Matrix Live

Dept of Social Good 🙆

Denise announces

we know there have been some questions about the recent ban on Element by the Indian Central Government. We are still trying to get answers ourselves and have put out a public statement on our understanding of the situation so far: https://element.io/blog/india-bans-flagship-client-for-the-matrix-network/

Dept of Spec 📜

Andrew Morgan (anoa) reports

Here's your weekly spec update! The heart of Matrix is the specification - and this is modified by Matrix Spec Change (MSC) proposals. Learn more about how the process works at https://spec.matrix.org/proposals.

MSC Status

New MSCs:

• MSC4011: Thumbnail media negotiation
• MSC4010: Push rules and account data
• MSC4009: E.164 Matrix IDs
• MSC4006: "completed elsewhere" hangup reason.
• MSC4005: Explicit read receipts for sent events

MSCs in Final Comment Period:

• MSC3882: Allow an existing session to sign in a new session (merge)
• MSC3860: Media Download Redirects (merge)
• MSC2659: Application service ping endpoint (merge)
• MSC2463: Exclusion of MXIDs in push rules content matching (close)
• MSC2249: Require users to have visibility on an event when submitting reports (merge)

Accepted MSCs:

• No MSCs were accepted this week.

Closed MSCs:

• No MSCs were closed/rejected this week.

Spec Updates

Lots of MSCs moving through the pipeline this week! Plus a myriad of spec changes too! The spec seems to be gently humming along.

In other news, the next release of the spec, v1.7, is coming up in the not-too-distant future. In keeping with our roughly quarterly release schedule - the release of v1.6 was on February 14th, 2023 - a new release of the spec should come some time in next few weeks.

We haven't set a date yet, but expect to do so soon. So watch this space!

Random MSC of the Week

The random MSC of the week is... MSC3741: Revealing the useful login flows to clients after a soft logout!

This MSC fixes an edge case in the spec. Imagine the following scenario. You're logged into your homeserver via an SSO flow (let's say by signing into GitLab), and then you try to change your password on GitLab. Doing so may cause a "soft logout" to occur for your Matrix client. A soft logout, by the way, happens when your access token is invalidated, but your client is told explicitly not to wipe its local state (including encryption keys).

Your Matrix client is telling you to log back in again, and in doing so calls out to the GET /_matrix/client/v3/login endpoint to see what login methods are available. Your homeserver supports both password-based and SSO-based login, so that's what you get back. Your client happily presents you both options. You try to type your GitLab password, but it's incorrect. And you've just given your GitLab password to this Matrix homeserver in plaintext - oh no!

The problem here stems from the fact that GET /login is unauthenticated. The homeserver doesn't know who you are when you attempt to log in again, and thus can't tailor the available login methods to those that make sense for you. This MSC aims to fix this by having your Matrix client, upon trying to learn how to log in again after a soft logout, provide your expired access token in an Authorization request header. The homeserver can then check and see that 1) you were just soft logout'd and 2) you are an account that is authorised via SSO - so it doesn't make sense to suggest you log in again via a password specific to your Matrix homeserver!

While this MSC discusses a valuable solution, it is worth considering that the User-Interactive Authentication system as a whole is going to be completely replaced by OpenID Connect instead, which will make this problem (and solution) moot. Still, that day is not here yet, so if you suffer from this problem today, this may be one method to deal with it.

Dept of Servers 🏢

Synapse (website)

Synapse is a Matrix homeserver implementation developed by the matrix.org core team

Shay reports

It's yet another Friday which means TWIM day. This week the backend team released Synapse v1.83.0rc1. Notable highlights include:

• Add an admin API endpoint to query the largest rooms by disk space used in the database.
• Add Nginx loadbalancing example with sticky mxid for workers
• Disable push rule evaluation for rooms excluded from sync.
• Add experimental support for MSC3970: Scope transaction IDs to devices.

And so much more! To read about everything in the release, take a look at the release notes here and otherwise have a great week.

Dept of Clients 📱

Quadrix (website)

A Minimal, simple, multi-platform chat client for the Matrix protocol.

JFA says

Version 1.6.5 of Quadrix (Matrix client for mobiles and desktops) has been released and is available in the respective app stores.

The latest changes include the replacement of the Jitsi Meet videoconferencing functionality with an embedded version of Element Call, using matrix-widget-api. Quadrix loads the Element Call web app located at https://element-call.netlify.app, which is the continually updated dev version. The Quadrix implementation is not quite compatible with Element Web, since it uses non-encrypted WebRTC signalling, but that's something I'll be working on in the next weeks.

Please go test-drive Element Call in Quadrix and leave feedback/comments at #quadrix:matrix.org or in the issues at https://github.com/alariej/quadrix (stars welcome :-)

Element Web/Desktop (website)

Secure and independent communication, connected via Matrix. Come talk with us in #element-web:matrix.org!

andybalaam reports

We’re still on our stability drive!

• Lots of bug fixing, including some progress on stuck unread messages. When we’re done, we’ll ask people to check for incorrect unreads. We’re not there yet, but we’re getting closer
• We’ve been improving the correctness of our Typescript code by updating it to conform to strict checking
• Our accessibility work continues, with more small fixes
• We’re working on making our automated tests work better by fixing unreliable tests
• We tightened our Content Security Policy to protect against the kinds of vulnerabilities we fixed in the last release

Element Android (website)

Secure and independent communication for Android, connected via Matrix. Come talk with us in #element-android:matrix.org!

benoit reports

• We are getting ready to release Element Android 1.6.0 with the new Crypto Rust SDK (aka ElementR). This will delay the regular release. Also we will do a progressive roll out, as a safety measure.
• This week we welcome Marco, who has started to work on the display of invitations in the list of members of a room in ElementX

Element X Android (website)

Secure and independent communication for Android, connected via Matrix. Come talk with us in #element-android:matrix.org!

benoit says

On ElementX, we are working on media and file attachments. We are adding the picker and we are adding support for rendering attachment in the timeline.

