🔗Matrix Live S09E32 - QR Code Login & Translations

This week at Element, Benoit walks us through how he checks that the translations are consistent in Element, and Hugh tells us everything about the awesome QR Code Login in Matrix Auth Service!

🔗Dept of Servers 🏢

🔗Synapse (website)

Synapse is a Matrix homeserver implementation developed by Element

Till announces

This week we released Synapse v1.110.0rc2, which contains experimental support for account suspension, report room API, more native Sliding Sync functionality and more.

Check out the release notes for more details! Also, if you can, please test v1.110.rc2 in non-critical environments.

(Note: I've linked to rc1 release notes, since all the changes are in rc1, which unfortunately was only partially released due to a packaging issue. rc2 fixes this.)

Continue reading…

Hello everyone,

The Trust & Safety team has been working hard to get MSC3916 in the hands of users, and we’re nearly there with Matrix 1.11 being released last week. This fixes a long-standing design flaw in Matrix where media (images, avatars, files, etc) can be accessed without authentication if the URL is known. Matrix 1.11 fixes this by requiring authentication on these URLs, removing the ability for users to treat homeservers as CDNs for hosting arbitrary Matrix content for arbitrary users.

Rolling this feature out to the entire public federation is a bit tricky, particularly when considering the user safety and privacy benefits which Matrix 1.11 brings. Developers are encouraged to support authenticated media quickly to give server admins the ability to freeze unauthenticated media access on their servers. Media uploaded or cached before the freeze will remain accessible on the unauthenticated endpoints, but any media uploaded or cached after the freeze will only be available through the authenticated endpoints.

This freeze reduces the amount of breakage users will see. We’re aware of links being shared outside the context of a room already, and breaking those would be pretty disappointing for those users. We also don’t want to encourage that capability going forwards due to the space it takes up and the anonymous nature of the requests. Users who keep their clients updated should see no impact when their servers implement their freeze, but may find themselves unable to copy/paste media URLs to their friends.

Matrix 1.11 recommends that all servers evaluate their local ecosystem to determine when would be best to implement the freeze, and that the freeze should happen before Matrix 1.12 is released in August 2024. For the matrix.org homeserver, we anticipate most of our users to have updated clients in July, putting our freeze date in August.

Developers, and those curious, are encouraged to review the Matrix 1.11 blog post for details on the changes they’ll need to make in July to have near-zero matrix.org user impact, and for information about the recommended freeze approach.

🔗Timeline for matrix.org homeserver

To assist developers and other server admins in testing their implementations, we will be updating the beta.matrix.org homeserver to enact the freeze as soon as code is available for that. We expect this to happen in July 2024. The matrix.org (non-beta) homeserver’s freeze will be started on August 28th, 2024 September 4th, 2024 during normal UK business hours.

Update August 14, 2024: Most of the ecosystem has already updated to support authenticated media with only a few bug fixes pending release. To give a little bit more buffer for these bug fixes to roll out, we've moved our scheduled date to September 4th, 2024.

All media uploaded and cached prior to the freeze will remain accessible on the unauthenticated endpoints and authenticated endpoints. Media uploaded and cached after the freeze will only be available through the authenticated endpoints, not the unauthenticated ones.

🔗Developer support

The team is making themselves available in the #matrix-client-developers:matrix.org and #matrix-homeserver-developers:matrix.org rooms on Matrix to help support developers in implementing this feature. Client, server, and bridge authors are welcome to visit those rooms to get help in figuring out what needs to happen to support authenticated media. Further resources are also available in the Matrix 1.11 blog post.

For questions about the rollout itself, the freeze date, or the (beta.)matrix.org homeserver, please visit #foundation-office:matrix.org on Matrix.

We look forward to seeing the ecosystem working towards a safer, authenticated, experience for users.

