This Week in Matrix 2019-08-02

02.08.2019 23:35 β€” This Week in Matrix β€” Ben Parsons
Last update: 02.08.2019 20:23

πŸ”—Matrix Live

I chatted to Rick about the new Small instances available on modular.im.

πŸ”—Dept of Spec πŸ“œ

Approved MSCs

No MSCs have been approved.

Final Comment Period

In Progress MSCs

(kudos to anoa for providing this well-formatted summary section)

πŸ”—KaTeX rendering support

Tim:

there's now a pull request in for full native math rendering support (via KaTeX), which will replace the shoddy bot that I made last week (or whenever)
https://github.com/matrix-org/matrix-react-sdk/pull/3251

πŸ”—Dept of Servers 🏒

πŸ”—Synapse

This week we’ve been working on implementing identifier hashing in sydent, a brand new installer for Synapse, we’ve trialled some new db perf improvements which look very promising (more on this soon) and finally very close to an all new implementation of room search.

Next week we’ll push out the all new Sygnal, continue with the installer and room search and pick up some tasks under our privacy umbrella to ensure that Synapse is not holding onto any data that it does not strictly need to.

πŸ”—Dendrite

anoa:

Dendrite progress marches forwards. This week we had:

  • Room tagging implemented (thanks peekay_46!)
  • A PR for redactions opened by our GSoC student cnly
  • A PR for authentication fallback (for when clients don’t have a web browser built in and want to use recaptcha from trion129
    • This has been in the works for a while, and just has a couple small changes left to go!
  • Two PRs for filtering database functionality from CromFr
  • A PR for fixing the scope of transaction IDs in Dendrite’s transaction cache from cnly

Cnly’s GSoC period ends on August 26th. He has been a massive boon to the project’s cadence so far and we hope he will continue even after GSoC ends when he has time :)

πŸ”—Dept of SDKs and Frameworks πŸ—

πŸ”—koma, Kotlin Library

yuforia has this update about koma, the library used to power continuum:

Provide automatic deduplication and rate-limiting when downloading media resources. This improves performance of GUI applications, where avatars of many users may appear on screen at once, and some of them may be identical.

πŸ”—libQuotient

kitsune:

libQuotient's master branch now supports sending and receiving reactions, and receiving message edits. We also have another PR in the works from aa13q that would add support for events decryption, as a part of his GSoC endeavour.

πŸ”—Dept of Clients πŸ“±

πŸ”—Fractal 4.2 released

Alexandre Franke announced a new edition of Fractal:

Nightlies of Fractal are currently stuck on a 2 weeks old build because of one of our dependencies… but the long awaited 4.2 stable release is out! You can get it out fresh from flathub as usual.

Changelog:

New features:

    Adaptive window, mobile friendly
    Window size and position are remembered
    Redesigned login
    Spellcheck
    Network proxy support
    Typing notifications
    Badges are shown for operators and moderators
    Keyboard shortcuts for easier navigation across rooms

Better uploads:

    Audio and video files are now tagged correctly
    Image files have a thumbnail
    Various tweaks to the file chooser

Bugfixes:

    Logs actually output something now
    A few issues with invites and direct chats have been resolved
    More reliable scrolling
    Some crashes fixed

Under the hood:

    Code refactor continues
    We’re now using Rust 2018
    Many improvements to the build system and CI

πŸ”—Neo huge update!

joepie91:

Lots of news about Neo!

  • There's now an additional maintainer (joepie91)!
  • A lot of the internals have been refactored, so they should be more maintainable and reliable going forward. Also some future work planned on refactoring the state handling using Redux, which should make it much faster to fix issues and add new features in the future. There are even some ideas already for a future plugin API!
  • Display has been improved in a lot of places. Error messages are now more clearly formatted, images in reply-quotes are now shown as thumbnails rather than just a filename, and the reply-to popup now shows the full event that you're replying to properly. The chat window now correctly sticks to the bottom when you're scrolled to the end and receive new messages, even when an image or video loads - though per-room scroll position restoration isn't done yet.
  • There's now an experimental compact mode! It uses a more IRC-client-like layout for messages, and generally just fits more content onto the screen. It can be enabled with an experimental flag. A screenshot of the compact mode can be found here.

You can try the compact mode at https://neo.pixie.town/app/?compactMode=true.

πŸ”—Riot Web

Message editing composer now supports undo/redo.

πŸ”—Riot iOS

  • Reactions: List of who reacted
  • Native Camera. The embedded camera view has been removed. There is now a new action β€œTake photo and video”
  • Privacy: We have been working on implementing terms to display before using integrations

πŸ”—Riot Android

  • VOIP / Remove default stun server
  • Make Integration Manager optional (disables widgets, calls)

πŸ”—RiotX (Android)

  • Feature / Direct Room Creation Flow
  • Improvement / Local echo of pending edits
  • Improvement / Seamless transition from timeline to fullscreen image preview
  • Bug fixes

πŸ”—Pattle

Wilko:

Pattle is now available on Google Play!

πŸ”—Dept of Bridges πŸŒ‰

Half-Shot:

Hey folks, first an update from the bridges integrations side. We've brought back snoonet and oftc on the integrations menu so you can once again connect matrix rooms to these networks. Other networks should work as standard.

πŸ”—matrix-appservice-irc

Half-Shot again:

On the matrix-appservice-irc side we've made a few fixes to the handling of IRC modes (things that handle how users should behave) when bridged to IRC. This should hopefully make opping and voicing users more reliable. There are a few other fixes in the pipeline too, so a release isn't too far off.

πŸ”—GitHub issue bridging !?

Half-Shot AGAIN:

I had an adventure this afternoon into the world of bridging again, and have made a Github to Matrix bridge. At the moment you can join aliases and saturate your homeserver with the entire history of a issue or PR. You can also chat to folks on issues in realtime.

Check it out at: https://github.com/Half-Shot/matrix-github

GitHub issue bridging

πŸ”—Dept of Ops πŸ› 

πŸ”—debian-based K8s-optimized image

Ananace:

Just pushed a debian-based K8s-optimized image as well, it's 150MB larger than the alpine one, but on the other hand it comes with jemalloc support so it's nicer on the RAM instead.

πŸ”—CLI federation tester

kai is someone with no fear of rapid iteration! Versions 1.2, 1.3, 1.4 and 1.5 of his script were made available this week:

I finished version 1.5 of my small command line based federation tester. The bash script relies heavily on popular Unix tools like awk, curl, jq, sed and so on. Compared to https://federationtester.matrix.org, the outputs are a little more detailed and additional tests are performed, especially on the supported SSL protocols. Currently, it has only been tested under Linux.
The current version improves the handling of port in the .well-known and DNS SRV configuration.
You can download it from #cli_federation-tester_de:matrix.chat-secure.de or directly via https://matrix.chat-secure.de/_matrix/media/r0/download/matrix.chat-secure.de/MDwYLdrxRdudmcgDzBEALCzN

πŸ”—Dept of Bots πŸ€–

jcgruenhage has been working on a bot in relation to the startup he's working with:

I made a bot for issuing Json Web Tokens to matrix users based on what homeserver they are on. It's implemented as a maubot plugin (best way to write bots right now) and licensed under the AGPLv3. You can find it over at https://gitlab.com/famedly/bots/jwt, and talk about it in #jwt-bot:famedly.de
As for the usecase, we want to give people from customer homeservers access to an API component, but don't want to maintain a separate account database. This way, they can request a token from the bot and then use that to interact with the API component

πŸ”—Dept of Services πŸš€

jaywink used an underrated HTML tag tag to inform us:

<Feneas community hat> We've added a public fully featured Telegram bridge to our Matrix stack. More info in our forum. </Feneas community hat>

This is great - we must tip the hat to tulir, creator of this widely-used bridge.

