Hi all,

Synapse 1.11 landed on Friday (sorry for running late on blogging the release notes!)

The main change is to introduce an experimental API MSC2432 for managing aliases for rooms on your local server. In Synapse 1.10 we removed support for m.room.aliases events, which were a way to try to track which aliases a room had on the room itself (but were vulnerable to abuse). In this release we've re-added the ability to query which aliases a given server has for the room, giving visibility for managing aliases, without having them spray all over the room state itself. Riot/Web 1.5.10 supports the new API, giving a way to manage aliases on your local server while we finish off the remaining work to improve alias safety & maintenance.

We've also changed the default power levels for new rooms so that room upgrades and ACLs require you to be an Admin (PL100), and invites in public rooms now require you to be a moderator (PL50).

Get the new release from github or any of the sources mentioned at https://github.com/matrix-org/synapse/blob/master/INSTALL.md.

Synapse 1.11.0 (2020-02-21)

Improved Documentation

• Small grammatical fixes to the ACME v1 deprecation notice. (#6944)

Synapse 1.11.0rc1 (2020-02-19)

Features

• Admin API to add or modify threepids of user accounts. (#6769)
• Limit the number of events that can be requested by the backfill federation API to 100. (#6864)
• Add ability to run some group APIs on workers. (#6866)
• Reject device display names over 100 characters in length to prevent abuse. (#6882)
• Add ability to route federation user device queries to workers. (#6873)
• The result of a user directory search can now be filtered via the spam checker. (#6888)
• Implement new GET /_matrix/client/unstable/org.matrix.msc2432/rooms/{roomId}/aliases endpoint as per MSC2432. (#6939, #6948, #6949)
• Stop sending m.room.aliases events when adding / removing aliases. Check alt_aliases in the latest m.room.canonical_alias event when deleting an alias. (#6904)
• Change the default power levels of invites, tombstones and server ACLs for new rooms. (#6834)

Bugfixes

• Fixed third party event rules function on_create_room's return value being ignored. (#6781)
• Allow URL-encoded User IDs on /_synapse/admin/v2/users/<user_id>[/admin] endpoints. Thanks to @NHAS for reporting. (#6825)
• Fix Synapse refusing to start if federation_certificate_verification_whitelist option is blank. (#6849)
• Fix errors from logging in the purge jobs related to the message retention policies support. (#6945)
• Return a 404 instead of 200 for querying information of a non-existant user through the admin API. (#6901)

Updates to the Docker image

• The deprecated "generate-config-on-the-fly" mode is no longer supported. (#6918)

Improved Documentation

• Add details of PR merge strategy to contributing docs. (#6846)
• Spell out that the last event sent to a room won't be deleted by a purge. (#6891)
• Update Synapse's documentation to warn about the deprecation of ACME v1. (#6905, #6907, #6909)
• Add documentation for the spam checker. (#6906)
• Fix worker docs to point /publicised_groups API correctly. (#6938)
• Clean up and update docs on setting up federation. (#6940)
• Add a warning about indentation to generated configuration files. (#6920)
• Databases created using the compose file in contrib/docker will now always have correct encoding and locale settings. Contributed by Fridtjof Mund. (#6921)
• Update pip install directions in readme to avoid error when using zsh. (#6855)

Deprecations and Removals

• Remove m.lazy_load_members from unstable_features since lazy loading is in the stable Client-Server API version r0.5.0. (#6877)

Internal Changes

• Add type hints to SyncHandler. (#6821)
• Refactoring work in preparation for changing the event redaction algorithm. (#6823, #6827, #6854, #6856, #6857, #6858)
• Fix stacktraces when using ObservableDeferred and async/await. (#6836)
• Port much of synapse.handlers.federation to async/await. (#6837, #6840)
• Populate rooms.room_version database column at startup, rather than in a background update. (#6847)
• Reduce amount we log at INFO level. (#6833, #6862)
• Remove unused get_room_stats_state method. (#6869)
• Add typing to synapse.federation.sender and port to async/await. (#6871)
• Refactor _EventInternalMetadata object to improve type safety. (#6872)
• Add an additional entry to the SyTest blacklist for worker mode. (#6883)
• Fix the use of sed in the linting scripts when using BSD sed. (#6887)
• Add type hints to the spam checker module. (#6915)
• Convert the directory handler tests to use HomeserverTestCase. (#6919)
• Increase DB/CPU perf of _is_server_still_joined check. (#6936)
• Tiny optimisation for incoming HTTP request dispatch. (#6950)

Dept of Status of Matrix 🌡

Google Summer of Code 2020

Wise Google have again selected Matrix as a GSOC Mentor Organisation. Matrix has been successful with GSOC for several years now, so please think about what you'd like to work on, get involved with suggested projects, and join #gsoc:matrix.org for more insights.