Thank you,

Travis Ralston & the whole Matrix.org Foundation team

🔗Matrix Live

🔗Dept of Status of Matrix 🌡️

Thib (m.org) announces

Heads up that The Matrix Conference Call for Proposals is open until Wednesday 26 June, 10am Anywhere on Earth (23:59 CEST)!

Make some room in your schedule today, in the weekend or early next week to send your best proposals. We're interested in various types of talks: why your Matrix project is exciting, the (technical or non-technical) problems it solves, how Matrix fits in your organisation or community, exciting topics you want to tackle but need to find partners for, and more.

Whether you want to submit a short or long talk, or a workshop idea, head to http://2024.matrix.org to get all the conference details, or https://cfp.matrix.org to submit a proposal!

Continue reading…

Hey all,

We’ve just released the milestone Matrix 1.11 update for the protocol. It’s been almost exactly 3 months since the last release, Matrix 1.10, keeping us on track for our once-a-quarter release schedule.

There are 9 MSCs released in Matrix 1.11 today, but there’s one specific MSC we’d like to draw your attention to: MSC3916 - Authenticated Media. Until today, Matrix had a design flaw which allows a user to access media unauthenticated if they knew the URL. This has been used to share files in social media posts, link images outside of chats, and generally imply that a homeserver is a CDN for the internet. Some of these use cases are legitimate, though many are not. This is fixed with MSC3916.

This post covers MSC3916 and its implementation guidelines in more detail, but the full changelog for Matrix 1.11 is available at the end, as always.

Continue reading…

🔗Dept of Status of Matrix 🌡️

Thib (m.org) reports

The Matrix.org Foundation and the Matrix Community Summit team are pleased to announce The Matrix Conference!

It is meant to be the place where the ecosystem at large meets. From individual hackers to organisations working with Matrix, from the Governing Board to public sector representatives we expect the whole community to gather for an exciting event that shapes the future of Matrix!

A particular thank you to HarHarLinks, Yan and Nadine as well as Plain Schwarz who all contributed to the organisation.

Find all the details about the conference and the venue at https://2024.matrix.org and submit your proposals at https://cfp.matrix.org.

Continue reading…

The Matrix.org Foundation is happy to launch the first Matrix Conference, this September 19th to 22nd in Berlin, Germany, at Mitosis Labs! Click on the picture bellow to learn more!

Building on the success of the Matrix Community Summit, the Foundation is joining forces with the Summit team to open the conference to wider audiences. This is the event that policy makers, public and private sector leaders, open source enthusiasts, and technologists attend to share knowledge and learn what’s next in the decentralised and secure communications sector.

This is THE gathering place for hackers, project managers, digital sovereignty leaders and innovators. With several tracks covering everything from sovereignty & collaboration in the public sector to digital rights and advocacy, all profiles will find content for their interest. Outside of the tracks there will be plenty of time and space to get to know others from the ecosystem and exchange ideas.

Continue reading…

🔗Matrix Live S09E30 — The Account Migrator

The Foundation is hard at work to let you move your Matrix account around. Tadzik walks us through a pragmatic solution to several problems we have.

🔗Foundation

🔗Policy and Regulations blog series

Denise [away] says

we're starting a policy and regulation blog series over on the Foundation's blog. Over the next few months I'll be covering various pieces of legislation that are already in place, as well as incoming regulation, and what it all means for Matrix.

https://matrix.org/blog/2024/06/regulatory-update/

🔗Dept of elections 🗳️

Josh Simmons (he/they) says

The votes have been counted! Introducing the first elected Governing Board of the Matrix.org Foundation 🎉

Thanks to everyone who ran and everyone who voted, and congratulations to those who have been elected!

This is a huge milestone for Matrix, and now we can tackle the challenges we face with greater community involvement: https://matrix.org/blog/2024/06/election-results/

Continue reading…

If you have been following the matrix.org blog for some time, you will know that we’ve never been ones to shy away from complex topics like public policy and its impacts on Matrix. With this blog post series, our aim is to introduce a more regular cadence to our regulatory updates and to be more transparent about where we are focusing our efforts in this area.