πŸ”—Final thoughts πŸ’­

red_sky: Nheko now has a weblate instance set-up for users to contribute translations: https://weblate.nheko.im/engage/nheko/

Interview about DINSIC's use of Matrix (all in French)

πŸ”—That's all I know 🏁

So that's all I have to say to you right now! See you next week, and be sure to stop by #twim:matrix.org with your updates!

Critical Security Update - Synapse 1.2.1 released

26.07.2019 00:00 β€” Releases β€” Neil Johnson

Today we release Synapse 1.2.1 as a critical security update. It contains patches relating to redactions and event federation. The patches address long standing bugs, and are not regressions specific to the previous version (1.2). All admins, regardless of current version, should upgrade asap.

This release includes four security fixes:

  • Prevent an attack where a federated server could send redactions for arbitrary events in v1 and v2 rooms. (#5767)
  • Prevent a denial-of-service attack where cycles of redaction events would make Synapse spin infinitely. Thanks to @lrizika:matrix.org for identifying and responsibly disclosing this issue. (0f2ecb961)
  • Prevent an attack where users could be joined or parted from public rooms without their consent. Thanks to Dylanger for identifying and responsibly disclosing this issue. (#5744)
  • Fix a vulnerability where a federated server could spoof read-receipts from users on other servers. Thanks to Dylanger for identifying this issue too. (#5743)

Additionally, the following fix was in Synapse 1.2.0, but was not correctly identified during the original release:

  • It was possible for a room moderator to send a redaction for an m.room.create event, which would downgrade the room to version 1. Thanks to @/dev/ponies:ponies.im for identifying and responsibly disclosing this issue! (#5701)

You can get the new update here or any of the sources mentioned at https://github.com/matrix-org/synapse. Alternatively check out our Synapse installation guide page

Thanks for bearing with us.

This Week in Matrix 2019-07-26

26.07.2019 00:00 β€” This Week in Matrix β€” Ben Parsons

πŸ”—Matrix Live - demos!

We had a great demo session this afternoon, unfortunately the recording quality for some of the items was not good enough to share - and it was interesting stuff too! I cut everything from the RiotX and Riot iOS sections - but we'll make it up to you by getting more news from those projects soon.

πŸ”—Dept of Status of Matrix 🌑

Matthew informed the community:

We're getting more and more folks reaching out for paid help setting up smaller self-hosted Matrix deployments. The core team has its hands full currently with helping out with larger deployments; so if anyone reading this wants to offer paid support to those getting up and running on Matrix then please make us aware so we can potentially route inquiries to you.

This is a great step for Matrix, and a great opportunity for you the reader! There are already several people prepared to start work on Matrix-related endeavours, but the fact that there is more work coming in than we can currently route is amazing. If you'd like to be on an informal shortlist, contact support@, or come chat to me directly.

πŸ”—Dept of Servers 🏒

πŸ”—Synapse

So said Neil, who oversees the Synapse-makers:

This week we shipped two new versions, 1.2 (https://matrix.org/blog/2019/07/25/synapse-1-2-0-released) and 1.2.1(https://matrix.org/blog/2019/07/26/critical-security-update-synapse-1-2-1-released). 1.2.1 contains critical security updates, the bugs are long lived and not regressions introduced in 1.2 so all admins are encouraged to upgrade asap.

We’ve also been having some success in improving database performance and hope to ship that rsn so everyone can benefit.

Next week

We’ll continue on db perf, improving logging verbosity (through recategorising some log lines) and generally looking to improve the experience for those admins running on smaller instances.

πŸ”—Ruma

Jimmy released TWIR:

πŸ”—GSOC project: Matrix Visualisations πŸŽ“

Eisha:

The GSoc project β€œMatrix Visualisations” has continued its progression during the second period:

A β€œmulti-view” has been implemented for the frontend application. It means that it is now possible to independently view multiple DAGs at the same time in the same canvas. It can be useful for observing the same DAG but on different HS’s, at the same time. The only current limitation is that you have to use the same backend for every view (with CS API or with the backend talking to a Synapse PostgreSQL database). This change took a long time as it required to make a lot of changes in the code.

The implementation of the support of the Federation API within the backend is in progress. It is slowly progressing as it needed some discussion before starting the work on it and its implementation requires me to become familiar with a lot of new things, regarding the federation process and the authentication of requests between HS’s.

πŸ”—Dept of SDKs and Frameworks πŸ—

πŸ”—matrix-shell-suite taking feature requests

darnir:

Hey, I'd like to put out a call to everyone out there. If there's any script people desire for interacting with matrix homeservers, the #matrix-shell-suite:matrix.org project is taking feature requests.

πŸ”—Olm SAS interface for RubyOlm

Willem:

I had the code laying around for quite a while, but I just completed the Olm SAS interface for my fork of RubyOlm. It also includes interfaces for generating the emoji! πŸ˜€

πŸ”—Dept of Clients πŸ“±

πŸ”—Pattle 0.10.0

I've been playing with Pattle 0.10 and have to say, it feels silky smooth to scroll with. It's really making me look again at Flutter development.

From Wilko, project lead:

A new version has been pushed to F-droid and TestFlight!

Note that for TestFlight the new version will be available in a few days.

  • Improve scrolling through chat messages!
    • Messages are now paginated under the hood, before the whole message list was rebuild when loading more messages, causing a jittery scrolling experience.
  • Support typing notifications!
    • Typing notifications are shown and send while typing.
  • Add chat settings screen
    • Currently you can see the chat name, avatar, description and members. More will be added in the future.
    • You can go to the chat settings screen by clicking on the title of the chat. This'll probably change in the future (at least to be easier).
  • Reverse swipe direction of images (thanks Nathan!)
  • Fix ripple not showing on send button
  • Make UI refreshing more efficient
  • The App Store (iOS) name is now 'Pattle' instead of 'Pattle IM'
  • When a chat is open, the UI will only be rebuild if that chat has updates.
  • Lot's of code clean ups and improvements, mostly in the SDK

What's coming up?

  • A release on Google Play!
  • A release on the official F-droid repo!
  • Remove Cupertino specific styling on iOS
    • Will now use Material Design, but altered for iOS. Having the discrepancy between Cupertino and Material was also the reason why some things didn't show up in iOS or why some things would be blue instead of the Pattle red.
  • Notifications!? (F-droid)

Follow development in #app:pattle.im!

Pattle 0.10

πŸ”—Spectral introduces support for reactions

Black Hat:

Reaction support is coming to Spectral!

Reactions in Spectral

πŸ”—Riot Web

From the team:

The edit history of a message now shows differences also for formatted (html) messages.

