This Week in Matrix 2021-11-26

2021-11-26 — This Week in Matrix — Thib

Matrix Live 🎙

Dept of Spec 📜

anoa says

Here's your weekly spec update! The heart of Matrix is the specification - and this is modified by Matrix Spec Change (MSC) proposals. Learn more about how the process works at https://spec.matrix.org/unstable/proposals.

MSC Status

New MSCs:

MSCs with proposed Final Comment Period:

  • No MSCs entered proposed FCP state this week.

MSCs in Final Comment Period:

  • No MSCs are in FCP.

Merged MSCs:

Closed MSCs:

Spec Updates

MSC2675 (serverside aggregations) is getting lots of updates from Bruno in order to align the proposal with what is currently implemented in the wild (as it's easier to iterate on incremental improvements from a starting point grounded in reality). This MSC is a bit of a special case though, as it was implemented with stable prefixes before the MSC landed (in the before times...).

Regardless, thank you very much to Bruno for going through and finally untangling and help land aggregations in the spec! This MSC is one of four which describe how aggregations should work in Matrix, and it's great to see them finally being properly spec'd, especially as further features start to be built on top of them (such as threading!).

And finally, a further thank you to community members @ankur12-1610, @Dominaezzz for an OpenAPI schema fix!

Random Spec of the Week

The random spec of the week is... MSC3395: Synthetic appservice events!

This proposal aims to allow appservices to get ever greater visibility into what is happening on the homeserver, while still maintaining full process separation.

A lot of the time solutions to complex problems require knowing when a user has registered or logged in, with what name/3pids etc, when users change their emails, etc. Hooking into these non-room-based actions can help with developing useful features. Maybe you want an appservice that plays a sound effect whenever a user signs up to your homeserver!

These days, that is often achieved by homeserver implementation-specific solutions, such as modules in Synapse. Being able to notify of these events using a standard API shape would be hugely beneficial to generalisation of projects.

So give the proposal a look over and review if that interests you!

Some exciting MSCs this week, I've been waiting for server-side aggregations for long!

Dept of Servers 🏢

Synapse

Synapse is the reference homeserver for Matrix

callahad announces

As predicted last week, we released Synapse 1.47.1 on Tuesday. This is a security release which fixes an issue with Synapse's built-in media repository. Admins are strongly encouraged to upgrade.

Otherwise, relatively slow week: a handful of of the team have been away (Happy Thanksgiving, Americans!), but we did release Synapse 1.48.0rc1. Most importantly, this release candidate includes changes to improve the efficiency of large background updates from past releases, which should significantly reduce database load when upgrading. It also adds support for the /v3 APIs defined in version 1.1 of the Matrix specification.

We'll talk more about 1.48 when it's formally released next week, but as always, we appreciate folks trying out the release candidates and letting us know how they behave.

Administrators, keep your users safe: update as soon as you can!

Homeserver Deployment 📥️

Helm Chart

Matrix Kubernetes applications packaged into helm charts

Ananace announces

A bit of an earlier update this week, but I wanted to make sure to note that my Hem Charts have been updated to matrix-synapse 1.47.1 for the security fix - and element-web has also been bumped to 1.9.5

Dept of Bridges 🌉

mautrix-googlechat

tulir reports

mautrix-googlechat has seen lots of improvements over the past few days. New features include:

  • Bridging edits, deletions, reactions, formatting and read receipts in both directions (even /rainbow somewhat works from Matrix)
  • Bridging typing notifications and any types of files from Matrix to Google Chat
  • Bridging Google Meet links from Google Chat to Matrix
  • Syncing group members from Google Chat

(edits and deletions are only available on Google Workspace accounts, not normal accounts. I have no idea why they did that, but that's just how Google Chat works 🤷)

There's still a bug where it sometimes silently stops receiving messages, which I'm currently trying to solve (or work around). After that I'll make a v0.3.0 release. Backfilling history may also happen in the near future

Matrix Webhook Receiver

An add-on for the matrix-appservice-webhooks bridge. Webhooks are essentially web interfaces for applications to "push" data to. The bridge can receive messages in a certain format, which is nice if the notifying app can be configured. Often it cannot.

kim announces

Matrix Webhook Receiver

Do you like to receive notifications in matrix? Matrix Webhook Receiver (MWR) is an add-on for the matrix-appservice-webhooks bridge. Webhooks are essentially web interfaces for applications to "push" data to. The bridge can receive messages in a certain format, which is nice if the notifying app can be configured. Often it cannot.

This is where MWR comes in: It can receive any (JSON) content, optionally reformat it nicely (customizable!), and forward it to the webhooks bridge which will post it to a room for you. If you are running any software service, there is a good chance it can notify you via webhooks!

Right now, several example configurations exist, ready for you to use:

  • GitHub
  • GitLab (including Community Edition/self hosted)
  • Ansible Tower/AWX
  • Grafana Alerts

For example, here is the GitHub webhook as seen in #matrix-webhook-receiver:matrix.org:

More examples of apps currently in development: Prometheus Alertmanager, Jellyfin

It is also easy to use to send messages from the commandline with standard tools (curl), e.g. for your cron jobs! See the README for an example.

Some other webhook matrix things exist, but often require

  • ➖ admin access to server (appservices)
  • ➖ installing and running and maintaining a specific bot per service
  • ➖ create and set up accounts and passwords for each bot to use

In contrast, MWR requires:

  • ➖ matrix-appservice-webhooks set up on your server by your admin
  • ➖ some knowledge of how to send POST requests for one time setup. I want to improve that, suggestions are welcome!
  • ➕ MWR can be installed and run by anyone who can access the bridge
  • ➕ one single MWR supports any amount of notifying apps!
  • ➕ you don't need admin access to the server to add more apps
  • ➕ no need to develop a bot/plugin to support new apps, just write a quick jinja template
  • ➕ multiple people can use a single MWR instance by sharing HTTP basic auth credentials

Other features:

  • can post into encrypted rooms (see readme)
  • automatically generated API docs
  • message formatting presets including html markup or m.notice
  • arbitrarily customizable webhook URLs
  • list and manage currently installed webhooks in your browser (screenshot)

Links:

What a massive update! At this rate I won't need to leave my Matrix client for anything!

matrix-hookshot

A multi purpose multi platform bridge, formerly known as matrix-github

Half-Shot says

Hey folks! Some exciting new news on the bridge front: I've renamed matrix-github to matrix-hookshot to better reflect it's not-just-GitHub-ness. That's not all though, as there are new features too:

  • The bridge now supports Rust as a companion language (we're aiming to rewrite critical sections in rust). Some parts of the formatting code have already been rewritten.
  • The bridge now supports JIRA (full puppeting!)
  • The bridge now supports generic webhooks too, with the ability to write custom handling code inside the state event to process these hooks into pretty messages.
  • Basic support for GitHub discussions.