• On ElementX, we are working on media and file attachments. We are adding the picker and we are adding support for rendering attachment in the timeline.

Element X iOS (website)

Everything related to Element but not strictly bound to a client

Ștefan announces

Happy Friday and happy Element X update day. This week we:

• Added support for uploading media
• Introduced a brand new room list contextual menu
• Got our first look at decrypting remote background notifications
• Continued to make very good progress on OIDC support
• And started working on rendering rich replies in the timeline

Dept of SDKs and Frameworks 🧰

libolm 🦎 (website)

uhoreg says

libolm is an implementation of the Olm and Megolm cryptographic ratchets used for end-to-end encryption in Matrix. libolm 3.2.15 has been released. This is mainly a maintenance release that improves the Python packaging and fixes a TypeScript issue. The biggest change is that the Python package can now be installed from pypi.org, the default repository for Python packages. The source package includes the libolm sources, so you do not need libolm to be installed separately any more. All you need is cmake (or possibly GNU make) and a C/C++ compiler, and run pip install python-olm. It unfortunately does not yet work on Windows, but should work on UNIX-like operating systems such as Linux and *BSD, and even macOS.

In other news: with Element iOS and Element Android switching to the rust crypto SDK, and hence using vodozemac, I'm considering deprecating the iOS and Android bindings for libolm. If you still need those bindings, please let me know.

Dept of Ops 🛠

Synapse Kubernetes Operator (website)

mgoerens says

The Synapse operator provides a way to deploy Synapse, the Heisenbridge, and the Mautrix-Signal bridge on Kubernetes.

Release v0.5.0 & v0.5.1

It was time to cut a new release, though most of the changes are related to various internal improvements and experiments.

Release v0.5.0 & v0.5.1 come with only a few user-facing changes:

• Secrets in homeserver.yaml are now randomly generated.

• When a bridge is deleted, it is now unregistered from Synapse.

• Update container images to their latest available version to date, now deploying:

  • Synapse v1.82.0
  • Mautrix-signal v0.4.2
  • Signald 0.32.2
  • Heisenbridge 1.14 (no update since v0.4.0)

If you want to learn more about internal changes, check the release notes

And join the matrix room to chat about the project: https://matrix.to/#/#synapse-operator:matrix.org

FOSDEM Video

The replay of the presentation of this Kubernetes operator at FOSDEM, in the Matrix online devroom, is now available on Youtube: https://www.youtube.com/watch?v=Vsb18jr\_VDc

Dept of Services 🚀

MatrixRooms.info (website)

A developers-managed instance of the standalone search engine built for matrix rooms discovery.

Aine reports

During this week at etke.cc we polished the Matrix Rooms Search service and implemented the following improvements:

• Enabled language detection for all (75) supported languages and language analysis for all (29) supported languages by search engine
• Added ability to report illegal rooms (please, keep in mind that we know nothing about the contents of the indexed rooms, so if you think something is illegal - describe it like ELI5, so anyone can read the reason and know for sure if that room should be removed or not)
• Optimized avatars processing on UI

Current index status: 233513 indexed rooms from 19919 matrix servers

One more thing - we've created Liberapay team to crowdfund the project's existence and we welcome everyone to donate and fund the future development and infrastructure costs 🙂

MatrixRooms.info, Source code, #mrs:etke.cc

Dept of Ping

Here we reveal, rank, and applaud the homeservers with the lowest ping, as measured by pingbot, a maubot that you can host on your own server.

#ping:maunium.net

Join #ping:maunium.net to experience the fun live, and to find out how to add YOUR server to the game.

#ping-no-synapse:maunium.net

Join #ping-no-synapse:maunium.net to experience the fun live, and to find out how to add YOUR server to the game.

That's all I know

See you next week, and be sure to stop by #twim:matrix.org with your updates!

Matrix Live

Dept of Status of Matrix 🌡️

Matrix.org Foundation

Michael Downey announces

Don't miss this week's Matrix Live, where Amandine & Matthew talk about the growth of the Foundation and how it will help all of us working in the Matrix ecosystem be more successful. And in case you missed it, a job description for the Foundation's first Managing Director has now been posted. If you think you have what it takes, or if you want to share it with others who might, don't delay!

Matrix.org Website Bug Hunt

Thib says

Some of you might have heard of it, but we're about to launch a (long overdue) update of the matrix.org website! The current one has served us well, but it grew organically as exciting projects and features were added to it. It became a little impractical to navigate and sometimes confusing.

The new matrix.org website, nicknamed "Zola" after the static site generator it uses, is not just a fresh coat of paint on the website: it's a complete rewrite to address three kind of people who would browse the website. Sorted by time they're willing to spend on a web page:

• The general public, who is not tech savvy and doesn't want to understand how things work, but who wants to get an easy onboarding
• Community managers, who are not too tech savvy but are willing to spend a bit of time to understand more advanced use cases
• Developers who want to understand how matrix works, and who want to build & break things!

We're in the final stages of developing the website, and we need you to help us making it ready! Head to the preview of the website, use the website, and give is feedback by opening an issue on the website tracker. Please make sure the issue doesn't already exist before opening it.

Reporting the following is particularly helpful:

• Something looks off, misplaced, is not aligned well or behaves oddly
• Something is missing (the doc is incomplete? Some informationg is missing somewhere?)
• There's an accessibility issue
• Something doesn't work on your browser
• It's not clear how to get to a particular information (you're looking for a client or a SDK, and after visiting the website you still don't know which one to use or how to get it?)

