This Week in Matrix 2020-07-10

2020-07-10 — This Week in Matrix — Ben Parsons

Matrix Live 🎙

This week it's Open Tech Will Save Us!

Dept of Spec 📜

anoa reported:

Here's your weekly spec update! The heart of Matrix is the specification - and this is modified by Matrix Spec Change (MSC) proposals. Learn more about how the process works at https://matrix.org/docs/spec/proposals.

MSC Status

Merged MSCs:

  • No MSCs were merged this week.

MSCs in Final Comment Period:

New MSCs:

Note that a majority of those new MSCs are split out from MSC1849 (the aggregations MSC) to make it easier to review 🙂

Spec Core Team

In terms of Spec Core Team MSC focus for this week, we're sticking to implementation work. anoa did have some time this week to make the graphs more useful though:

2020-07-10-FFL8i-image.png

Check out that graph!

Dept of GSoC 🎓️

HTML embeddable client GSoC project

arnav-t told us:

This week for my HTML embeddable client GSoC project:

  • Added full markdown support and made replying and quoting fully functional

  • Added a lot more configuration options to the client, including a read-only mode

  • Fixed some bugs

go-neb

nikofil said:

  • work is still being done on the bot's functionality to test different crypto functionalities of other Matrix clients when thrown in a room with them

  • slight improvements to mautrix-go (sql store can now store multiple Olm accounts and their sessions, key rotation params taken from encryption event, other minor things)

  • add some simple instructions to the readme for enabling e2ee for neb as well as integrate these mautrix changes (PR #330)

  • room_key_requests will probably be the next thing to be developed for mautrix-go

Nheko (GSoC)

Nheko is a desktop client using Qt, Boost.Asio and C++17. It supports E2EE (with the notable exception being device verification for now) and intends to be full featured and nice to look at

Chethan said:

  • Added user cache which stores the encrypted user keys and updates them on sync

  • Added Verification Cache which stores verified devices of a user

  • Showing Verification Status of a device on Userprofile

Dept of P2P 👥

Riot iOS P2P Demo

Neil Alexander announced:

Over the last couple of weeks I have been working on the next P2P demo, using Yggdrasil as the transport instead of libp2p. Although libp2p is arguably more featureful in many ways, Yggdrasil does have one major benefit in that it provides full overlay routing. Participants in the network can carry traffic on behalf of other participants, resulting in something much closer to a true mesh network.

The mad science doesn't end there however. I've also built a custom Riot iOS build that includes the full Dendrite P2P demo (yes, that's a homeserver running locally on your phone). If you have an iPhone or iPad, it's available in public TestFlight right now and you can play with it!

The demo still is very experimental and has a number of bugs still (including but not limited to messages occasionally taking a while to deliver, the app crashing when going into the background sometimes etc.) but we'll be improving it further in the coming weeks and it's quite fun to play with, particularly if you can do so with other people nearby.

Thanks to the same technology that powers AirDrop, the demo will automatically find and connect to other nearby devices running the demo and build up a network automatically - even if you are not on the same Wi-Fi network (or indeed connected to Wi-Fi at all)! If you don't have any other nearby peers to test with then fear not - you can still configure a public static peer in the app settings and join the wider network that way.

With any luck the room directory will even work too, showing published rooms from other nearby devices. If not, try joining #beachparty:b5ae50589e50991dd9dd7d59c5c5f7a4521e8da5b603b7f57076272abc58b374 from within the app.

Questions, comments or feedback? Join us in #p2p:matrix.org!

Dept of Servers 🏢

A new way to test homeservers - Complement

kegan reported:

Many of you know that I work on a Go homeserver called Dendrite, and so I've had to get familiar with SyTest: a black-box homeserver integration testing project. Unfortunately SyTest has a number of problems: from the dialect of perl, lack of documentation for federation bits, the inability to run a single test, and so on. Having a solid black-box integration testing project is crucial for the ecosystem to ensure spec compliance (and hence compatibility between server implementations) and for making all servers more stable and reliable.

As a side project I've been working on a modern Go rewrite called Complement which is now ready for a bit more exposure. It currently only has a handful of SyTests converted but I hope to rapidly expand the number in the coming weeks. Complement makes heavy use of Docker to agnostically run homeservers, and already includes a Dockerfile for configuring a Dendrite instance. To try it out, clone the repo and run:

(cd dockerfiles && docker build -t complement-dendrite -f Dendrite.Dockerfile .)

COMPLEMENT_BASE_IMAGE=complement-dendrite:latest go test -v ./tests

If you're interested in learning more and maybe adding some tests check out ONBOARDING.md.

My overall hope is that Complement will lower the barrier to entry when adding tests by so much that it encourages any bugfix/feature in any homeserver implementation to result in a new test. This will benefit everyone and create a feedback loop which will make Matrix even more reliable.

Asked about Sytest and SyTS, Kegan added:

Complement currently implements the same tests as sytest, so tests which pass sytest will pass complement (though that will diverge as complement will guard against more race conditions by default). There's about 9 different kinds of tests currently testing CS-API and Federation (outbound to a dummy server and inbound via a federation client)

The problem with SyTS was that the test tooling around it ultimately wasn't expressive enough. I was using Jest and kept finding myself fighting it by bumping up against issues like https://github.com/facebook/jest/pull/8751 and the multi-process parallelisation stuff was too opaque. The assertion helper functions also lacked context because they rely on behavioural testing names like describe("foo") { it("should say bar") { ... } etc so when your assertion fails (eg wrong value for a JSON key using assert equals) it just says unhelpfully "foo != bar" where what I really want is to know what it actually does say then, and other contextual info around the object (maybe the key name was typod). When I realised that the assertion lib didn't have this and I'd need to add it, coupled with parallelisation concerns and head-desking against Jest, I found myself wishing I just used something else. I stuck with it though and then realised that all the federation stuff (signature checking, canonical JSON, etc) would need to re-implemented when I knew I had working code in Go. Both of these things combined and I thought "you know what, I'm just going to do this in Go" but you'll note that the architecture is identical, so SyTS lives on as an early prototype for Complement ;)

Find out more in the room: #complement:matrix.org.

Dendrite / gomatrixserverlib

Dendrite is a next-generation homeserver written in Go

Neil Alexander told us:

While I've been busy distracted with the P2P demo, Kegan has been on a mission to implement some new features. Changes this week include:

  • Redaction is now mostly implemented

  • User-interactive authentication is now implemented

  • Device lists in the client API are now implemented

  • Media APIs are now available on both /r0 and /v1 endpoints which makes Riot iOS a bit happier

  • Some federation sender bugs have been fixed

  • Some database locks in the federation sender in SQLite mode have been fixed

Spec compliance has improved a bit:

  • Client-Server APIs: 48%, up from 45% last week

  • Server-Server APIs: 51%, up from 50% last week

Conduit

Conduit is a Matrix homeserver written in Rust https://conduit.rs

timo said:

Conduit

Hi everyone, here are some things we worked on this week:

  • Work on to-device sending improvements

  • Work on room tags (thanks to @gnieto)

  • Merged /logout/all endpoint (thanks to @CapsizeGlimmer)

  • Work on /joined_members (thanks to @CapsizeGlimmer)

Last week we had a list of major features still missing. Here's a list of what already works:

Registering, logging in, creating rooms, room visibility, join rules, basic permission management, public room list, inviting, creating DMs, e2e encryption, key backups, device verification, cross signing, notifications, uploading media/files (also user/room avatars), lower-resolution media thumbnails, voip calls and a few other thing's I'm forgetting right now. So it's useable for non-federating chats already.

Thanks to everyone who supports me on Liberapay or Bitcoin!

Synapse

Neil reported:

In Synapse land this week, we shipped 1.16.0 and err 1.16.1.

Lifting from the blog post, the highlights are:-

  • An important performance fix to improve room state resolution.

  • An option to enable e2e by default for new rooms.

  • Ability to run multiple media repo workers side by side.

  • Ability to mark specific content as being safe from quarantine.

  • Bug fixes to make migrating from SQLite to Postgres more reliable - if you are running sqlite for anything other than evaluation purposes then please migrate!

We also put out a release candidate for 1.17.0 which all being well we’ll release on Monday. 1.17.0 is really a bug fix release the most notable being finally squashing a long standing bug that caused locally rejected invites to get ‘stuck’ client side.

Continuing our matrix.org performance theme, having now got the CS API largely into a good state of responsiveness, we are looking at federation lag. Today we shipped a sharded Federation Reader to matrix.org which has reduced the average lag from seconds to milliseconds. We are just running two currently and are still tuning as we figure out how to get the best from it. Initial impressions seem promising. Watch this space.

2020-07-10-qiwpr-Screenshot2020-07-10at16.02.39.png

We also have a PR out for review to shard the Federation Sender, which will have much the same effect in the other direction.

Once we have sending messages via the Client-Server API, much reduced federation lag and a sharded Pusher we’ll take a look at room joins.

Synapse Deployment 📥️

dacruz21/matrix-chart

Typo Kign reported:

v2.3.0 of dacruz21/matrix-chart has been published with Synapse 1.16.