πŸ”—Riot iOS

From the team:

  • Reactions: We have now an Emoji picker and the screen that displays who reacted
  • Soft logout fully implemented

πŸ”—Riot Android

From the team:

  • New release of Riot (0.9.3) to fix crash on Android 4.x
  • The package is bigger because we embed both 32bits and 64bits, which is now required by Play Store

πŸ”—RiotX (Android)

From the team:

  • Room screen: Manage cancel/resend of unsent messages
  • New DM room creation flow
  • Room upgrade support

πŸ”—Dept of Encryption πŸ”

πŸ”—New Pantalaimon release

poljar told us:

Pantalaimon got a new release. This release brings experimental support for search in E2E encrypted rooms, performance improvements in the database department, better support for true headless mode for all the bot lovers, and of course the usual bug fixes and small improvements.

πŸ”—Dept of Bridges πŸŒ‰

πŸ”—matrix-appservice-slack

Half-Shot announced:

0.3.1 of the slack bridge is out with a few bugfixes

Be sure to watch Cadair provide a demo in the Matrix Live video above.

πŸ”—Picard Bot (slack bridging)

Cadair:

SolarDrew and I have been working on re-writing our Picard Bot for a conference next week. Picard helps you bridge between a slack team and a matrix community.

This second version of Picard adds support for reacting to creation of new rooms on slack in real time as well as implementing a set of commands for creating new bridged rooms from either matrix or slack. In addition to this, Picard has matrix commands for inviting you to all the bridged rooms in the community and automatically inviting you to new rooms as they are created. Finally, we have added support for sending welcome messages to all new members of your slack team or matrix community in a DM with the bot, which we are using to explain the chat setup to users and giving them a private place to issue commands.

This is uses matrix-appservice-slack for actually sending events in bridged rooms, and PIcard itself is a skill for the opsdroid bot framework #opsdroid-general:matrix.org and uses the matrix-database plugin for opsdroid which uses matrix room state to back the opsdroid memory.

πŸ”—mx-puppet-bridge, new bridge: mx-puppet-instagram

The work on mx-puppet-bridge things continue! The core library and the implementation received some bugfixes, however, a new bridge is there: mx-puppet-instagram. Currently it supports

  • Auth currently only by username+password :(
  • basic message sending
  • I->M photoes, voice messages, animated image thingies
  • M->I images
  • M->I files as links only

πŸ”—mautrix-whatsapp

tulir has been putting a lot of time into WhatsApp bridging lately, the bridge is more stable than ever:

There's a mysterious new mautrix-whatsapp branch. Related to that, I made a spec proposal and a synapse PR to allow appservice bots to use /sync.

πŸ”—GSoC Project: Reliable Bridges

Thanks for this update from Kai:

It's all coming together now. While all pieces of the puzzle were roughly there, now they are put into the big picture.

The bridge SDK PR has been merged to develop, now providing bridges the benefit of error reporting. The modifications to the SDK are non-breaking, but activation of the feature requires small changes to the bridge using it. But be warned, everything is still under an unstable prefix and rightly so – the implementation is still subject to change. >

The MSC didn't get much love in public, but the concepts required to evolve it are taking shape. It was contemplated to piggyback on MSC 1410: Rich Bridging and to add a retry mechanism. So heads up for more to come on this front.

The display of bridge errors in Riot Web is now a PR and in the state of getting its last few kinks removed. It will start to be available under a lab flag soon.

With everything getting to play together nicely, there will be the first rooms enabling bridge errors to test the code in the wild. Stabilizing the code for everyday use and getting the MSC into a respectable form are the next goals for the project. Those will help in fostering broader adoption among bridges and clients.

πŸ”—Dept of Ops πŸ› 

πŸ”—k8s images

Ananace made sure everything is up to date for Synapse with 1.2.1 images now available.

πŸ”—Dept of Identity πŸ›‚

πŸ”—ma1sd, identity server forked from mxisd released

ma1uta has been working on ma1sd, a fork of the discontinued mxisd:

ma1sd (https://github.com/ma1uta/ma1sd) is released. ma1sd is a fork of the discontinued mxisd (https://github.com/kamax-matrix/mxisd) is a federated Matrix Identity Service.

Changes:

  • rename the application name, configuration options to ma1sd. Internal names, packages still use old name mxisd
  • bump some dependencies to the latest versions
  • add openjdk-11 dependency for debian package due to debian 10 doesn't include openjdk-8 (yep, ma1sd can work with java 11).

Downloads:

Feel free to ask me questions about ma1sd in #ma1sd:ru-matrix.org

πŸ”—Final thoughts πŸ’­

kitsune: "the latest versions of libQMatrixClient (0.5.2 - still under the old name) and Quaternion (0.0.9.4) are now available in Debian unstable, thanks to uhoreg"

πŸ”—That's all I know 🏁

See you next week, and be sure to stop by #twim:matrix.org with your updates!

Synapse 1.2.0 released

25.07.2019 00:00 β€” Releases β€” Neil Johnson

Hey hey, Synapse 1.2.0 is here. It contains aggregations support, better error handling for deactivated accounts and some important bug fixes for redacting messages. Special thanks to community members skalarproduktraum and Lrizika for submissions to improve our documentation.

As ever, you can get the new update here or any of the sources mentioned at https://github.com/matrix-org/synapse. Note, Synapse is now available from PyPI, pick it up here. Also, check out our Synapse installation guide page

The changelog since 1.1.0 follows:

πŸ”—Synapse 1.2.0 (2019-07-25)

No significant changes.

πŸ”—Synapse 1.2.0rc2 (2019-07-24)

πŸ”—Bugfixes

  • Fix a regression introduced in v1.2.0rc1 which led to incorrect labels on some prometheus metrics. (#5734)

πŸ”—Synapse 1.2.0rc1 (2019-07-22)

πŸ”—Features

  • Add support for opentracing. (#5544, #5712)
  • Add ability to pull all locally stored events out of synapse that a particular user can see. (#5589)
  • Add a basic admin command app to allow server operators to run Synapse admin commands separately from the main production instance. (#5597)
  • Add sender and origin_server_ts fields to m.replace. (#5613)
  • Add default push rule to ignore reactions. (#5623)
  • Include the original event when asking for its relations. (#5626)
  • Implement session_lifetime configuration option, after which access tokens will expire. (#5660)
  • Return "This account has been deactivated" when a deactivated user tries to login. (#5674)
  • Enable aggregations support by default (#5714)

πŸ”—Bugfixes

  • Fix 'utime went backwards' errors on daemonization. (#5609)
  • Various minor fixes to the federation request rate limiter. (#5621)
  • Forbid viewing relations on an event once it has been redacted. (#5629)
  • Fix requests to the /store_invite endpoint of identity servers being sent in the wrong format. (#5638)
  • Fix newly-registered users not being able to lookup their own profile without joining a room. (#5644)
  • Fix bug in #5626 that prevented the original_event field from actually having the contents of the original event in a call to /relations. (#5654)
  • Fix 3PID bind requests being sent to identity servers as application/x-form-www-urlencoded data, which is deprecated. (#5658)
  • Fix some problems with authenticating redactions in recent room versions. (#5699, #5700, #5707)
  • Ignore redactions of m.room.create events. (#5701)

πŸ”—Updates to the Docker image

  • Base Docker image on a newer Alpine Linux version (3.8 -> 3.10). (#5619)
  • Add missing space in default logging file format generated by the Docker image. (#5620)

πŸ”—Improved Documentation

  • Add information about nginx normalisation to reverse_proxy.rst. Contributed by @skalarproduktraum - thanks! (#5397)
  • --no-pep517 should be --no-use-pep517 in the documentation to setup the development environment. (#5651)
  • Improvements to Postgres setup instructions. Contributed by @Lrizika - thanks! (#5661)
  • Minor tweaks to postgres documentation. (#5675)