We still need to:

• Finish up the Bots page (which will likely be replaced by an Integrations page)
• Flesh out the support page to highlight more of the work of the Matrix.org Foundation
• Import the historical projects that are no longer maintained (clients, servers, bots, bridges, sdks)

If you want to follow along, you can join the #matrix.org-website:matrix.org room.

Help us make the website look as neat as possible for launch!

UK Online Safety Bill

Matthew reports

The UK's online safety bill is a catastrophe in the making, and as currently written empowers the UK telecoms industry regulator (OFCOM) to obligate end-to-end encrypted messaging apps to embed proprietary 3rd party scanning software which attempts to identify and flag abusive content and report it to the authorities. If you are in the UK, please sign this petition https://petition.parliament.uk/petitions/634725 to try to force the government to reconsider. Element, for instance, would rather be blocked by the UK govt from the app stores than embed third party scanning technology. For more info: https://element.io/blog/the-uks-online-safety-bill-undermines-everyones-safety/ and https://element.io/blog/the-online-safety-bill-an-attack-on-encryption/

Dept of Spec 📜

Andrew Morgan (anoa) reports

Here's your weekly spec update! The heart of Matrix is the specification - and this is modified by Matrix Spec Change (MSC) proposals. Learn more about how the process works at https://spec.matrix.org/proposals.

MSC Status

New MSCs:

• MSC-4004: unified view of identity service
• MSC4003: Semantic table attributes
• MSC4002: Walkie talkie

MSCs in Final Comment Period:

• No MSCs are in FCP.

Accepted MSCs:

• MSC3987: Push actions clean-up
• MSC3952: Intentional Mentions
• MSC2746: Improved VoIP Signalling
• MSC2246: Asynchronous media uploads

Closed MSCs:

• No MSCs were closed/rejected this week.

Spec Updates

Lots of MSCs moving through the process this week. I'm particularly excited about MSC3952: Intentional Mentions, which modifies the default push rules to only generate a notification if the sender's client has specifically intended to mention you. That's a really impactful, user-facing feature!

The other MSCs on the list, especially MSC2246: Asynchronous media uploads, bring quality-of-life improvements and unlock future functionality in Matrix. Check them out!

Random MSC of the Week

The random MSC of the week is... MSC3189: Per-room/per-space profiles!

MSC3189 proposes a concept of per-room/per-space profiles within Matrix, allowing users to have different display names and avatars across their various rooms and spaces. To do so, an optional query parameter scope is added to all profile-related endpoints. When specified, the scope defines the profile that should be used to complete that action.

That way you can represent yourself in a business context in one space, and a less serious context in another space. Short of profile-rooms, this would get us a fair way towards having multiple public profiles in Matrix!

Check out the MSC if you're interested. Reviews are always welcome!

Dept of Servers 🏢

Synapse (website)

Synapse is a Matrix homeserver implementation developed by the matrix.org core team

Shay says

How is it Friday again?? This week the Synapse team released 1.82.0. Here are a few of the highlights:

• Allow loading the /capabilities endpoint on workers.
• Improve robustness when handling a perspective key response by deduplicating received server keys.
• Synapse now correctly fails to start if the config option app_service_config_files is not a list.
• Speed up the user directory background update.

and much more. If you'd like to take a deep dive into the changes, you can find the release notes here and as always, if you encounter a bug feel free to report it at https://github.com/matrix-org/synapse/issues/new/choose.

Construct (website)

A performance-oriented homeserver with minimal dependencies.

Jason Volk reports

Construct (website)

🔒 This week some follow-up work further improving End-to-End Encryption took place. Compatibility between Nheko and Element devices through Construct have been fixed. About two weeks ago my quality assessment of e2ee through Construct was about 30%. Last week saw major progress but we were still maxing out around 70%. This week is closer to 90%; a few UISI's are still happening in some places such as a user's first message to an encrypted room. We'll have that worked out soon enough.

🙋 I'd like to thank Giovanni Bottaro for fixing some compatibility issues with the Dart Matrix SDK (Fluffychat) by replacing some HTTP 201 (Created) codes returned by Construct with HTTP 200's instead.

🚀 Tell us how important reliable e2ee is to you in #test:zemos.net today.

Dept of Bridges 🌉

M<>M Relay (website)

Jeremiah K announces

This handy tool bridges Meshtastic channels and Matrix rooms 1:1, and is built using matrix-nio.

For those unfamiliar with Meshtastic, it's a project enabling encrypted long-distance messaging via decentralized LoRa meshnets, using affordable devices. LoRa is license-free and certification-free in most of the world, making it accessible for everyone. Radios automatically rebroadcast messages, creating a mesh network for group communication—even from the furthest member. The Meshtastic mesh can sustain up to 80 device nodes, depending on settings.

Naturally, we wanted to integrate this incredible tech with Matrix.

M<>M Relay's Features:

• Bidirectional message relay between Meshtastic meshnets and Matrix chat rooms, supporting multiple meshnets
• Serial and network connections to Meshtastic devices
• Truncation of long messages to fit within Meshtastic's payload size
• Extended features via plugins, such as meshnet health plugin analyzing telemetry data and providing network stats
• E2EE support is planned, but not yet implemented (we appreciate any help!)

We're excited about extending our meshnets' range using existing Matrix bridges. Learn more and download the files here.

Join our #meshtastic-relay-1:matrix.org where we currently have 3 meshnets connected. If you have Meshtastic devices, we'd love help with testing, but all users are welcome.

matrix-hookshot (website)

A multi purpose multi platform bridge, formerly known as matrix-github

Andrew F (UTC+9) reports

Hookshot 4.0.0 makes its debut

Greetings all; Hookshot latest release is out, along with some exciting news!