Kubernetes

Just pushed the 1.16 K8s-optimized Synapse image tags, this time done from a tablet in a server room between moving a bunch of hardware.

New WireGuard-based deployment

balaa announced:

Hi everyone, my friend Patrick and I have been working on making Matrix more accessible in the context of personal overlay networks powered by WireGuard. We’ve built a 1-click deployment solution for Synapse & Riot based on docker. The interesting part is that it gives you public addressability via a distributed proxy service that we have been developing. We are free and open source and welcoming contributors and testers ASAP! We are imagining an ecosystem for building collaborative intranets and see them as foundational to a freer, more equitable internet. Please join us at #noteworthy:tincan.community See https://www.patrickdlg.com/personal-messaging/ and https://noteworthy.tech/start/

Dept of Bridges 🌉

mautrix-whatsapp

Tulir announced:

mautrix-whatsapp got some bugfixes and improvements:

  • You can now create private chat portals by inviting a WhatsApp ghost user (e.g. from a group chat)

  • WhatsApp users in groups are now synced to Matrix properly, including kicking users who left the group without the bridge noticing

matrix-sms-bridge

Benedict offered:

I fixed some bugs in matrix-sms-bridge and added a feature that allows delayed sending of sms messages with the sms send command. It runs very fast and stable in my production environment.

Dept of Clients 📱

Nheko

Nheko is a desktop client using Qt, Boost.Asio and C++17. It supports E2EE (with the notable exception being device verification for now) and intends to be full featured and nice to look at

Nico (@deepbluev7:neko.dev) reported:

Not much to talk about currently, since I'm breaking my Nheko to replace the entire event store at this moment, but I have some heads up on an annoying bug that I fixed on my branch:

Sometimes we had a weird issue, where Nheko wouldn't load the language the user set on their system. This was especially annoying when I wanted to test a specific language, like Japanese, and I couldn't figure out the right LANG* variables to set the language to Japanese in Nheko. Turns out, this was a bug in Nheko and you wouldn't have guessed so, when looking at the examples in the Qt documentation. Anyway, KDAB wrote a nice blogpost explaining this issue: https://www.kdab.com/fixing-a-common-antipattern-when-loading-translations-in-qt/

If you are a Qt developer, you may want to check your applications, if you are also affected.

Riot-iOS

steve offered:

This week, we worked on the rebranding.

RiotX / Riot-Android

benoit announced:

We will release a beta (0.91.5) of Riot-Android this evening, including all the recent changes and lots of fixes. We are still working to prepare the great release!

Daydream

MTRNord told us:

While not much is happening on the master branch some things happened on the Redesign branch:

  • Daydream does the sync now on a worker which is similiar to using a thread

  • jplatte made a PR for optimizing multiple Parts of the Code which significantly improved the overall Daydream performance ( https://github.com/daydream-mx/Daydream/pull/22 )

  • Some rework of the Login logic happened to prepare for well-known support

Dept of SDKs and Frameworks 🧰

mautrix-python

Tulir offered:

When I initially implemented end-to-bridge encryption in mautrix-python, I used matrix-nio in a slightly hacky way to get it done quickly. It worked fine in some cases, but also caused some undecryptable messages. I tried switching to using matrix-nio's crypto module directly, but the sans-I/O design made that difficult: there were too many parts that needed to be hooked up to the actual I/O and I wasn't able to find them all. In the end, I just decided to implement the basic e2ee stuff directly in mautrix-python the same way it's implemented in mautrix-go.

All my bridges based on mautrix-python (Telegram, Facebook and Hangouts) have been switched to use the new crypto stuff. After a few initial bugs that are already fixed, it seems to work better than the old system. I'll probably add native e2ee to maubot soon too, which is my last main project that's still missing e2ee.

Dept of Internet of Things 💡

Mozilla IoT Matrix Adapter 0.3

Christian reported:

The Mozilla IoT Matrix Adapter can send posts based on events in your home.

Version 0.3 brings the ability to use room aliases instead of internal room ids. Furthermore, you can configure it to accept invites and follow room upgrades.

Due to utter negligence and malpractice by myself, we missed the update for this project last week. Of course, 0.2 is now superseded by 0.3, but here is the 0.2 update anyway:

Released v0.2.0 of the Mozilla IoT Matrix adapter. It's now possible to post in multiple rooms (still one per post).

Dept of Bots 🤖

Cat Disruptor 7000

Stephen D told us:

I wrote a pretty simple Matrix bot in Rust which is loosely based on Cat Disruptor 6000. It will react with 🐈️ to any message containing the string "cat" *. Since it is a small project, I hope it can be used as an example for other people interested in writing Matrix bots in Rust. It implements several important features (crypto/device store, auto-accepting invites, crafting custom events, etc.) You can host it yourself, or you can try it out by inviting the user "@catdisruptor:m.scd31.com" to your room! https://git.scd31.com/stephen/cat-disruptor-7000

* Cat Disruptor 6000 does not do this (it is used for disrupting monologues with cat pictures). However, many instances of Cat Disruptor 6000 also include a separate bot, which is what Cat Disruptor 7000 is mimicking.

matrix-imposter-bot

mr_johnson22 said:

matrix-imposter-bot - A bot that uses your account to repeat other people's messages. This gives relay-bot capabilities to puppet-only bridges.

Updates:

  • Can be much more easily deployed with a production-level WSGI server. It comes with waitress but it's possible to use any other server.

  • Member join/leave/rename now post messages

  • Shuts down when receiving a term/exit/quit signal, instead of hanging

For more details, see https://github.com/mrjohnson22/matrix-imposter-bot

Dept of Interesting Projects 🛰️

cody

carl offered:

cody is a REPL for your matrix chat rooms.

This week, the big new feature was support for Ruby with the message prefix !rb.

Chat with cody: @cody:bordum.dk

Read the source: https://gitlab.com/carlbordum/matrix-cody

Dept of Jobs 💰️

Famedly is recruiting

sorunome announced:

Heya, we (famedly) are looking for about 2-3 more flutter developers. We are a german startup which works on revolutionizing communication in the medical area. We build on top of matrix, so having some matrix-knowledge would be very beneficial.

You might have seen us previously in TWIM with projects such as famedly-email-bridge or the famedly dart SDK.

While we are based in Berlin we do allow remote work, and communication in english is fine, too.

If you are interested or have more questions, please message Niklas Zender.

Dept of Ping 🏓

Here we reveal, rank, and applaud the homeservers with the lowest ping, as measured by pingbot, a maubot that you can host on your own server. Join #ping:maunium.net to experience the fun live, and to find out how to add YOUR server to the game.

RankHostnameMedian MS
1fairydust.space334
2matrix.vgorcum.com637.5
3lossy.network657
4asra.gr795
5swag.industries1407.5
6lo.hn1481
7finallycoffee.eu1804
8nzbr.de1885.5
9halogen.city2275
10utzutzutz.net2462.5

That's all I know 🏁

See you next week, and be sure to stop by #twim:matrix.org with your updates!

Synapse 1.16.0 released

2020-07-08 — Releases — Neil Johnson

Synapse 1.16.0 is here!

Notable additions in 1.16.0 include:-

  • An important performance fix to improve room state resolution.
  • An option to enable e2e by default for new rooms.
  • Ability to run multiple media repo workers side by side.
  • Ability to mark specific content as being safe from quarantine.
  • Bug fixes to make migrating from SQLite to Postgres more reliable - if you are running sqlite for anything other than evaluation purposes then please migrate!

Note, we have deprecated the m.login.jwt login method in favour of org.matrix.login.jwt see the changelog for more details.

Enjoy!

Get the new releases from any of the usual sources mentioned at https://github.com/matrix-org/synapse/blob/master/INSTALL.md. 1.16.0 is on github here.

Changelog for 1.16.0 follows:

Synapse 1.16.0 (2020-07-08)

No significant changes since 1.16.0rc2.

Note that this release deprecates the m.login.jwt login method, renaming it to org.matrix.login.jwt, as m.login.jwt is not part of the Matrix spec. Otherwise the behaviour is identical. Synapse will accept both names for now, but this may change in a future release.

Synapse 1.16.0rc2 (2020-07-02)

Synapse 1.16.0rc2 includes the security fixes released with Synapse 1.15.2. Please see the 1.15.2 release notes for more details.