If you have a Matrix project of your own, and think that you would benefit from mentoring a GSOC student, then let me know. We are very happy to have Matrix-related students working on your project under the Matrix umbrella. (Just like we did with kitsune last year.)

Dept of Events and Talks 🗣

It's happening Next Week!!

Are you interested in a real-life, real-time Matrix-related meetup? Can you make it to London? Join us on the 26th February at Second Home in Spitalfields! Check out the agenda and register at https://www.eventbrite.com/e/matrix-london-meetup-26th-february-2020-tickets-93320354693.

Matrix Live 🎙

Spec

anoa offered:

Here's your weekly spec update!

MSC Status

Merged MSCs:

• No MSCs have been merged this week.

MSCs in Final Comment Period:

• No FCPs have entered Final Comment Period this week.

New MSCs:

• MSC2438: Local and Federated User Erasure Requests
• MSC2437: Store tagged events in Room Account Data

The section where I talk about mscbot

Hey look, I finished.

Spec Core Team

Next week the Spec Core Team is focusing on MSC implementation.

Dept of Servers 🏢

Synapse

Neil announced:

This week we’ve been working on managing alias abuse, and also improved performance for state res v2. The perf work massively improved average send times on matrix.org. Here’s the heat map.

More excitingly we’re working on sharding out the master process in Synapse, so that worker based installations can scale more efficiently.

Next week it’s all about more alias abuse mitigations, fixing some SSO/User Interactive Auth bugs and continuing with our performance work.

Synapse Deployment

Mathijs reported:

The image for synapse 1.11.0 is now available as avhost/docker-matrix:v1.11.0 and mvgorcum/docker-matrix:v1.11.0. As always these images use jemalloc, and mjolnir anti-spam got added to the images.

Ananace told us:

Just pushed the K8s-optimized Synapse images for 1.10.1

and:

Just pushed version 1.11.0 of the K8s-optimized Synapse images, find them on dockerhub as ananace/matrix-synapse

Dept of Bridges 🌉

matrix-github

Half-Shot offered:

Hola. I wrote the matrix-github bridge a while back to support bridging issues and pullrequests into Matrix as rooms, so that the history of an issue can be tracked within a room, and users can comment on them within Matrix. As of today, you can now bridge in your own notifications into Matrix. It's early days, but is actually proving to be useful.

matrix-appservice-slack 1.1.0

Half-Shot offered:

More news! This week matrix-appservice-slack has reached 1.1.0-rc1 and included is a whole bunch of puppeting and membership sync features. The headline features are:

• Add ability to sync Slack channels and users automatically to Matrix
• Sync Slack membership changes to Matrix
• Add whoami user command.
• Create private rooms on demand if they do not exist

...and then...

has reached 1.1.0. Nothing has changed. It's just not called 1.1.0-rc1 anymore.

matrix-xmpp-filter

mijutu offered:

matrix-xmpp-filter can now handle multiple XMPP clients per process and multiple Matrix accounts per XMPP client. It's like matrix-ircd, but with XMPP instead of IRC. Made with libQuotient and libqxmpp. Available at https://k2c42.dy.fi/matrix-xmpp-filter.git Feedback to #matrix-xmpp-filter:ellipsis.fi

mx-puppet-bridge

sorunome said:

mx-puppet-bridge now automatically stops typing indicators for a specific ghost if the remote protocol sends out a message as it.

matrix-discord-parser

sorunome offered:

matrix-discord-parser now utilizes https://mau.lu/ to neatly bridge inline matrix images / custom matrix emojis over to discord! mx-puppet-discord already includes the new version.

Dept of Clients 📱

gomuks: SSO and more

tulir (Mozilla) offered:

gomuks now does single sign-on, which means you can log into mozilla matrix accounts with it.

Check the docs for information on how to add SSO to your Matrix client.

Later:

In addition to the SSO support mentioned earlier, gomuks now has initial support for rendering reactions and full support for edits (both sending and rendering). Some bugs have also been added and/or fixed.

Radical

stoic offered:

Formerly known as Riot WebExtension.

• Released version 1.5.10 on AMO, which bundles Riot Web v1.5.10
• Support for Radical Native, which allows searching in encrypted rooms
• Renamed to Radical

anoa asked:

I'm curious how you got seshat working in a browser, considering wasm doesn't have support for multi-threading?

stoic responded:

it's not actually running in the browser, it uses native messaging to spawn a local rust binary and talk to it over stdio poljar did a great job with seshat, so it wasn't much left for me to do 👌

Radical Native

stoic announced:

Formerly known as Riot Booster Pack.