πŸ”—Deprecations and Removals

  • Remove support for the invite_3pid_guest configuration setting. (#5625)

πŸ”—Internal Changes

  • Move logging code out of synapse.util and into synapse.logging. (#5606, #5617)
  • Add a blacklist file to the repo to blacklist certain sytests from failing CI. (#5611)
  • Make runtime errors surrounding password reset emails much clearer. (#5616)
  • Remove dead code for persiting outgoing federation transactions. (#5622)
  • Add lint.sh to the scripts-dev folder which will run all linting steps required by CI. (#5627)
  • Move RegistrationHandler.get_or_create_user to test code. (#5628)
  • Add some more common python virtual-environment paths to the black exclusion list. (#5630)
  • Some counter metrics exposed over Prometheus have been renamed, with the old names preserved for backwards compatibility and deprecated. See docs/metrics-howto.rst for details. (#5636)
  • Unblacklist some user_directory sytests. (#5637)
  • Factor out some redundant code in the login implementation. (#5639)
  • Update ModuleApi to avoid register(generate_token=True). (#5640)
  • Remove access-token support from RegistrationHandler.register, and rename it. (#5641)
  • Remove access-token support from RegistrationStore.register, and rename it. (#5642)
  • Improve logging for auto-join when a new user is created. (#5643)
  • Remove unused and unnecessary check for FederationDeniedError in _exception_to_failure. (#5645)
  • Fix a small typo in a code comment. (#5655)
  • Clean up exception handling around client access tokens. (#5656)
  • Add a mechanism for per-test homeserver configuration in the unit tests. (#5657)
  • Inline issue_access_token. (#5659)
  • Update the sytest BuildKite configuration to checkout Synapse in /src. (#5664)
  • Add a docker type to the towncrier configuration. (#5673)
  • Convert synapse.federation.transport.server to async. Might improve some stack traces. (#5689)
  • Documentation for opentracing. (#5703)

Data Portability Tooling Bug

24.07.2019 00:00 β€” Privacy β€” Thomas Lant

It was drawn to our attention this afternoon that there is a bug in our GDPR data portability tooling that resulted in the data dump including some events that should not have been included.

This tooling has recently been updated (here is the new code), and the bug only affects reports generated with the updated tool. So far we have generated one report using the updated tooling.

The bug affects events which:

  • were sent in rooms in which, at the point at which the message was sent, the message visibility was set to 'shared' or 'world readable', and
  • were pulled in over federation from another server after the data subject left the room

As a reminder, 'shared' message visibility means anyone in the room can view the message, from the point in time at which visibility was set to 'shared' and 'world readable' means anyone can read the messages without joining the room, from the point in time at which visibility was set to 'world readable'.

Events are pulled onto a homeserver over federation when a user on that homeserver tries to access events which, for whatever reason, their homeserver does not already have a local copy. This most often happens when their homeserver is offline for any period of time, but can also happen when a user is the first user from their homeserver to join a room with active participants on other homeservers.

We're still analysing the data but so far it looks like the bug resulted in only a small number of events that were not publicly-accessible being shared (there were also publicly-accessible events mistakenly included). At this stage we have identified 19 events from 4 users across 2 rooms (the dump contained ~3.5 million events). This is not to diminish the severity of the bug - just to reassure that the scale of its impact appears to be extremely limited.

It is also worth noting that any encrypted events erroneously included in the dump will not have been decryptable (since the data subject would not have had access to the keys).

πŸ”—Update (2019-08-06)

In our original analysis we stated that 19 events were shared erroneously. On closer analysis we missed 5 other timeline events - the correct figure is 24 timeline events originating from 4 users over 2 rooms. However, this figure focused on timeline data and does not take into account all state events (such as user joins, parts, topic changes etc). When considering these too, a further 56 state events were erroneously shared, referencing 64 users across these 2 rooms (mainly detailing when users had joined/left the room after the requesting user themselves had left). These membership events contained avatar & display name details which may not have been public (but in practice, the vast majority appear to be public data).

Aside from the events referenced above, the full dump contained ~20,000 events that also ought not to have been included; however these events were already publicly accessible due to being part of publicly accessible rooms (eg Matrix HQ) and so we do not consider them a breach of data.

πŸ”—What caused the bug?

Events that are pulled in over federation are assigned a negative 'stream ordering' ID. This is designed to avoid their being sent down the sync (where they would likely be out of sequence). In normal operation (accessing your homeserver via a Matrix client) these events would be appropriately filtered, but a bug in the data dump tooling caused them to be included.

The bug was introduced as a result of two factors:

  • The event filtering code assumes that the user is currently in the room - this was not intuitive, and was not called out in the documentation
  • When we fetched the events from the database, we tried to limit to events sent before the user left the room. On reflection, we used the wrong ordering mechanism (stream ordering instead of topological ordering), resulting in the inclusion of events that were fetched from a remote server after the data subject had left

We are working to fix the bug, and we'll update here when it is resolved. As a reminder, please do report security bugs responsibly as per the Security Disclosure Policy so we can validate the issue and mitigate abuse.

As is standard practice for any data breach, we have notified the ICO.

Privacy Changes to New Vector Identity Servers

19.07.2019 16:35 β€” Privacy β€” Thomas Lant

As a step towards implementing Terms of Service for Sydent Identity Servers (MSC2140), we're rolling out a couple of changes to the two Identity Servers run by New Vector (running at vector.im and matrix.org):

  1. We have erased all of the data where there is any chance that the data subject didn't understand how, why or with whom their data was being shared.
  2. We've made a change to Sydent so that it no longer persists new associations relating to users on homeservers not run by New Vector.

The impact of these changes is that users on homeservers not run by New Vector will no longer be discoverable by their email or telephone number via the Identity Servers running at vector.im and matrix.org. As we roll out the rest of the changes for Terms of Service for Identity Servers, this functionality will again be made available for users who make an informed choice to opt in.

πŸ”—Registration with Email and Password Reset

In the short term, the New Vector Identity Servers will continue to support registration with email (signing up with an email address as well as a matrix username) and password reset. However, as we continue to improve Identity Server data hygiene practices, we will phase out their use in registration with email and password reset entirely. We have already made the change to Synapse to support password reset without relying on an Identity Server (though this can optionally be re-enabled).

Once Synapse can support registration with email without relying on an Identity Server we will announce a schedule for disabling registration with email and password reset in our Identity Servers entirely. After this point, homeserver administrators will have to make sure their homeservers are configured to send email to keep registration with email and password reset working. More details on this to follow - please watch this space.

This Week in Matrix 2019-07-19

19.07.2019 00:00 β€” This Week in Matrix β€” Ben Parsons

πŸ”—Matrix Live SmΓΆrgΓ₯sbord πŸŽ™

Featuring: Open Tracing, Synapse, Dendrite and Riot Web

πŸ”—Dept of Spec πŸ“œ

πŸ”—Spec News

πŸ”—(not quite matrix) feneas call for comments on spec for metadata

jaywink:

<community-hat>
I'm working on a specification for exporting metadata and usage metrics out of federated servers. The aim is that the same specification could be re-used cross-protocol for example with not only Matrix servers but also ActivityPub, Diaspora and XMPP servers, as an example. Looking for comments here: https://talk.feneas.org/t/serverinfo-specification-for-server-metadata/99
</community-hat>

πŸ”—Dept of Servers 🏒

πŸ”—Dendrite

anoa:

πŸ”—Feature Updates

Dendrite continues along with more development from anoa, our resident GSoC student cnly, and a few community members. cnly has been working mainly on fixing up /sync issues and other areas of the CS API, fixing the various federation issues, mainly those dealing with room state, and various other maintenance tasks around the codebase that are highly appreciated. peekay_46 has been hard at work completing Dendrite’s implementation of room tagging and trion129 returned to continue with adding a fallback page for recaptcha (for clients that can’t render web pages). We have a number of community PRs still with active members, but most are waiting for reviews, which anoa is working towards.