Improved Documentation

  • Update postgres image in example docker-compose.yaml to tag 12-alpine. (#7696)

Internal Changes

  • Add some metrics for inbound and outbound federation latencies: synapse_federation_server_pdu_process_time and synapse_event_processing_lag_by_event. (#7771)

Synapse 1.16.0rc1 (2020-07-01)

Features

  • Add an option to enable encryption by default for new rooms. (#7639)
  • Add support for running multiple media repository workers. See docs/workers.md for instructions. (#7706)
  • Media can now be marked as safe from quarantined. (#7718)
  • Expand the configuration options for auto-join rooms. (#7763)

Bugfixes

  • Remove user_id from the response to GET /_matrix/client/r0/presence/{userId}/status to match the specification. (#7606)
  • In worker mode, ensure that replicated data has not already been received. (#7648)
  • Fix intermittent exception during startup, introduced in Synapse 1.14.0. (#7663)
  • Include a user-agent for federation and well-known requests. (#7677)
  • Accept the proper field (phone) for the m.id.phone identifier type. The legacy field of number is still accepted as a fallback. Bug introduced in v0.20.0. (#7687)
  • Fix "Starting db txn 'get_completed_ui_auth_stages' from sentinel context" warning. The bug was introduced in 1.13.0. (#7688)
  • Compare the URI and method during user interactive authentication (instead of the URI twice). Bug introduced in 1.13.0. (#7689)
  • Fix a long standing bug where the response to the GET room_keys/version endpoint had the incorrect type for the etag field. (#7691)
  • Fix logged error during device resync in opentracing. Broke in v1.14.0. (#7698)
  • Do not break push rule evaluation when receiving an event with a non-string body. This is a long-standing bug. (#7701)
  • Fixs a long standing bug which resulted in an exception: "TypeError: argument of type 'ObservableDeferred' is not iterable". (#7708)
  • The synapse_port_db script no longer fails when the ui_auth_sessions table is non-empty. This bug has existed since v1.13.0. (#7711)
  • Synapse will now fetch media from the proper specified URL (using the r0 prefix instead of the unspecified v1). (#7714)
  • Fix the tables ignored by synapse_port_db to be in sync the current database schema. (#7717)
  • Fix missing Content-Length on HTTP responses from the metrics handler. (#7730)
  • Fix large state resolutions from stalling Synapse for seconds at a time. (#7735, #7746)

Improved Documentation

  • Spelling correction in sample_config.yaml. (#7652)
  • Added instructions for how to use Keycloak via OpenID Connect to authenticate with Synapse. (#7659)
  • Corrected misspelling of PostgreSQL. (#7724)

Deprecations and Removals

  • Deprecate m.login.jwt login method in favour of org.matrix.login.jwt, as m.login.jwt is not part of the Matrix spec. (#7675)

Internal Changes

  • Refactor getting replication updates from database. (#7636)
  • Clean-up the login fallback code. (#7657)
  • Increase the default SAML session expiry time to 15 minutes. (#7664)
  • Convert the device message and pagination handlers to async/await. (#7678)
  • Convert typing handler to async/await. (#7679)
  • Require parameterized package version to be at least 0.7.0. (#7680)
  • Refactor handling of listeners configuration settings. (#7681)
  • Replace uses of six.iterkeys/iteritems/itervalues with keys()/items()/values(). (#7692)
  • Add support for using rust-python-jaeger-reporter library to reduce jaeger tracing overhead. (#7697)
  • Make Tox actions work on Debian 10. (#7703)
  • Replace all remaining uses of six with native Python 3 equivalents. Contributed by @ilmari. (#7704)
  • Fix broken link in sample config. (#7712)
  • Speed up state res v2 across large state differences. (#7725)
  • Convert directory handler to async/await. (#7727)
  • Move flake8 to the end of scripts-dev/lint.sh as it takes the longest and could cause the script to exit early. (#7738)
  • Explain the "test" conditional requirement for dependencies is not all of the modules necessary to run the unit tests. (#7751)
  • Add some metrics for inbound and outbound federation latencies: synapse_federation_server_pdu_process_time and synapse_event_processing_lag_by_event. (#7755)

This Week in Matrix 2020-07-03

2020-07-03 — This Week in Matrix — Ben Parsons

Matrix Live 🎙

Dept of Status of Matrix 🌡️

Open Tech Will Save Us 4

The next Open Tech Will Save Us event will take place on Wednesday, that's 2020-07-08! Line-up is confirmed as:

Dept of Spec 📜

anoa reported:

Here's your weekly spec update! The heart of Matrix is the specification - and this is modified by Matrix Spec Change (MSC) proposals. Learn more about how the process works at https://matrix.org/docs/spec/proposals.

MSC Status

Finished Final Comment Period:

MSCs in Final Comment Period:

  • No MSCs are in FCP.

New MSCs:

Spec Core Team

In terms of Spec Core Team MSC focus for this week, as last week we are sticking with "implementation" for now. We'll be back soon :)

Dept of GSoC 🎓️

This week was the first evaluations, we'll have results to share next week.

matrix-ircd (GSOC)

karlik offered:

for matrix-ircd:

  • Removed futures 0.1 dependency & move all modules to futures 0.3

  • Update all tests to use async / await

  • Begin merging updated futures to async_await branch

go-neb

From nikofil:

  • e2ee merged and some bugs fixed (pr #324)! You should be able to use neb normally in an encrypted room now, if that's not the case please let us know!
  • Added integration tests for both encrypted and unencrypted rooms to neb in order to catch things that might break some core functionality in a subtle way (issue #326)
  • Similarly, created a PR for mautrix-go for testing the Olm and Megolm session establishment and message encryption / decryption (pr #12)
  • Next up, working on a service for neb for testing the crypto functionality of other clients: neb will send messages to a room, rotate keys etc. and your client is supposed to respond!

Dept of Servers 🏢

Dendrite / gomatrixserverlib

Dendrite is a next-generation homeserver written in Go

Neil Alexander said:

This week has seen some new architectural changes and a number of bugs fixed:

  • A new Current State Server component has been added, which tracks room state

  • The Public Rooms API has been deprecated in favour of the Current State Server

  • Event size limits are now honoured with the correct return code

  • Invites have seen some refactoring and retiring invites should work better now

  • The federation sender now persists unsent PDUs to the database and will automatically retry when Dendrite is restarted, making resend behaviour much more reliable (particularly in the P2P demos)

  • Some room checks in /state and /state_ids have been fixed

  • Some additional restrictions have been added to /send and we now return the correct error codes

  • A bug where current state was incorrectly used when getting missing/backfill events has been fixed

  • A bug where you couldn't rejoin a room that you created after wiping your database has been fixed

Spec compliance:

  • Client-Server APIs: 45%

  • Server-Server APIs: 50%

Conduit

Conduit is a Matrix homeserver written in Rust https://conduit.rs

timo reported:

This week I didn't have much time to work on Conduit, but together with @the0 we could implement both password changing and account deactivation!

With last week's key backup and cross-signing PR landing in master, here's a list of all major features still missing from Conduit:

  • All of Federation

  • Appservices

  • Push Notifications

  • Notification settings

  • Message Search

  • Presence

  • Room Tagging

Thanks to everyone who supports me on Liberapay or Bitcoin!

Synapse

richvdh reported:

Synapse 1.15.2 shipped this week with some important security fixes - if you haven't already upgraded, please do asap! Meanwhile, we're also preparing a 1.16 release with the normal round of bugfixes and incremental improvements.

The big focus in the Synapse team continues to be on performance for larger Synapse instances, which is reflected in the support in 1.16 for running multiple media worker processes. We're working on giving other worker processes the same treatment, so expect more of the same in the weeks to come!

Synapse Deployment 📥️

Kubernetes

Ananace announced:

Just pushed the 1.15.2 tags for the K8s-optimized Synapse image.

Docker matrix

Mathijs offered:

The avhost image including coturn, jemalloc, and mjolnir for synapse 1.15.2 was released at avhost/docker-matrix:v1.15.2, while the RCs images were released on my personal repo; mvgorcum/docker-matrix:v1.16.0rc1 and mvgorcum/docker-matrix:v1.16.0rc2

Dept of Bridges 🌉

Twilio & Maubot based SMS bridge

Jeff Casavant offered:

I wrote a very simple Twilio & Maubot based SMS bridge recently which I've been running for long enough with no delivery errors that I'd consider it stable. It's oriented towards bridging many individuals to single rooms via SMS. You'll need to have a Maubot instance in order to run it.

https://github.com/jeffcasavant/MaubotTwilio

Dept of Clients 📱

Syphon - new client announcement

usbfingers offered:

Hey TWIM ,

Tuesday, I did a soft announcement of open alpha for Syphon - a privacy centric matrix client

Source: https://github.com/syphon-org/syphon

Website: https://syphon.org

Features:

  • no analytics.

  • no proprietary third party services

    • iOS will have APNS opt-in, but will be made clear to the user
  • all data is AES-256 encrypted at rest

  • E2EE for direct chats using Olm/Megolm

    • group chats will be supported in the coming weeks
  • all indicators of presence are opt-in only (typing indicators, read receipts, etc)

  • customize themes and colors throughout the app

Please note there's still a lot of work to do and a lot of features missing that other clients have. It's not ready for everyday use.

Please let me know if you have any questions or would like to contribute!

Riot Web

Ryan told us:

This week we released 1.6.8, and the highlights include:

  • Upgraded to Electron 9 for desktop builds, which should fix various Linux tray icon issues

  • Jump to first unread message improved to handle reactions and other non-message events

  • Desktop now shows a file saved message when downloading a file

  • Cross-signing setup flows reworked to simplify choosing a security phrase or key

Fractal

Alexandre Franke announced:

The previous Fractal update was quite a while ago but we’ve kept busy.