In the works:

  • A provisioning API to hook into integration managers
  • More GitLab support
  • Better GitHub discussions support

We're not quite ready for a 0.2.0 release, but please check us out at https://github.com/Half-Shot/matrix-hookshot.

An interesting update, and Half-Shot even demoes it in today's Matrix Live!

Dept of Clients 📱

Nheko

Desktop client for Matrix using Qt and C++17.

Nico says

After the 0.9.0 release last week, we have of course been busy fixing all the bugs different people reported. Messing around with the sticker pack editor and then leaving room should not make Nheko crash anymore. The problems where the flatpak has issues starting on Gnome systems are still under investigation. We thought we had a solution, but that seems to have broken other stuff! 💥

Apart from that we have been doing some after release party cleanup. Apart from some refactorings, you can now filter your rooms on whether they are a direct chat or not in the sidebar. This is in addition to the filters we already had for favourites, spaces and your other personal tags. User colors should also now be much less biased towards blue and jdenticons should have more variance. Expect the next release to be a much more colorful experience!

Speaking of colors, Twily made this awesome ZX Spectrum inspired logo after we changed our Gitlab bot to be more colorful! Check it out:

Gorgeous, I love it!

Hydrogen

Hydrogen is a lightweight matrix client with legacy and mobile browser support

Bruno says

We're still distracted with SDK work and other things less visible for users, but this week we've also released 0.2.22 that fixes login on Element One (and other servers using SSO login and not yet supporting the experimental dehydrated devices).

Element

Everything related to Element but not strictly bound to a client

kittykat says

Threads

  • On Web we’ve been working on Notifications and Badges, making sure no message goes unread.
  • On Mobile we’re building out the new Threads Panel so you can easily see all the Threads in a room.

Polls

  • The Polls team is making great progress, focusing their efforts on creating and voting on all platforms.
  • User testing sessions are coming up!

Community Testing

Element Web/Desktop

Secure and independent communication, connected via Matrix. Come talk with us in #element-web:matrix.org!

kittykat announces

  • Work continues on Information Architecture: head over to Sidebar settings on develop.element.io to see what the team are currently working on.

Element iOS

Secure and independent communication for iOS, connected via Matrix. Come talk with us in #element-ios:matrix.org!

kittykat announces

  • We’re still working hard on replacing Matomo with PostHog to improve how we collect analytics data and making the MatrixKit obsolete.
  • Adding more features to Spaces and improvements to Spaces performance is also happening.

Element Android

Secure and independent communication for Android, connected via Matrix. Come talk with us in #element-android:matrix.org!

kittykat announces

  • Voice message drafts and other improvements to this feature are underway.
  • We’re also looking to integrate PostHog on Android.

Dept of SDKs and Frameworks 🧰

simplematrixbotlib

simplematrixbotlib is an easy to use bot library for the Matrix ecosystem written in Python and based on matrix-nio.

krazykirby99999 says

simplematrixbotlib is an easy to use bot library for the Matrix ecosystem written in Python and based on matrix-nio. Version 2.4.0 provides several new features and a fix.

New Features:

  • Newlines are now supported when sending markdown messages.
  • The msgtype of text and markdown messages can now be specified. Text and markdown messages can now optionally be sent as "m.notice" to avoid alerting everybody of the new message. The default msgtype will continue to be "m.text".

New Fixes:

  • Fixed issue where the homeserver was hardcoded in an http request.

Example usage is shown below:

import simplematrixbotlib as botlib

creds = botlib.Creds("https://home.server", "user", "pass")
bot = botlib.Bot(creds)
PREFIX = '!'


@bot.listener.on_message_event
async def echo(room, message):
    match = botlib.MessageMatch(room, message, bot, PREFIX)

    if match.is_not_from_this_bot() and match.prefix() and match.command(
            "echo"):
            
        response = " ".join(arg for arg in match.args())
        await bot.api.send_text_message(room.room_id, response, "m.notice") ## Uses the msgtype of m.notice instead of m.text

bot.run()

A thank you to HarHarLinks for their contributions to version 2.4.0!

Request additional features here.

View source on Github View package on PyPi View docs on readthedocs.io https://matrix.to/#/#simplematrixbotlib:matrix.org

jOlm

Olm bindings for Java

brevilo reports

This week saw three releases of jOlm which fix a native memory management issue, an Olm API (buffer) issue and add a few other improvements. Everyone is strongly encouraged to update to the latest release.

Notes:

  • ✅ Bugfix and maintenance releases
  • ✅ Up to date with Olm 3.2.6

Changelog:

  • Fixed the backing store retention for all Olm instances
  • Fixed a buffer issue in InboundGroupSession.decrypt()
  • Ensured conversions of variable native strings are trimmed
  • Centralized conversions to canonical JSON
  • Completed initial set of unit tests (effectively full coverage now)

Cheers!

The only Java bindings of Olm to my knowledge, that's some very valuable work here!

Dept of Ops 🛠

synadm

Command line admin tool for Synapse (Matrix reference homeserver)

jojo reports

synadm v0.32 is out!

My personal favorites of the new features are:

  • Dates and times in several subcommands are translate the admin API's UNIX epoch timestamps to a human readable format.
  • synadm room list now displays room aliases (#room:your.homeserver)

Read the full release notes here: https://github.com/JOJ0/synadm/releases/tag/v0.32

synadm is very useful as a homeserver administrator. Thanks JOJ0

Dept of Bots 🤖

maubot

A plugin-based Matrix bot system.

tulir reports

maubot v0.2.0 was released last weekend. Highlights:

  • Enabling encryption should be much easier: the device ID can be entered in the web UI or you can just do mbc auth --update-client to automatically log in and store the access token and device ID in maubot.
  • mbc auth can now log in with SSO.
  • The standalone mode for running a single plugin with a static config is now mostly functional and somewhat documented.