πŸ”—The Plan

A couple TWIMs ago we teased that Dendrite had a plan in the works. Well one meeting later and here is the proposal:

It will take a while for Dendrite to become feature complete with Synapse, but we’d like people to be able to actually use Dendrite before then. Instead of waiting for feature-completeness, we propose a set of milestones for Dendrite development to reach and prioritize development for.

These milestones are currently listed on Dendrite’s github. The first is β€œBot Hosting”, which means, once complete, Dendrite would be suitable as a β€œbot hub”, allowing server admins to run massive bridges on top of Dendrite while taking advantage of its horizontal-scaling capabilities. As written in the description, this goal includes basic CS API support, as well as federation with other homeservers. At this stage Dendrite should already be usable in rooms with other Synapse servers, which should make it a lot more interesting.

After that is several more milestones, each representing another use case that Dendrite can fill.

Don’t be alarmed at the currently quite small percentage of completeness, as these milestones have just been built from the open issue list. We’re actually quite far along to #1 already :)

We also want to mention that the milestones aren’t completely built yet - there’s still a few more issues to comb through. It’s taken a few days as anoa can’t help himself to fix things as he goes along. A few open issues have also been closed as they had already been fixed earlier.

This is all mentioned in this week’s Matrix Live above by the way, so be sure to catch for some extra details if you’re interested.

We look forward to shipping you a working Dendrite soonβ„’. And as always feel free to join us in #dendrite-dev:matrix.org for discussion.

πŸ”—Synapse

Neil, who oversees the Synapse factory:

This week we’ve been working on improving database performance, shipping the new small hosted homeserver instances - expect a lot of improvements to come that will benefit the whole community and merged our recent OpenTracing support. We’ve also made some changes to how Sydent processes and stores email - more details here https://matrix.org/blog/2019/07/19/privacy-changes-to-new-vector-identity-servers

Next week, expect a new release, more database performance improvements and general Synapse performance work.

Listen to Matrix Live to hear Erik talking about his DB perf work ☝️

πŸ”—Ruma

This Week in Ruma, from Jimmy:

...
While I was working on ruma-signatures, I decided to fill in the missing functionalityβ€”signing and verifying events. In the process of doing that, I ended up with a significantly revised API for the crate, which has now been released as version 0.5.0.
...

πŸ”—Dept of SDKs and Frameworks πŸ—

πŸ”—New release of matrix-nio (Python SDK)

poljar said:

New matrix-nio release bringing you documentation improvements across the board, while the documentation is still not fully complete yet it should be much easier to get started with nio.
Another highlight of this release is couroutine support for the event callbacks for the AsyncClient.

Take a look at the getting started guide too.

πŸ”—Ruby SDK

Ananace:

I just cut a 1.3.0 release of the Ruby SDK, mainly focusing on solving an issue due to Ruby extensions polluting the global scope. It also adds a very slightly extended response handling, which recursively adds getters for the keys of the resulting objects.
Many thanks to the people reporting issues to me so I can keep improving the SDK.

πŸ”—The Kotlin library koma

yuforia, author of koma and Continuum:

  • Fixed incorrect type casting in function KResult.map
  • Reorganize the structure of modules, separate APIs that don't require authentication, so that they can be used before signing in

πŸ”—Dept of Bridges πŸŒ‰

πŸ”—matrix-appservice-slack

Half-Shot announced:

Today we've released 0.3.0 of the slack bridge since the last rc has proved to be stable. I hope you all enjoy the new features we've packed into this release. And as a reminder, there is another release right around the corner :)

πŸ”—Dept of Clients πŸ“±

πŸ”—RiotX (Android)

From the team (see Matrix Live from last week for more from them):

  • RiotX 0.2.0 has been released on Thursday. Main new features: room filtering, message editing in e2e rooms, view editing history. Also many small new features and bugfixes.
  • The team is still working on the main missing features: creation of direct chat, read receipt, along with UI/UX polishing.

If you're using Android, definitely start trying RiotX, you can even find it in the Play Store now.

πŸ”—Riot Web

From the team:

Riot v1.3.0 was released with support for reactions and message editing enabled. Check out the Riot blog post for more details. No changes are needed to enable these features for self-hosted installs anymore (which is change from what was stated in last week’s TWIM update).

We’re continuing to work on several privacy improvements to related to integration managers and identity servers to give users more control over these.

πŸ”—Riot Android

From the team:

Riot 0.9.2 has been released on Friday. It contains some bug fixes and new translations for many strings especially for the device verification feature.

πŸ”—Riot iOS

From the team:

  • We released v0.9.1 with message editing, reactions and file upload.
  • We are continuing to work on reactions (emoji picker).
  • We have started to implement soft logout.

πŸ”—FluffyChat

krille:

In the newest update FluffyChat now supports avatars in Push Notifications. Also translations have been updated and some minor design tweaks have been made.

I know that E2EE for FluffyChat is continuing to be worked on, just not quite ready yet.

πŸ”—Continuum, client based on koma

yuforia, author of koma and Continuum:

  • Update GUI library openjfx from version 11 to 12
  • Rewrite build script in Kotlin, replacing Groovy

πŸ”—Fractal, GNOME client

Alexandre Franke on Fractal:

Several bugs were fixed in the past three weeks. We are also sending typing notifications now. With 4.1.1 out, we’re at the second beta on the way to 4.2.

Also:

some people might be interested in a tweak in our build config that makes it so that crashes are aborts now (i.e. you get a trace and they are not silent anymore)

πŸ”—Spectral

Black Hat is changing Spectral's buildsystem from QMake to CMake.

πŸ”—Dept of Ops πŸ› 

πŸ”—sendtomatrix script

Madic has created a shell script to send messages to a room:

I've written a linux shell script with which you can send (multiline) messages to a matrix room. It only needs a username / password or access token, server fqdn and roomid as argument or provided by a configuration file. Arguments can overwrite settings from the file, for e.g. using same credentials but different channel. If no access token is provided, a new one will be requested and used to send the message. You can use the script for e.g. cronjobs, nagios notifications or ci pipelines. An example for a cronjob and a nagios notification script is also provided.

shell script nagios

I have ended up with an similar file of my own containing a bunch of commented-out curl lines, but this is a lot cleaner!

You may also recall a similar project: matrix-shell-suite (#matrix-shell-suite:matrix.org).

πŸ”—Dept of Bots πŸ€–

πŸ”—Maths bot(s)

Tim created a bot for rendering Maths:

I was told that people here might be interested: I just wrote a small bot that can reply with PNG renderings of maths (https://github.com/thosgood/matrix-maths-bot)

and then, tulir blatantly ripped him off was inspired to create a maubot providing the LaTeX to SVG rendering: https://github.com/maubot/tex

πŸ”—Dept of Services πŸš€

πŸ”—New room for t2bot.io

TravisR, who arranges and hosts the various bots and bridges on t2bot.io:

#news:t2bot.io is now a room for people who want to follow along with news about t2bot.io which might be missed in #help:t2bot.io. Stuff like when bridges are updated and new services will be announced in there. #status:t2bot.io is where service stability is addressed during major problems with the service.