There has been a lot of under the hood work that users won’t notice and which we won’t delve into. In addition to them, we have a few nice things:

  • Matrix API tokens are redacted in logs for better privacy when submitting bug reports.

  • A send button was added next the message entry. This is especially relevant for touch screens.

  • We are less noisy with typing notifications that we send out.

  • We support SOCKS proxies.

  • Notifications for non text messages have been tweaked.

  • We gained support for edited message display. They are replaced with the newer content and a little icon is shown next to them. Editing messages is not supported yet though.

2020-07-03-ZFc9l-Captured’écrande2020-07-0317-26-53.png

NovaChat July 3 update:

eric told us:

  • Added icons for each chat network to room list

  • Got Twitter DM bridge working again

  • Improved search bar UI

  • On-boarded 30 new users!

  • Launched (accidentally) on Hacker News

  • Fixed a ton of reliability bugs in the 7 bridges we support (changelog)

  • We are hiring (full-time or part-time) remote React developers to work on our (source available, still TBD on final license) Riot fork Send me a DM if interested.

2020-07-03-LUhRG-image.png

NovaChat has been getting good coverage lately, on Twitter and Hacker News.

RiotX published in the beta channel of the Riot-Android app

benoit announced:

RiotX is now published in the beta channel of the Riot-Android app: https://play.google.com/store/apps/details?id=im.vector.app. You can get the last beta version by becoming a tester if you want to. There will be no more update of RiotX on the PlayStore. Current RiotX users should signout from RiotX and signin again on Riot-Android. Riot-Android users do not have to do that. The changelog can be read here https://github.com/vector-im/riotX-android/releases/tag/v0.91.3-beta. And this week we are working on implementing what's remain on our list, and we are fixing as many bugs as we can before the great release.

Riot-iOS

steve offered:

This week, we made some improvements for the cross-signing UX.

We started to work on the rebranding. And we also made some small improvements in the display of some events in the timeline.

Dept of Ops 🛠

ma1sd release 2.4.0

ma1uta offered:

ma1sd release 2.4.0.

Changes:

  • Enabled v2 API by default.

  • Added experimental support of the database connection pooling for postgresql

  • Added option to bind ma1sd to specified address.

  • Added error logging for LDAP authorization.

  • Added full request and response logs for debug.

  • Avoid including bridged user in directory lookups (https://github.com/ma1uta/ma1sd/pull/45)

  • Add experimental multi-platform buillds for amd64 and arm64 platforms.

  • remove warning about matrix-synapse-ldap3 (https://github.com/ma1uta/ma1sd/pull/50)

Bugfixes:

Downloads:

matrix-docker-ansible-deploy

This Ansible playbook is meant to easily let you run your own Matrix homeserver.

Slavi said:

it appears to be puppet week in matrix-docker-ansible-deploy-land!

Thanks to various contributors (Johanna Dorothea Reichmann, Tulir Asokan and Hugues Morisset), the playbook has gained support for 4 new bridges: mx-puppet-instagram (see our docs), mx-puppet-twitter (see our docs), mx-puppet-discord (see our docs) and mx-puppet-steam (see our docs).

This brings the total number of bridges supported by the playbook to 15!

Dept of Bots 🤖

matrix-reminder-bot v0.1.0

anoa offered:

The release, v0.1.0, of matrix-reminder-bot is out! 🎉

I've eliminated most of the bad bugs that were present, so will be doing some feature development for a bit. As of now, the features of the bot are:

  • Setting reminders

  • Have a reminder ping yourself or the whole room

  • Alarms which continue ringing until silenced

  • Support for end-to-end encrypted rooms

  • Postgres and SQLite support

  • Docker support

Find it here: https://github.com/anoadragon453/matrix-reminder-bot/ and join the discussion at #matrix-reminder-bot:matrix.org!

Enjoy! ❤️

IPFS Bot

MTRNord offered:

Did you ever have the issue that a media event sent from someone is too large for your HS and you don't want to fiddle with the link?

IPFS Bot might be a solution. Invite @ipfs:nordgedanken.dev or Check out https://github.com/MTRNord/matrix-ipfs-bot/ to use the bot.

If you reply to any media event with !ipfs the bot will send you a link to the media stored on ipfs.

Known issues are:

  • E2EE not yet working (It joins but can't yet decrypt the related event)

  • Error handling is basically not existent. Therefore crashes might happen until I sort this out.

  • It currently does very verbose logging. This will be removed when the bot is more stable

  • Images sent from RiotX sometimes seem to not play nice with ruma

(Demo for the IPFS Bot): https://ipfs.nordgedanken.dev/ipfs/QmSfde3V4QL1Lv96Ar62qgnhaEtyi9jzPkKRCBMh4Wqm6F?filename=2020-06-27_16-41-09.mp4

We could include this video here, but it seems me appropriate to link to an actual IPFS location.

cody, REPL for your Matrix chat rooms

carl offered:

Hello, I am announcing my first matrix bot - cody - that will evaluate code snippets in your Matrix rooms and return the result. Here is an example interaction:


user> !py "Hello world!"
cody> 'Hello world!'

user> !py list(range(10))
cody> [0, 1, 2, 3, 4, 5, 6, 7, 8, 9]

You can chat with him @cody:bordum.dk and view the source code at https://gitlab.com/carlbordum/matrix-cody

This initial release only supports Python, but the plan is to add support for more languages in the next few weeks. The repo might also be of interest to some of you as it has CI, CD to DockerHub, complete dev environment with cody, pantalaimon, synapse and riot using docker-compose, simple metrics and Grafana-dashboards-as-code.

Dept of Interesting Projects 🛰️

Matrix Notepad Version v0.2.2

KB1RD told us:

A real-time collaboratie text editor using the Matrix protocol.

matrix-notepad.kb1rd.net

Nope, it's not dead.

  • New version of logootish-js with a completely new algorithm

    • In particular, I should note that this new algorithm is tested extensively, so I think the bugs should be out
  • Corresponding updates to internal event structure

  • Fixed UI & CSS bugs

  • Improved UX for room title editor

  • Currently, conflicting text will be displayed, but conflicts will not be indicated in any way

  • I almost forgot to mention: The room list is now filtered using the typed rooms MSC (event ID org.matrix.msc1840). #test-document0:kb1rd.net is a room with that state event set.

I also made a flame graph of the internal algorithm and I'm surprised by some of the results. The good thing is that I think there's quite a few ways to speed up the algorithm. Here it is:

https://logootish-js.matrix-notepad.kb1rd.net/flamegraph/test/listmodel-nc.perf.js/flamegraph.html#{%22merged%22:false,%22nodeId%22:null,%22excludeTypes%22:[%22cpp%22,%22regexp%22,%22v8%22,%22native%22,%22init%22,%22core%22]}

2020-07-03-SmuSp-image.png

Dept of Ping 🏓

Here we reveal, rank, and applaud the homeservers with the lowest ping, as measured by pingbot, a maubot that you can host on your own server. Join #ping:maunium.net to experience the fun live, and to find out how to add YOUR server to the game.

RankHostnameMedian MS
1fairydust.space385
2talk.go7box.xyz502.5
3gottliebtfreitag.de524
4phys.ethz.ch552
5eisfunke.com997
6c.mau.dev1422
7halogen.city1613
8nzbr.de1722
9asra.gr1774
10utzutzutz.net1875

That's all I know 🏁

See you first thing tomorrow morning, and be sure to stop by #twim:matrix.org with your updates!

Synapse 1.15.2 released with security fixes

2020-07-02 — Releases, Security — Richard van der Hoff

Folks, today we are releasing Synapse 1.15.2, which is a security release which contains fixes to two separate problems. We are also putting out the second release candidate for the forthcoming Synapse 1.16, including the same fixes.

Firstly, we have fixed a bug in the implementation of the room state resolution algorithm which could cause users to be unexpectedly ejected from rooms (Synapse issue #7742).

Secondly, we have improved the security of pages served as part of the Single-Sign-on login flows to prevent clickjacking attacks. Thank you to Quentin Gliech for reporting this.

We are not aware of either of these vulnerabilities being exploited in the wild, but we recommend that administrators upgrade as soon as possible. Those on Synapse 1.15.1 or earlier should upgrade to Synapse 1.15.2, while those who have already upgraded to Synapse 1.16.0rc1 should upgrade to 1.16.0rc2.

Get the new releases from any of the usual sources mentioned at https://github.com/matrix-org/synapse/blob/master/INSTALL.md. 1.15.2 is on github here, and 1.16.0rc2 is here.

Changelog for 1.15.2 follows:

Synapse 1.15.2 (2020-07-02)

Due to the two security issues highlighted below, server administrators are encouraged to update Synapse. We are not aware of these vulnerabilities being exploited in the wild.

