r0, the first stable release of the Server-Server (Federation) Specification is extremely close! We of course will make a big splash and let you know when this comes!
Even apart from that, let's take a look at the MSCs (Matrix Spec Changes) that are currently in progress.
Neil and the team have been working frantically on getting a new Synapse release out this week:
This week has been all about gearing up for v0.99.0 and if you would like to help us test it, our latest release candidate lives here We've taken the decision to bump up to v0.99.0 because it is very much a precursor to v1.0. When v1.0 lands it will contain a breaking change that means all homeservers will need a valid certificate for their server to server endpoint, self signing will no longer be possible. v0.99.0 contains support to help you do this, but once it lands all admins will need to upgrade, failure to do so will mean losing the ability to federate with > v1.0 servers. We'll have detailed docs ready to go alongside the full v0.99.0 release, and we plan to leave at least 1 month between v0.99.0 and v1.0, but for now please be aware that the change is coming. Huge thanks to Rich, Erik, Hawkowl and Anoa for all their work in getting us to rc stage.
nheko_reborn
If you haven't already heard, then I envy that you get to learn about it now: there is a credible new project which forks nheko and seeks to maintain and continue the project.
I think I'm getting pretty close to having another release ready. Need to clean up some things here and there and get the CI packages uploading correctly It'd be good to have more community engagement
I'm planning to start work on the component that will scrape blog content from a matrix room. This will most likely involve a dedicated bot that syncs new journal blog events, verifies the blog signature and then writes the blog content to a file on the blog server.
I'll probably ramble about the details of that at some point.
The bridge is being re-written. I excluded the jabber server (still need to setup SRV records) and implementing the xmpp s2s api in the bridge.
Done:
rfc6120 in s2s part;
almost server dialback (XEP-0220);
Remaining:
MUC (XEP-0045);
stabilize.
New version will allow:
1:1 conversations between matrix and jabber users;
group chats by double-puppet mapping rooms to conferences;
additionally xmpp users can join directly to rooms via double-puppet bots.
Also I started breaking the bridge to modules. And the next module will be ActivityPub S2S module which allows communicate matrix servers with other fedivers.
mxisdv1.3.0-alpha.3 is out! This one works further towards protecting your privacy and we strongly recommend it if you already are using an alpha release. We have written our stance on privacy with how it affects mxisd here.
We also consider this release to be as stable as v1.2.2. Feel free to upgrade following the Upgrade notes and benefits from all the v1.3.0 work so far, especially the massive improvements on resources usage.
Purism working on Fractal integration
update on @gnome@matrixdotorg client for #PureOS: "I am pleased to announce that over the next week I will be working to make Fractal's UI adaptive for the Librem 5's launch. This contract began last week, and I already have some results to show off." https://t.co/iX47u1Bdb1pic.twitter.com/Hnr7ZVpYd1
What there mainly is is FOSDEM. A lot of Matrix-folk are currently near me as I write this, sat in a hotel bar in sunny Brussels. Matrix live is not available today, but will incorporate some of the event, which kicks of tomorrow.
If you will be attending, come /join us at the Matrix table, where there will be stickers and t-shirts and merriment, and definitely come and attend the talks:
This week I chatted to Rick about the release of Modular, Hosted Homeservers and more. We're pleased to be able to announce the availability of a HipChat migration tool to get people into Matrix.
Working furiously towards an r0 spec release. Event ids as hashes (MSC 1659) and S2S API certificates (MSC 1659 ) are very close now - see https://github.com/orgs/matrix-org/projects/8 to track our progress.
Since MSC1711 is a breaking change, we will initially ship our next release (v0.35.0) with ACME support to make it easy to provision and renew certificates. The give everyone a month to upgrade and install a cert before we ship Synapse v1.0 which will require that servers have certificates in order to federate. Don't worry, there will be plenty of details on the steps necessary for admins when v0.35.0 lands - watch this space.
Finally a raft of db performance improvements, room version upgrade bug fixes, as well taking a look at room directory and user directory efficiency.
The bridge could not create new Matrix rooms on versions of Synapse after a certain change, because it did not reserve the room alias prefix it used. That's been fixed, but anyone currently running matrix-puppet-slack will need to edit their slack_registration.yaml and restart Synapse. See the Release for instructions on doing so.
The bridge will no longer send "Edit: " events when Slack sends it a "message_changed" message, if the message text has not actually changed (Slack sends these events for URL previews, for example, but this just causes duplicate bridged messages). This fix has been a long time coming.
matrix-corporal1.3.0 was released. It uses a new Matrix API for fetching account data (Synapse >0.34.1 is required), so it performs reconciliation quicker than before.
From the notes:
Reconciliation is now much faster, due to the way we retrieve account data from the Matrix server (no longer doing /sync). From now on, the minimum requirement for running matrix-corporal is Synapse v0.34.1, as it's the first Synapse release which contains the new API we require (GET /user/{'{'}user_id{'}'}/account_data/{'{'}account_dataType{'}'}).
I have an update on journal (finally). I've pushed the redesign branch that I've been working on. It contains the web view component of the new architecture and can be used as a generic blog-hosting site (I'll be doing this personally). Feel free to check it out here: https://journal.lukebarnard.co.uk/journal/1-jan-2019
Riot-web
Redesign
Typing notifications don't make timeline jump anymore
Jump to bottom button is overlay now, so we can finally hide the room status bar again most of the time
Working on room sublist resizing
Work on authentication flow
Work on settings
Riot Android and iOS
Reskin of Riot is nearly finished. Last known issues have been fixed.
Keys backup screen development well underway! We're working to fit everything nicely on mobile platforms - there are some UX/UI specificities to consider.
Riotx (new version of riot for Android, built using the upcoming kotlin SDK): more and more event types supported in timeline.
the macOS build for Quaternion 0.0.9.3 turned out to be not complete and fails if the user doesn't have Qt installed. Thanks to Aaron Raimist the build has been now includes a snapshot of Qt 5.11 - if you tried and failed to run the .dmg from https://github.com/QMatrixClient/Quaternion/releases, you can try to use it again.
Thanks also to Aaron for helping populate homebrew with Matrix goodness. Mac users may be interested to know that Seaglass and Spectral are both available in homebrew now.
Neo is still in the GUI component design stage (the best stage to get involved with feedback!). I have implemented the jdenticon library for avatars, autoscrolling when there are new events, and I've added the Rust code of conduct. https://git.lain.haus/f0x/iris General vision for this project is to first get as much gui done as possible, before diving in the backend. This will be split into a separate module, with the gui component being as protocol-agnostic as possible, to allow different backend modules for XMPP or IRC as well.
Fractal client
Backend refactoring by Julian Sparber and Alejandro Domínguez. They also got progressed with tag handling, spell checking and lazy loading.
the matrix-bot-sdk has received a bunch of updates currently residing on the develop branch. Changes include unit tests covering most of the library, appservice support improvements, handling of room version upgrades, and a bunch of bug fixes.
matrix-bot-sdk was recently updated to have support for Application Services, and is a lighter alternative to the matrix-js-sdk.
I've been working on cl-matrix and I think now it might be in a good condition to talk about it.
cl-matrix is a WIP client library written in common lisp, most of the API endpoints have been covered using macros that allow you to copy straight from the spec, here is an example using the send event endpoint:
it also has some basic events defined using deeds that can be issued using the sync endpoint.