πŸ”—That's all I know 🏁

See you next week, and be sure to stop by #twim:matrix.org with your updates!

5-user Matrix homeserver hosting now available from Modular

17.07.2019 00:00 β€” General, In the News β€” Modular.im

Hi all,

If you’ve been looking for a way to have you own Matrix homeserver without having to run it yourself, you may be interested to hear that Modular (the Matrix hosting provider run by New Vector, the startup which hires many of the Matrix core team) is now offering a personal-sized small homeserver hosting service, supporting a minimum size of 5 user servers.

A lot of recent performance work on Synapse has been driven by the need to make smaller dedicated servers more efficient to run - and so if you run your own homeserver you’ll be benefiting from all this work too :) Meanwhile, if you choose to outsource your server hosting to Modular, you’ll be indirectly supporting core Matrix and Synapse development, given most of the core Matrix team work for New Vector - it’s through buying services like this which lets us keep folks able to hack on Matrix as their day job.

See more details over at the Modular blog post!

This Week in Matrix 2019-07-12

12.07.2019 00:00 β€” This Week in Matrix β€” Ben Parsons

πŸ”—Matrix Live: RiotX

Nice! Manu and Benoit, who work on the Riot Mobile, discuss the development status of RiotX.

πŸ”—Dept of Servers 🏒

πŸ”—Synapse

A bit of everything this week, we’ve made changes to support the upcoming edits and reactions release, worked on soft log out, experimented with improving general perf for small homeservers, landed open tracing support, improved db query load.
Next week we’ll see about landing the small homeserver perf improvements, work on id hashing in sydent, fix some e2ee bugs (made easier to track down with OpenTracing), do some more database performance work and start gradually rolling out the new Sygnal instance.

πŸ”—Construct

Jason back on it:

This week in Matrix, Construct made the crazy-loading mode of client sync the default. Crazy-loading is an approach to initial sync that goes beyond lazy-loading for a better UX. It's even backwards compatible with clients that don't support lazy-loading.

Construct also made significant progress on implementing version 3 and 4 rooms during the week. This is nearly complete, and should be ready for testing by the weekend.

Good to know there is progress with new room versions as more and more rooms start to be moved over to v4. #zemos-test:matrix.org for testing and more info.

πŸ”—Dendrite

This week we’ve implemented profile retrieval over federation, single event retrieval, room tagging as well as host of bug fixes.
Next week we’ll be looking at state resolution and implementing our latest and greatest algorithm needed by modern room versions.

πŸ”—This Week in Ruma

Jimmy provided This Week in Ruma:

Work continues on the major revamp of ruma-events mentioned in the last update.
...
There are also a few modules that are somewhat blocked on an issue in ring. Some of the types in ruma-events contain types from ruma-signatures which don't implement Clone and PartialEq because they contain types from ring which don't.
...
Rust 1.36 was released, and it includes stabilization of the Future trait, one of the long-awaited building blocks for first-class async support in Rust. [...] the biggest reason for Ruma's development hiatus is waiting for async networking in Rust to mature, and this is one of the final pieces of foundational support we've been waiting for. The remaining pieces are async/await syntax, which is expected in either the next version or the one following it, and finally, waiting for important libraries like Hyper and Tokio, as well as web frameworks, to adopt the new stuff.

πŸ”—Dept of SDKs and Frameworks πŸ—

πŸ”—libQuotient gets .well-known support

kitsune:

Thanks to Black Hat, libQuotient gained support of .well-known - a very useful feature to connect to Modular-hosted homeservers!

Also, the first block of E2EE functionality from aa13q has been merged to libQuotient master - so far it's just uploading the keys but receiving messages is already well in the works!

πŸ”—Dept of Bridges πŸŒ‰

πŸ”—mautrix-telegram v0.6.0

tulir:

mautrix-telegram v0.6.0 was released. Recent changes include bridging strikethrough, underline and nested formatting to telegram and some bug fixes, including one security fix. Full changelog on GitHub.

Debian 10 was also released recently, which means v0.6 is the last version with Python 3.5 support. Starting from v0.7.0, mautrix-telegram will only support Python 3.6 and up.

mautrix-telegram v0.6.0 also includes Native Matrix edit support, message editing between platforms.

πŸ”—matrix-appservice-slack 0.3.0-rc2

Half-Shot and the Slack-bridge-gang have announced matrix-appservice-slack 0.3.0-rc2

Hi folks, the slack bridge has had another RC release this week 0.3.0-rc2 which has been deployed onto matrix.org :). In other news, we are nearly done with the port of the bridge to Typescript (slated for the 0.4 release) which has allowed us to clean up the codebase significantly and splat a lot of bugs.

I'm for any movement toward TypeScript - seems to be a winner in the JS-world. Says Half-Shot:

I'm a bit fanatical about Typescript, it's objectively better to write things in TS than JS if you have the freedom to do so. It's also allowed us to keep the bug count down on the Discord bridge, so I'm starting to look at the other bridges for typescript support too.

πŸ”—Reliable Bridges GSoC project πŸŽ“

Thanks Kai for this update!

The new Spec proposal MSC2162: Signaling Errors at Bridges landed! It is about adding permanent errors: The ability of bridges to mark events as not delivered to all participants. While there is already code supporting the feature, the Spec process is important for getting everyone on board and finding potential problems with the current approach.

In spite of being a relatively small proposal, there were already a lot of suggestions and directions in which it can evolve. Shoutout and thanks to everyone who already contributed to it with their comments!

Meanwhile on the more practical front a fork of Riot Web was extended to now support the actual visual display of bridge error markings on messages.

See it in action:

Bridge Error message

πŸ”—Dept of Clients πŸ“±

πŸ”—RiotX big announcement!

  • We have released a beta version to the PlayStore on Thursday! You can download (and rate it) here: https://play.google.com/store/apps/details?id=im.vector.riotx . Also feel free to join https://matrix.to/#/#riotx:matrix.org to provide any feedback!
  • You will find more details about what RiotX can (and cannot yet) do here: https://medium.com/@RiotChat/introducing-the-riotx-beta-for-android-b17952e8f771
  • Now we are working on fixing bugs, and keep going implementing the missing features

I've been using RiotX a lot lately and find it great - really snappy.

πŸ”—Spectral

Black Hat:

Spectral supports .well-known now obviously. see libQuotient update above
Also a lot of changes:

  1. Bubble shapes for pending events are fixed.
  2. You can set device name when logging in. This becomes important as libQuotient begins to upload one-time device key as part of E2EE implementation.
  3. Markdown is parsed automatically by default, and works with replies.
  4. Small UI improvements in timeline and room list.

πŸ”—Continuum

yuforia has continued work on Continuum, a desktop client written in Kotlin:

Continuum now preserves media content URI (mxc://) internally in order to treat them specially, instead of converting to all URI to http (or https) upon receiving.
This week's version never considers cached mxc resources stale and no network request will be performed for refreshing.
Continuum also loads previews for http image links in text messages automatically. The usual http cache control rules are still followed in those cases.