Also, I finally took a day to figure out Sphinx/autodoc and made some decent-looking autogenerated docs for mautrix-python. I'll probably extend that to generate maubot-specific API references too eventually.

Dept of Interesting Projects 🛰️

MinesTRIX

A privacy focused social media based on MATRIX

Henri Carnot announces

Quick update on MinesTRIX (a privacy focused social media based on MATRIX). This week was focused on performance and stability.

  • Changed database to use Fluffybox, this should greatly improve performances on web (thanks Famedly !)
  • Scrolling through the posts of a profile now properly request history.
  • Friend suggestions are now sorted according to the sum of user appearance in all rooms. Naïve, but it's the first step.
  • Chat page has also been redesigned. Now support replies and reactions. Chat settings now display room avatar and fetch user list from server.
  • Bug affecting MinesTRIX profile creation has been fixed. Login process should be way more stable now.
  • Minestrix rooms sync has been rewritten to take into account sync events to rebuild the list.
  • Debug page now allow forcing sorting rooms.
  • Various post display enhancement (links are now clickable, thanks kellya!)

Come chat with us : #minestrix:carnot.cc

That's one exciting project, I can't wait to see how far it's going!

Sign in with Matrix

Mish says

Federated sign-in component for your web app (using Matrix)

This week's update:

  • Gained 180 stars on GitHub since release (thanks!)
  • Added login states, accessible from the API
  • Sign out
  • Added CSS styling via variables
  • Updated demo

more on https://github.com/mishushakov/signin-with-matrix

As last week, a note to keep in mind that this is a community project and that there is a MSC to make Matrix more OAuth2 friendly. More on that very soon!

Dept of Built on Matrix 🏗️

Matrix Forms

Mish reports

First release of "Matrix Forms", a project which redirects form submissions to designated Matrix rooms

Features:

  • Server-side, no additional JavaScript
  • Rich formatting
  • Many forms on same instance
  • File uploads
  • Templates
  • CORS
  • Metadata accessible for bots

Can be installed using NodeJS or Docker

Final Thoughts 💭

Server_Stats

MTRNord says

Today is a good day for those calling me a spy, someone not wanting to care about privacy and for those who did publicly harass me for server_stats.

People using the API likely already noticed it wasn't reachable for a while. Effective immediately I am currently leaving all rooms the bot is part of. This will take days or even months considering this are 6397 rooms at the time of writing. I am not going into the motives of why I am shutting it down. It comes down to personal reasons.

There won't be any dump of the data. The source will be kept public. Note though if anyone ever tries to run it that you need about 600GB of space for synapse, a lot of CPU, a lot of RAM and plenty of workers as this can easily crash synapse.

Server_Stats was an incredibly useful project. It pains me a lot to see it go, but it pains me even further that its author got harrassed. This is not an acceptable behaviour, and we are better than that as a community. Thanks for this incredible project MTRNord, it's been both exciting and useful.

Dept of Ping 🏓

Here we reveal, rank, and applaud the homeservers with the lowest ping, as measured by pingbot, a maubot that you can host on your own server.

#ping:maunium.net

Join #ping:maunium.net to experience the fun live, and to find out how to add YOUR server to the game.

RankHostnameMedian MS
1boba.best413
2kapsi.fi508.5
3maescool.be528
4envs.net540.5
5converser.eu547
6matrix.org577
7thesilentlink.org838
8matrix.markshorten.co.uk1068
9aria-net.org1217
10trygve.me2137

#ping-no-synapse:maunium.net

Join #ping-no-synapse:maunium.net to experience the fun live, and to find out how to add YOUR server to the game.

RankHostnameMedian MS
1dendrite.neilalexander.dev430.5
2grin.hu555.5
3matrix.org1027
4dendrite.matrix.org1056
5matrix.awesomesheep48.me1191
6sspaeth.de1251.5
70x1a8510f2.space3350.5
8spooks.cyou10963.5

That's all I know 🏁

See you next week, and be sure to stop by #twim:matrix.org with your updates!

Synapse 1.47.1 released

2021-11-23 — Releases, Security — David Robertson

Today we are releasing Synapse 1.47.1, a security update based on last week's release of Synapse 1.47.0. This release patches one high severity issue affecting Synapse installations 1.47.0 and earlier using the media repository. An attacker could cause these Synapses to download a remote file and store it in a directory outside the media repository.

Note that:

To quote from the advisory:

GHSA-3hfw-x7gx-437c / CVE-2021-41281: Path traversal when downloading remote media.

Impact

Synapse instances with the media repository enabled can be tricked into downloading a file from a remote server into an arbitrary directory, potentially outside the media store directory.

The last two directories and file name of the path are chosen randomly by Synapse and cannot be controlled by an attacker, which limits the impact.

Homeservers with the media repository disabled are unaffected. Homeservers configured with a federation whitelist are also unaffected.

The advisory has full details, including workarounds.

This issue was discovered and fixed by our internal security team.

Please update at your earliest convenience.

This Week in Matrix 2021-11-19

2021-11-19 — This Week in Matrix — Thib

Friday already? Did this week already happen? It looked like the spacetime continuum was broken and we didn't know who did it. We needed witnesses to solve the case: did things really happen this week? And the witnesses showed up! A huge thanks to everyone in the Matrix community who reported their progress, and to everyone currently working on making awesome projects around Matrix!

The case is closed: the week has not been stolen from us. Time appears to have wings, and flies faster than we had anticipated.

Matrix Live 🎙

A very very dense and exciting wrap up of what's happening these days in the Matrix space by Matrix Foundation co-founders Matthew & Amandine! Matrix is stepping up a gear with blazing fast Sync v3, Threading Support, VoIP, VR, a new release of the Spec, always more monthly active users, a full security audit and progress on P2P.

Dept of Spec 📜

anoa says

Here's your weekly spec update! The heart of Matrix is the specification - and this is modified by Matrix Spec Change (MSC) proposals. Learn more about how the process works at https://spec.matrix.org/unstable/proposals.

MSC Status

New MSCs:

MSCs with proposed Final Comment Period:

  • No MSCs entered proposed FCP state this week.

MSCs in Final Comment Period:

Merged MSCs:

Spec Updates

This week we finally, finally had one of the aggregation-related MSCs, MSC2674 (event relationships) enter final comment period! This MSC, along with several others, document the stuff that powers message edit, reactions, the upcoming threading and polls MSCs, and much more! So it's really great to see the MSCs start to actually land.

