a notification has been scheduled instead of a noisy message.

🔗Dept of Ping 🏓

Here we reveal, rank, and applaud the homeservers with the lowest ping, as measured by pingbot, a maubot that you can host on your own server. Join #ping:maunium.net to experience the fun live, and to find out how to add YOUR server to the game.

Rank	Hostname	Median MS
1	gottliebtfreitag.de	334
2	envs.net	349.5
3	imninja.net	425.5
4	swag.industries	427
5	maunium.net	431
6	maescool.be	594
7	shortestpath.dev	632
8	matrix.vgorcum.com	657
9	utzutzutz.net	688
10	matrix.m31.zone	712

🔗That's all I know 🏁

See you next week, and be sure to stop by #twim:matrix.org with your updates!

Hi all,

Synapse 1.11 landed on Friday (sorry for running late on blogging the release notes!)

The main change is to introduce an experimental API MSC2432 for managing aliases for rooms on your local server. In Synapse 1.10 we removed support for m.room.aliases events, which were a way to try to track which aliases a room had on the room itself (but were vulnerable to abuse). In this release we've re-added the ability to query which aliases a given server has for the room, giving visibility for managing aliases, without having them spray all over the room state itself. Riot/Web 1.5.10 supports the new API, giving a way to manage aliases on your local server while we finish off the remaining work to improve alias safety & maintenance.

We've also changed the default power levels for new rooms so that room upgrades and ACLs require you to be an Admin (PL100), and invites in public rooms now require you to be a moderator (PL50).

Get the new release from github or any of the sources mentioned at https://github.com/matrix-org/synapse/blob/master/INSTALL.md.

🔗Synapse 1.11.0 (2020-02-21)

🔗Improved Documentation

• Small grammatical fixes to the ACME v1 deprecation notice. (#6944)

🔗Synapse 1.11.0rc1 (2020-02-19)

🔗Features

• Admin API to add or modify threepids of user accounts. (#6769)
• Limit the number of events that can be requested by the backfill federation API to 100. (#6864)
• Add ability to run some group APIs on workers. (#6866)
• Reject device display names over 100 characters in length to prevent abuse. (#6882)
• Add ability to route federation user device queries to workers. (#6873)
• The result of a user directory search can now be filtered via the spam checker. (#6888)
• Implement new GET /_matrix/client/unstable/org.matrix.msc2432/rooms/{roomId}/aliases endpoint as per MSC2432. (#6939, #6948, #6949)
• Stop sending m.room.aliases events when adding / removing aliases. Check alt_aliases in the latest m.room.canonical_alias event when deleting an alias. (#6904)
• Change the default power levels of invites, tombstones and server ACLs for new rooms. (#6834)

🔗Bugfixes

• Fixed third party event rules function on_create_room's return value being ignored. (#6781)
• Allow URL-encoded User IDs on /_synapse/admin/v2/users/<user_id>[/admin] endpoints. Thanks to @NHAS for reporting. (#6825)
• Fix Synapse refusing to start if federation_certificate_verification_whitelist option is blank. (#6849)
• Fix errors from logging in the purge jobs related to the message retention policies support. (#6945)
• Return a 404 instead of 200 for querying information of a non-existent user through the admin API. (#6901)

🔗Updates to the Docker image

• The deprecated "generate-config-on-the-fly" mode is no longer supported. (#6918)

🔗Improved Documentation

• Add details of PR merge strategy to contributing docs. (#6846)
• Spell out that the last event sent to a room won't be deleted by a purge. (#6891)
• Update Synapse's documentation to warn about the deprecation of ACME v1. (#6905, #6907, #6909)
• Add documentation for the spam checker. (#6906)
• Fix worker docs to point /publicised_groups API correctly. (#6938)
• Clean up and update docs on setting up federation. (#6940)
• Add a warning about indentation to generated configuration files. (#6920)
• Databases created using the compose file in contrib/docker will now always have correct encoding and locale settings. Contributed by Fridtjof Mund. (#6921)
• Update pip install directions in readme to avoid error when using zsh. (#6855)

🔗Deprecations and Removals

• Remove m.lazy_load_members from unstable_features since lazy loading is in the stable Client-Server API version r0.5.0. (#6877)

🔗Internal Changes

• Add type hints to SyncHandler. (#6821)
• Refactoring work in preparation for changing the event redaction algorithm. (#6823, #6827, #6854, #6856, #6857, #6858)
• Fix stacktraces when using ObservableDeferred and async/await. (#6836)
• Port much of synapse.handlers.federation to async/await. (#6837, #6840)
• Populate rooms.room_version database column at startup, rather than in a background update. (#6847)
• Reduce amount we log at INFO level. (#6833, #6862)
• Remove unused get_room_stats_state method. (#6869)
• Add typing to synapse.federation.sender and port to async/await. (#6871)
• Refactor _EventInternalMetadata object to improve type safety. (#6872)
• Add an additional entry to the SyTest blacklist for worker mode. (#6883)
• Fix the use of sed in the linting scripts when using BSD sed. (#6887)
• Add type hints to the spam checker module. (#6915)
• Convert the directory handler tests to use HomeserverTestCase. (#6919)
• Increase DB/CPU perf of _is_server_still_joined check. (#6936)
• Tiny optimisation for incoming HTTP request dispatch. (#6950)

🔗Dept of Status of Matrix 🌡

🔗Google Summer of Code 2020

Wise Google have again selected Matrix as a GSOC Mentor Organisation. Matrix has been successful with GSOC for several years now, so please think about what you'd like to work on, get involved with suggested projects, and join #gsoc:matrix.org for more insights.