You may recall the TWIM post for 2.6.0 from back in January having announced Encrypted Room Support, though not without warnings of it being experimental & not quite ready for prime time. Well, the latest release changes all that: encrypted room support is much more stable now, as we've collaborated with the fine folks behind the matrix-sdk-crypto Rust library to squash some of the biggest bugs that had been plaguing Hookshot. Encryption support even works for Service Bots!

Other than enabling encryption in your Hookshot's config file, there is no migration necessary to enable these fixes, even if you've already enabled Hookshot's encryption from before this release. Please give it a try and let us know how it goes!

This release also brings some useful features for RSS feeds: the ability to customize the format of feed messages, and the option to toggle posting messages for feed failures. This provides much more control & peace of mind over your feed messages, so give them a try & enjoy!

Finally, to align with the recent release of Node 20, this latest Hookshot release adds support for Node 20, and drops support for Node 16. The latter is due to Hookshot's policy of supporting only LTS & Active releases of Node. So, please ensure to update your Node versions if needed.

The release is available at https://github.com/matrix-org/matrix-hookshot/releases/tag/4.0.0, or by doing docker pull halfshot/matrix-hookshot:4.0.0. And as usual, feel free to direct any questions about Hookshot in our Matrix room: #hookshot:half-shot.uk

matrix-appservice-irc (website)

Node.js IRC bridge for Matrix

Half-Shot announces

Major new 1.0.0-rc1 for the IRC bridge

Friday's greetings TWIM. On June 15th, 2018 I submitted my first pull request to matrix-appservice-irc. Little did I know then, that nearly 5 years later I would now be announcing the 1.0.0 release candidate of the IRC bridge. This release brings a major new component, which is the ability to restart the bridge in place. This allows us to effectively do noise-less restarts of our larger bridges (in nearly all cases). This should also give us quite a bit more headroom on the bridge, so performance should improve.

The feature is currently marked as experimental but has been tested by the bridge crew fairly extensively, so the major wrinkles should have been ironed out by now. We'd really appreciate feedback, so please try it out.

We've also bumped the minimum required version of the bridge to Node 18 to slightly get ahead of the curve, as Node 16 is due to lose support later this year.

Notable changes for this release include:

• IRC connections can now be run via an external process using "connection pooling", allowing the bridge to be restarted without IRC connection loss. (#1669)
• Bridge logging can now be hot-reloaded. (#1704)
• Fix not handling thread fallbacks as replies. (#1697)
• Show a helpful error for !link/!unlink admin failures, rather than "Check the logs for details", in more cases. (#1702)
• Fix documentation not being built and uploaded to GitHub pages on release. (#1703)
• Fix linking rooms from setup widget when a networkId is configured. (#1706)

Please report any bugs in https://github.com/matrix-org/matrix-appservice-irc/issues.

Thanks for your continued support!

Dept of Clients 📱

Element Web/Desktop (website)

Secure and independent communication, connected via Matrix. Come talk with us in #element-web:matrix.org!

andybalaam reports

• Recursive relations MSC to improve stuck notifications is moving forwards. Along with some other major steps forward in our investigation into stuck notifications we’re feeling confident that our next few releases will significantly reduce the amount of issues in this area.

  • We’re also still working on updating the Settings screen for notifications.
  • The Intentional mentions MSC passed its FCP this week so work to stabilize it will begin soon.

• We’re smashing through accessibility bugs and working closely with our design team to address larger concerns such as text sizes and color contrasts.

Element X iOS (website)

Everything related to Element but not strictly bound to a client

Ștefan reports

• progress is being made on improving the the sliding sync integration and our focus for the upcoming week is to ensure that our integration tests are asserting the right things to support these steps forwards.
• the Room List has also seen an update this week, specifically the sorting functionality ensuring that only rooms with new messages move up the stack.
• push notifications work is ongoing as as we’re implementing local notification handlers
• and we’re also working on OIDC support, media uploading, the design system and generally improving our stack

Dept of VoIP 🤙

Element Call (website)

Native Decentralised End-to-end Encrypted Group Calls in Matrix, as a standalone web app

Florian Heese reports

Hello from the VoIP team,

We have shipped Element Call release 0.3.8 today -- still in beta. In order to get a data driven approach towards getting out of beta we added a bunch of telemetry to Element Call in our previous release using the Open Telemetry framework. And in the meantime we gathered together with submitted rage-shakes (also now backed by Open Telemetry) meaningful insights which enabled us to identify and fix two major split-brain issues. You will find the full list of changes in the release notes.

Dept of SDKs and Frameworks 🧰

Dart matrix sdk (website)

td says

We released another breaking change this week :p bump to v0.19.0, the main features/changes from last time include:

• Upgrading to matrix api 1.6
• Private read receipts support
• Fixed an issue where loading archive returned a stale version. Since different sync timeouts bust through the cache, we make use of that to be able to load the new archive immediately.
• There's also a way for clients to provide media streams when starting a call, which should make setting up calls with audio/video mute toggles much easier
• Stopping media streams properly for calls and several other fixes!

Until next time :D

Trinity

bnjbvr says

Long time no see! A few new shiny things have landed recently:

• Trinity now supports reading the wasm commands from multiple, custom directories. Of course, all of these are watched by Trinity so any module in there will be instantaneously hot-loaded as usual.
• Trinity has been dockerized! It's now possible to start Trinity in a Docker environment, provided a few environment variables and configuration options. In particular, thanks to the previous change, it's also possible to hack only on the commands, and not have to compile the host runtime on your machine yourself.
• We've also started experimenting with higher-level Rust traits to simplify even more the implementation of commands. If you have any feedback about this, or opinions about developer ergonomics for implementing Matrix bots in general, come over the #trinity:delire.party channel and let's chat about that!

matrix-rust-sdk (website)

Next-gen crypto-included SDK for developing Clients, Bots and Appservices; written in Rust with bindings for Node, Swift and WASM

Jonas Platte says

This week, there's two highlights:

• We've got basic notification support in the FFI layer
  • A lot of plumbing is still necessary before this can be used from a separate notification process as required on mobile platforms though
• SQLite is now supported as a state store backend
  • It will soon become the default for both the crypto and state stores

libQuotient (website)

A Qt5 library to write cross-platform clients for Matrix

kitsune says

libQuotient 0.7.2

I'm trying to get to senses and make releases a bit more often than before - so here's libQuotient 0.7.2, with massive internal code cleanup work carried out by Volker (@vkrause:kde.org) and a few functional fixes. The release notes are at the usual place.