• Support for traditional Riot Web over HTTP landed in v0.1beta7, so you can use Radical Native with every Riot instance on the web. We're still in early beta, so no official Firefox AMO install available yet, if you want to give it a try you can follow these install instructions

Riot Web themes repository

Aaron reported:

I made a place where you can post Riot Web themes https://github.com/aaronraimist/riot-web-themes

See also: Riot theming docs

RiotX

benoit told us:

RiotX: this has been a good week on RiotX. We are making progress on cross-signing and SSSS implementation. We are fixing many small annoying issues and also starting to implement little missing features to improve users' life! The big next coming feature is improvement of attachment and share to RiotX flow, already merged in the develop branch, so available in the next release.

Regarding "SSSS", uhoreg helpfully links us to https://github.com/matrix-org/matrix-doc/pull/1946, and also added:

(I usually expand SSSS to "Secure Storage Something Something")

Dept of SDKs and Frameworks 🧰

Matrix Dart SDK (Pattle)

MatMaul told us:

This week a pull request has been pushed to integrate directly the SQL persistence backend inside the SDK, using Moor instead of sqflite. The code is smaller and a lot more readable, and it opens some nice perspectives: Moor has a web backend using sql.js, and now uses FFI by default instead of iOS/Android bindings, which should be faster (untested). https://git.pattle.im/MatMaul/matrix-dart-sdk/tree/moor

Riot iOS

steve announced:

This week is still about cross-signing. We added support of self key verification by to_device and we are currently implementing verification by QR code at SDK level.

simplematrixlib updated

swedneck offered:

I just updated my python library, simplematrixlib, as well as py-matrix-utils, adding the ability to upload files.

ruma

jplatte offered:

Another set of new crates have been released:

• ruma-events 0.16.0, with a few minor improvements
• ruma-api 0.14.0 (and ruma-api-macros 0.11.0) has been released, fixing a bug where it would fail to deserialize most matrix requests if used server-side (bug found by timokoesters while experimenting with a new Rust homeserver implementation)

ruma-client-api is also continually being worked on to bring us up to date with r0.6.0 (thanks iinuwa!), but no new release was made this week.

Dept of Bots 🤖

auto-invite-matrix-bot

MTRNord offered:

I made a small utility Bot which allows you to redirect people that send messages to one of your "wrong" accounts to your "real" account.

https://github.com/MTRNord/auto-invite-matrix-bot

It currently does join on invite, invites your "real" account and sends a customizable message.

It does also support listening to multiple accounts or Homeservers.

Dad Bot, the saga

If you were in #twim:matrix.org this week you may have seen that the most popular bot was "Dad Bot"...

Dylan reported:

I made Dad Bot for Matrix which mocks users who use "i'm" or "im" in their sentences.

• GitHub: https://github.com/dhghf/dad-bot-matrix
• Current instance: @dadbot:m.dhdf.dev

...and then...

Quick update about Dad Bot:

• I added edits
• Dad Bot now sends m.notice instead of m.text and doesn't respond to other m.notices

Thanks Dandellion, and KB1RD

...but suddenly...

DadBot 2.0.0 is already here! With the quick feedback given by the community I added all the features

• Dad Bot will now edit the response message if the original message was edited
• Dad Bot won't respond to other Dad Bots (lol)
• Dad Bot won't respond to old messages on the first time syncing

What's in the works:

• Responding with images in the message
• Jokes! (because it's not a full dad bot without jokes)

...and finally...

I opened a room for discussions about dad bot if you want to send feedback there. #dadbot:m.dhdf.dev

lightweight reminder bot

stefan said:

I got my first silly matrix bot running last evening. It is a lightweight reminder bot. The source is over there: https://git.sr.ht/~rumpelsepp/remindbot

Dept of Ping 🏓

Here we reveal, rank, and applaud the homeservers with the lowest ping, as measured by pingbot, a maubot that you can host on your own server. Join #ping:maunium.net to experience the fun live, and to find out how to add YOUR server to the game.

That's all I know 🏁

See you next week, and be sure to stop by #twim:matrix.org with your updates!

Matrix Live 🎙

Matrix Live now available as an audio podcast

You will know Matrix Live as a weekly video produced by the Matrix team and shared on YouTube. We are now offering the same content as an audio-only podcast, as a way of reaching more people. You can find the podcast:

• On Apple Podcasts
• On Spotify
• On Pocket Casts
• or by hitting the RSS feed directly

Dept of Events and Talks 🗣

Are you interested in a real-life, real-time Matrix-related meetup? Can you make it to London? Join us on the 26th February at Second Home in Spitalfields! More details to follow, for now please register your interest at https://www.eventbrite.com/e/matrix-london-meetup-26th-february-2020-tickets-93320354693.