Informo
The unknown individual from Informo, vabd told us:
Not much news this week in Informo land, though we have a few specs proposals that are still open for public review, including SCS #19 (rendered version here) which rewrites the specs website's introduction to make it more newcomer-friendly and feature a brief introduction on what Informo is about. People who either never had a look at the project, or got fed up trying to because of the difficulty to easily understand what we're building, we'd love to read your opinion on this! ?
This is much, much appreciated. For those interested but confused, please take a look.
matrix-autoinvite is a very basic service that synchronizes joined rooms between users from different servers, by inviting missing users to the room. I'm using it to invite @CromFr:matrix.org to each Facebook Messenger rooms on my personal homeserver (that has very limited resources) hosting the matrix-puppet-facebook bridge. This way I can chat with people on facebook from a matrix.org account :)
FOSDEM is in a week! Come chat in #matrix-fosdem:matrix.org. Be there and be square. I'll be there with Matrix swag so ping me if you'll be attending.
When will I see you… again?
I might adjust the schedule a little next week since it's FOSDEM (see above), but as always, stay tuned into #twim:matrix.org for all the biggest news!
This week I chatted with Jason Robinson about all things decentralisation, especially his projects socialhome, the-federation.info, and feneas.org. Jason has been interested in decentralisation for many years, and had a lot to say about how we can look forward to a more decentralised Internet.
completely redone way of generating mxisd configuration, letting people unleash the full power of mxisd without us having to explicitly add support for new features
mxisd 1.3.0-ready. We default to a stable mxisd release still (1.2.2), but people can try the much-improved 1.3.0 alpha releases even now (e.g. matrix_mxisd_docker_image: "kamax/mxisd:1.3.0-alpha.2").
libQMatrixClient 0.4.2 has been released, fixing a security issue (the library could be tricked into altering the local room state by fake state events - those without state_key). The master branch of the library is updated as well - it is strongly recommended to update to either 0.4.2 or master, depending on which branch you live on.
For those who want to help testing Quaternion or just can't wait to the next release, we now have CI builds collected at bintray: https://bintray.com/qmatrixclient/ci/Quaternion. Linux and macOS are already there, and Windows binaries will also be available any day soon.
v1.10.0 fixes Matrix-to-Slack image upload, and no longer sends markdown-formatted @-mention links in the plaintext body of Matrix events; instead, it uses plaintext username the way text-only clients traditionally have it.
The version bump is also the project's 100th commit, and I've updated the supported feature checklist in the README to paint a more comprehensive picture of what is and isn't supported, and link out to the GitHub Issues for some of the unsupported features, in hopes of making life easier for users and encouraging contributions.
opsdroid's Matrix connector is now a core part of the library rather than an external addition. This should open up a lot of cool possibilities for doing fancy stuff with bots on matrix. Many thanks to Cadair for helping with this.
mxisd has a new alpha release: v1.3.0-alpha.2 - Fixes a set of issues from alpha.1 and is now close to v1.2.2 stability. If you are already on alpha.1, update is highly recommended.
made some minor changes to continuum to make the GUI more intuitive. Now when there are no joined rooms, buttons for joining or creating rooms are shown instead of an empty list. And when there are issues with syncing or syncing takes longer than usual, a status bar with options is shown.
Still not quite sure if it's a good idea, but at least the input area component is very nice. It should also make it easier to add more fancy stuff like html tables and selecting messages (for replying/redacting)
Riot iOS
We are still working on the key backup screens. The last bit on the SDK side, the passphrase support, has been implemented this week.
Reskin is almost done. It just needs some small adjustments. We will release a beta soon so that we can gather users feedback.
This week, we have also fixed small but boring UX issues in Riot and we will continue to do so up to the end of the month and FOSDEM!
Riot Android
Reskin is almost done too and available on develop builds.
Benoit has started to implement the key backup passphrase management in the SDK. Valere is still improving push notifications at the code level but also at the display level.
We are working hard to polish the app for FOSDEM.
Modular
Rick reports:
We now have a HipChat migration tool - https://www.modular.im/tools/hipchat-migration. This tool helps migrate a HipChat workspace to your very own Modular Hosted Homeserver. Migration is performed by uploading an exported copy of an existing HipChat workspace so that the tool can automatically re-create all of the users and rooms (including messages and attachments) on your new Matrix homeserver. Once the migration is complete all of the migrated users will be emailed with login instructions, so that they can seamlessly continue chatting where they left off in HipChat. If your organisation (or if you know of an organisation that) has not yet decided what to do when Stride & HipChat is discontinued next month, come and try Modular!
People have been generally happy about the flood of new issues following the completion of the internal audit last week, and a few folks have been opening PRs addressing some of the “good-first-issues” labeled ones, which has been amazing to see, including fixing room joins and a couple of default variables. Thanks a lot to Cnly and Behouba for these!
On my end, this week mainly consisted in reviewing most of these PRs (and merging them when that was possible), while anoa worked on making Dendrite's CI more complete and reliable, especially by configuring it to run sytest against Dendrite which will allow us to better track its compliance to the Matrix specification.
Discord bridge v0.4.0 is out now, nothing new since rc1 because it was that good. There have been no changes since rc1 because either Sorunome did a stellar job of keeping things stable, or nobody spoke up out of fear :p. Thanks one and all for continuing to run the bridge.
Neo v4: Iris is coming up, focusing on design first. It will be based on React, and the matrix js sdk I didn't plan ahead enough with old Neo (v3), so it became a bit of a clobbered togeather mess, which I'm trying to prevent this time around https://git.lain.haus/f0x/iris
That's all for now
Come chat in #twim:matrix.org to discuss what's happening, and especially come and share what YOU'VE been working on!
Since joining the core team as Developer Advocate last year it's been quite a ride. One of the best things about the job is getting the chance to talk to so many people about their projects and what they would like to see happen in the matrix ecosystem. With so much going on, I just want to say thanks to everyone who has been so welcoming to me and share some of my personal highlights, as I recall them, from 2018!
Clients
Fractal was featured in the very first TWIM, announcing v1.26. Since then, the team have hosted two IRL hackfest events (Strasbourg and Seville - where to next, Stockholm? Salisbury?), engaged two GSOC students and continued to push out releases. At this point, Fractal is a full-featured Matrix client for GNOME.
Matrique became Spectral, and is generally awesome. Apparently the name "Matrique" was chosen because it sounds French, but those who speak the language well revealed that this name was not ideal! The project was re-named "Spectral", and is going strong. I really appreciate the multi-user facility! It's a great looking client, and runs great on macOS too (protip: get more attention from /me by providing a macOS build…)
On which subject, Seaglass is a native macOS client. First announced in June, this client supports E2EE rooms (via matrix-ios-sdk), and is also available on homebrew.
Ubuntu Touch has the most Matrix clients per-user of any platform. UT epitomises the resilience and collaborative spirit of Open Source. It's a true community maintenance effort, and is as friendly a community as you might meet. uMatriks came first, but it's FluffyChat that prompted me to install it on my battered old OnePlus One. FluffyChat is now extremely full-featured, with E2EE support being actively discussed.