This is likely the last 0.7.x release of libQuotient - after discussions within the team we agreed to prioritise a release of libQuotient 0.8 to fix a few API shortcomings in the current codebase (around E2EE but not only). This means that the final Quaternion 0.0.96 is unlikely to be released for another month or so, as it will be done on libQuotient 0.8 as well.

Tobias Fella announces

In addition to the 0.7.2 release, we've been working on improving the documentation for libQuotient. You can now see an up-to-date version of the documentation at https://quotient-im.github.io/libQuotient

Dept of Ops 🛠

synapse-media-proxy (website)

f0x announces

I've been working on refactoring one of my older projects, synapse-media-proxy, which separates the media repository from Synapse (similar to matrix-media-repo), but instead only acting as a caching proxy layer. This keeps the media in long-term storage at the homeserver (which is literally at home in my case, behind a slower residential line), but serves requests as fast as possible from a cheap VPS which keeps a minimal in-memory cache.

The refactor includes a lot of general cleanup/rework, but also moves the caching from in-process caches to a separate Redis database, as my previous implementation had some memory leakage. While not quite finished yet (no uploads, url previews), preliminary benchmarks for downloads and thumbnailing are very promising, way faster than both the original implementation and normal synapse. Benchmarks were done with wrk, all against localhost on the same machine for a fair comparison.

You can see the progress by comparing branches here

(some benchmarks detailed omitted for space, see them here) synapse-media-proxy refactor

Running 1m test @ download/pixie.town/Nrp1oyUgHirgm7gDSlDvHutM
  Requests/sec:    478.23
  Transfer/sec:    2.84GB

Running 1m test @ thumbnail/pixie.town/OjN4zjsGXzSZBkLBsHh5REJi?height=128&width=128
  Requests/sec:   5405.62
  Transfer/sec:   23.18MB

synapse-media-proxy original

Running 1m test @ download/pixie.town/Nrp1oyUgHirgm7gDSlDvHutM
  Requests/sec:    160.01
  Transfer/sec:    0.95GB

Running 1m test @ thumbnail/pixie.town/OjN4zjsGXzSZBkLBsHh5REJi?height=128&width=128
  Socket errors: connect 0, read 0, write 0, timeout 3
  Requests/sec:    43.07
  Transfer/sec:    141.64KB

Synapse

Running 1m test @ download/pixie.town/Nrp1oyUgHirgm7gDSlDvHutM
  Requests/sec:     59.71
  Transfer/sec:    369.38MB

Running 1m test @ thumbnail/pixie.town/OjN4zjsGXzSZBkLBsHh5REJi?height=128&width=128
  Non-2xx or 3xx responses: 19278
  Requests/sec:    321.01
  Transfer/sec:    263.01KB

(note a lot of those requests returned non-2xx/3xx responses, failing to actually thumbnail)

Dept of Services 🚀

MatrixRooms.info (website)

Aine reports

Lack of rooms discovery for new users is one of the issues we noticed while installing and hosting hundreds of Matrix servers on etke.cc Today, we welcome you to MatrixRooms.info, a search engine built for matrix rooms discovery.

The current index contains over 230,000 rooms across 19,000 servers, and we're constantly tweaking it to provide more relevant search results. Even non-English users may find it useful because it does automatic language detection in room names and topics.

We plan the following future improvements:

• Searching by language
• Searching by specific field
• Providing a browsable catalog of rooms by server/language/etc
• Implementing a subset of the Matrix Server-Server API to request (and provide!) a Matrix-native rooms directory

MatrixRooms.info, Source code, #mrs:etke.cc

As with anything else we do at etke.cc, the website, its API backend and all related tools are free software (A/GPL).

Dept of Guides 🧭

Matrix client tutorial

uhoreg announces

I've started writing a Matrix client tutorial, explaining how to use the Matrix Client-Server API. It's still in the very early stages, but I've gotten to the point of being able to write a simple echo bot. I'll be tackling end-to-end encryption next. Feedback is welcome. Client authors, if you have any tips and tricks, or potential pitfalls, that you think that every client author should know, feel free to share. The document can be read at https://uhoreg.gitlab.io/matrix-tutorial/ and the sources are at https://gitlab.com/uhoreg/matrix-tutorial.

Dept of Ping

Here we reveal, rank, and applaud the homeservers with the lowest ping, as measured by pingbot, a maubot that you can host on your own server.

#ping:maunium.net

Join #ping:maunium.net to experience the fun live, and to find out how to add YOUR server to the game.

#ping-no-synapse:maunium.net

Join #ping-no-synapse:maunium.net to experience the fun live, and to find out how to add YOUR server to the game.

That's all I know

See you next week, and be sure to stop by #twim:matrix.org with your updates!