Dept of Spec 📜

Here's your weekly spec update from anoa!

MSC Status

Merged MSCs:

• No MSCs have been merged this week.

MSCs in Final Comment Period:

No FCPs have entered Final Comment Period this week.

New MSCs:

• MSC2432: Updated semantics for publishing room aliases

Random happenings

I (anoa) am still working on the re-write of mscbot. Only needs a few more touches (concern parsing [in comment threads!] and review commands) before it's ready for use.

Spec Core Team

Next week the Spec Core Team is focusing on MSC implementation.

Dept of Servers 🏢

Dendrite

Neil Alexander told us:

• A big chunk of early SQLite work has been merged into master this week, providing support in the client API, room server, sync API, account/device/key databases, federation APIs, appservice API, public room APIs and media API. Much of this is experimental at this stage.
• Some missing device management features have been merged (#835)
• Configuration is now passed by reference rather than by copy (#819)
• A number of defer-closes have been added to SQL queries (#844)
• Some gomatrixserverlib types have been updated (#808)
• Some initial work on retrying failed federation requests has been done, although not merged yet
• Made it through quite a few PR reviews finally, and will be continuing to do so!

Synapse

Neil told us:

In Synapse land this week we shipped 1.10.0. Which contains a temporary hack to mitigate room alias abuse and an important bug fix for anyone trialling cross signing.

Aside from that we’re working on fixing alias abuse properly. Improving User Interactive Auth for SSO customers and rolled out our new py3 compatible sydent version.

Coming up, more e2ee UX bug fixing, and we’ll start hacking on sharding out event persistence on Synapse’s master process, which basically accounts for 40% of the CPU. The idea is to scale this function horizontally such that Matrix.org is no longer CPU bound after which point much rejoicing can occur.

Synapse Deployment

Ananace announced:

Just pushed the 1.10.0 K8s-optimized images for Synapse, this release contains the necessary scripts to also run signing key generation and upload as a step towards one-click install support for Synapse without any requirements on storage classes.

Mathijs told us:

The docker image for synapse v1.10.0 is now on mvgorcum/docker-matrix:v1.10.0 the avhost/docker-matrix:v1.10.0 will follow shortly.

Dept of Bridges 🌉

matrix-appservce-irc

Half-Shot told us:

Hey! This week we have a minor release for the IRC bridge, 0.15.2. It contains a few fixes that have been plaguing the matrix.org instances, and will hopefully smooth out some of the reconnection troubles.

Notes from the changelog:

• The bridge will now notify you if a DM recipient is offline. (#978)
• Fix "User did not rejoin" error when bridge debounces QUITs (#977)
• Fix an issue where users were not rejoined to channels on netsplit/password change. (#979)

🌈 matrix-bifrost

Half-Shot told us:

Fresh off the heels of FOSDEM, we've been working on making Bifrost a smoother experience for our XMPP friends.

This week we released 0.1.5-0.1.8 which

contains quite the bundle of features and fixes. The bridge is now running on matrix.org, if you didn't hear the

news so give it a spin by following the instructions on the wiki

Matrix EmailBridge

Jojii reported:

Iam happy to announce some of the new features the Matrix-EmailBridge got recently. It's been some time since the last update came out because I had some other projects to do first.

• A Docker image is available for the bridge which gets updated instantly.
• Blocklist of email addresses (prevent displaying emails from certain email addresses)
• Bugfixes

Dept of Clients 📱

RiotX news

benoit said:

A new Android developer joined the RiotX team! Onuray has started working on Monday on issues and features to get used to the codebase and the process in place.
We are currently preparing a release (v0.16.0) which contains a first implementation of poll (here is a demo), and some bugfixes.
We are still working on stabilizing the cross-signing feature, and optimizing the overall performance and stability of the application.

Read more: https://github.com/matrix-org/matrix-doc/blob/travis/msc/inline-widgets/proposals/2192-inline-widgets.md

seshat+riot-powered WebExtension

If you're looking forward to using seshat to index and search your encrypted message history, you may be interested in this work from stoic. The working title is "Riot Booster Pack" - but we're looking out for a better name!

stoic said:

Searching in encrypted rooms in the browser would be nice? I agree, so that's something I'm working on (powered by seshat). If you want to give it an early experimental spin, beware of the dragons and follow these secret steps (Riot Firefox Add-on + Linux & MacOS only, for now):

1. Install the latest Riot Add-on Prerelease for Firefox (and don't mind the huge red warning page from Riot, skipping that is fine, it'll be gone in the next release)
2. Adjust the Riot config.json in the Add-on preferences to include the feature_event_indexing labs feature
3. Follow the instructions to install the Riot Booster Pack
4. Report bugs 🐛

Riot iOS

Manu offered:

We have been spending most of our time on cross-signing to manage the m.verification.ready event and the verification by QR code. In parallel, we have fixed some issues and merged some PRs from the community.