In the command line, gomuks appeared and quickly became a competent client, but in terms of sheer enthusiasm and momentum, I must give commendation to matrix-client.el, a newly revived mode for Emacs which turns your editor/OS into a great Matrix Client. I enjoyed using it enough that it began to change my mind about using emacs. Laptops have more than 8mb memory these days anyway.
A culture of bots
There is a tendency in the community to build a bot for everything and anything. This has reached the point where there are multiple flairs available depending on what bots you like to make (silly vs serious.)
TravisR was perhaps the first person I saw to get the obsession, creating
In June tulir started maubot, a plugin-based bot system built in Python, which now also has a management UI.
All bridges lead to Matrix
Or from Matrix, depending on which way you want to send the message.
Around May, I started to notice another obsession brewing in the community. Bridging is a core part of the Matrix mission, but it was around this time I started seeing it in the wild.
Summer 2018 Half-Shot began working in the Matrix core team, and was hugely productive in maintaining and developing the bridge infrastructure for matrix.org. IRC bridging is far more stable and reliable now than it was a year ago. And yet there are still more bridges - too many to list, so I'm picking the ones I've used and enjoyed.
Discord is bridged by matrix-appservice-discord, handled by Half-Shot, aided and abetted by anoa but with a new maintainer this year, Sorunome. This bridge is now feature-rich and sits at v0.3.1.
SMSMatrix, a phone-hosted bridge is simple and works great for SMS bridging.
Libraries, SDKs, Frameworks
I enjoyed using matrix-bot-sdk for building elizabot (more coverage needed for that!), and the SDK recently received support for application services.
In April, kitsune announced v0.2 of libqmatrixclient describing it as “the first one more or less functional and stable" - confidence! This library now powers both Quaternion and Spectral. QMatrixClient has continued to get updates, plus features including lazy loading and VoIP signalling.
There are a few libs I want to pay more attention to this year, starting with tulir's maubot now that it has been rewritten in Python. I'm also excited to see jmsdk, part of ma1uta's broader ecosystem of Matrix tooling - a Java-based SDK.
Ruma Resurrection
Until around June, Ruma was receiving regular updates. There was a pause as the team waited for Rust async/await to land, and also to get some stability in the Matrix Spec. Still waiting on Rust, but now that the Matrix Spec is stabilising, Ruma is showing signs of life too. I have also been watching other homeserver projects begin to restart, which makes for a great start to 2019.
DSN Traveller by Florian
Matrix was featured as part of a Master's thesis by Florian Jacob.
DSN Traveller tries to get a rough overview of how the Matrix network is structured today. It records how many rooms it finds, how many users and servers take part in those rooms, and how they relate to each other, meaning how many users a server has and of how many rooms it is part of.
Synapse dominates the homeserver space right now, so if you want to host your own homeserver today it's the obvious choice. Too great a variety of installation guides was doing more harm than good, so Stefan took the initiative to create a definitive community-driven Synapse installation guide, including a room to discuss and improve the text. Find the guide linked from here, and chat about the guide in #synapseguide:matrix.org.
I want to use Matrix, and I want to host my own homeserver. As such, matrix-docker-ansible-deploy is a project I absolutely love. It uses Synapse docker images from the Matrix core team, and combines them with Ansible playbooks written and organised by Slavi. It lets you quickly deploy everything needed for a Synapse homeserver, and it's simple enough that even I can use it.
Construct, a homeserver implementation in C++ began successfully federating with Matrix, work progressed from around April/May.
Having a Matrix-native mode for shields.io (those counter/indicator images you often see at the top of repos) seems like something petty at first, but it's actually a great indicator of the importance of Matrix from the outside. Plus, I love seeing the images at the top of different repos. Thanks Brendan for helping this along.
Two students worked on Matrix-related projects during GSOC 2018.
Thanks for a great 2018. There was so much to learn about, so much to write about, and so many great community members to meet and chat to! If I didn't mention your project, I'm sorry to have been either forgetful or to not be able to include everything.
If you think I've missed something, or if there's a project I should have included rather than another, or even if you just disagree with my choices, let's discuss it in #twim:matrix.org. See you there, and let's all parade ahead to a productive, open, interoperable 2019!
On Thursday Jan 10th we released a Critical Security Update (Synapse 0.34.0.1/0.34.1.1), which fixes a serious security bug in Synapse 0.34.0 and earlier. Many deployments have now upgraded to 0.34.0.1 or 0.34.1.1, and we now consider it appropriate to disclose more information about the issue, to provide context and encourage the remaining affected servers to upgrade as soon as possible.
In Synapse 0.11 (Nov 2015) we added a configuration parameter called “macaroon_secret_key” which relates to our use of macaroons in authentication. Macaroons are authentication tokens which must be signed by the server which generates them, to prevent them being forged by attackers. “macaroon_secret_key” defines the key which is used for this signature, and it must therefore be kept secret to preserve the security of the server.
If the option is not set, Synapse will attempt to derive a secret key from other secrets specified in the configuration file. However, in all versions of Synapse up to and including 0.34.0, this process was faulty and a predictable value was used instead.
So if, your homeserver.yaml does not contain a macaroon_secret_key, you need to upgrade to 0.34.1.1 or 0.34.0.1 or Debian 0.34.0-3~bpo9+2 immediately to prevent the risk of account hijacking.
The vulnerability affects any Synapse installation which does not have a macaroon_secret_key setting. For example, the Debian and Ubuntu packages from Matrix.org, Debian and Ubuntu include a configuration file without an explicit macaroon_secret_key and must upgrade. Anyone who hasn't updated their config since Nov 2015 or who grandfathered their config from the Debian/Ubuntu packages will likely also be affected.
We are not aware of this vulnerability being exploited in the wild, but if you are running an affected server it may still be wise to check your synapse's user_ips database table for any unexpected access to your server's accounts. You could also check your accounts' device lists (shown under Settings in Riot) for unexpected devices, although this is not as reliable as an attacker could cover their tracks to remove unexpected devices.
We'll publish a full post-mortem of the issue once we are confident that most affected servers have been upgraded.
We'd like to apologise for the inconvenience caused by this - especially to folks who upgraded since Friday who were in practice not affected. Due to the nature of the issue we wanted to minimise details about the issue until people had a chance to upgrade. We also did not follow a planned disclosure procedure because Synapse 0.34.1 already unintentionally disclosed the existence of the bug by fixing it (causing the logout bug for affected users which led us to pull the original Synapse 0.34.1 release).
On the plus side, we are approaching the end of beta for Synapse, and going forwards hope to see much better stability and security across the board.
Do not panic, Benpa is away, I repeat, Benpa is away. Nonetheless TWIM lives on!
Spec
Lots of spec work this week, and a shout out to anoa for his magical mscbot that provides pokes, nudges and updates on all things spec. Here's what mscbot had to say about the past week.
The Dendrite audit is over! A bunch of issues have been created on the Dendrite GitHub repository, as well as a project board in order to keep track of everything: https://github.com/matrix-org/dendrite/projects/2
There's a fair amount of issues that have been labeled as “good first issue”, so feel free to pick them up and open pull requests if you're looking into hacking on Dendrite! :)
And whilst we have your attention - here's Brendan & Matthew talking through the audit in this week's Matrix Live!
both contain critical security updates so please update asap for more details, we'll be able to share a bit more about the vuln once admins have had a chance to upgrade.
Meanwhile Hawkowl has been cranking out bug fixes and perf improvements and in particular taking a look at taming the user_ips table.