Security advisory

  • A malicious homeserver could force Synapse to reset the state in a room to a small subset of the correct state. This affects all Synapse deployments which federate with untrusted servers. (96e9afe6)

  • HTML pages served via Synapse were vulnerable to clickjacking attacks. This predominantly affects homeservers with single-sign-on enabled, but all server administrators are encouraged to upgrade. (ea26e9a9)

    This was reported by Quentin Gliech.

This Week in Matrix 2020-06-26

2020-06-26 — This Week in Matrix — Ben Parsons

Matrix Live 🎙

It's demos this week!

  • Riot X video calls (valere)
  • Room list (TravisR)
  • Notifications - (Michael (t3chguy) & richvdh)
  • E2E Onboarding (Dave & Nad)
  • Modular SAML support (ChristianP)

Dept of Status of Matrix 🌡

Merch Returns!

Yes it's back! For the first time in months we are shipping branded IRL-items featuring Matrix branding. Head to The Shop to stock-up.

Dept of Spec 📜

anoa announced:

Here's your weekly spec update! The heart of Matrix is the specification - and this is modified by Matrix Spec Change (MSC) proposals. Learn more about how the process works at https://matrix.org/docs/spec/proposals.

MSC Status

Merged MSCs:

MSCs in Final Comment Period:

New MSCs:

Spec Core Team

In terms of Spec Core Team MSC focus for this week, unfortunately our three MSCs from last week ( MSC2366 (verification flows), MSC2403 (knocking), and MSC2630 (SAS security)) are still pre-FCP. Most of the team has been quite busy with implementation for the past few weeks. Instead of advertising those 3 MSCs again, we're going to switch the focus to "implementation" for a bit until we're freed up again.

So the focus for this week is: MSC implementation work. However, this should not discourage any MSC authors from responding to MSC feedback in the meantime 🙂

2020-06-26-MxzSP-plot.png

Dept of GSoC 🎓

Ruma GSoC

devinr528 reported:

This week in the ruma/matrix Google Summer of Code project, ruma-events was made ready for use! After adding stripped and sync event generation to the event_enum! macro there were only a few small tweaks needed to try it out in some dependent rust crates. I spent a few days converting matrix-rust-sdk to use the ruma-monorepo. Since ruma is used on both client and server-side, I also opened a PR to update Conduit, a homeserver implementation written in Rust. To test that everything worked together, I updated rumatui, my command-line client written in rust.

Then I could test that Conduit sent, and matrix-rust-sdk received the new ruma events successfully. While updating, I felt the pain of not having accessor methods for the Any*Event enums to get at the event fields held within. I have opened a pull request to add the generation of these methods to the event_enums! macro. Hopefully, the Conduit and matrix-sdk PR's will be merged and the ruma monorepo can be tested in the wild!

matrix-ircd GSOC

karlik told us:

Moved matrix protocol, irc protocol, and bridge module to futures 0.3. Converted some utility functions to new futures, and updated the http implementation to use the standardized Hyper library instead of using a custom http implementation.

go-neb

nikofil said:

  • Created PR for enabling e2ee across all services! This required a few changes to how the bot client is initialised, as well as changes to all services to use the new functionality instead of directly sending messages to a room. https://github.com/matrix-org/go-neb/pull/324

  • Added code from another of tulir's projects to Mautrix to allow storing the crypto material (olm / megolm sessions, accounts etc.) in a SQL database, adding a second way besides using Gob storage. https://github.com/tulir/mautrix-go/pull/10

  • Future plans are to work on the library itself to add any features that might be missing.

HTML embeddable chat rooms

arnav-t told us:

This week I've worked on the following features for the project "HTML embeddable chat rooms" under GSoC '20:

Added support for signing-in

Via sign-in popup

The user can enter their credentials into the modal dialogue box.

Via postMessage interface


iframe.contentWindow.postMessage({
    cmd: 'login',

    args: {
        user: 'username',

        passwd: 'password'
    }

}, origin);

Arguments:

args (object):

  • username (string) - Username

  • passwd (string) - Password

Response:

{

    status: 'success', 
    message: 'Attempting sign in...'

}

Added support for default avatars

Using the same design as Riot. However, I am just using flexbox and text instead of drawing on an HTML5 canvas. The HSL color is generated by hashing the user ID.

Quoting and replying

Added on-hover buttons and reply popup above message composer similar to Riot web. Quoting prepends the message (quoted) to the message composer similar to Riot web and replying would also work similar to Riot web. It will be fully functional once markdown parsing is added.

Guest access

The client now supports guest access. If no access token or user ID is provided in the configuration file, the client attempts to register a guest account on the home server. Room contents are viewed using peekInRoom.

If the guest attempts to send a message, only then joinRoom is called to avoid spam (each page load would lead to a guest joining the room).

Nheko

Chethan told us:

SAS Verification is completed and works !

Supports both Emoji and Decimal Verification Only uses curve25519-hkdf-sha256 as key_agreement protocol

Brand new UserProfile written entirely in qml. https://github.com/Nheko-Reborn/nheko/pull/203

Mtxclient

Updated with needed APIs for SAS verification.

https://github.com/Nheko-Reborn/mtxclient/pull/32

Opsdroid

tyagdit reported:

Port to Matrix-nio

  • The matrix connector is now using matrix-nio!

  • Bots can send and receive texts, images, files as before

  • No change in configuration required, just update opsdroid and run as before

  • Encryption is not yet implemented

  • You can check out the PR here

Enabling E2EE

  • Sending and receiving encrypted texts, edits, replies works just as normal messages

  • Images and files are being worked on

  • User shouldn't have to change much about their configuration to use encryption

  • Some testing is due

  • Check out the progress here

Dept of Servers 🏢

Dendrite

Dendrite is a next-generation homeserver written in Go

kegan reported:

This week has been mainly about testing to ensure that all the progress over the past few months is kept up-to-date and correct. We've also added a few features in order to get certain sytests working. To that end:

  • Invites can now be declined over federation and they will be reflected in /sync responses.

  • Errors encountered when joining a room over federation are now sent back to the client.

  • Errors encountered when accepting an invite over federation are now sent back to the client.

  • Dendrite will now check server names meet the server name grammar in the specification.

  • A bug which caused client-api-proxy to not actually proxy correctly has been fixed, thanks @fantashley !

  • /send now abides by the limits in the specification: 50 PDUs / 100 EDUs.

  • The docker-compose scripts now include appservice_api, thanks @fantashley !

  • Sending invites over federation will now fall back to v1 if v2 fails with a 404.

  • Dendrite now implements room.timeline.limit completely (in both in-line and stored filter formats).

  • Dendrite now sets the limited flag on /sync responses correctly.

In addition, we now have support for collecting code coverage output from SyTest. This indicates we are testing roughly 70% of the Dendrite codebase. The remaining 30% are hard to reach via intergration tests (e.g database failures, communication problems between internal APIs).

Spec compliance:

  • Client-Server APIs: 45%, up from 40% last week

  • Server-Server APIs: 50%, up from 38% last week

In total, we've made an additional 45 sytests pass this week.

Mascarene

Nico reported:

Mascarene v0.2.0 has been released.

This version implements a minimal set of client API endpoints to work with Riot and allow user registration,

room creation, invitation and messages sending on the same running instance (no federation support).

Docker image are also available. See this documentation

for rough installation instructions.

Join us at #mascarene:beerfactory.org

Conduit

Conduit is a Matrix homeserver written in Rust https://conduit.rs

timo told us:

This week I finished the cross-signing PR:

To try it out yourself, open Riot (preferably https://riot.im/develop) and join the <https://conduit.koesters.xyz:14004> homeserver.

Thanks to everyone who supports me on Liberapay or Bitcoin!

Synapse

Neil told us:

This week we’ve been working on further improvements to event persistence and ironed out a nasty bug where an unusually long state resolution could block the reactor overall and impact send times. We seem to have got to the bottom of this and m.org has improved a lot as of today.

More generally we’ve been trying to characterise matrix.org performance so that we can continue to improve over the coming months.

We are going to focus on:-

  • Client send event

  • Outbound Federation Latency

  • Inbound Federation Latency

  • Room joins

As well as tracking the CS API generally.

We are using apdex with a satisfied limit of 250 ms and a tolerating limit of 1000 ms. By the end of the Summer we will aim to hit an apdex score of 0.9 for each area.

For instance here is Federation Send Event Apdex graphed overtime. You can see that we are averaging about ~0.8 currently, so plenty to keeping us busy!

2020-06-26-JR9Vx-Screenshot2020-06-26at17.51.57.png

Next up will be to work on Outbound Federation Latency

Aside from that we’ve been working hard on the upcoming Notifications improvements. Mapping the push rules to the demands of the UI has been challenging and we’ve been through several iterations. If you’d like to learn more take a look at Michael and Rich’s explanation in this week’s Matrix Live. Rich’s presentation has Sheltie pictures #justsayin’

Dept of Bridges 🌉

It's a Tulir kind of week.

mautrix-whatsapp

Tulir told us:

The WhatsApp bridge got a bunch of improvements this week, such as:

  • Matrix -> WhatsApp gif bridging

  • Bridge status notices if your phone battery is low

  • A command to get group invite links and another command to join groups using invite links

  • Matrix <-> WhatsApp bridging of most membership changes

mautrix-facebook

Tulir reported:

The Messenger bridge mostly got bugfixes, but also Matrix->Facebook bridging of all media and location messages

mautrix-telegram

Tulir offered:

The Telegram bridge now supports logging in by scanning a QR code, although it requires using the master branch of Telethon instead of a release. I also fixed bridging captions in file messages, so they're now bridged as separate messages like with images

Half-Shot bridges roundup

Half-Shot offered:

Hey all, I've got several releases to talk about this week!