Speaking of threading MSC3440 has had a good amount of review from the Spec Core Team last week. Threading in Matrix has been a long awaited feature for chat applications - as well as helping extend the flexibility of Matrix as a data structure even further. The MSC relies on both MSC2674 and MSC2675 (or a modified version of it), so the latter will be an area of focus for review for next week.

Spec PRs

It seems that the recent Matrix v1.1 has drummed up some more community support for spec PRs. Thank you to everyone who's sent in clarifications, changes and even typo fixes. In particular, @ankur12-1610 for fixes to the OpenAPI fields, and for typo corrections in the spec copy, and @Dominaezzz for helping review them. Thank you both!

Random Spec of the Week

The random spec of the week is... MSC2867: Marking rooms as unread!

This is definitely a feature that I would love to have for chat. Note that this MSC proposes marking a room as unread, rather than a specific point in the room's timeline. This is intentional as noted in the document, as the latter is more complicated, as it intersects with sending out read receipts to other users.

Dept of Servers 🏢

Synapse

Synapse is the reference homeserver for Matrix

dmr announces

Note: we plan to release a security release, Synapse 1.47.1 on the coming Tuesday, 23rd of November; see the predisclosure.

We released Synapse 1.47.0 after squashing a couple of problems related to database migrations remaining in 1.47.0rc2. Briefly, this release includes

  • new features for users of the admin and module APIs;
  • a number of long-standing bug fixes, including a thorny bug which prevented joining certain old rooms; and
  • continuing efforts to prototype new MSCs and improve type coverage.

The blog post has a better summary, and GitHub has the full gory details.

We also released Sydent 2.5.1, a minor release which improves the way we handle and log various error cases.

Thank you as ever to our community contributors, and everyone out there who's using Synapse to communicate!

dmr also reminds us

When we release the fix, the changes will be publicly known and bad actors will have the ability to deduce the vulnerability. Most servers don't run release candidates, so releasing the fix in an RC will mean there's a larger window for an attacker to exploit the problem. Internally, there will be an RC deployed to test homeservers and eventually matrix.org. This means we'll be able to confidently recommend the upgrade to server administrators.

dkasak adds

And that's the very reason we have dedicated security releases, instead of just rolling the security fixes into a feature release. The security release doesn't contain anything new apart from the security fix so it minimizes the chance of things going wrong.

Keep your servers up to date, and your users safe, administrators!

Homeserver Deployment 📥️

Helm Chart

Matrix Kubernetes applications packaged into helm charts

Ananace says

Would you believe it? This week has also seen updates to my Helm Charts, with matrix-synapse having been updated to 1.47.0

Dept of Bridges 🌉

Heisenbridge

Heisenbridge is a bouncer-style Matrix IRC bridge.

hifi says

Release v1.7.0 🥳

  • Implement "best effort" basic IRC moderation in plumbed rooms if bot has ops on IRC
  • Allow configuring topic sync for plumbs (IRC<->Matrix or one way)
  • Allow using forward slash (/) as MXID separator for IRC ghosts
  • Bump max mautrix version to <0.12
  • Small fixes

Plumb moderation! If the bridge bot has ops on IRC it will do its best to map kicks and bans (regarding IRC users) from Matrix. This definitely isn't perfect and is meant as a convenience.

Topic synchronization is now configurable for plumbs as well to make it possible to share the same topic between an IRC channel and a plumbed Matrix room. Default is still off and it requires the bridge bot to have enough PL to work.

The separator for IRC ghosts can now be changed to forward slash (/) from the default underscore (_). This happens by modifying the regex in the registration file. Only do this for new installations and it will cause all IRC users to duplicate in rooms who you can't remove and probably other bad side effects as well. The default may be changed in the future.

There were lots of refactoring issues so I hope I fixed all of them 🙈.

Best effort your fix from GitHub, PyPI or matrix-docker-ansible-deploy!

Thanks!

Yet another week, yet another great update on Heisenbridge. At this rate Heisenbridge will reach perfection and hifi will run out of things to report!

Dept of Clients 📱

Nheko

Desktop client for Matrix using Qt and C++17.

Nico reports

So, Nheko has a small little release this morning! Okay, that's a lie, it was actually pretty big! You can find the full changelog and some of our binaries here: https://github.com/Nheko-Reborn/nheko/releases/tag/v0.9.0

As always, thank you everone, who contributed. There were over 30 authors this release! If you haven't tried Nheko in a while, give it a whirl. Lots of stuff changed, some things might not even have been mentioned in TWIM! I put the first few lines of the changelog below for your convenience:

Highlights

  • Somewhat stable end to end encryption 🔐
    • Show the room verification status
    • Configure Nheko to only send to verified users
    • Store the encryption keys securely in the OS-provided secrets service.
    • Support online keybackup as well as sharing historical session keys.
  • Crosssigning bootstrapping 🔄
    • Crosssigning is used to simplify the verification process. In this release Nheko can setup crosssigning on a new account without having to use a different client.
    • Nheko now also prompts you, if there are any unverified devices and asks you to verify them.
  • Room directory (Manu) 📂
    • Search for rooms on your server and other servers. (Prezu)
    • If their topic interests you and it has the right amount of members, join the room and the discussion!
  • Custom sticker packs 🐈‍⬛
    • Add a custom sticker picker, that allows you to send stickers from MSC2545.
    • Support creating new sticker (and emote) packs.
    • You can share packs in a room and enable them globally or just for that room.
  • Token authenticated registration (Callum) 🎫
    • Sign up with a token to servers, that have otherwise disabled registration.
    • This was done as part of GSoC and makes it easier to run private servers for your family and friends!

Features

  • Support email in registration (required on matrix.org for example)
  • Warn, if an @room would mention the whole room, because some people don't like that.
  • Support device removal as well as renaming. (Thulinma)
  • Show your devices without encryption support, when showing your profile. (Thulinma)
  • Move to the next room with unread messages by pressing Alt-A. (Symphorien)
  • Support jdenticons as a placeholder for rooms or users without avatars. (LorenDB)
  • Properly sign macOS builds.
  • Support animated images like GIF and WebP.
    • Optionally just play them on hover.
  • Support accepting knocks in the timeline.
  • Close a room when clicking it again. (LorenDB)
  • Close image overlay with escape.
  • Support .well-known discovery during registration.
  • Limited spaces support.
    • No nice display of nested spaces.
    • No previews of unjoined rooms.
    • No way to edit a space.
  • Render room avatar changes in the timeline. (BShipman)
  • Support pulling out the sidebar to make it wider.
  • Allow editing pending messages instead of blocking until they are sent. (balsoft)
  • Support mnemonics in the context menus. (AppAraat)
  • Support TOFU for encryption. (Trust on first use)
  • Right click -> copy address location.
  • Forward messages. (Jedi18)
  • Alt-F to forward messages.
  • A new video and audio player, that should look a bit nicer.