While Debian packager Andrewsh adds:-
latest synapse (0.34.1.1, Python 3) in Debian, fixing CVE-2019-5885; an update to a previous release fixing this CVE uploaded to stretch-backports, using Python 2. Dependencies for a Python 3 upload approved in stretch-backports, a Python 3 upload of 0.34.1.1 will be following later this week
Riot/iOS
Riot-iOS 0.7.11 has been released, with lots of bug fixes.
We have been working on e2e new screens (like key backup setup) and the re-skinning of the app.
Riot/Android
Working to improve notifications style.
Split screen mode will be supported on next release!
Continuous autofocus on the Camera has been enabled.
Matrix-appservice-purple is being renamed to matrix-bifröst, on the basis that we now bridge to things and "burning rainbow bridge" seemed like a good description.
Other things that have happened: Performance improvements, as always. XMPP -> Matrix typing notifications XMPP -> Matrix avatars XMPP -> Matrix uploads * Matrix -> XMPP uploads (via oob)
Loads and loads of work happening on https://riot.im/experimental which is now where all new development is happening as we race towards launching the new design. Highlights include:
All new key verification is implemented! (in olm & matrix-js-sdk). We're currently hooking up the UX.
Online key backup is pretty much finished.
Cross-signing is up next.
Redesign backlog is progressing (slightly stuck on making the RoomList resizing work nicely, but almost there)
Sending files landed in master branches of libQMatrixClient and Quaternion. Finally you can send your Quaternion screenshots (as any other images, jingles, cat videos etc.) to Matrix using Quaternion ;)
Also, libQMatrixClient is available as a Conan repository, for developers who'd like to use Conan to track dependencies.
matrix-client.el gained a room-list buffer, which can be sorted by unread status, name, number of members, etc, and has a right-click context menu like the room-list sidebar.
matrix-client.el gained right-click context menus in the room sidebar, allowing to set room priority, notifications, etc.
It's not my update but I saw this HomeAssistant addon for matrix (https://github.com/hassio-addons/addon-matrix) and wanted to make sure it got a shoutout on TWIM. [Seeing how nobody else has posted it in here, just on twitter etc.]
I published v1.0.1 of the pnut-matrix bridge this week which brings public pnut.io chat rooms to the matrix network. Features include syncing of pnut.io names and avatars, matrix users ability to authorize their pnut.io accounts, and administrative controls for managing linked rooms. Project can be found at https://gitlab.dreamfall.space/thrrgilag/pnut-matrix and discussion is at #pnut-matrix:monkeystew.net
in the koma project, the desktop client continuum now does a full sync when the user account doesn't seem to have joined any chat rooms, this way, it can recover from some disk IO errors, or more commonly, unclean shutdowns. A ca-certificates issue with Java 11 on Debian stable was found while running a bot on a headless server, more details and the solution is in the README
Our first specs proposal of 2019 just landed in the form of SCS #16, which specifies the data/event structure for trust authorities. This is a big step as TAs play a key role in Informo's trust/reputation system!
In the meantime, we've also opened SCS #19, which proposes a rework of the specs' introduction with the idea to give newcomers a more accessible and immediate way to figure out what Informo is about, and give them some starting points so they can dive deeper into it if interested. It's a rather small one and we'd love people to give it a look so we can aim for the most newcomer-friendly version possible
We've also just opened SCS #21 which specifies a way for a source to change the Matrix user it uses to publish articles (e.g. if it was previously using a server managed by non trustworthy people). As with all of our proposals introducing changes in behaviour, it's open for people to share their comments on it for the next 7 days.
The first alpha release for mxisd v1.3.0 has been released with already major performance improvements. Early testing and reporting about success/failure would be very much appreciated as v1.3.0 will break backward compatibility. We have been running it on our own servers for about a week now and feels really good and stable.
After releasing Synapse v0.34.1, we have become aware of a security vulnerability affecting all previous versions (CVE-2019-5885). v0.34.1 closed the vulnerability but, in some cases, caused users to be logged out of their clients, so we do not recommend v0.34.1 for production use.
Today we release two mitigating versions v0.34.0.1 and v0.34.1.1. Both versions close the vulnerability and will not cause users to be logged out. All installations should be upgraded to one or other immediately.
Admins who would otherwise upgrade to v0.34.1 (or those that have already done so) should upgrade to v0.34.1.1.
Admins on v0.34.0, who do not wish to bring in new non-security related behaviour, should upgrade to v0.34.0.1.
We will publish more details of the vulnerability once admins have had a chance to upgrade. To our knowledge the vulnerability has not been exploited in the wild.
Many thanks for your patience, we are moving ever closer to Synapse reaching v1.0, and fixes like this one edge us ever closer.
Thanks also to the package maintainers who have coordinated with us to ensure distro packages are available for a speedy upgrade!
It's been 2019 for several days now, plenty of time to get used to it! Let's get started with the first TWIM of the year!
Matrix Live S3E09 from 35C3
Several Matrix-ers attended 35C3 in Leipzig last month, you can check out Matrix Live recorded from the conference below (also includes some screenshots and other clips of the event), and also watch a talk given by this author titled Matrix, the current status and year to date.
Welcoming Jason Robinson to New Vector
Decentralisation lover and Python fan Jason Robinson joins New Vector!
one of my dreams of working for a company that is a driver and leader in open source and open standards is coming true
matrix-appservice-purple
Hey Half-Shot, what bridges have you worked on this week?
matrix-appservice-purple got soft launched on matrix.org and is happily bridging XMPP and matrix communities together. I am on full bug and feature fixing duty for it and the consensus from both sides is that it's looking pretty awesome. The matrix-appservice-purple bridge is coming along leaps and bounds, with formatting fixes, presence handling and speedier message delivery both ways. Also a shoutout to the XMPP community for guidling me through the XEP landscape and giving the bridge a thorough testing. :)
Photo sharing via the app share extension has been fixed this week. At the time of writing, a new Riot iOS is baking with all bug fixes made the last month.
Riot Android
Riot 0.8.21 has been released on 01/02 on the PlayStore and on F-Droid.
This version contains:
A new notification troubleshoot screen with the possibility to run a diagnostic and to submit bug report. Feedbacks are already coming and we improve this screen incrementally to help users.
A new invitations counter on the group icon in the home screen
Other bug fixes
We are still working on push/notification reliability.
Riot Play Store resources have been translated into 8 languages so far: Basque, Bulgarian, Chinese (Traditional), French, German, Hungarian, Italian and Portuguese (Brazil).
matrix-client.el gained more room sorting options and a /priority command to set room priority. It also includes a workaround for a Google Chrome drag-and-drop bug on Linux, so now Chrome users can drag-and-drop URLs, files, and images directly into room buffers to upload them.
matrix-client.el gained a new notifications-buffer feature that shows notifications from multiple rooms in a single list, allowing you to easily monitor multiple rooms at once and jump to events in them. e.g. I can see messages from #matrix and #twim in the same window, and reply to messages in both rooms from the same prompt
koma project: now continuum-desktop (client) and koma library
in the koma project, the desktop client now has continuous integration and prebuilt packages for Mac and Linux; and you can click on image messages to zoom in. A simple weather bot is created reusing the same implementation of matrix client api. Send it the name of a city, and it will fetch the current weather using openweathermap
All versions of mxisd dropped support for Riot v0.17.8, introducing a bug affecting many of its features. Any new release integrating this PR will also be dropped of support. mxisd users are strongly encouraged to roll back to v0.17.7
This design concern is noted by the riot-web team and is under investigation.