First, matrix-appservice-slack has been updated to 1.4.0 with several quality of life changes such as automatically setting the bot profile on startup, supporting logging out of slack accounts and adding a health checkpoint. There are also quite a few bugfixes so make sure you update.

matrix-appservice-irc was also bumped to 0.18.0 with the headline features being Node 14.x support.

We've also shipped 0.19.0-rc1 which has stopped support for Node 10.x. Why? Because we're adding worker support to the bridge! This release starts to make use of the new(ish) worker_threads feature so that we can dish out processing to seperate threads (running their own UV event loops, for node enthusiasts). The first thing to be workerized is metrics, so that metrics may still be reported should the bridge become saturated, but we plan to split out more work as things progress.

Finally matrix-appservice-bridge got a few fixes to support our new worker land, as well as being updated to support matrix-js-sdk 6.0.0. You can checkout the changes for 1.13.1 here.

Dept of Clients 📱

Fluffychat

sorunome offered:

Fluffychat Version 0.15.0 is released, and should be available in the Play Store, on F-Droid and in IOS Testflight soon! This makes Fluffychat the first non-Riot matrix client that supports Cross-Signing.

Features:

  • New room list app bar design

  • Chat app bar transparent

  • Implement web file picker

  • Minor design and UX improvements

  • Implement Cross Signing

  • Restore keys from online key backup

  • Added translations: Czech, Spanish, Slovakian

Changes:

  • Show presences of users sharing a direct chat

  • Big refactoring

Fixes:

  • Various fixes, including e2ee fixes and olm session recovery

2020-06-26-rN8uB-scaled_screenshot_20200619-173753_fluffychat.png.jpg

Pattle: version 0.18.0

Wilko said:

A new version has been released and will soon become available on Google Play, TestFlight and F-Droid!

Changes

  • You can now play videos!

  • The main public address (room alias) of chats are now shown in chat's details

  • The time of sending is now always show on the right side for images

  • Notifications are grouped nicer, there's now one notification for Pattle, grouped by chat

  • Fix sending an image crashing the app

  • Fix urls not being accounted for in time placement (#132)

  • Fix chat input not scrolling

  • Fix multiple issues regarding showing notifications

  • F-Droid: All left-over proprietary code is now removed, thanks to Bubu for notifying me!

Get Pattle

Get involved

Mirage

miruka* reported:

0.5.2 is now out:

Added

  • Sessions/device list: you can now inspect, rename and manually verify

    your devices from the account settings page. The interface is still work in progress, keyboard navigation and signing

    out sessions will be added in a next version.

  • Re-add client-side unread/highlight room indicators.

    If your account has push notifications disabled, which precise cross-client counters depend on, the local indicators will be used as fallback.

  • Support the MIRAGE_CACHE_DIR environment variable to override where

    files and thumbnails are downloaded

  • A bunch of theme additions, check the full log

Changed

  • Overhauled account settings to match the design of other tabbed pages.

    The horizontal layout design has been removed due to complicated code and being impossible to extend without breaking it.

  • The display name field in account settings is now colored,

    preview your new display name's color as you type

  • For rooms without image avatars set, the room settings's avatar color now

    responds to the name field as you type

  • Overhauled scrollbars:

    • Now match the Mirage theme and much better visibility

    • No more right margin for the timeline's bar

    • Minimum height to prevent the bar from becoming impossible to grab

  • Use brighter text for room names of rooms that have unread messages

  • Buttons, tabs, text fields and areas now have animated bottom borders

    to represent keyboard focus instead of being highlighted like when hovered

  • Text fields and areas can now have rounded corners, following the theme

  • Tabbed pages (Sign In, Add Chat, etc) can now be swiped left and right

  • Popups can now be scrolled when their content is bigger than the

    window's height

  • Replace most generic checkmark icons for apply buttons in popups

  • Pressing escape in forms will consistently trigger corresponding

    cancel buttons

Fixed

2020-06-26-KSsyD-sessions.png

Nheko

Nheko is a desktop client using Qt, Boost.Asio and C++17. It supports E2EE (with the notable exception being device verification for now) and intends to be full featured and nice to look at

Nico (@deepbluev7:neko.dev) offered:

  • Most of our time this week was spent trying out device verification with Chethan. It's fun and I could finally file bugs in Nheko against someone else!

  • We fixed some issues that should hopefully make text in the timeline less blurry again.

  • Fixed a bug which cause some clients like fluffychat to break in E2EE rooms (we accidentaly sent a null relation when not replying...)

  • Fixed an issue, where Nheko didn't verify the format of html formatted messages correctly, causing it to render messages in a way which wasn't compliant to the spec.

  • Thanks to the work of a Pirate and his friends, current versions of Nheko should be available in backports for Debian Buster once again!

Riot Chat for Nextcloud

Gary Kim announced:

Riot Chat for Nextcloud 0.5.0 The new version updated the Riot.im version to 1.6.6 and added the ability for admins to set their own custom config for Riot rather then using the settings interface in addition to a few bug fixes.

Riot Chat for Nextcloud allows individuals and organizations with a Nextcloud instance to easily set up and configure their own Riot instance with just a few clicks on a web interface without the need to write a config file.

Join the development Matrix room at #riotchatfornextcloud-general:garykim.dev. Check out the source code here.

Riot-iOS

Manu told us:

This week, we completed UX for cross-signing and secure backup. We made associated settings but we still need to polish them.

Sygnal and the new push extension have been updated to match Apple requirement and our privacy concerns. Events content are no more sent anymore. We started to implement the new room notifications settings UI.

RiotX

benoit told us:

This week we were mainly working on cross-signing, room settings, VoIP stabilization and performance improvement.

Riot-Android

benoit reported:

We will publish at the beginning of next week a beta version of the migration to RiotX codebase on the beta channel of the PlayStore, to be able to ensure the migration works fine, before release it to production.

Dept of SDKs and Frameworks 🧰

Matrix Dart SDK: v0.33.0

Wilko told us:

  • Support custom events using RawRoomEvent and RawStateEvent

    Check the README for details.

  • Add ability to register using Homeserver.register

  • Add VideoMessageEvent

  • Add Room.canonicalAlias and Room.alternativeAliases

  • Add format field to TextMessage (thank you Cyril!)

  • Remove equatable dependency

Get it on pub!

Net::Matrix::Webhook

joepie91 discovered this project, presented yesterday at Conference in the Cloud:

Net::Matrix::Webhook implements a webhook, so you can easily post messages to your matrix chat rooms via HTTP requests. It uses IO::Async to start a web server and connect as a client to matrix. It will then forward your messages.

matrix_scrape_emoji_translations script project

sorunome announced:

Soru wrote a quick program that scrapes riot-web, riot-x and riot-ios for translations of the emoji names for emoji verification and combines them all into an easily-readable json file, so that other client developers can use it. Since all three riot versions have a different set of translations, it might also be helpful for them. You can find the source code along with the outputted json files here.

Dept of Bots 🤖

"Scandinavia and the World" comic bot

Tulir offered:

To add to my existing xkcd and CommitStrip maubot plugins, there's now a similar plugin for Scandinavia and the World comics: https://github.com/maubot/satwcomic

Like the other bots, you can self-host it, use my instance (@satw:maunium.net) in your own room or simply join #satwcomic:maunium.net to automatically get the latest comics in Matrix.

matrix-webhooker

kinta announced:

A bot that will allow to room administrators and moderators to generate room custom commands (in a similar way how telegram commands are thought).

When they are invoked it will post the message event object data and a predefined context object along with a token to a custom url. More information in: https://gitlab.com/communia/matrix-webhooker

Matrix webhook

kinta told us:

https://www.drupal.org/project/matrix_webhook

Drupal module to receive links shared from a matrix room. Get links provided by a matrix bot in a room. With this module one can get media from a matrix own bot to any drupal site. Once installed and bot is created through matrix-webhooker bot. A blog entry about it (in spanish) in https://planet.communia.org/content/enlaces-desde-matrix

Dept of Interesting Projects 🛰

Pollvis - new poll visualiser project

We have a couple of conferences coming up who are planning to use Matrix as part of their offering, much as we do with Open Tech Will Save Us. To help add some more features, I created an MVP "poll visualiser", which watches a room and works in tandem with the poll-bot from Brendan Abolivier . This project is still at the beginning, but might be interesting to some! Find the code at https://github.com/benparsons/pollvis.

Dept of Ping 🏓

Here we reveal, rank, and applaud the homeservers with the lowest ping, as measured by pingbot, a maubot that you can host on your own server. Join #ping:maunium.net to experience the fun live, and to find out how to add YOUR server to the game.