As always, come check us out and chat about Nheko in #nheko:nheko.im

That's one massive update for Nheko! Thanks Nheko contributors!

Element

Everything related to Element but not strictly bound to a client

Nad says

Threads

  • We’ve been polishing UI, and updating notifications on Web
  • On Mobile, we’ve updates iOS & Android to be threads aware, live in the next release
  • We also tested Threads more widely in a community testing session (thanks to all who attended!)

Polls

  • We’re making good progress on polls on all platforms
  • Aiming to get poll creation, voting and the ability to see results working in all platforms in our current sprint, to then move to wider testing

Community Testing

  • Two successful testing sessions on VoIP and Threads (first community testing session on iOS!)
  • Squashed 26 Android VoIP bugs
  • No sessions this coming week, but we’ll be back the week after

Element Web

Secure and independent communication, connected via Matrix. Come talk with us in #element-web:matrix.org!

Nad reports

Element iOS

Secure and independent communication for iOS, connected via Matrix. Come talk with us in #element-ios:matrix.org!

Nad says

  • We fixed regressions reported on our previous release candidates. Sorry for the delay but the current release candidate 1.6.8 should be available on the App Store on Monday
  • The work to replace Matomo by PostHog has been resumed
  • We are still working on making the MatrixKit obsolete
  • Space creation / invites: will start design and code review starting next week
  • Start space management integration in rooms

Element Android

Secure and independent communication for Android, connected via Matrix. Come talk with us in #element-android:matrix.org!

Nad updates us with

  • Element Android 1.3.8 with support for Android 12 has been released on the PlayStore (beta channel) Wednesday. Full changelog: https://github.com/vector-im/element-android/releases/tag/v1.3.8 . The SDK 1.3.8 has also been released. If everything is fine, the app will be promoted to production and to F-Droid on Monday. The README of the project has been updated to clarify the release process: https://github.com/vector-im/element-android#releases-to-app-stores
  • Voice message draft is currently under active development. We want the feature to work well before we release it, and it was an opportunity to rework the whole feature, to improve its architecture.
  • Still working on the timeline rework.

Dept of Non Clients 🎛️

time-to-matrix

The time command, but it sends the output to a Matrix room

Aine reports

after the Miounne update posted a minute ago here is another one, and it's about time: Time To Matrix (ttm) got v1.4.0 release!

Time To Matrix is a time-like command that will send end of an arbitrary command output and some other info (like exit status) to matrix room.

With new release, following things were added:

  • arch linux AUR package
  • automatic room alias resolving, so you can use #ttm:etke.cc instead of !XODRhTLplrymaFicdK:etke.cc
  • help message and human-readable errors
  • option to change message type (m.text or m.notice)
  • option to omit plaintext and send only html-formatted message (to get some more space for log)
  • option to override message type to m.notice if the command exits with non-zero exit code (by default m.text is sent, so you will get m.notice on failure)

Go check out the source code and say hello in #ttm:etke.cc

Dept of SDKs and Frameworks 🧰

simplematrixbotlib

simplematrixbotlib is an easy to use bot library for the Matrix ecosystem written in Python and based on matrix-nio.

krazykirby99999 reports

Version 2.3.0 Released!

simplematrixbotlib is an easy to use bot library for the Matrix ecosystem written in Python and based on matrix-nio. Version 2.3.0 adds support for additional configuration via config files and other methods. Currently, there is only one setting that can be changed, however many existing and future features will be able to be enabled or disabled via this config.

Example usage is shown below:

"""
random_user
     !echo something
echo_bot
     something
"""

import simplematrixbotlib as botlib

creds = botlib.Creds("https://home.server", "user", "pass")

config = botlib.Config()
config.load_toml("config.toml")

bot = botlib.Bot(creds, config)
PREFIX = '!'

@bot.listener.on_message_event
async def echo(room, message):
     match = botlib.MessageMatch(room, message, bot, PREFIX)

     if match.is_not_from_this_bot() and match.prefix() and match.command("echo"):
          await bot.api.send_text_message(room.room_id,
                                " ".join(arg for arg in match.args()))

bot.run()

An example of a toml config file is shown below.

[simplematrixbotlib.config]
join_on_invite = false

Request additional features here.

View source on Github View package on PyPi View docs on readthedocs.io #simplematrixbotlib:matrix.org

Dept of Ops 🛠

Mother Miounne

The backoffice of etke.cc service

Aine reports

ding-dong Mother Miounne v2.2.0 is here!

Miounne is a backoffice of the etke.cc service.

New release brings notifications for integrated services:

  • buymeacoffee notifications on new purchase, supporter, subscription and unsubscription (can be configured independently)
  • matrix-registration notifications for new and used invite tokens (can be configured independently)

Go check out the source code and say hello in #miounne:etke.cc

Dept of Bots 🤖

Mjölnir

The moderation bot for Matrix

Yoric announces

Mjölnir v1.2.1 released

  • New feature: if a user on your homeserver reports abuse, Mjölnir may now show the abuse report in your moderation room and offer you two-click moderation options. This feature is considered a preview for the time being.
  • Performance improvements for protections that need to lock back in the history of a room, decreasing the number of cases in which we could end up timing out.
  • Many improvements to testing.

Note: Any rumor of a v1.2.0 Docker image borked by yours truly is sadly true. There should be no risk in 1.2.0 but, to be on the safe side, if you have updated to 1.2.0, please update to 1.2.1.

That's one feature I've wanted for a while, and it's going to make moderation a lot easier! Thanks Mjolnir teams for keeping us safe!

Dept of Interesting Projects 🛰️

MinesTRIX

Henri Carnot says

Hi all !!

Today I want to showcase you MinesTRIX. MinesTRIX is a decentralized social media based on matrix. The goal is to create a privacy respectful social media using the power of matrix while trying to be as simple as possible.