Matrix Live

Dept of Servers 🏢

Telodendria (website)

An open source Matrix homeserver implementation written from scratch in ANSI C and designed to be lightweight and simple, yet functional

Jordan Bancino reports

Telodendria, the very-much-a-work-in-progress Matrix homeserver written in C, has undergone some major architecture changes that make it more robust, more maintainable, and more feature-complete. Of note are these new features that came about as a result of the changes, though there are many more:

• TLS: We now have full TLS support for both the client and the server. Take your pick of OpenSSL or LibreSSL, or easily add support for another TLS implementation using our simple I/O API.
• Admin API: Work on the administrator API has begun. This includes implementing user privileges, and moving the program configuration to the database so it can be managed with a simple JSON API.

We have also done a little work on the Matrix specification:

• Account Management: Users can now change their passwords, set display names and avatars, and get information about their account.
• User Interactive Authentication (UIA): UIA is basically complete, I'm just working on wrapping up the web fallback pages. You can now use registration tokens to register for accounts on a Telodendria server as well, though as of the time of my writing this, these tokens can't be created through the Admin API quite yet.

Almost all of Client Authentication is complete and we are almost ready to move on to the core of the Matrix specification—rooms and events.

Visit #telodendria-newsletter:bancino.net for more details, and feel free to join the discussion at #telodendria-general:bancino.net if you're interested in the project.

Synapse (website)

Synapse is a Matrix homeserver implementation developed by the matrix.org core team

Shay says

Welcome back to the backend section of TWIM. This week we released Synapse v1.82.0rc1 for your consideration. Here are a few of the highlights:

• Allow loading the /directory/room/{roomAlias} endpoint on workers
• Add some validation to instance_map configuration loading
• Delete server-side backup keys when deactivating an account
• Fix and document untold assumption that on_logged_out module hooks will be called before the deletion of pushers
• Remove the broken, unspecced registration fallback. Note that the login fallback is unaffected by this change.

And much more! You can take a look at the release notes here: https://github.com/matrix-org/synapse/releases. As always, if you encounter a bug feel free to report it at https://github.com/matrix-org/synapse/issues/new/choose.

Construct (website)

A performance-oriented homeserver with minimal dependencies.

Jason Volk says

🔓 End-to-End Encryption is significantly more reliable in Construct this week. E2EE had always been flaky, but it was never clear before where it was going wrong.

⛏️ The ice broke earlier this week when I noticed in a small corner of an Element dialogue that my device_id was being cut off at its : character. After simplifying the device_id grammar things started to light up green again. I was then able to work through a standard list of bugs, ancient code-rot, and a couple of incomplete endpoints.

🔐 All of this results in robust encryption sessions that survive clear-cache and reload, proper key backups without old sessions hanging around, and interactive verification without random cancellations. At the time of this writing, there is still one remaining hold-up with device verification for cross-signing so this week's dockers might not finish building until mid-Saturday.

🙋‍♂️ I'd like to thank Giovanni Bottaro for tracking down an issue leading one of the patches above. 🙋 I'd like to thank qg for tracking down a rocksdb-related bug late last week right after TWIM. This fix has already been shipped in the latest Construct.

Don't keep your ❤️ for Construct a secret. Join #test:zemos.net to encrypt everything else.

Dept of Clients 📱

Element Web/Desktop (website)

Secure and independent communication, connected via Matrix. Come talk with us in #element-web:matrix.org!

kittykat reports

• We’re still working hard on stuck notifications:

  • The prototype implementation of MSC 3981 is finished and the first round of feedback is positive.
  • We’ve extended dev tools - now you can see dev tools from the room list meaning you don’t have to go into a room in order to access it .

• Improving notifications in general is also still in progress, next week we’ll be mapping push rules to improve settings pages and make them simpler for all users.

• Our improvements to accessibility continue to be delivered also which we’re very excited about.

Element iOS (website)

Secure and independent communication for iOS, connected via Matrix. Come talk with us in #element-ios:matrix.org!

Ștefan says

Element version 1.10.11 is incoming with mention pill support in the rich text editor, bug fixes and performance improvements. We have also made various improvements to the timeline UI, improved our crypto stack and saw the first version of slash commands suggestions

Element X iOS (website)

A total rewrite of Element-iOS using the Matrix Rust SDK.

Ștefan says

This week in Element X,

• We have fixed various issues around sliding sync, improved notification handling and various root components
• We are making very good progress on OIDC and invitation support while work continues on media uploading and the room creation, room detail and user detail screens

Element Android (website)

Secure and independent communication for Android, connected via Matrix. Come talk with us in #element-android:matrix.org!

benoit says

• Element Android 1.5.32 has been released and will be available soon for everyone. It includes a fix for the double read receipt observed on the timeline.
• On ElementX, we are making progress on Oidc support, we are improving the room list and the timeline rendering, user will be able to ignore and un-ignore other users, the app can now list invitations and the user can accept or reject them, and lots of other technical features like feature flags have been done.

Dept of Encryption 🔐

Messaging Layer Security

uhoreg says

Messaging Layer Security (MLS) is an IETF standard for end-to-end encryption in messaging systems. We've been working on adapting it to work with Matrix, and implementing a proof-of-concept in Element web. You can view an demo of some of the early progress at https://scitech.video/w/sfMitVx1Zej4Yvvu3fAK5B, which shows creation of an MLS group and exchange of encrypted messages. But things are progressing, and this demo is already out of date. Keep an eye out for more demos.

Dept of SDKs and Frameworks 🧰

elm-matrix-sdk (website)

Matrix SDK implemented in Elm.

Bram reports

After having received feedback from the Matrix and Elm community on the Chess client, it is now time for the final development phase: making the SDK developer-friendly so that a version v1.0.0 can be published.

The Elm SDK has received a large refactor, which includes the following changes:

• No more Task types! Everything is now packaged in a Cmd type from a Task Never VaultUpdate type, which means that the Vault type handles all potential complaints for you.
• When a Cmd fails and the Vault thinks it is wise to try again, it will sneak that one along with the next Cmd you're planning on giving to the API. Feedback on this behaviour is welcome, this might still change before version 1.0.0.
• Greatly improved documentation

The current plan is to implement filters so that the SDK will be butter smooth sailing through that endless initial sync. There's still a few ambiguities left in the Matrix spec that are holding the SDK back as a pure and immutable language, but we're slowly getting there.