RankHostnameMedian MS
1fairydust.space331
2services.pyrahex.com537
3heitkoetter.net604
4nitro.chat646.5
5mchus.pro660
6privacytools.io671
7matrix.vgorcum.com727.5
8eiselecloud.de740
9aruiz.io855
10neko.dev923.5

That's all I know 🏁

See you next week, and be sure to stop by #twim:matrix.org with your updates!

This Week in Matrix 2020-06-19

2020-06-19 — This Week in Matrix — Ben Parsons

Matrix Live 🎙

Dept of Status of Matrix 🌡

Matrix Merch Store is back

Are you emerging from lockdown? Dazed and wondering what to wear? Need some apparel which says "I'm cool and I have great taste in decentralised communications protocols"? Then you should visit The Matrix Merch Store!

T-Shirts, Hoodies, Zipped Hoodies and Stickers available now!

Matrix Decomposition: Analysis of an Access Control Approach on Transaction-based DAGs without Finality

Florian told us:

We published another scientific paper on Matrix, this time it is called Matrix Decomposition: Analysis of an Access Control Approach on Transaction-based DAGs without Finality! Its main topic is the question of how access control can work based on a structure that only provides a partial order on events and no consensus on the current state, i.e. the Matrix Event Graph. We found some concrete, non-critical security issues related to both incorrect specification as well as divergent homeserver behaviour. While the last remaining mitigations found their way into Synapse 1.14.0, we provide ideas on structural solutions to avoid both problem classes in the future using formal verification.

The paper was published at the ACM Symposium on Access Control Models and Technologies(SACMAT) last week. My talk went well (🎉), it was recording and is yet to be published by the conference.

The paper was previously mentioned on the Matrix blog.

Dept of Spec 📜

anoa reported:

Here's your weekly spec update! The heart of Matrix is the specification - and this is modified by Matrix Spec Change (MSC) proposals. Learn more about how the process works at https://matrix.org/docs/spec/proposals.

MSC Status

Merged MSCs:

MSCs in Final Comment Period:

  • No MSCs are in FCP.

New MSCs:

Spec Core Team

In terms of Spec Core Team MSC focus for this week, the team has been spread a bit thin with other work. As such, we're still on the same three MSCs: MSC2366 (verification flows), MSC2403 (knocking), and MSC2630 (SAS security). We're hoping this week will be more productive in terms of spec.

2020-06-19-qcjY2-plot.png

Dept of Servers 🏢

Dendrite / gomatrixserverlib

Dendrite is a next-generation homeserver written in Go

Neil Alexander announced:

This week has seen a lot of work put into fixing broken tests and refactoring parts of the codebase.

  • The media API has had quite a bit of attention this week and now media over federation works properly, as well as much better filename handling

  • A new user API component is now responsible for user accounts, devices, access tokens and account data

  • The server key API has been updated with more reliable validity checking and new tests

  • Logging into Dendrite using Riot iOS is now supported thanks to some minor tweaks/fixes

  • URL handling for version 3 rooms has been improved

  • A bug in the format of /v1/send_join has been fixed

  • The /joined_members response has now been fixed

In addition to that, we've made good progress on embedding the Dendrite-powered Yggdrasil demo into Riot iOS, which we'll hopefully be demoing in a couple of weeks!

Spec compliance has improved:

  • Client-Server APIs: 40%, up from 36% last week

  • Server-Server APIs: 38%, up from 35% last week

Synapse

Neil offered:

Highlights this week

  • We released 1.15.1, this is a bug fix release, sorry if you were bitten.

Changelog in full

Bugfixes

  • Fix a bug introduced in v1.15.0 that would crash Synapse on start when using certain password auth providers.

  • Fix a bug introduced in v1.15.0 which meant that some 3PID management endpoints were not accessible on the correct URL.

Outside of that

  • Implemented unread message counts (MSC 2625) - This is part of the a more general notifications improvement project in conjunction with the Riot teams. The aim being to make Notifications easier to configure. We’ve also been working on push rule definitions for the default behaviour. More on that next week.

  • Have the ability to shard the media repository worker. This means we can now run an arbitrary number in parallel, thereby improving upload reliability and performance, we are running this on Matrix.org.

  • Re-enabled Jaeger on matrix.org - previously we needed to switch it off due to the performance overhead, we needed a few tweaks but now it is working well and helping us to determine the cause of slow requests. It seems like the HTTP requests between the event creator and event persister workers can sometimes be slow - we are not sure of the cause yet, we are working on it but it will mean further performance improvements to message sending.

  • Next up performance wise is working on sharding the federation sender to improve federation lag. We’ll also try replacing simplejson with stdlib json which seems to be much faster at dumps nowadays.

  • Finally, we’ve fixed a bug that meant that quarantining media would from time to time include quarantining sticker packs

Other interesting bugs

We fixed a spec compliance bug in fetching remote media raised by our pals in Dendrite-land. We fixed a bug causing federation .well-known requests to fail due to not including the user-agent header. We removed references to six (thanks @ilmari) and finally, fixed a bug that caused stream id to go backwards on the replication stream.

Next week we’ll continue to work on notifications and performance. You can track our progress here https://github.com/orgs/matrix-org/projects/8

Synapse adoption graphs

Chris said:

Wondering how quick this weeks synapse release was adopted by homeserver admins? Head over to https://graph.settgast.org/ and see yourself that it only took a little over 2 days for 1.15.1 to become the most used synapse version. I plot hourly distribution of synapse versions there. (Disclaimer: Only collects stats for homeservers that my homeserver sees in any of its rooms, which are around 2000 at the moment)

This is super cool! I love that this has been created, and also how well it reflects on homeserver admins! /me scurries to update to 1.15.1...

Asked to share the process, Chris sent:

Its a horribly hacky python script, but I can at least share it here: https://gist.github.com/csett86/96190592390b2c3d8c12c020ce312723

What version are you running?

Synapse on a ROCKPro64

How is Synapse performance these days? PINE64 are running their instance on their own ROCKPro64 hardware.

Conduit

Conduit is a Matrix homeserver written in Rust https://conduit.rs

timo announced:

This week I worked on server-side key backups and cross-signing - the second most requested features (federation being the first one). Key backups are already working! Take a look:

Cross-signing should be working, but there is a bug where emoji verification gets stuck. I hope we can find the mistakes and finish the PR next week.

Thanks to everyone who supports me on Liberapay or (new!) Bitcoin!

Synapse Deployment 📥

Kubernetes

Ananace said:

Just pushed 1.15.1 tags for the K8s-optimized Synapse image.

Docker-matrix

Mathijs announced:

The image for synapse v1.15.1 including jemalloc and mjolnir anti-spam has been released to avhost/docker-matrix:v1.15.1.

Dept of Bridges 🌉

matrix-ircd, GSOC project

karlik offered:

For matrix-ircd google summer of code:

  • Began moving the codebase to the more modern futures 0.3 (previously futures 0.1)

  • Introduced more modern async / await syntax for improved code clarity

  • Wrote some additional unit tests, doubling the overall test coverage to 32%

  • Updating the 2016 code to use rust 2018 idioms PR # 64

  • Swapped repository to use stable rust (previously nightly) PR #65

mautrix bridges

Tulir told us:

To make the bridge info state events a bit more useful, all my bridges now include the room name and avatar URL in them. The events are also updated whenever the name or avatar changes, and there's a new option to re-send the event to all existing portals so old portals would get it too.

Dept of Clients 📱

RiotX: Version 0.22.0

benoit said:

RiotX: Version 0.22.0 has been released on Tuesday, it includes integration manager support, sending stickers, modifying power levels, and lots of other things! See https://github.com/vector-im/riotX-android/releases/tag/v0.22.0 for a complete list of the changes.

This week we've been working on audio and video calls (The PR is in review). We are also trying to improve the performance of the application. We are adding room settings, and we have started to work on the migration Riot-Android -> RiotX.

PS check out Valere trying the new features:

Arch Linux (AUR) package for Revolution - a Riot fork by ponies.im

Sophie still alive said:

I made an Arch Linux (AUR) package for Revolution - a Riot fork by ponies.im:

Daydream

MTRNord told us:

Daydream is getting a new Design and the first page is ready at https://app.daydream.im/

Additional changes are:

  • Removed client side js (except what's needed to load wasm stuff)

  • Replaced loading animation with css only version

  • Replace icons with css only version

  • Add e2e tests

  • Add Basic Notifications

Currently on top of the TODO list of Daydream is:

  • Adding a wasm compatible (indexed db based) state store

  • Notifications

2020-06-19-x8YxE-grafik.png

Rumatui is basically usable

WIP Command line Matrix client using matrix-rust-sdk

devinr528 told us:

After some slow progress, rumatui, the rust command line chat client, is usable by anyone. You no longer need an account or have previously joined rooms. Registration and room search have been implemented! Using left/right arrow keys from the login screen will toggle to registration. Once registered hitting the left arrow will bring up the room search window. After typing your search term hit Enter and select the room to join by pressing Ctrl-d.