Riot Web

Ryan said:

• v1.5.9-rc.1 is now available at https://riot.im/staging. This includes some security improvements (adding a CSP) for self-hosted installs, options to hide typing notifications, a redesigned invite experience, as well as various bug fixes.
• The team's main focus continues to be getting cross-signing ready for release, including polishing the verification experience, building Riot with Seshat for desktop platforms, and improving QR codes

new docker container for riot-desktop

Mathijs told us:

Cadair and me (the Matrix Doctors) have been working to make it easy to build the development version of riot-desktop. This resulted in a docker container and an azure pipeline. The latter also builds riot-desktop versions with seshat included for both linux and macOS though currently this requires manually installing sqlcipher (use brew on macOS).

Nheko

Nico announced:

• sorairolake contributed a complete japanese translation! (#116)
• adasauce fixed an issue, where the image overlay opened always on your primary screen instead of your current screen (#114)
• Multiple people have been trying out nheko on their PinePhone or Librem 5. There were some successes, but part of the UI was never intended for that size and there is a nasty crash in the recent nightly, probably related to the networking code/library. We've been working on fixing those issues.
• There are now nightly flatpak bundles. Stable releases will still be on Flathub, but if you want to try out the development builds, you can download and install those bundles manually.

Dept of SDKs and Frameworks 🧰

Famedly Dart SDK E2E Preview

Krille reported:

I'm going to finish the implementation of end to end encryption in our new Famedly Dart SDK. Here is a little preview:

Check it out: https://gitlab.com/famedly/famedlysdk/

matrix-bot-sdk v0.5.0 released!

TravisR announced:

matrix-bot-sdk has just released v0.5.0 which includes some new helper functions, async storage providers, and a new SynchronousMatrixClient for when you really need things to happen in a specific order. Check out the diff here: https://github.com/turt2live/matrix-js-bot-sdk/compare/v0.4.1...v0.5.0

ruma

jplatte offered:

• We released ruma-client-api 0.6.0, with lots of updated API revisions (and also lots of breaking changes). The changelog can be found here
• ruma-client 0.3.0 is out of beta! This release contains
  • access to the raw http response for non-success responses
  • async/await support 🎉

Ruby SDK

Ananace told us:

Just pushed version 2.0(.0) of the Ruby SDK, coming with a few backwards-incompatible changes as well as a whole bunch more endpoints exposed as methods on the low-level API client. Docs have been improved tremendously, some internal methods have been properly exposed to make it easier to use in a bot context, and another example's now provided which shows a different way to use the higher-level Client abstraction.

Dept of Ops 🛠

matrix ansible modules

JCG said:

After entirely too much time, I finally present my 5 new and improved matrix ansible modules.

• matrix-notification: This is a port of my upstream matrix module over to matrix-nio and async/await syntax
• matrix-login: New module to log in and create an access token
• matrix-logout: New module to log out and invalidate an access token
• matrix-room: New module to idempotently join or create a room based on an alias
• matrix-state: New module to idempotently set state in a room

The work on this also included sending a few patches upstream to matrix-nio, so if you want to use the last two modules, you will need to install nio from source from my PR there.

Get the modules now from https://gitlab.com/famedly/ansible/modules/matrix!

Dept of Bots 🤖

twim-o-matic ranks by score

This one is a little meta: I've made some improvements to twim-o-matic, the tooling I use to generate TWIM. One of the improvements is that the bot will now sort the output per-section, in decending order of how many reactions the entry recieved when posted in #twim:matrix.org. So, if you see something you think should be at the top, made sure to react to it!

Even as I'm typing right now I can't think this will lead to any unforeseen consequences at all.

httpdog

Aaron said:

I coded up this real complicated bot... very different from the cat one. HTTP dogs!

(actually just changed two lines in a config file 🐶)

@httpdog:raim.ist replied:

Matrix in the News 📰

German Blog comparing Matrix to WhatsApp

Oleg offered:

German Blog basicthinking.de posted the article, which compares Riot to WhatsApp completely missing the point of the [matrix] network.

• https://www.basicthinking.de/blog/2020/02/12/whatsapp-alternativen-riot/ I couldn't resist to comment on it describing the unbeatable features of [matrix] like bridges and multiple clients. (Let's see if my comment will be posted. 😉)

Spoiler: it was.