Dendrite audit progress
Brendan on the progress of the Dendrite audit:
Dendrite's audit is finally coming to an end! I'm happy to say I just finished the “data collection” phase, in which I looked at everything that needs to be either fixed or implemented in Dendrite. This represents 90% of the work and around 3 weeks of full-time work. All that's left to do now is some triaging in the data (which is available here, by the way), into order to have a clear view on what's left to do in the audit. Expect a lot of new issues and a shiny project board appearing on the Dendrite repository next week ?
Informo news
Informo is a project intended to enable information sharing, especially for vulnerable activists. It is enabled by Matrix. vabd, the mystery individual behind the project announced:
Our specs bot, which shouts in Matrix rooms when the state of a proposal to a specs project changes, got an upgrade: it now handles concurrency better, and can now send multiple messages if multiple matching labels are added to the proposal in the same action (before, it just wouldn't know what to do in such an event and would fail silently).
msc-chatbot now exists. It has commands that let you view the status of current MSCs, as well as a daily summary of MSCs to keep people up to date.
Matrix-Minecraft bridge
TravisR, as if he has time to be working on such things, has announced the revival of his Matrix-Minecraft bridge:
I've brought my Matrix<-->Minecraft bridge back to life in the form of a Bukkit plugin. It's still in the very early stages of development and requires you to compile it yourself to get it, but it is a thing. Check it out on GitHub: https://github.com/turt2live/matrix-minecraft It'll be designed to work as a public hosted bridge, so someone could use t2bot.io to bridge their minecraft server (for example)
stickerpack dimension migration tool
Dandellion has created a tool for stickerpack creators:
Today is Jabber's 20th anniversary! Jabber would later be standardized and renamed to XMPP.
On this subject, it's always worth thinking about the importance of openness and interoperability in messaging. This recent article in Linux Journal is a reminder of the need to avoid proprietary vendor lock in, and mentions both XMPP and Matrix.
We'll meet again…
Come chat in #twim:matrix.org with your Matrix news to be featured in this post. Next Friday there will be another weekly edition, but before then expect to see an edition to the effect "benpa's best-of-the-community 2018".
It's the 28th of December as I write this, and I hope you had a good year. Long as it is, I recommend reading Matthew's write-up of the year, as it covers a lot of ground!
Many of the core team have been out of the office this week, but there are still plenty of updates to share from the Matrix ecosystem!
koma-desktop is updated to JavaFx 11 and installation is simplified. Dependencies, including native modules can be packaged into one single file, which only needs to be downloaded and run. Java Runtime 11 is the only runtime dependency. Now it's just cross-compilation that needs to be set up before packaged releases can be provided for Mac, Windows, and Linux users.
I started work on a Prometheus Alertmanager bot for Matrix. The basic idea is that Alertmanager can send webhook alert events to the bot which will then send the formatted events to configured rooms based on the alert receiver. It works, but is still early work in progress. See code and info here: https://git.feneas.org/jaywink/matrix-alertmanager.
As expected the Fractal team released 4.0 and is already hard at work on the next micro version. We recommend getting it from Flathub like we usually do.
From the release notes:
New features:
Enhanced history view with adaptive layout, day divider
Reorganised headerbar, app menu merged with user menu
The new command handling system in maubot is ready. The new system should be much nicer to use when developing plugins.
Previously maubot had a system that was designed after the improved bot support spec proposal, but it wasn't very nice or pythonic. If/when the proposal or something similar goes through, I'll probably add support for it in the new command handling system.
Next I'll make some developer docs so that other people could actually make their own plugins.
https://github.com/apps/matrix-to is a Github App which makes use of their shiny and new Content Attachments API/Webhook. When a matrix.to or view.matrix.org URL is used this app is activated. It adds a little snippet with the Room Title and Topic (if the room is peekable from matrix.org). In future it'll work for event permalinks, but currently there is no support for peeking context/event in Matrix API.
I'm at 35c3 with some known characters from the Matrix world (as well as 15,000 others.) If you're here too, come visit us in our assembly, and also make sure to come to Dijkstra tomorrow to watch me present a look back at on the last year: https://fahrplan.events.ccc.de/congress/2018/Fahrplan/events/9400.html. We have recorded a message for Matrix Live from 35c3, but will post tomorrow with some more footage from the event.
It's that time again where we break out the mince pies and brandy butter (at least for those of us in the UK) and look back on the year to see how far Matrix has come, as well as anticipate what 2019 may bring!
Overview
It's fair to say that 2018 has been a pretty crazy year. We have had one overriding goal: to take the funding we received in January, stabilise and freeze the protocol and get it and the reference implementations out of beta and to a 1.0 - to provide a genuinely open and decentralised mainstream alternative to the likes of Slack, Discord, WhatsApp etc. What's so crazy about that, you might ask?
Well, in parallel with this we've also seen adoption of Matrix accelerating ahead of our dev plan at an unprecedented speed: with France selecting Matrix to power the communication infrastructure of its whole public sector - first trialling over the summer, and now confirmed for full roll-out as of a few weeks ago. Meanwhile there are several other similar-sized projects on the horizon which we can't talk about yet. We've had the growing pains of establishing New Vector as a startup in order to hire the core team and support these projects. We've launched Modular to provide professional-quality SaaS Matrix hosting for the wider community and help fund the team. And most importantly, we've also been establishing the non-profit Matrix.org Foundation to formalise the open governance of the Matrix protocol and protect and isolate it from any of the for-profit work.
However: things have just about come together. Almost all the spec work for 1.0 is done and we are now aiming to get a 1.0 released in time by the end of January (in time for FOSDEM). Meanwhile Synapse has improved massively in terms of performance and stability (not least having migrated over to Python 3); Riot's spectacular redesign is now available for testing right now; E2E encryption is more stable than ever with the usability rework landing as we speak. And we've even got a full rewrite of Riot/Android in the wings.
But it's certainly been an interesting ride. Longer-term spec work has been delayed by needing to apply band-aids to mitigate abuse of the outstanding issues. Riot redesign was pushed back considerably due to prioritising Riot performance over UX. The E2E UX work has forced us to consider E2E holistically… which does not always interact well with structuring the dev work into bite-sized chunks. Dendrite has generally been idling whilst we instead pour most of our effort into getting to 1.0 on Synapse (rather than diluting 1.0 work across both projects). These tradeoffs have been hard to make, but hopefully we have chosen the correct path in the end.
Overall, as we approach 1.0, the project is looking better than ever - hopefully everyone has seen both Riot and Synapse using less RAM and being more responsive and stable, E2E being more reliable, and anyone who has played with the Riot redesign beta should agree that it is light-years ahead of yesterday's Riot and something which can genuinely surpass today's centralised proprietary incumbents. And that is unbelievably exciting :D
We'd like to thank everyone for continuing to support Matrix - especially our Patreon & Liberapay supporters, whose donations continue to be critical for helping fund the core dev team, and also those who are supporting the project indirectly by hosting homeservers with Modular. We are going to do everything humanly possible to ship 1.0 over the coming weeks, and then the sky will be the limit!