If you have a Matrix project of your own, and think that you would benefit from mentoring a GSOC student, then let me know. We are very happy to have Matrix-related students working on your project under the Matrix umbrella. (Just like we did with kitsune last year.)

🔗Dept of Events and Talks 🗣

It's happening Next Week!!

Are you interested in a real-life, real-time Matrix-related meetup? Can you make it to London? Join us on the 26th February at Second Home in Spitalfields! Check out the agenda and register at https://www.eventbrite.com/e/matrix-london-meetup-26th-february-2020-tickets-93320354693.

🔗Matrix Live 🎙

🔗Spec

anoa offered:

Here's your weekly spec update!

🔗MSC Status

Merged MSCs:

• No MSCs have been merged this week.

MSCs in Final Comment Period:

• No FCPs have entered Final Comment Period this week.

New MSCs:

• MSC2438: Local and Federated User Erasure Requests
• MSC2437: Store tagged events in Room Account Data

🔗The section where I talk about mscbot

Hey look, I finished.

🔗Spec Core Team

Next week the Spec Core Team is focusing on MSC implementation.

🔗Dept of Servers 🏢

🔗Synapse

Neil announced:

This week we’ve been working on managing alias abuse, and also improved performance for state res v2. The perf work massively improved average send times on matrix.org. Here’s the heat map.

More excitingly we’re working on sharding out the master process in Synapse, so that worker based installations can scale more efficiently.

Next week it’s all about more alias abuse mitigations, fixing some SSO/User Interactive Auth bugs and continuing with our performance work.

🔗Synapse Deployment

Mathijs reported:

The image for synapse 1.11.0 is now available as avhost/docker-matrix:v1.11.0 and mvgorcum/docker-matrix:v1.11.0. As always these images use jemalloc, and mjolnir anti-spam got added to the images.

Ananace told us:

Just pushed the K8s-optimized Synapse images for 1.10.1

and:

Just pushed version 1.11.0 of the K8s-optimized Synapse images, find them on dockerhub as ananace/matrix-synapse

🔗Dept of Bridges 🌉

🔗matrix-github

Half-Shot offered:

Hola. I wrote the matrix-github bridge a while back to support bridging issues and pullrequests into Matrix as rooms, so that the history of an issue can be tracked within a room, and users can comment on them within Matrix. As of today, you can now bridge in your own notifications into Matrix. It's early days, but is actually proving to be useful.

🔗matrix-appservice-slack 1.1.0

Half-Shot offered:

More news! This week matrix-appservice-slack has reached 1.1.0-rc1 and included is a whole bunch of puppeting and membership sync features. The headline features are:

• Add ability to sync Slack channels and users automatically to Matrix
• Sync Slack membership changes to Matrix
• Add whoami user command.
• Create private rooms on demand if they do not exist

...and then...

has reached 1.1.0. Nothing has changed. It's just not called 1.1.0-rc1 anymore.

🔗matrix-xmpp-filter

mijutu offered:

matrix-xmpp-filter can now handle multiple XMPP clients per process and multiple Matrix accounts per XMPP client. It's like matrix-ircd, but with XMPP instead of IRC. Made with libQuotient and libqxmpp. Available at https://k2c42.dy.fi/matrix-xmpp-filter.git Feedback to #matrix-xmpp-filter:ellipsis.fi

🔗mx-puppet-bridge

sorunome said:

mx-puppet-bridge now automatically stops typing indicators for a specific ghost if the remote protocol sends out a message as it.

🔗matrix-discord-parser

sorunome offered:

matrix-discord-parser now utilizes https://mau.lu/ to neatly bridge inline matrix images / custom matrix emojis over to discord! mx-puppet-discord already includes the new version.

🔗Dept of Clients 📱

🔗gomuks: SSO and more

tulir (Mozilla) offered:

gomuks now does single sign-on, which means you can log into mozilla matrix accounts with it.

Check the docs for information on how to add SSO to your Matrix client.

Later:

In addition to the SSO support mentioned earlier, gomuks now has initial support for rendering reactions and full support for edits (both sending and rendering). Some bugs have also been added and/or fixed.

🔗Radical

stoic offered:

Formerly known as Riot WebExtension.