Two Objectives

  • Showing that matrix could be used to build such a system.
  • Helping find your friends using matrix

Currently supported

  • Posting
  • Adding and accepting friends
  • Basic post management
  • Creating groups, posting and adding users to it
  • E2EE device verification (thanks FluffyChat !!)
  • Cross platform thanks to Flutter (Android, iOS, Linux, Windows, MacOS, WEB)

Now what ?

  • Stability fixes
  • Finding a logo ;)
  • Bring sharing functionality for public groups.
  • Adding support for the Circle application.
  • Enhance the friends' suggestion algorithm (Currently it's a really naïve one :D)
  • Add reactions for chats and posts

🚀 About Demo 🏗️ Gitlab Chat

That's a fascinating client, it looks absolutely fantastic! It reminds me a little of Cerrulean. Good job Henri!

Matrix Login

Paul says

There was the "Sign in with Matrix" project recently

I tried to do something similar with https://matrix-login.lyc.fi / https://gitlab.com/ptman/matrix-login

An important note on the interesting projects using Matrix for the login: those are community projects, and there are MSCs in the works to "do it right" at the Spec level!

As Matthew Hodgson reported in a comment on Hacker News :

The direction we're headed in the Matrix spec core team is instead towards replacing Matrix's current auth mechanisms with normal Open ID Connect (rather than wrapping our own OIDC-like thing, as we do today) - as per https://github.com/sandhose/matrix-doc/blob/msc/sandhose/oauth2-profile/proposals/2964-oauth2-profile.md The common login flow would then be for users to be authed by their server using a trusted OIDC identity provider, rather than ever trusting arbitrary clients with their credentials.

Dept of Guides 🧭

Austin Huang announces

I have compiled a list of public homeservers available for registration, since previous such efforts to make these homeservers more discoverable fell through. This list serves as a sanitized version of the asra.gr list, with only homeservers intended for public consumption included. It is a static list and does not include pings, but rather than focusing on the technical aspect, my list has an emphasis on the written rules of a homeserver, which I believe to play a larger role in the Matrix experience. Hope this can spark other efforts in maintaining a better list!

That's one very useful list of hand curated servers! The transparency about the inclusion criteria is very much appreciated. Good job!

Room of the Week 📆

Timo ⚡️ announces

Hi everyone! Did you ever feel lost in the Matrix world? The room directory is big, but it's still hard to find something you like. Or are you a room moderator, but there is not much activity in your room because it doesn't have enough users?

This is why I want to share rooms (or spaces) I find interesting.


This week's room is: #travel:hacklab.fi

"Discussion about destinations, culture, hotels, flights etc.. English only, be nice to each other."


If you want to suggest a room for this section, tell me in #roomoftheweek:fachschaften.org

Dept of Ping 🏓

Here we reveal, rank, and applaud the homeservers with the lowest ping, as measured by pingbot, a maubot that you can host on your own server.

#ping:maunium.net

Join #ping:maunium.net to experience the fun live, and to find out how to add YOUR server to the game.

RankHostnameMedian MS
1matrix.sp-codes.de517.5
2envs.net591
3converser.eu863
4matrix.markshorten.co.uk959
5aria-net.org1120
6matrix.liamgooch.com1219
7dieholzkatze.de1396.5
8somnet.io1791
9matrix.nicfab.it2048
10trygve.me2147

#ping-no-synapse:maunium.net

Join #ping-no-synapse:maunium.net to experience the fun live, and to find out how to add YOUR server to the game.

RankHostnameMedian MS
1dendrite.nordgedanken.dev485
2sspaeth.de648.5
3devnullsystem.org874.5
4dendrite.neilalexander.dev943
5matrix.awesomesheep48.me1016.5
60x1a8510f2.space5969

That's all I know 🏁

See you next week, and be sure to stop by #twim:matrix.org with your updates!

Pre-disclosure: upcoming security release of Synapse 1.47.1

2021-11-18 — Security — Matrix Security

On Tuesday, 23rd November we plan to release Synapse 1.47.1 at 12:00 UTC to address a single high severity issue. This vulnerability was discovered internally by our security team. Synapse is a Matrix homeserver implementation developed by the matrix.org team and the wider Matrix community.

If you're a server administrator running Synapse, please be prepared to upgrade as soon as the patched version is released.

We will be reaching out to downstream packagers to ensure they can prepare patched versions of affected packages at the time of the release. The details of the vulnerability will be disclosed in a blog post on the day of the release. There is so far no evidence of the vulnerability being exploited in the wild.

Thank you for your patience while we work to resolve this issue.

Edit, 2021-11-19: The opening paragraph was amended to note that the vulnerability was discovered internally.

Edit, 2021-11-22: The opening paragraph was amended to include a release time of 12:00 UTC.

Synapse 1.47.0 released

2021-11-17 — Releases — David Robertson

Synapse 1.47.0 is out now!

NOTE: We anticipate publishing a security release, Synapse 1.47.1, on the coming Tuesday, the 23rd of November.

Synapse 1.47.1 will contain a fix for a high severity issue.

Synapse 1.47.0 features additions to the admin and module APIs, a plethora of fixes for long-standing bugs, and a raft of internal improvements. Server administrators should note that this release removes a deprecated API for deleting a room and deprecates a module callback. Consult the upgrade notes for more details.

New admin and module APIs

Administrators can now search for rooms by their ID or alias. We hope this will be particularly useful for projects like synapse-admin! We've also exposed an API to allow admins to control Synapse's background updates. And while it's not strictly an API change, there's a small patch which makes it easier for homeservers to redirect matrix traffic to port 443.

Authors of pluggable modules have some new toys to play with. There's a way to listen for new events; a means to retrieve room state and the ability to edit a user's membership of a room.

Bug Fixes and Refactors

We fixed a variety of different bugs in this release, many of which were long-standing. It's good to see them dealt with! Worth mentioning in particular:

Additionally, work continues on improving type-checking coverage, both in Synapse and in Sygnal.

Sydent 2.5.1

This week also saw the release of Sydent 2.5.1, the reference implementation of a Matrix Identity Server. This is a minor release which mainly tidies up error handling to reduce the amount of noise in logs. It should also make it easier for us to diagnose some outstanding bugs which remain to be squashed.