For the brave who would like to give it a try cargo install --git <https://github.com/DevinR528/rumatui> --branch room-search.

Added since last update

  • Room search is now available

    • Public rooms can be joined from the room search window
  • A user can register from the new register window

    • This features complete User Interactive Authentication by opening a web browser
  • Message edits are shown

    • When markdown is part of the message they are properly formatted
  • Reactions display under the respective message

  • Redaction events are handled for reactions (emoji) and messages

"Basically usable" is a standard we can all aspire to for our projects and endeavours.

Riot-iOS

Manu told us:

This week, we worked on the new UX for cross-signing and secure backup. In parallel, we continued to improve the new push implementation. We are very closed to complete the two features.

gomuks

gomuks is a terminal based Matrix client written in Go. Source on GitHub

Tulir announced:

I added a command to add and remove local aliases for rooms. Changes to alt_aliases are also now rendered properly.

Riot Web

Ryan offered:

This week we had an off-cycle 1.6.5 release to fix registration on some homeservers when email validation is required. After that, we've made a 1.6.6 RC including:

  • Added support for new emoji in Unicode 13

  • Emoji picker now supports searching by emoji characters (to find related ones) as well as text

  • Added a homeserver admin .well-known option to control default E2EE behaviour

  • Many more bug fixes and smaller improvements

Riot Web Themes

jo offered:

made a couple riot themes! Dracula and Dracula Flat

https://raw.githubusercontent.com/aaronraimist/riot-web-themes/master/Dracula/Non-flat/Dracula.json https://raw.githubusercontent.com/aaronraimist/riot-web-themes/master/Dracula/Flat/DraculaFlat.json

Find images here and here

Go to https://github.com/aaronraimist/riot-web-themes to find out how to use these.

Nheko

Nheko is a desktop client using Qt, Boost.Asio and C++17. It supports E2EE (with the notable exception being device verification for now) and intends to be full featured and nice to look at

Nico (@deepbluev7:neko.dev) offered:

  • We released 0.7.2, which was a bit more messy than we would have liked...

  • As with every release we are currently working through the new bug reports. :D

  • I started working on SSSS and online key backup support. For this I wrote my own base64 and base58 encoders. As a result of this we dropped libsodium as a dependency, which should make Nheko a bit easier to package or build. It's also fun to write base conversions, although 58 is a horrible base!

From the changelog:

  • Reactions
    • React to a message with an emoji! 🎉
    • Reactions are shown below a message in a small bubble with a counter.
    • By clicking on that, others can add to the reaction count.
    • It may help you celebrating a new Nheko Release or react with a 👎 to a failed build to express your frustration.
    • This uses a new emoji picker. The picker will be improved in the near future (better scrolling, sections, favorites, recently used or similar) and then probably replace the current picker.
  • Support for tagging rooms [tag]
    • Assign custom tags to rooms from the context menu in the room list.
    • This allows filtering rooms via the group list. This puts you in a focus mode showing only the selected tags.
    • You can assign multiple tags to group rooms however you like.
  • SSO Login
    • With this you can now login on servers, that only provide SSO.
    • Just enter any mxid on the server. Nheko will figure out that you need to use SSO and redirect your browser to the login page.
    • Complete the login in your browser and Nheko should automatically log you in.
  • Presence
    • Shows online status of the people you are talking to.
    • You can define a custom status message to tell others what you are currently up to.
    • The status message appears next to the usernames in the timeline.
    • Your server needs to have presence enabled for this to work.

Wowow that's a lot this time!

Dept of SDKs and Frameworks 🧰

quotient

kitsune said:

after a couple of setbacks that didn't let us to make the releases earlier, the Quotient project has finally made two new releases:

  • GTAD (the piece of code magically producing readable C++ code from a Swagger API description) has achieved version 0.7 (https://github.com/KitsuneRal/gtad/releases/tag/v0.7.0) adding a few tricks in order to make...

  • ...libQuotient 0.6 beta2 (https://github.com/quotient-im/libQuotient/releases/tag/0.6-beta2) rely entirely on the upstream matrix-doc specification, rather than a soft fork closely following the main sources! From now on it's "upstream first", in a sense that the original matrix-doc will be used to build Quotient codebase. Let's see how often it breaks ;) In other news from the last few weeks:

  • some housekeeping and deprecation work in the API has been done in preparation to getting User Interactive Authentication along the next (post-0.6) release cycle of libQuotient.

  • also thanks to the updated code generator, the CS API code has been optimised, consolidating more code in the header files and making data deserialisation lazy; this helped significantly reduce compilation times, and runtime performance also improved a bit.

  • the number of configurations tested by CI has been extended, allowing to chase down a few more bugs that managed to go under the radar before.

  • when used with new enough Qt, CBOR is used to cache data locally - entirely transparently for clients.

Expect more news in the coming weeks, including continued work on matrix: URI proposal and its implementation in Quotient.

ruma-events' Google Summer of Code project

devinr528 sent us this late entry!

This week in ruma-events' Google Summer of Code project, after trying out the new Any*Event enums matrix-rust-sdk, we found a few big flaws. There was no easy way to go from StateEvent<AnyStateEventContent> to StateEvent<SpecificEventContent>, the other issue was one could create a StateEvent with differing content and prev_content fields using the AnyStateEventContent enum. The 0.22 ruma-events will be similar to the existing API; each event type has a corresponding event enum variant.

pub enum AnyStateEvent {
    RoomMember(StateEvent<MemberEventContent>),
    RoomAliases(StateEvent<RoomAliases>),
    // ...
}

There were a few minor fixes during the week also. Unknown field deserialization is fixed, allowing deserialization of a JSON blob that has extra fields which are ignored. Custom events are now present in the Any*EventContent enums, although now they have to be moved up to be included in Any*Event enums. Benchmarks for deserialization have been added and used to increase performance.

🧙 Polyjuice Client

Polyjuice Client is a Matrix library for Elixir

uhoreg announced:

Polyjuice Client, a Matrix library for Elixir, had a new release. This release fixes syncs, which apparently were completely broken in the last release (whoops). The wizarding community also welcomes a new contributor, Pierre de Lacroix.

Dept of Ops 🛠

Gitea

s7evink reported:

Gitea 1.12.0 was finally released. It's now possible to send notifications (commits, pull requests, etc.) directly to Matrix using webhooks.

Dept of Internet of Things 💡

Mozilla WebThings Matrix Adapter

Christian offered:

I heard that you people like IoT?! With the Mozilla WebThings Matrix Adapter your Raspberry Pi sends you messages about your home. Want a log of when the front door has been opened? Need a low battery alert for your IoT devices? With the Mozilla IoT gateway and this adapter, you can send these events to a Matrix room of your choice!

https://gitlab.com/webthings/matrix-adapter

Dept of Bots 🤖

Alt alias maubot plugin

Tulir announced:

Ever since m.room.aliases was replaced with alt_aliases, there hasn't really been any way to find aliases on other servers, since most room admins don't bother finding and publishing alternate aliases. To help solve that problem, I made a maubot plugin to let users publish alternate aliases in rooms: https://github.com/maubot/altalias

By default it lets users publish aliases with the same localpart as any already published alias. If that behavior is sufficient, you can simply invite it to a room and give it permissions to send m.room.canonical_alias events. Alternatively, it can be configured to allow aliases that match specific regexes.

Once it's set up, users can create a local alias and use !altalias publish <their alias> to publish it. The bot will make sure the alias points to the right room, check that the localpart is allowed and then add it to alt_aliases.

I have it running at @alias:maunium.net and I've added it to all my rooms already. Other rooms are also free to use that instance.

go-neb on NixOS

maralorn offered:

As of https://github.com/NixOS/nixpkgs/pull/89327 a go-neb module was added to nixos and will soon be available on nixos-unstable and in the 20.09 release. You can use it to declaratively install and configure go-neb matrix bots on nixos. I use it for prometheus alertmanager alerts and it works really cool! Thx to hexa- who did most of the work on it.

Opsdroid

Cadair offered:

opsdroid 0.19 has been released, not many matrix specific features in this release, just making it slightly easier to get a connector or database instance by name. However, this release paves the way for the merge of the pull request transitioning opsdroid to use the matrix-nio Python library, so the next release should be packed full of matrix stuff 😀

Dept of Ping 🏓

Here we reveal, rank, and applaud the homeservers with the lowest ping, as measured by pingbot, a maubot that you can host on your own server. Join #ping:maunium.net to experience the fun live, and to find out how to add YOUR server to the game.

RankHostnameMedian MS
1fairydust.space384.5
2maescool.be390
3gottliebtfreitag.de453
4construct.grin.hu610
5aragon.sh639.5
6privacytools.io670
7matrix.vgorcum.com734
8envs.net756
9settgast.org865
10intothecyber.space1005

That's all I know 🏁

Thanks to Alexander and Nico for their help editing this edition.

See you next week, and be sure to stop by #twim:matrix.org with your updates!

PreviousPage 1
NextPage 3