• Released version 1.5.10 on AMO, which bundles Riot Web v1.5.10
• Support for Radical Native, which allows searching in encrypted rooms
• Renamed to Radical

anoa asked:

I'm curious how you got seshat working in a browser, considering wasm doesn't have support for multi-threading?

stoic responded:

it's not actually running in the browser, it uses native messaging to spawn a local rust binary and talk to it over stdio poljar did a great job with seshat, so it wasn't much left for me to do 👌

🔗Radical Native

stoic announced:

Formerly known as Riot Booster Pack.

• Support for traditional Riot Web over HTTP landed in v0.1beta7, so you can use Radical Native with every Riot instance on the web. We're still in early beta, so no official Firefox AMO install available yet, if you want to give it a try you can follow these install instructions

🔗Riot Web themes repository

Aaron reported:

I made a place where you can post Riot Web themes https://github.com/aaronraimist/riot-web-themes

See also: Riot theming docs

🔗RiotX

benoit told us:

RiotX: this has been a good week on RiotX. We are making progress on cross-signing and SSSS implementation. We are fixing many small annoying issues and also starting to implement little missing features to improve users' life! The big next coming feature is improvement of attachment and share to RiotX flow, already merged in the develop branch, so available in the next release.

Regarding "SSSS", uhoreg helpfully links us to https://github.com/matrix-org/matrix-doc/pull/1946, and also added:

(I usually expand SSSS to "Secure Storage Something Something")

🔗Dept of SDKs and Frameworks 🧰

🔗Matrix Dart SDK (Pattle)

MatMaul told us:

This week a pull request has been pushed to integrate directly the SQL persistence backend inside the SDK, using Moor instead of sqflite. The code is smaller and a lot more readable, and it opens some nice perspectives: Moor has a web backend using sql.js, and now uses FFI by default instead of iOS/Android bindings, which should be faster (untested). https://git.pattle.im/MatMaul/matrix-dart-sdk/tree/moor

🔗Riot iOS

steve announced:

This week is still about cross-signing. We added support of self key verification by to_device and we are currently implementing verification by QR code at SDK level.

🔗simplematrixlib updated

swedneck offered:

I just updated my python library, simplematrixlib, as well as py-matrix-utils, adding the ability to upload files.

🔗ruma

jplatte offered:

Another set of new crates have been released:

• ruma-events 0.16.0, with a few minor improvements
• ruma-api 0.14.0 (and ruma-api-macros 0.11.0) has been released, fixing a bug where it would fail to deserialize most matrix requests if used server-side (bug found by timokoesters while experimenting with a new Rust homeserver implementation)

ruma-client-api is also continually being worked on to bring us up to date with r0.6.0 (thanks iinuwa!), but no new release was made this week.

🔗Dept of Bots 🤖

🔗auto-invite-matrix-bot

MTRNord offered:

I made a small utility Bot which allows you to redirect people that send messages to one of your "wrong" accounts to your "real" account.

https://github.com/MTRNord/auto-invite-matrix-bot

It currently does join on invite, invites your "real" account and sends a customizable message.

It does also support listening to multiple accounts or Homeservers.

🔗Dad Bot, the saga

If you were in #twim:matrix.org this week you may have seen that the most popular bot was "Dad Bot"...

Dylan reported:

I made Dad Bot for Matrix which mocks users who use "i'm" or "im" in their sentences.

• GitHub: https://github.com/dhghf/dad-bot-matrix
• Current instance: @dadbot:m.dhdf.dev

...and then...

Quick update about Dad Bot:

• I added edits
• Dad Bot now sends m.notice instead of m.text and doesn't respond to other m.notices

Thanks Dandellion, and KB1RD

...but suddenly...

DadBot 2.0.0 is already here! With the quick feedback given by the community I added all the features

• Dad Bot will now edit the response message if the original message was edited
• Dad Bot won't respond to other Dad Bots (lol)
• Dad Bot won't respond to old messages on the first time syncing

What's in the works:

• Responding with images in the message
• Jokes! (because it's not a full dad bot without jokes)

...and finally...

I opened a room for discussions about dad bot if you want to send feedback there. #dadbot:m.dhdf.dev

🔗lightweight reminder bot

stefan said:

I got my first silly matrix bot running last evening. It is a lightweight reminder bot. The source is over there: https://git.sr.ht/~rumpelsepp/remindbot

🔗Dept of Ping 🏓

Here we reveal, rank, and applaud the homeservers with the lowest ping, as measured by pingbot, a maubot that you can host on your own server. Join #ping:maunium.net to experience the fun live, and to find out how to add YOUR server to the game.

Rank	Hostname	Median MS
1	imninja.net	365
2	shortestpath.dev	384
3	maescool.be	405
4	envs.net	421
5	matrix.vgorcum.com	535
6	gottliebtfreitag.de	535.5
7	maunium.net	545.5
8	queersin.space	657
9	asra.gr	672
10	saces.de	795

🔗That's all I know 🏁

See you next week, and be sure to stop by #twim:matrix.org with your updates!