Dept of Ping 🏓

Here we reveal, rank, and applaud the homeservers with the lowest ping, as measured by pingbot, a maubot that you can host on your own server. Join #ping:maunium.net to experience the fun live, and to find out how to add YOUR server to the game.

That's all I know 🏁

See you next week, and be sure to stop by #twim:matrix.org with your updates!

The whole Matrix project is racing towards enabling e2ee by default. Synapse is no different and v1.10.0 contains multiple e2ee UX improvements, as well as a bug fix that prevented cross signing requests over federation to work reliably.

If any of your users are on the bleeding edge and have already started using cross signing (by enabling labs flags in Riot), then it will be necessary for them to force Synapse to re-send device updates by renaming all of their devices.

We've also included a temporary fix to address alias abuse. The idea is that until #6898 lands, servers will refrain from sharing events of type m.room.aliases with clients. Most admins will not be affected, but if you are present in rooms subject to alias abuse, then upgrading provides a pragmatic short term solution.

Finally, as of this release Synapse validates client_secret parameters in the Client-Server API as per the spec. See #6766 for details.

Get the new release from github or any of the sources mentioned at https://github.com/matrix-org/synapse/blob/master/INSTALL.md.

Changelog since Synapse 1.9.0

Synapse 1.10.0 (2020-02-12)

WARNING to client developers: As of this release Synapse validates client_secret parameters in the Client-Server API as per the spec. See #6766 for details.

Updates to the Docker image

• Update the docker images to Alpine Linux 3.11. (#6897)

Synapse 1.10.0rc5 (2020-02-11)

Bugfixes

• Fix the filtering introduced in 1.10.0rc3 to also apply to the state blocks returned by /sync. (#6884)

Synapse 1.10.0rc4 (2020-02-11)

This release candidate was built incorrectly and is superceded by 1.10.0rc5.

Synapse 1.10.0rc3 (2020-02-10)

Features

• Filter out m.room.aliases from the CS API to mitigate abuse while a better solution is specced. (#6878)

Internal Changes

• Fix continuous integration failures with old versions of pip, which were introduced by a release of the zipp library. (#6880)

Synapse 1.10.0rc2 (2020-02-06)

Bugfixes

• Fix an issue with cross-signing where device signatures were not sent to remote servers. (#6844)
• Fix to the unknown remote device detection which was introduced in 1.10.rc1. (#6848)

Internal Changes

• Detect unexpected sender keys on remote encrypted events and resync device lists. (#6850)

Synapse 1.10.0rc1 (2020-01-31)

Features

• Add experimental support for updated authorization rules for aliases events, from MSC2260. (#6787, #6790, #6794)

Bugfixes

• Warn if postgres database has a non-C locale, as that can cause issues when upgrading locales (e.g. due to upgrading OS). (#6734)
• Minor fixes to PUT /_synapse/admin/v2/users admin api. (#6761)
• Validate client_secret parameter using the regex provided by the Client-Server API, temporarily allowing : characters for older clients. The : character will be removed in a future release. (#6767)
• Fix persisting redaction events that have been redacted (or otherwise don't have a redacts key). (#6771)
• Fix outbound federation request metrics. (#6795)
• Fix bug where querying a remote user's device keys that weren't cached resulted in only returning a single device. (#6796)
• Fix race in federation sender worker that delayed sending of device updates. (#6799, #6800)
• Fix bug where Synapse didn't invalidate cache of remote users' devices when Synapse left a room. (#6801)
• Fix waking up other workers when remote server is detected to have come back online. (#6811)

Improved Documentation

• Clarify documentation related to user_dir and federation_reader workers. (#6775)

Internal Changes

• Record room versions in the rooms table. (#6729, #6788, #6810)
• Propagate cache invalidates from workers to other workers. (#6748)
• Remove some unnecessary admin handler abstraction methods. (#6751)
• Add some debugging for media storage providers. (#6757)
• Detect unknown remote devices and mark cache as stale. (#6776, #6819)
• Attempt to resync remote users' devices when detected as stale. (#6786)
• Delete current state from the database when server leaves a room. (#6792)
• When a client asks for a remote user's device keys check if the local cache for that user has been marked as potentially stale. (#6797)
• Add background update to clean out left rooms from current state. (#6802, #6816)
• Refactoring work in preparation for changing the event redaction algorithm. (#6803, #6805, #6806, #6807, #6820)

Matrix Live 🎙

Every month (in theory), we do an in-office wrap-up of some interesting project work from the team. This Matrix Live was recorded this afternoon in the Matrix Office, and features Valere explaining Cross-Signing, and Matthew demonstrating P2P/dendrite. (Apologies for the incorrect recorded screen at times! Video came straight from a live demo!)