For demo purposes, here's a demonstration of how to get all named Matrix rooms from your client:

rooms : List String
rooms =
    vault
        |> Matrix.getRooms
        |> List.filterMap Matrix.Room.name

matrix-rust-sdk (website)

Next-gen crypto-included SDK for developing Clients, Bots and Appservices; written in Rust with bindings for Node, Swift and WASM

Jonas Platte says

Since our last update three weeks ago,

• There were new releases of our JS crypto bindings: matrix-sdk-crypto-nodejs-v0.1.0-beta.4, matrix-sdk-crypto-js-0.1.0-alpha.7
• We updated logs and other debug info
• A bunch of functionality was added to the main FFI crate:
  • Getting the inviter for a room in invite state
  • InReplyToDetails
  • accept_invitation
  • tracing (structured logging)
• And as usual, a bunch of bugfixes, cleanup and refactoring

Dept of Services 🚀

activepieces

imbev reports

activepieces is a No-code Business Automation Tool and a FOSS alternative to Zapier.

Following my pull request, activepieces has added support for sending messages to Matrix.

Dept of Ping

Here we reveal, rank, and applaud the homeservers with the lowest ping, as measured by pingbot, a maubot that you can host on your own server.

#ping:maunium.net

Join #ping:maunium.net to experience the fun live, and to find out how to add YOUR server to the game.

#ping-no-synapse:maunium.net

Join #ping-no-synapse:maunium.net to experience the fun live, and to find out how to add YOUR server to the game.

That's all I know

See you next week, and be sure to stop by #twim:matrix.org with your updates!

Matrix Live

An unfortunate series of events prevented us from recording this week! Stay tuned for great bridge news next week.

Dept of Spec 📜

Andrew Morgan (anoa) [GMT-6] says

Here's your weekly spec update! The heart of Matrix is the specification - and this is modified by Matrix Spec Change (MSC) proposals. Learn more about how the process works at https://spec.matrix.org/proposals.

MSC Status

New MSCs:

• MSC3999: Add causal parameter to /timestamp_to_event
• MSC3998: Add timestamp massaging to /join and /knock
• MSC3997: Add timestamp massaging to /createRoom
• MSC3996: Encrypted mentions-only rooms.
• MSC3995: [WIP] Linearized Matrix

MSCs in Final Comment Period:

• MSC3970: Scope transaction IDs to devices (merge)

Accepted MSCs:

• No MSCs were accepted this week.

Closed MSCs:

• No MSCs were closed/rejected this week.

Spec Updates

The concept of Linearized Matrix (MSC3995) is moving forwards as a potential answer to the European Union's, Digital Markets Act. The fully-decentralised Direct Acyclic Graph (DAG) model of Matrix is well-known, yet complex to implement and thus a potential blocker to gatekeepers who are looking for an interoperable messaging protocol to link their chat service to. Enter Linearized Matrix, a concept of a Matrix room that uses a linked-list to store events in a room, rather than a DAG. Crucially, while being simpler to implement, our aim is to be forward-compatible with the DAG version of Matrix, such that gatekeepers may switch over to DAG-style Matrix in the future if they so chose.

See MSC3995 for more information, and a reminder that this is all still very much in flux!

Random MSC of the Week

The random MSC of the week is... MSC2943: Return an event ID for membership endpoints!

Currently, when you send a (state) event manually via PUT /_matrix/client/v3/rooms/{roomId}/send/{eventType}/{txnId}, you'll receive an event ID in the response. While you can send membership events this way, it's often a bit nicer to use the various POST /_matrix/client/v3/rooms/{roomId}/join,leave,kick endpoints instead. However, these do not return an event ID in their response. For clients that don't use /sync, this would force them to use the former, generic endpoint in order to retrieve the event ID of the membership event.

MSC2943 attempts to rectify that by specifying that membership-related endpoints should return an event ID, similar to the generic event send endpoint. Currently this MSC is just waiting on an implementation in a homeserver (and possible a client) in order to move forward. If you feel strongly about this change being included in the Matrix spec, why not get your hands dirty with some homeserver dev?

Dept of Servers 🏢

Synapse (website)

Synapse is a Matrix homeserver implementation developed by the matrix.org core team

Shay reports

Another week has gone by and we here at Synapse have another release for you, v1.81.0, filled with features and bugfixes. But first some announcements:

Synapse now attempts the versioned appservice paths before falling back to the legacy paths. Usage of the legacy routes should be considered deprecated.

Additionally, Synapse has supported sending the application service access token via the Authorization header since v1.70.0. For backwards compatibility it is also sent as the access_token query parameter. This is insecure and should be considered deprecated.

A future version of Synapse (v1.88.0 or later) will remove support for legacy application service routes and query parameter authorization.

And now the highlights:

• Added the ability to enable/disable registrations when in the OIDC flow.
• Added a primitive helper script for listing worker endpoints.
• Built Debian packages for Ubuntu 23.04 (Lunar Lobster)
• Fixed a long-standing bug preventing users from rejoining rooms after being banned and unbanned over federation. Contributed by Nico.
• Fixed a long-standing bug where edits of non-m.room.message events would not be correctly bundled.
• Fixed a bug introduced in Synapse v1.55.0 which could delay remote homeservers being able to decrypt encrypted messages sent by local users.

And so much more! To read about everything in the release, take a look at the release notes here and otherwise have a great week.

Construct (website)

A performance-oriented homeserver with minimal dependencies.