Join #tkmc:matrix.org to chat more about Continuum, or about koma, the underlying library.

πŸ”—Riot Web

Riot v1.3.0-rc.1 is now ready for testing at https://riot.im/staging. This includes some last minute polish of reactions and edits, and also adds initial support for soft logout. This release will have reactions and message editing enabled via configuration on riot.im once it stabilises.
Self-hosted installs that wish to do the same would need to alter their config.json in similar fashion. This is because these features currently depend on unstable APIs, and we don't want to move them out of labs and fully on by default until that is resolved.

πŸ”—Riot iOS

  • Reactions and edits:
    • Enabled by default (no more LABS setting)
    • Reactions with non-unicode keys
    • Original event in the edit history (need homeserver update)
  • Upgraded rooms are now autojoined when tapping on the upgraded banner
  • File upload from the room screen and from the share extension
  • Crypto: logs have been improved and a script has been created to help to debug e2e bugs (see the screenshot at https://github.com/matrix-org/matrix-ios-sdk/pull/692)
  • This Friday TestFlight can be considered as a release candidate

πŸ”—Dept of Ops πŸ› 

πŸ”—matrix-docker-ansible-deploy: synapse-janitor now available

Slavi:

Thanks to Aaron's frequent mention of synapse-janitor and other such cleanup methods, I've finally gotten inspired enough to give it a try.

The playbook now contains a new Synapse Maintenance documentation page and an easy/safe way to run synapse-janitor.

To give an example, using synapse-janitor and a full Postgres VACUUM yielded a 29% reduction in disk space used by Postgres on my personal homeserver (5.3GB -> 3.8GB).

Alexey Murz Korepov also reminded us about synapse-purge, which we've mentioned here before - but is designed for a similar purpose.

πŸ”—avhost/docker-matrix

Mathijs:

the avhost/docker-matrix image has moved to a debian buster base image, which got us an upgrade from python 3.5 to python 3.7.3 and jemalloc1 to jemalloc2, which should improve the performance of synapse.

πŸ”—Dept of Articles πŸ“

Pneumaticat: "wrote a blog post on integrating Riot chat with our dapp & scientific research auditing platform, Delphus!"

πŸ”—Final thoughts πŸ’­

I had/stole the idea to create a bot which uses message edits to send frames of an ASCII-art animation. I indeed created the bot, which works to a degree, but is quickly punished by rate-limiting, which limits the effectiveness. Still it's quite fun, you can check out the code here.

TravisR's work on matrix-bot-sdk is interesting for bot or other client devs, and there is a new guide available: http://matrix.org/docs/guides/usage-of-matrix-bot-sdk

A few weeks ago I mentioned matrix-enact, which uses Web Audio API to play back room history. There is a guide to how it was built, looking at the /context endpoint now available: https://matrix.org/docs/guides/creating-a-simple-read-only-matrix-client

Half-Shot "bridged #synapse:matrix.org to #matrix-synapse on freenode to help folks who might be experiencing issues with their homeserver and need a IRC based support channel"

Black Hat made a cool-looking thing: "It basically shows all pictures in this room in a waterfall, with 'infinite scroll'"

Bridge Error message

πŸ”—That's all I know 🏁

See you next week, and be sure to stop by #twim:matrix.org with your updates!

This Week in Matrix 2019-07-05

05.07.2019 00:00 β€” This Week in Matrix β€” Ben Parsons

πŸ”—Matrix Live, featuring Erik and the Interns πŸŽ™

Thanks Erik, Jorik and Oliver!

Note that there is a audio hiccup around 2m30 - video is ok otherwise.

πŸ”—Dept of Spec πŸ“œ

πŸ”—Highlights

πŸ”—Movement on Matrix URIs

Sudden interest in matrix-org/matrix.to/pull#47 means we're getting a lot closer to agreement on Matrix URIs. Kitsune even added support for them in Quaternion (see below).

πŸ”—Dept of Servers 🏒

πŸ”—Dendrite

anoa:

Dendrite continues marching forward! As more attention is turned towards our fairly lengthy PR list, contributors who have not done so already are reminded to merge Dendrite's master branch into their PRs, as converting the project to go modules caused a lot of conflicts. A tag has been added to each PR that needs forward merging, visible here.

Our GSoC student cnly has been working away on implementing profile retrieval over federation as well as updating his various other PRs and would likely have a lot more if they were getting more reviews, but worry not as things look on track for that next week.

We've also got plans now! Plans for how to properly ship this thing over the coming months so look out for that soon!

πŸ”—Synapse 1.1.0 released

This week we shipped v1.1.0, which provides an overhaul of docker configuration, more authentication options and improved db io. It’s worth noting that v1.1.0 is the first Synapse release to drop support for Python 2 (and Postgres 9.4), this paves the way for using Python 3 only functionality.

We’ve been working on supporting soft logout, more edits and reactions support, open tracing support not to mention a complete rewrite of the push server Sygnal. We’ll be rolling out new Sygnal gradually over the next week or two.

Finally, aided by dropping Python 2 support, we’ve been putting in a bunch of work to improve Synapse in resource constrained environments. This will be a constant theme over the coming months.

πŸ”—Dept of SDKs and Frameworks πŸ—

πŸ”—python-matrixbot

Brian Γ“ appeared to tell us about python-matrixbot. This is a project that has existed for some time.

A Python module meant to act as a base class for a Matrix bot.
The MatrixBot class will connect to the Matrix server, start a listener on each joined room, and listen for room invites from other users. It also includes helper methods you can use to extend the functionality. It is built on the Matrix Python SDK which can be directly accessed via MatrixBot.client

πŸ”—koma

yuforia:

koma got some improvements, based on what's learned developing Continuum, which is a desktop client based on it.

  • Make api calls suspendable functions (which are like Kotlin's flavor of async). This way, the caller don't need to worry about forgetting to call await or a coroutine being left unstarted.
  • Borrowing from functional programming, model the outcome of a call as a discriminated union, which can be either a success or a failure. The successful case is optimized with inline classes, an experimental feature in Kotlin 1.3, and wrapping is avoided.
  • Make MatrixError a subclass of HttpError, because the http status code can be handy

πŸ”—Ruby SDK

Ananace:

Just released version 1.2.1 of the Ruby SDK, fixing an error in the media download URL generation

πŸ”—Dept of Bridges πŸŒ‰

πŸ”—matrix-appservice-bridge release 1.9.0

Half-Shot was seen to exist IRL this week, he also found time for a new release:

Today we have a new matrix-appservice-bridge release 1.9.0. The bigname feature this week is a new store for mapping matrix events to remote ones, so bridges can handle changes made to sent events like reactions/threading/edits/redactions :). The reason for this feature appearing suddenly will become clear very soon.. 😈

πŸ”—mx-puppet-bridge (inc slack, tox, discord)

Another week, which means more work on the mx-puppet-bridge ecosystem! A new > bridge has been added, mx-puppet-discord. Soru finally added license files > (Apache-2-0) and some readmes.