Each blog post in the series will focus on a given theme or piece of law, as well as its relevant jurisdiction. We will start this series by taking a deep dive into EU regulation, starting with the General Data Protection Regulation (GDPR). Future blog posts in the series will cover the digital services package (DMA and DSA), the incoming CRA and the highly controversial CSAM regulation. These will be followed by a series dedicated to the UK, particularly UK applications of European law such as the GDPR and ePrivacy directive, as well as the Online Safety Act and the IPA amendment bill. Finally, we will conclude the series by looking across the pond and diving into the Cloud Act, as well as KOSA and other existing proposals.

Continue reading…

It is an honor and a pleasure to unveil the election results and introduce the first elected Governing Board for the Matrix.org Foundation!

Congratulations to the winning candidates, we thank you for your willingness to serve the community. We’re also grateful to everyone who threw their hat in the ring, and hope that the candidates who did not get elected consider running again in the future – noting that we have an election of Gold, Silver, Individual, and Associate Members scheduled for next year.

Thanks also to all of the people who cast ballots in the election, and to everyone who asked questions along the way! We learned a lot in this first election process that we look forward to incorporating into the next one.

The level of engagement with the process was a very encouraging sign for the health of the Matrix ecosystem, and we’re proud to have had 100% voter turnout in all but one constituency.

Read on to see who is on the Governing Board, a brief discussion of next steps, and reflections on some of the work that remains to improve representation.

Continue reading…

🔗Matrix Live

🔗Dept of Spec 📜

Andrew Morgan (anoa) {he/him} reports

Here's your weekly spec update! The heart of Matrix is the specification - and this is modified by Matrix Spec Change (MSC) proposals. Learn more about how the process works at https://spec.matrix.org/proposals.

🔗MSC Status

New MSCs:

• MSC4148: Permitting HTTP(S) URLs for SSO IdP icons
• MSC4147: Including device keys with Olm-encrypted events

MSCs in Final Comment Period:

• MSC4115: membership information on events (merge)

Accepted MSCs:

• No MSCs were accepted this week.

Closed MSCs:

• No MSCs were closed/rejected this week.

🔗Spec Updates

This last week's focus was primarily spent on ensuring MSCs are moving towards Final Comment Period (FCP; the step before an MSC is accepted) at a healthy pace. Below are the MSCs which were on Tuesday's pings, and their current status:

• MSC3916: Authenticated media
  • Needs just 2 more checkmarks SCT members to enter FCP (started the week needing 6).
• MSC4138: More methods in CORS
  • Needs 1 more checkmark from the SCT to enter FCP (started the week needing 1).
  • Currently blocked on clarified text regarding its scope.
• MSC2781: Removing reply/edit fallbacks
  • Needs just 2 more checkmark from the SCT to enter FCP (started the week needing 2).
  • Currently blocked on some clarified behaviour and process ordering.
• MSC2867: Marking rooms as unread
  • Needs checkmarks from 3 more SCT members to enter FCP (started the week needing 3).
  • Currently blocked on ensuring that this addition to spec doesn't make notifications more complicated.

Client and server developers are encouraged to review these MSCs in particular because they're on a path to being included in the next spec version. This doesn't have to mean implementing them, but if there's something which doesn't sound quite right in the proposal text then leave a comment on the diff to raise a concern. The SCT will take these comments into consideration as the MSC enters FCP - the 5 day countdown to ensure any last comments are considered before the proposal is accepted into the spec as stable.

Next week's focus will largely be the same as usual: we'll focus on unblocking Matrix 2.0 MSCs/features as a priority, and MSCs which require more checkboxes to enter FCP will be raised for prompt review. We're always on the lookout for MSCs ready for FCP, but can sometimes miss something - let us know in #sct-office:matrix.org if it looks like something is ready to go but hasn't caught our eye yet.

Continue reading…