Before going into what else 2019 will hold, however, let's take the opportunity to give a bit more detail on the various core team projects which landed in 2018…
France
DINSIC (France's Ministry of Digital, IT & Comms) have been busy building out their massive cross-government Matrix deployment and custom Matrix client throughout most of the year. After the announcement in April, this started off with an initial deployment over the summer, and is now moving towards the full production rollout, as confirmed at the Paris Open Source Summit a few weeks ago by Mounir Mahjoubi, the Secretary of State of Digital. All the press coverage about this ended up in French, with the biggest writeup being at CIO Online, but the main mention of Matrix (badly translated from French) is:
Denouncing the use of tools such as WhatsApp; a practice that has become commonplace within ministerial offices, Mounir Mahjoubi announced the launch in production of Tchap, based on Matrix and Riot: an instant messaging tool that will be provided throughout the administrations. So, certainly, developing a product can have a certain cost. Integrating it too. "Free is not always cheaper but it's always more transparent," admitted the Secretary of State.
The project really shows off Matrix at its best, with up to 60 different deployments spread over different ministries and departments; multiple clusters per Ministry; end-to-end encryption enabled by default (complete with e2e-aware antivirus scanning); multiple networks for different classes of traffic; and the hope of federating with the public Matrix network once the S2S API is finalised and suitable border gateways are available. It's not really our project to talk about, but we'll try to share as much info as we can as roll-out continues.
The Matrix Specification
A major theme throughout the year has been polishing the Matrix Spec itself for its first full stable release, having had more than enough time to see which bits work in practice now and which bits need rethinking. This all kicked off with the creation of the Matrix Spec Change process back in May, which provides a formal process for reviewing and accepting contributions from anyone into the spec. Getting the balance right between agility and robustness has been quite tough here, especially pre-1.0 where we've needed to move rapidly to resolve the remaining long-lived sticking points. However, a process like this risks encouraging the classic “Perfect is the Enemy of Good” problem, as all and sundry jump in to apply their particular brand of perfectionism to the spec (and/or the process around it) and risk smothering it to death with enthusiasm. So we've ended up iterating a few times on the process and hopefully now converged on an approach which will work for 1.0 and beyond. If you haven't checked out the current proposals guide please give it a look, and feel free to marvel at all the MSCs in flight. You can also see a quick and dirty timeline of all the MSC status changes since we introduced the process, to get an idea of how it's all been progressing.
In August we had a big sprint to cut stable “r0” releases of all the APIs of the spec which had not yet reached a stable release (i.e. all apart from the Client-Server API, which has been stable since Dec 2015 - hence in part the large number of usable independent Matrix clients relative to the other bits of the ecosystem). In practice, we managed to release 3 out of the 4 remaining APIs - but needed more time to solve the remaining blocking issues with the Server-Server API. So since August (modulo operational and project distractions) we've been plugging away on the S2S API.
The main blocking issue for a stable S2S API has been State Resolution. This is the fundamental algorithm used to determine the state of a given room whenever a race or partition happens between the servers participating in it. For instance: if Alice kicks Bob on her server at the same time as Charlie ops Bob on his server, who should win? It's vital that all servers reach the same conclusion as to the state of the room, and we don't want servers to have to replicate a full copy of the room's history (which could be massive) to reach a consistent conclusion. Matrix's original state resolution algorithm dates back to the initial usable S2S implementation at the beginning of 2015 - but over time deficiencies in the algorithm became increasingly apparent. The most obvious issue is the “Hotel California” bug, where users can be spontaneously re-joined to a room they've previously left if the room's current state is merged with an older copy of the room on another server and the ‘wrong' version wins the conflict - a so-called state-reset.
After a lot of thought we ended up proposing an all new State Resolution algorithm in July 2018, nicknamed State Resolution Reloaded. This extends the original algorithm to consider the ‘auth chain' of state events when performing state resolution (i.e. the sequence of events that a given state event cites as evidence of its validity) - as well as addressing a bunch of other issues. For those wishing to understand in more detail, there's the MSC itself, the formal terse description of the algorithm now merged into the unstable S2S spec - or alternatively there's an excellent step-by-step explanation and guided example from uhoreg (warning: contains Haskell :) Or you can watch Erik and Matthew try to explain it all on Matrix Live back in July.
Since the initial proposal in July, the algorithm has been proofed out in a test jig, iterated on some more to better specify how to handle rejected events, implemented in Synapse, and is now ready to roll. The only catch is that to upgrade to it we've had to introduce the concept of room versioning, and to flush out historical issues we require you to re-create rooms to upgrade them to the new resolution algorithm. Getting the logistics in place for this is a massive pain, but we've got an approach now which should be sufficient. Clients will be free to smooth over the transition in the UI as gracefully as possible (and in fact Riot has this already hooked up). So: watch this space as v2 rooms with all-new state resolution in the coming weeks!
Once these land and are implemented in Synapse over the coming weeks, we will be able to finally declare a 1.0!
Also on the spec side of things, it's worth noting that a lot of effort went into improving performance for clients in the form of the Lazy Loading Members MSC. This ended up consuming a lot of time over the summer as we updated Synapse and the various matrix-*-sdks (and thus Riot) to only calculate and send details to the clients about members who are currently talking in a room, whereas previously we sent the entire state of the room to the client (even including users who had left). The end result however is a 3-5x reduction in RAM on Riot, and a 3-5x speedup on initial sync. The current MSC is currently being merged as we speak into the main spec (thanks Kitsune!) for inclusion in upcoming CS API 0.5.
The Matrix.org Foundation (CIC!)
Alongside getting the open spec process up and running, we've been establishing The Matrix.org Foundation as an independent non-profit legal entity responsible for neutrally safeguarding the Matrix spec and evolution of the protocol. This kicked off in June with the “Towards Open Governance” blog post, and continued with the formal incorporation of The Matrix.org Foundation in October. Since then, we've spent a lot of time with the non-profit lawyers evolving MSC1318 into the final Articles of Association (and other guidelines) for the Foundation. This work is basically solved now; it just needs MSC1318 to be updated with the conclusions (which we're running late on, but is top of Matthew's MSC todo list).
In other news, we have confirmation that the Community Interest Company (CIC) status for The Matrix.org Foundation has been approved - this means that the CIC Regulator has independently reviewed the initial Articles of Association and approved that they indeed lock the mission of the Foundation to be non-profit and to act solely for the good of the wider online community. In practice, this means that the Foundation will be formally renamed The Matrix.org Foundation C.I.C, and provides a useful independent safeguard to ensure the Foundation remains on track.
The remaining work on the Foundation is:
Update and land MSC1318, particularly on clarifying the relationship between the legal Guardians (Directors) of the Foundation and the technical members of the core spec team, and how funds of the Foundation will be handled.
Update the Articles of Association of the Foundation based on the end result of MSC1318
Transfer any Matrix.org assets over from New Vector to the Foundation. Given Matrix's code is all open source, there isn't much in the way of assets - we're basically talking about the matrix.org domain and website itself.
Introduce the final Guardians for the Foundation.
We'll keep you posted with progress as this lands over the coming months.
Riot
2018 has been a bit of a chrysalis year for Riot: the vast majority of work has been going into the massive redesign we started in May to improve usability & cosmetics, performance, stability, and E2E encryption usability improvements. We've consciously spent most of the year feature frozen in order to polish what we already have, as we've certainly been guilty in the past of landing way too many features without necessarily applying the needed amount of UX polish.