Everything Else

In the background, we're still working away at implementing MSC3440 to facilitate threading. Early tests are promising. We're also exploring MSC2775 as a means to speed up room joins. Both will be long term projects that should hopefully reap major rewards for the Matrix ecosystem. Lastly, there's support for MSC3228 to allow identity servers to provide bespoke invites to spaces. We mentioned this last time in Sydent release notes; now we've got support for it on the Synapse side.

Please see the Synapse Release Notes for a complete list of changes in this release.

Synapse is a Free and Open Source Software project, and we'd like to extend our thanks to everyone who contributed to this release, including Dirk Klimpel, JohannesKleine, l00ptr, Nick Barrett, rogersheu, Samuel Philipp, Skyler Mäntysaari and Sumner Evans.

This Week in Matrix 2021-11-12

2021-11-12 — This Week in Matrix — Thib

Matrix Live 🎙

This week my guest is Greg who's been organising the Ansible Contributor Summit on Matrix, and who is happy about it!

Dept of Spec 📜

anoa announces

Here's your weekly spec update! The heart of Matrix is the specification - and this is modified by Matrix Spec Change (MSC) proposals. Learn more about how the process works at https://spec.matrix.org/unstable/proposals.

MSC Status

New MSCs:

MSCs with proposed Final Comment Period:

  • No MSCs entered proposed FCP state this week.

MSCs in Final Comment Period:

Merged MSCs:

  • No MSCs were merged this week.

Spec Updates

Matrix v1.1 was released! Read the blog post here if you missed it; it summarises everything that's new in v1.1, as well as plans for the future. Now that the new spec build pipeline and release infrastructure is in place, we're aiming for roughly quarterly releases going forward. Thank you all for being so patient in the meantime!

Random Spec of the Week

The random spec of the week is... MSC1767: Extensible event types & fallback in Matrix (v2) (yes it really chose that).

Extensible events is something that has been a long time coming in Matrix. It unlocks so much potential, and is even currently being built on (see MSC3381 (polls)). Definitely one of the next big ticket items to tackle in the medium term.

Dept of Servers 🏢

Synapse

Synapse is the reference homeserver for Matrix

dmr says

Dan (aka callahad) is away this week, so let me report on his behalf.

We cut a release candidate for Synapse (1.47.0rc2, but see the changelog for rc1). It exposes new functionality for pluggable modules and new endpoints to the Admin API. We've fixed a bunch of long-standing bugs and continued to drive forward efforts to improve documentation and code quality. Thank you to all of our contributors!

With future releaes in mind, we've been continuing work to support threading and E2EE application services. We've also been prototyping a new Admin API to remove users from all rooms belonging to a certain space.

Elsewhere, we've been doubling down on our effort to improve reliability and maintainability of our services as a whole. Sydent and Sygnal have a number of PRs in flight for both, aimed at improving type coverage and driving down error noise in the logs. We've drafted a blog post to summarise the process of type annotating mypy (keep your eyes out for that one). We also worked to make the matrix.org database more resilient, and made changes to improve the experience of rolling out upgrades to Synapse en masse.

Homeserver Deployment 📥️

Helm Chart

Matrix Kubernetes applications packaged into helm charts

Ananace says

Another week, another update on my Helm Charts - seeing element-web bumped to 1.9.4

Dept of Bridges 🌉

Vermicularis

mijutu announces

Vermicularis is a script for forwarding messages from Päikky to Matrix. Päikky is a parent-teacher communication website and mobile app for daycare and pre-school. git clone https://k2c42.dy.fi/git/vermicularis.git and join #paikky:ellipsis.fi to give feedback

mijutu also tells us

Päikky was created by a group of parents who wanted to make communication with daycare staff easier. They started a company and later sold it to Abilita. Päikky is currently used in 40+ municipalities in Finland and also in some private daycare companies too.

Päikky is also used for reserving daycare times for kids.

Heisenbridge

Heisenbridge is a bouncer-style Matrix IRC bridge.

hifi says

Release v1.6.0 🥳

  • Make reconnect loop more robust
  • Sensitive flag for MSG and NICKSERV to hide it from network room (for AUTOCMD)
  • Improved STATUS for admin room and simple STATUS for network rooms
  • Small fixes

Not much going on this week. Hopefully the reconnect refactor doesn't cause any breakage as it fixed multiple issues that have been around since the inception of Heisenbridge.

Vacuum your fix from GitHub, PyPI or matrix-docker-ansible-deploy!

Thanks!

Dept of Clients 📱

Nheko

Desktop client for Matrix using Qt and C++17.

Nico says

Do you love bugs as much as I do? ♥🐛♥

I guess not. For that reason bug fixing in Nheko for the next release continues. We fixed a super annoying issue, where loading keys from the online backup could make Nheko stuck in a flickering mode with no way to interact with it anymore. You can now also click anywhere on a read receipt to open someones profile instead of just their avaitar, edited messages now also show as redacted, if only the original message got redacted and don't lose the reply in encrypted rooms, if the edit was sent by a client, that is not Nheko. You also used to get logged out after registration, which should finally be resolved. There were also a bazillion translation updates! Thank you, everyone who contributed to those.

We also finally merged the prettier video player, which also fixes a video playback issue on macOS. Try it out and give us feedback on it!

We are still hunting down some last bugs, but expect the release soon now. In the meantime, I did start summarizing the changes, if you want to see what will be in the next release: https://github.com/Nheko-Reborn/nheko/blob/master/CHANGELOG.md#090----unreleased

That's all and have a great weekend!

Element

Everything related to Element but not strictly bound to a client

Nad announces

Threads

  • Message threading is coming to Element! If you haven’t yet, head to develop.element.io and ensure ‘Enable threading’ is turned on in Labs to test on the web.
  • We’re spinning up development on iOS & Android as we speak.
  • We’ll also be running the first Threads community testing session next Thursday (18th Nov) at 17:00 GMT. Come join us in #element-community-testing:matrix.org!
  • Threads are backed by MSC3440.

Polls

  • We also recently started implementing Polls.
  • On the web/desktop, we’ve implemented poll creation and displaying them in the timeline. Next up is implementing voting.
  • Mobile development started recently too, with Android slightly ahead of iOS.
  • Polls are backed by MSC3381.

Community Testing

  • As well as the community testing on Threads, we’ll also be hosting our next testing session for Android on Wednesday (17th), with the time to be confirmed. If you’d like to be involved, join us in #element-community-testing:matrix.org.