πŸ”—mx-puppet-bridge

  • bugfixes
  • implement optional double-puppeting (also logging into your matrix acc)
  • relate remote event IDs to matrix event IDs
  • handle edits in both directions
  • handle redactions in both directions
  • initiating conversations from matrix! Invite a ghost for 1:1 or follow a > room alias for rooms
  • bot provisioning: list users and rooms

πŸ”—mx-puppet-slack

  • add linting
  • map channels and slack pills
  • handle message edits
  • handle message deletions
  • properly handle /me messages
  • handle ghost invites
  • handle room joins via alias

πŸ”—mx-puppet-tox

  • add linting
  • improve bootstrapping
  • improve file transfers
  • handle ghost invites

πŸ”—mx-puppet-discord

This is the new puppeting bridge! The idea is that, in the long run, this will > be run in conjunction with matrix-appservice-discord Half-Shot/matrix-appservice-discord), where mx-puppet-discord handles DM > puppeting and matrix-appservice-discord the remaining. For this, the message > parsing was split in a new repository, matrix-discord-parser. The idea is that, in the > future, when inviting a ghost on matrix-appservice-discord it'll initiate > conversation within mx-puppet-discord

  • basic text messages
  • handle files
  • handle edits, deletes

mx-puppet-discord does only DMs, for non-DMs please use matrix-appservice-discord

If you have any questions for any of these, please join our channel > #mx-puppet-bridge:sorunome.de. Software doesn't write itself, please consider > donating on liberapay!

πŸ”—matrix-appservice-slack

Cadair and Half-Shot have been doing substantial work on matrix-appservice-slack.

We've got a dedicated room for slack bridge development over at #matrix_appservice_slack:cadair.com, since it's picked up in terms of community PRs and general interest. It's not currently being used as a support room, however.

They mention,

warning may contain ranting about the codebase

But that could be any room, so it seems ok to me.

WARNING: LATE ADDITION

Hi everyone! Myself and Cadair have been working hard on a new Slack bridge release, and we are finally ready to push out a release candidate for 0.3.

The headline features are:

  • Implement message deletion.
  • Add support for edits.
  • Add support for reactions.
  • Add support for threading (using replies).
  • Support displayname and avatar lookups for Slack bots.
  • Replace channel mentions with canonical aliases for bridged rooms.
  • Support for slack attachments (Thanks @umitalp for the initial groundwork and @Cadair for the cleanup)

The new release is having very final minute checks, and will be available at https://github.com/matrix-org/matrix-appservice-slack/releases shortly.

πŸ”—Dept of Clients πŸ“±

πŸ”—RiotX (Android)

After an internal release, we are working on improving the performance, especially for initial sync and for navigation between rooms.
Also we are fighting bugs.

πŸ”—Pattle 0.9.0 and Testflight available

Wilko:

A new version of Pattle has been pushed to F-droid and TestFlight!

Changes:

  • Fix the infamous FormatException: Not a valid url: error!
  • Room upgrades are now handled!
    • Upgraded rooms are now hidden from the overview
    • To access older messages from the previous room, simply scroll up: the timeline is seamless
  • Improve performance of loading the overview. Opening the app should be a lot quicker now!
  • Improve performance of loading a chat
  • Add ability to swipe through images in a chat (thanks to Nathan van Beelen!) See preview here!

Get Pattle from F-droid for Android by adding this repo:

https://fdroid.pattle.im/?fingerprint=E91F63CA6AE04F8E7EA53E52242EAF8779559209B8A342F152F9E7265E3EA729

APK also in assets of this release.

For iOS: join TestFlight here

Report issues to the repo, you can login via GitHub and Gitlab.com.

Follow development in #app:pattle.im!

To support Wilko: you can now do so via Liberapay and Patreon.

I've invested a lot of money in making Pattle happen on iOS: MacBook, Apple Developer Program, and an iPhone. Pretty costly, so any donations will be greatly appreciated!

What to expect in the next release:

  • Fix timeline jump issues
  • Remove redundant state messages when a room is upgraded
  • Start work on chat details screen (members, change name, etc.)

πŸ”—Quaternion now with Matrix URI support

kitsune:

to push things forward on Matrix URIs front, Quaternion master branch now supports matrix:user/userid, matrix:room/roomalias and matrix:roomid/roomid URIs. For example, Quotient/Quaternion room can be opened by a link matrix:room/quotient:matrix.org.

This will be so much easier to use! Also:

Quaternion has got a new contributor, Roland Pallai (https://github.com/rpallai), who added colouring of messages sent by the local user and support of drag-n-drop of text and images on Quaternion, along with general improvements on the timeline. Many thanks!

Windows builds of Quaternion (CI and future releases) come with Qt Keychain enabled, storing your access tokens in Windows secure storage.

πŸ”—Spectral news

Black Hat:

A lot of improvements have been added to Spectral last week.

  1. Spectral uses QtKeychain now. Access tokens are stored in system keychain instead of in plain text.
  2. Room list's filter has a better UX(aka TabBar). Switching between rooms and DMs is now as easy as switching between, well, tabs.
  3. Notification count in system tray icon, implementation modified from nheko.
  4. Display initial sync progress. Some people have been complaining about not knowing the progress of initial sync so I added an indicator.
  5. A better room setting page. Specifically displaying aliases and changing room avatar are working.
  6. Big emojis.
  7. Typing indicator UI is tweaked and looks better.

πŸ”—Riot iOS

  • Reactions in e2e rooms
  • β€œShow all” button when there are too many reactions
  • Support edition of emotes and replies
  • Edits history (even in e2e rooms)
  • Fix joining new upgraded room through federation
  • Use via parameters to join a new room (useful in case of federation)

πŸ”—Riot Web

  • Allow resending edits, reactions and redactions through context menu, also better visualization of send errors.
  • Allow redacting and viewing source of edits in edit history dialog

πŸ”—Dept of Ops πŸ› 

πŸ”—K8s

Ananace:

Bumped the K8s optimized Docker image to 1.1.0, with the same dropping of Python 2 and Postgres 9.4 support as the official image.
NB: The upstream docker configuration changes do not affect the K8s-optimized image, no configuration change is necessary to upgrade from 1.0.0 to 1.1.0

πŸ”—avhost/docker-matrix image

Mathijs:

As announced last week, with the release of synapse 1.1.0 the avhost/docker-matrix image switched to running synapse with jemalloc by default

πŸ”—Dept of Services πŸš€

πŸ”—modular.im starting to make Small instances available

modular.im are making the much-asked-for SMALL instances available. This service is rolling out starting with people who have previously enquired about availability, which I gather is a lot of people. Go sign up if you're interested!

The wait is almost over ... We're now rolling out our trial of Small Hosted Homeservers for Matrix. Have you got your golden ticket yet? πŸ˜€πŸŽŸοΈ pic.twitter.com/iUkAIHW9MY

— Modular (@ModularIM) July 3, 2019

we've been working on a v1 admin dashboard for managing your Synapse instances through Modular. This is now live on the site and provides a basic suite of functionality including:

  • Viewing users of your synapse homeserver(s)
  • Creating users
  • Deleting users
  • Resetting user passwords
  • Viewing user profile and server access / activity
  • Sending messages to all system users as the system alerts user
  • Information about the synapse instance versions

πŸ”—Final thoughts πŸ’­

Ananace is "continuing the rewrite of the release tracker project. Working towards getting it to only store state in Matrix so it can be run in a read-only environment like a K8s deployment."

lino "wrote a script to update riot. It also works so far, but still needs some improvements"

Black Hat has been working "to add .well-known support for libQuotient" - presumably this will come back to be used in Spectral when it's ready.

Somehow I had a tab open with a maubot for Urban Dictionary.

πŸ”—That's all I know 🏁

See you next week, and be sure to stop by #twim:matrix.org with your updates!