However, as of today, we're super-excited to announce that Riot's redesign is at the point where the intrepid can start experimenting with it - in fact, internally most of the team has switched over to dogfooding (testing) the redesign as of a week or so ago. Just shut down your current copy of Riot/Web or Desktop and go to https://riot.im/experimental instead if you want to experiment (we don't recommend running both at the same time). Please note that it is still work-in-progress and there's a lot of polish still to land and some cosmetic bugs still hanging around, but it's definitely at the point of feeling better than the old app. Most importantly, please provide feedback (by hitting the lifesaver-ring button at the bottom left) to let us know how you get on. See the Riot blog for more details!
Meanwhile, on the performance and stability side of things - Lazy Loading (see above) made a massive difference to performance on all platforms; shrinking RAM usage by 3-5x and similarly speeding up launch and initial sync times. Ironically, this ended up pushing back the redesign work, but hopefully the performance improvements will have been noticeable in the interim. We also switched the entire rich text composer from using Facebook's Draft.js library to instead use Slate.js (which has generally been a massive improvement for stability and maintainability, although took ages to land - huge thanks to t3chguy for getting it over the line). Meanwhile Travis has been blitzing through a massive list of key “First Impression” bugs to ensure that as many of Riot's most glaring usability gotchas are solved.
We also welcomed ever-popular Stickers to the fold - the first instance of per-account rather than per-room widgets, which ended up requiring a lot of new infrastructure in both Riot and the underlying integration manager responsible for hosting the widgets. But judging by how popular they are, the effort seems to be worth it - and paves the way for much more exciting interactive widgets and integrations in future!
An unexpectedly large detour/distraction came in the form of GDPR back in May - we spent a month or so running around ensuring that both Riot and Matrix are GDPR compliant (including the necessary legal legwork to establish how GDPR even applies to a decentralised technology like Matrix). If you missed all that fun, you can read about it here. Hopefully we won't have to do anything like that again any time soon...
And finally: on the mobile side, much of the team has been distracted helping out France with their Matrix deployment. However, we've been plugging away on Riot/Mobile, keeping pace with the development on Riot/Web - but most excitingly, we've also found time to experiment with a complete rewrite of Riot/Android in Kotlin, using Realm and Rx (currently nicknamed Riot X). The rewrite was originally intended as a test-jig for experimenting with the redesign on mobile, but it's increasingly becoming a fully fledged Matrix client… which launches and syncs over 5x faster than today's Riot/Android. If you're particularly intrepid you should be able to run the app by checking out the project in Android Studio and hitting ‘run'. We expect the rewrite to land properly in the coming months - watch this space for progress!
E2E Encryption
One of the biggest projects this year has been to get E2E encryption out of beta and turned on by default. Now, whilst the encryption itself in Matrix has been cryptographically robust since 2016 - its usability has been minimal at best, and we'd been running around polishing the underlying implementation rather than addressing the UX. However, this year that changed, as we opened a war on about 6 concurrent battlefronts to address the remaining issues. These are:
Holistic UX. Designing a coherent, design-led UX across all of the encryption and key-management functionality. Nad (who joined Matrix as a fulltime Lead UI/UX designer in August) has been leading the charge on this - you can see a preview of the end result here. Meanwhile, Dave and Ryan are working through implementing it as we speak.
Decryption failures (UISIs). Whenever something goes wrong with E2E encryption, the symptoms are generally the same: you find yourself unable to decrypt other people's messages. We've been plugging away chasing these down - for instance, switching from localStorage to IndexedDB in Riot/Web for storing encryption state (to make it harder for multiple tabs to collide and corrupt your encryption state); providing mechanisms to unwedge Olm sessions which have got corrupted (e.g. by restoring from backup); and many others. We also added full telemetry to track the number of UISIs people are seeing in practice - and the good news is that over the course of the year their occurrence has been steadily reducing. The bad news is that there are still some edge cases left: so please, whenever you fail to decrypt a message, please make sure you submit a bug report and debug logs from *both* the sender and receiving device. The end is definitely in sight on these, however, and good news is other battlefronts will also help mitigate UISIs.
Incremental Key Backup. Previously, if you only used one device (e.g. your phone) and you lost that phone, you would lose all your E2E history unless you were in the habit of explicitly manually backing up your keys. Nowadays, we have the ability to optionally let users encrypt their keys with a passphrase (or recovery key) and constantly upload them to the server for safe keeping. This was a significant chunk of work, but has actually landed already in Riot/Web and Riot/iOS, but is hidden behind a “Labs” feature flag in Settings whilst we test it and sort out the final UX.
Cross-signing Keys. Previously, the only way to check whether you were talking to a legitimate user or an imposter was to independently compare the fingerprints of the keys of the device they claim to be using. In the near future, we will let users prove that they own their devices by signing them with a per-user identity key, so you only have to do this check once. We've actually already implemented one iteration of cross-signing, but this allowed arbitrary devices for a given user to attest each other (which creates a directed graph of attestations, and associated problems with revocations), hence switching to a simpler approach.
Improved Verification. Verifying keys by manually comparing elliptic key fingerprints is incredibly cumbersome and tedious. Instead, we have proposals for using Short Authentication String comparisons and QR-code scanning to simplify the process. uhoreg is currently implementing these as we speak :)
Search. Solving encrypted search is Hard, but t3chguy did a lot of work earlier in the year to build out matrix-search: essentially a js-sdk bot which you can host, hand your keys to, and will archive your history using a golang full-text search engine (bleve) and expose a search interface that replaces Synapse's default one. Of all the battlefronts this one is progressing the least right now, but the hope is to integrate it into Riot/Desktop or other clients so that folks who want to index all their conversations have the means to do so. On the plus side, all the necessary building blocks are available thanks to t3chguy's hacking.
So, TL;DR: E2E is hard, but the end is in sight thanks to a lot of blood, sweat and tears. It's possible that we may have opened up too many battlefronts in finishing it off rather than landing stuff gradually. But it should be transformative when it all lands - and we'll finally be able to turn it on by default for private conversations. Again, we're aiming to pull this together by the end of January.
Separately, we've been keeping a close eye on MLS - the IETF's activity around standardising scalable group E2E encryption. MLS has a lot of potential and could provide algorithmic improvements over Olm & Megolm (whist paving the way for interop with other MLS-encrypted comms systems). But it's also quite complicated, and is at risk of designing out support of decentralised environments. For now, we're obviously focusing on ensuring that Matrix is rock solid with Olm & Megolm, but once we hit that 1.0 we'll certainly be experimenting a bit with MLS too.
Homeservers
The story of the Synapse team in 2018 has been one of alternating between solving scaling and performance issues to support the ever-growing network (especially the massive matrix.org server)... and dealing with S2S API issues; both in terms of fixing the design of State Resolution, Room Versioning etc (see the Spec section above) and doing stop-gap fixes to the current implementation.
Focusing on the performance side of things, the main wins have been:
Splitting yet more functionality out into worker processes which can scale independently of the master Synapse process.
Yet more profiling and optimisation (particularly caching). Between this and the worker split-out we were able to resolve the performance ceiling that we hit over the summer, and as of right now matrix.org feels relatively snappy.