Element Web

  • In the background, if you’ve been paying close attention to our issue tracker, you might have noticed lots of changes to our triage & issue workflows over the past couple of months. We’re continuing to iterate on these, extending the best learnings to iOS & Android too.
  • We recently started a project to improve the info architecture/layout of our apps, starting on the web first. We’re merging our first tweaks and experiments soon, so expect exciting things to be landing on develop!
  • We’re continuing to implement more Space creation & management support on iOS. We’ve added in Space creation screens (implemented in SwiftUI!) and we’re polishing inviting people to Spaces.
  • We’ve also been conducting user research to see what parts of the app are tripping users up, and working on fixes to various issues. Expect tweaks to land soon!
  • Otherwise, we’re also merging & testing release candidates for upcoming releases, merging several branches.

Element Android

  • We’ve been conducting the same user research on Android, watch this space for more tweaks & improvements coming soon!
  • Otherwise, we’re also fixing up some smaller issues specific to Android 12.

Cinny

Cinny is a Matrix client focused on simplicity, elegance and security

ajbura reports

Features

  • Landing page redesign
    • Full UIAA implementation means now you can register an account on any hs that allow
    • Configure default homeserver with options to add more than one.
    • Can use http when looking for homeserver
  • Enhanced invite list UX
  • Added logout in loading screen
  • Hide pinned space notification from home icon
  • Add option to select role on roomCreation
  • Added Invite/disinvite option in profile viewer

Bugs

  • Fix commands activating anywhere in the input
  • Fix duplicate and minus notification count
  • Fix links splitting across line mid-word

Find more about Cinny at https://cinny.in/ Join our channel at: #cinny:matrix.org Github: https://github.com/ajbura/cinny Twitter: https://twitter.com/@cinnyapp

Dept of Non Clients 🎛️

time-to-matrix

The time command, but it sends the output to a Matrix room

Aine announces

It's time! time-to-matrix (ttm) v1.2.0.

A time-like command that will send end of an arbitrary command output and some other info (like exit status) to matrix room. Useful when you need to run something in terminal and get a ping when it's done.

Since the last ttm news in TWIM new options were added:

  • matrix auth with access token - useful for SSO when you don't have actual login/password pair
  • skip time info
  • skip html formatting (doubles allowed log size in message)
  • post full log output to matrix (with auto-shrinker to avoid "message is too big" error)

Source code, releases for all major platform and architectures, and #ttm:etke.cc room

Dept of SDKs and Frameworks 🧰

simplematrixbotlib

simplematrixbotlib is an easy to use bot library for the Matrix ecosystem written in Python and based on matrix-nio.

krazykirby99999 reports

Version 2.2.0 Released!

Version 2.2.0 adds support for authentication via access_tokens. In addition to username/access_token, it is possible to authenticate using username/password and login(SSO) token.

Example usage is shown below:

"""
Example Usage:

random_user
      !echo something

echo_bot
      something
"""

import simplematrixbotlib as botlib

creds = botlib.Creds(
    homeserver="https://example.org",
    username="echo_bot",
    access_token="syt_c2...DTJ",
    )
bot = botlib.Bot(creds)
PREFIX = '!'


@bot.listener.on_message_event
async def echo(room, message):
    match = botlib.MessageMatch(room, message, bot, PREFIX)

    if match.is_not_from_this_bot() and match.prefix() and match.command(
            "echo"):

        await bot.api.send_text_message(room.room_id,
                                        " ".join(arg for arg in match.args()))


bot.run()

Request additional features here.

View source on Github View package on PyPi View docs on readthedocs.io Join Matrix Room

Halcyon

Halcyon is an easy to use matrix library inspired by discord.py

gen3 announces

Hello again! Halcyon is a Matrix bot library created with the intention of being easy to install and use. This release brings minor non-breaking features and some bug fixes:

  • Added
    • change_presence() now allows you to set if you are online, idle, or away. Status message support
    • Roadmap and documentation updates
  • Fixed
    • A fix for retrying on 5xx errors
    • A better catch for bad server syncs
    • Windows support, fixing the NotImplementedError reported by @bhuitt (Thanks!)

More info at on the project at https://github.com/WesR/Halcyon . Come by and chat with us over in https://matrix.to/#/#halcyon:blackline.xyz

Dept of Events and Talks 🗣️

Berlin Meetup

ChristianP announces

Heads up for those in Berlin. You're welcome to join us Tuesday, 16th Nov at 7:00 PM chatting about Matrix development and hosting. We're going to meet in person at c-base. In compliance with the hackerspace's house rules this is a strict 2G event.

We'll talk about everyone's Matrix projects, test the P2P demo via Bluetooth in person and plan the presence of Matrix at the rC3 event happening in the c-base shortly before New Years.

If possible, join our #matrix-berlin:matrix.org room.

Dept of Interesting Projects 🛰️

Mish reports

"Sign in with Matrix" is a web component, which developers can use to build a web login using Matrix account

it is similar to those "Sign in with Google" and "Sign in with Facebook" buttons you see on the internet but now it's Matrix!

i invite you to take a look at the repository: https://github.com/mishushakov/signin-with-matrix and experience a demo: https://mishushakov.github.io/signin-with-matrix/

Dept of Ping 🏓

Here we reveal, rank, and applaud the homeservers with the lowest ping, as measured by pingbot, a maubot that you can host on your own server.

#ping:maunium.net

Join #ping:maunium.net to experience the fun live, and to find out how to add YOUR server to the game.

RankHostnameMedian MS
1envs.net612
2matrix.org750.5
3sumnerevans.com774
4maunium.net775
5matrix.markshorten.co.uk792
6aria-net.org1002
7nevarro.space1097
8schoepski.de1226.5
9trygve.me1286
10kif.rocks1748.5

#ping-no-synapse:maunium.net

Join #ping-no-synapse:maunium.net to experience the fun live, and to find out how to add YOUR server to the game.

RankHostnameMedian MS
1jae.su284
2sspaeth.de296
3devnullsystem.org370.5
4grin.hu482
5dendrite.neilalexander.dev974.5
6matrix.awesomesheep48.me1255.5
7dendrite.s3cr3t.me1500
8dendrite.matrix.org8288

That's all I know 🏁

See you next week, and be sure to stop by #twim:matrix.org with your updates!

NextPage 2