Dept of Spec 📜

Here's your weekly spec update!

MSC Status

Merged MSCs:

No MSCs were merged this week.

MSCs in Final Comment Period:

No MSCs entered FCP this week.

New MSCs:

No new MSCs have been created.

Random happenings

I (anoa) have been re-writing mscbot as it hasn't gotten much development love in the past year and there's lots of features we'd like to implement. Expect to see some of that next week. First feature the new implementation has is being able to track who is in the Spec Core Team via github teams instead of a config file.

Spec Core Team update

The Spec Core Team is working on MSC2260, MSC2261, and a QR-via-SAS thing which uhoreg is currently working on (this means less complicated, easier-to-scan QR codes for verification, which may have the side effect of FOSDEM demos being slightly less hilarious).

Dept of Events and Talks 🗣

FOSDEM 2020

FOSDEM happened, Matrix had a great time! Was awesome to see so many people at the stand, and the talks, and even at our social on Saturday night.
Congratulations to everyone who was able to buy a limited edition Matrix FOSDEM 2020 t-shirt! Check out our round-up here.

@florian:dsn.tm.kit.edu said:

Reporting from FOSDEM: Currently sitting in the Fixing healthcare data exchange with decentralized FOSS: Building a decentralized Infrastructure to fix medical data exchange in The Netherlands talk, and was pleasantly surprised to learn that they also want to integrate Matrix for decentralized messaging between healthcare providers themselves and patients.

Mathijs announced:

last week was FOSDEM and it was great!

Yes we covered that.

Matrix Meetup: London, 26th February 2020

Are you interested in a real-life, real-time Matrix-related meetup? Can you make it to London? Join us on the 26th February at Second Home in Spitalfields! More details to follow, for now please register your interest at https://www.eventbrite.com/e/matrix-london-meetup-26th-february-2020-tickets-93320354693.

Dept of Services 🚀

ungleich.ch offering paid Matrix hosting

@nico:ungleich.ch told us:

I was just pointed to here by evilham because of https://twitter.com/ungleich/status/1224375895995113474 - maybe it's of interest for anyone

This is quite exciting - a new provider is offering Hosted Matrix solutions, based in Switzerland. Go check out their offering: https://ungleich.ch/u/products/hosted-matrix-chat/.

Dept of Servers 🏢

Dendrite

Neil Alexander reported:

Quite a lot has been happening in the Dendrite space, both in terms of general development, usability improvements and also further P2P experimentation post-FOSDEM. The main highlights are:

• We have decided to require Go 1.13 for Dendrite going forward (our CI and tools have been updated to reflect this requrement)
• Some federation testing has taken place between Dendrite and Synapse and it's looking reasonably good bar a few bugs
• Initial support for distinguishing room versions has been added - this is the foundation work for being able to implement state resolution v2 and later room versions soon
• The /capabilities endpoint has been implemented and now contains information about m.room_versions
• Account data GET endpoints have been implemented
• Guest registration should now be working - thanks to prateek2211 for the contribution!
• The public rooms API is now wired up for roomserver events and (mostly) works for local rooms
• Some more /sync fixes are in now
• SQLite work is continuing thanks to Kegan's on-going efforts

We've also been really encouraged by the number of people at FOSDEM who came to speak to us about Dendrite and P2P. We're hoping to strategise further about the P2P work further in the coming weeks once Dendrite is in better shape, so watch this space!

Synapse

This week we’ve been working on alias auth rules, acme v2 support and moving groups apis onto a worker to aid performance. Sorry matrix.org has been a bit slow these past few days, we’re working on it and shipped some fixes earlier today.

Coming up are more perf improvements, more alias rules, getting sydent running in production on python 3. We’ll also ship v1.10.0 which contains some cross signing bug fixes.

Docker-matrix

Mathijs told us:

A docker image for synapse 1.10.0rc2 is available on mvgorcum/docker-matrix:v1.10.0rc2

Dept of Bridges 🌉

matrix-appservice-irc 1.15.0

Half-Shot announced:

Good people, 0.15.0 is out!. Please go ahead and read the changes and see if there is something you like :). We will be shipping this out to all the other bridges in due course :)

mautrix-telegram

Tulir said:

I released v0.7.1 that includes some minor bugfixes, then added a !tg backfill command to backfill all history since the last bridged message. Future improvements may include more control over how many messages to backfill, automatically backfilling for new portals and freezing incoming message handling when a backfill is in progress.