Lazy Loading Members.
Python 3. As everyone should have seen by now, Synapse is now Python 3 by default as of 0.34, which provides significant RAM and CPU improvements across the board as well as a path forwards given Python 2's planned demise at the end of 2019. If you're not running your Synapse on Python 3 today, you are officially doing it wrong.
There are also some major improvements which haven't fully landed yet:
State compression. We have a new algorithm for storing room state which is ~10x more efficient than the current one. We'll be migrating to it in by default in future. If you're feeling particularly intrepid you can actually manually use it today (but we don't recommend it yet).
Incremental state resolution. Before we got sucked into redesigning state resolution in general, Erik came up with a proof that it's possible to memoize state resolution and incrementally calculate it whenever state is resolved in a room rather than recalculate it from scratch each time (as is the current implementation). This would be a significant performance improvement, given non-incremental state res can consume a lot of CPU (making everything slow down when there are lots of room extremities to resolve), and can consume a lot of RAM and has been one of the reasons that synapse's RAM usage can sometimes spike badly. The good news is that the new state res algorithm was designed to also work in this manner. The bad news is that we haven't yet got back to implementing it yet, given the new algorithm is only just being rolled out now.
Chunks. Currently, Synapse models all events in a room as being part of a single DAG, which can be problematic if you can see lots of disconnected sections of the DAG (e.g. due to intermittent connectivity somewhere in the network), as Synapse will frantically try to resolve all these disconnected sections of DAG together. Instead, a better solution is to explicitly model these sections of DAG as separate entities called Chunks, and not try to resolve state between disconnected Chunks but instead consider them independent fragments of the room - and thus simplify state resolution calculations significantly. It also fixes an S2S API design flaw where previously we trusted the server to state the ordering (depth) of events they provided; with chunks, the receiving server can keep track of that itself by tracking a DAG of chunks (as well as the normal event DAG within the chunks). Now, most of the work for this happened already, but is currently parked until new state res has landed.
Meanwhile, over on Dendrite, we made the conscious decision to get 1.0 out the door on Synapse first rather than trying to implement and iterate on the stuff needed for 1.0 on both Synapse & Dendrite simultaneously. However, Dendrite has been ticking along thanks to work from Brendan, Anoa and APWhitehat - and the plan is to use it for more niche homeserver work at first; e.g. constrained resource devices (Dendrite uses 5-10x less RAM than Synapse on Py3), clientside homeservers, experimental routing deployments, etc. In the longer term we expect it to grow into a fully fledged HS though!
Bridging
2018 was a bit of a renaissance for Bridging, largely thanks to Half-Shot coming on board in the Summer to work on IRC bridging and finally get to the bottom of the stability issues which plagued Freenode for the previous, uh, few years. Meanwhile the Slack bridge got its first ever release - and more recently there's some Really Exciting Stuff happening with matrix-appservice-purple; a properly usable bridge through to any protocol that libpurple can speak… and as of a few days ago also supports native XMPP bridging via XMPP.js. There'll probably be a dedicated blogpost about all of this in the new year, especially when we deploy it all on Matrix.org. Until then, the best bet is to learn more is to watch last week's Matrix Live and hear it all first hand.
Modular
One of the biggest newcomers of 2018 was the launch of Modular.im in October - the world's first commercial Matrix hosting service. Whilst (like Riot), Modular isn't strictly-speaking a Matrix.org project - it feels appropriate to mention it here, not least because it's helping directly fund the core Matrix dev team.
So far Modular has seen a lot of interest from folks who want to spin up a super-speedy dedicated homeserver run by us rather than having to spend the time to build one themselves - or folks who have yet to migrate from IRC and want a better-than-IRC experience which still bridges well. One of the nice bits is that the servers are still decentralised and completely operationally independent of one another, and there have been a bunch of really nice refinements since launch, including the ability to point your own DNS at the server; matrix->matrix migration tools; with custom branding and other goodness coming soon. If you want one-click Matrix hosting, please give Modular a go :)
Right now we're promoting Modular mainly to existing Matrix users, but once the Riot redesign is finished you should expect to see some very familiar names popping up on the platform :D
TWIM
Unless you were living under a rock, you'll hopefully have also realised that 2018 was the year that brought us This Week In Matrix (TWIM) - our very own blog tracking all the action across the whole Matrix community on a weekly basis. Thank you to everyone who contributes updates, and to Ben for editing it each week. Go flip through the archives to find out what's been going on in the wider community over the course of the year! (This blog post is already way too long without trying to cover the rest of the ecosystem too :)
Shapes of Things to Come
Finally, a little Easter egg (it is Christmas, after all) for anyone crazy enough to have read this far: The eagle-eyed amongst you might have noticed that one of our accepted talks for FOSDEM 2019 is “Breaking the 100bps barrier with Matrix” in the Real Time Communications devroom. We don't want to spoil the full surprise, but here's a quick preview of some of the more exotic skunkworks we've been doing on low-bandwidth routing and transports recently. Right now it shamelessly assumes that you're running within a trusted network, but once we solve that it will of course be be proposed as an MSC for Matrix proper. A full write-up and code will follow, but for now, here's a mysterious video…
(If you're interested in running Matrix over low-bandwidth networks, please get in touch - we'd love to hear from you...)
2019
So, what will 2019 bring?
In the short term, as should be obvious from the above, our focus is on:
r0 spec releases across the board (aka Matrix 1.0)
Implementing them in Synapse
Landing the Riot redesign
Landing all the new E2E encryption UX and features
Finalising the Matrix.org Foundation
However, beyond that, there's a lot of possible options on the table in the medium term:
Reworking and improving Communities/Groups.
Reactions.
E2E-encrypted Search
Filtering. (empowering users to filter out rooms & content they're not interested in).
Extensible events.
Editable messages.
Extensible Profiles (we've actually been experimenting with this already).
Threading.
Landing the Riot/Android rewrite
Scaling synapse via sharding the master process
Bridge UI for discovery of users/rooms and bridge status
Considering whether to do a similar overhaul of Riot/iOS
Bandwidth-efficient transports
Bandwidth-efficient routing
Getting Dendrite to production.
Inline widgets (polls etc)
Improving VoIP over Matrix.
Adding more bridges, and improving the current ones..
Account portability
Replacing MXIDs with public keys
In the longer term, options include:
Shared-code cross-platform client SDKs (e.g. sharing a native core library between matrix-{'{'}js,ios,android{'}'}-sdk)
Matrix daemons (e.g. running an always-on client as a background process in your OS which apps can connect to via a lightweight CS API)
Push notifications via Matrix (using a daemon-style architecture)
Clientside homeservers (i.e. p2p matrix) - e.g. compiling Dendrite to WASM and running it in a service worker.
Experimenting with MLS for E2E Encryption
Storing and querying more generic data structures in Matrix (e.g. object trees; scene graphs)
Alternate use cases for VR, IoT, etc.
Obviously we're not remotely going to do all of that in 2019, but this serves to give a taste of the possibilities on the menu post-1.0; we'll endeavour to publish a more solid roadmap when we get to that point.
And on that note, it's time to call this blogpost to a close. Thanks to anyone who read this far, and thank you, as always, for flying Matrix and continuing to support the project. The next few months should be particularly fun; all the preparation of 2018 will finally pay off :)