Dept of SDKs and Frameworks 🧰

maubot

There's a new maubot plugin to post http.cat pictures to a room. It's installed into Cat Disruptor 6000 and can of course be self-hosted too. It has one command: !http \<status\>, that gets https://http.cat/<status>.jpg and posts it to the room.

mautrix-manager

Some time ago I also made this thing: https://github.com/tulir/mautrix-manager. It might theoretically do something useful in the future, such as allowing users to log into bridges from a single website instead of by talking to many bots. Currently it only does telegram and maybe facebook, but at least it has a fancy login UI. It could also support being embedded into Riot as a widget and/or integration manager at some point, since I made the auth thing with Matrix's OpenID feature and MSC1961.

Quotient project revived

kitsune told us:

The Quotient project is back from hibernation now that its lead developer settled in another half of the globe; commits and PRs start moving around again. Thanks to all those patiently waiting!

Dept of Clients 📱

Nheko

Nico said:

• You can now select more emojis in the emoji picker. (your font may not support them yet)
• The timeline should scroll a lot faster and room switching should be a lot faster.
• Fixed some alignment and sharpness issues in the logo
• You can now mute rooms (or set them to mentions only)!
• Some fixes around all kind of weird html escaping in usernames and messages.
• Move the reply popup into the timeline to fix some alignment issues and improve the look and feel.
• Fix an issue, where on windows the maximum database size was set to only a few bytes because of integer overflow.
• Fix a regression when importing key backups from Riot.
• Nheko now only sends the file name of a file as its name instead of the full path, fixing a privacy leak.

Riot WebExtension 🧩

stoic reported:

Version 1.5.8.5 is out

• SSO Login is now supported (so mozilla.modular.im logins work 🎉)
• Updated Riot Web to stable version 1.5.8
• Firefox-only:
  • Now correctly reopens riot tabs that were in containers when the Add-on updates
  • General tips on how to use containers to have multiple accounts can be found on the AMO description
• Get the Firefox Add-on here
• Get the Chrome Extension here

Riot iOS

Manu reported:

This week, we polished the E2E by default and cross-signing features we have implemented so far.

Riot Web

Ryan offered:

• Continuing focus on cross-signing post-FOSDEM to get everything ready for release
• QR codes and key sharing improvements planned for delivery in the near future
• Improved Seshat integration in Riot Desktop with more status info

Riot-Android

benoit reported:

Riot-Android (yes, the legacy app!): We have fixed the issue with SSO login with Firefox accounts, and issue with Video Call. Expect a release at the beginning of next week.

RiotX

benoit announced:

RiotX: we are still stabilizing the cross-signing implementation. Many other fixes are coming. Also SSO issue with Firefox accounts has been fixed, and we will also release a new version of the application next week.

matrix-presents

...is a matrix presentation client. The room of interest is #presents:half-shot.uk

It's also had a fair few changes since last time:

• QR codes now render if you are the presenter, for easy joining.
• You can react to slides as a guest, and they show up on the presenters screen :).
• Slides and their contents are cached in indexedeb (browser storage), to lessen the load on homeservers.
• Add UI to create rooms in the client, albeit without an editor just yet.
• Various CSS tweaks to try and make life better.

Dept of Ping 🏓

Here we reveal, rank, and applaud the homeservers with the lowest ping, as measured by pingbot, a maubot that you can host on your own server. Join #ping:maunium.net to experience the fun live, and to find out how to add YOUR server to the game.

That's all I know 🏁

See you next week, and be sure to stop by #twim:matrix.org with your updates!

Hi all,

We're just back from an incredible time at FOSDEM 2020 - Europe's biggest Free & Open Source Software conference. Huge huge thanks to everyone who came to our talks (sorry if you couldn't get in :/), came to talk to us at the stand, or flagged us down to give feedback, chase PRs, file bugs, or just say thanks. Thanks also to FOSDEM to accepting all of our talks this year, and to the FOSDEM organisers for pulling together yet another amazing event :)

We ended up with three talks:

• Making and Breaking Matrix's E2E Encryption
• The Path to Peer-to-Peer Matrix
• Crossing the Bifröst - Bridging All The Things with Matrix

We'll do a proper blog write-up on enabling E2E encryption by default, cross-signing, and all the other E2E encryption work that's been going on once we ship the stable release - but as of Saturday(!) it has landed on Riot/Web Develop, RiotX/Android (0.14.2) and Riot/iOS develop TestFlight, but we're still debugging and we need a bit longer before cutting the final releases.

So, until then, please take a look at the videos if you missed the livestream or weren't at the event!

The FOSDEM video recording lost the slides for the bridging talk - but luckily the presentation itself is a Matrix client and so you can view the slides yourself right here!.

Here's to FOSDEM 2021!