Jason Volk reports

You probably know about the client command-line that pops up when a message starts with /. Construct has its own server-side command-line when a message starts with \. Unlike commands sent to the !control room, the server-side command-line is available to all users and not just administrators. In fact, the !control room is quite passé as I find myself always using the control server-side command, since the results can be echoed to the room I'm in and others can see it too.

This week Construct's server-side command-line gained the watch command. This is similar to watch(1) in unix environments. You type watch <interval> <command> to repeat your command at a set interval. Previously the watch command was only available at the terminal console. The watch command will run until you click the ▶️ button, or redact the command itself.

The fun never stops in #test:zemos.net - Join us today!

Dept of Clients 📱

Nheko (website)

Desktop client for Matrix using Qt and C++17.

Nico reports

Since I found some time to step away from the 3d printer (damn, those things are addiciting), let me give you an update of some of the changes happening recently in Nheko!

A very fundamental change from LorenDB is that Nheko now renders messages it doesn't understand. For various reasons Nheko always tried to hide those from you, but LorenDB convinced me, that showing them has more benefits than downsides and also did all the changes and wrote plenty of tests, even when I was especially picky! And at the same time Nheko can now render the rainfall chat effect. 🌧️

Similarly I reworked how our message variant/enum type works. This made the debug build of Nheko shrink from 450MB to 350MB for me, which is quite significant, even if it probably has no visible impact on any users, since the compressed debug size as well as the stripped binary are basically the same size. (The flatpaks were at 5MB download size and still are at 5MB download size.) It does make some of our error messages nicer and allows us to implement some further improvements for devs down the line. It does mean Nheko now won't compile on GCC10 anymore though, which is included in the current debian stable release. But the next Debian release is just around the corner, so hopefully the impact from that is limited.

We also had a nice contribution from Sateallia: You can now order rooms alphabetically. While I never saw any use for that feature, some people can't live without it and I appreciate that someone stepped up to implement it.

And the last interesting change, we teaked our threads UI a bit again. Because it was easy to miss, that a message is in a thread, we added a thread indicator on the left as well. We are still experimenting if that should replace the old indicator or it should complement it, so lease give feedback if it is an improvement or not.

Neochat (website)

A client for matrix, the decentralized communication protocol

Tobias Fella announces

Heyo, I just realized you haven't heard about NeoChat in a while and I'm in a good mood, so here's an update:

• James is currently on a mission to document the entire NeoChat codebase, helping future contributors find their way around
• He has also entirely rewritten text handling for incoming and outgoing messages, making it more robust
• Thanks to deals made by Volker, we were finally able to finish the merge request for showing location events
• Similarly, I finished the work on sending location events, this will land in the next few days
• I've reworked the quick switcher (Ctrl+K) to be more useful
• Code blocks are now highlighted with a different background color, improving on the somewhat poor styling they had so far
• Several layout problems have been fixed
• Carl has done some performance improvements, reducing startup time by ??% ;)
• Aks has fixed the mention color in the input field to follow the style, making it look nicer especially on dark themes
• James has added a formatting popup to the input field, allowing for quick addition of bold, cursive, etc.
• Edited messages will no longer briefly show up wrong in the timeline after sending
• You can now learn more about KDE from NeoChat's settings page :)
• There is now menu hiding behind the avatar image, allowing for quick access to some settings
• You can now add a linebreak to your message when using virtual keyboards
• Url previews can now be configured from the settings
• Read markers for other users will now be shown
• The menu has been replaced by buttons in various more natural place
• Various keybindings and shortcuts have been implemented and improved
• The notification count in the system tray is working once again
• Messages that are not sent yet are now marked in the timeline
• You can now knock on a room using /knock
• Message editing is now done inline in the message
• Large amounts of state events are collapsed some more and can now be expanded to view all of them
• Finally, too many minor fixes to list them all here :)

Element Web/Desktop (website)

Secure and independent communication, connected via Matrix. Come talk with us in #element-web:matrix.org!

Danielle says

• We are happy to announce that the Gitter sunsetting bugs have been successfully resolved. Our development team has been working diligently to ensure a smooth transition for all users as we move forward with our plans.
• Additionally, our Cloud Packaging project is also now completed. 🎉
• The team is continuing to work on the recursive relations MSC, to address stuck notifications. We’ve also added more logging to track down other issues that may be related.
• Furthermore, we have made improvements to notification settings pages, room list ordering, and message previews.
• Accessibility audits continue and the quick wins we identify along the way are being actioned.

Element iOS (website)

Secure and independent communication for iOS, connected via Matrix. Come talk with us in #element-ios:matrix.org!

Manu says

• In Element X this week we’ve fixed the issue with room list loading while we’re still investigating the gappy timelines issue.
• Work is underway to enhance app navigation to support permalink for messages and opening the app from a notification.
• Room and user detail views are currently in review and will be available soon.
• We have started the integration of OIDC (OpenID Connect). This will enable users to authenticate with third-party identity providers, giving them seamless access to their account.

Element Android (website)

Secure and independent communication for Android, connected via Matrix. Come talk with us in #element-android:matrix.org!

benoit reports

• In Element X on Android we’re working on introducing the sending and receiving of files.
• We've also been working hard to improve our push notification system, and we're pleased to announce that significant progress has been made in this area. Keep an eye out for further updates as we continue to grow this feature.
• Also the room creation flow is progressing well. User will be able to create room and DM with Element Android X.
• Next, work will start on integrating OIDC (OpenID Connect) into Element X Android app. This will enable users to authenticate with third-party identity providers, giving them seamless access to their account.
• In the Element Android app, the issue that was preventing some users from making video calls using Jitsi has been fixed on WebRTC. We will integrate the next Jitsi release as soon as it is available. With Jitsi back up and running, users can once again connect face-to-face with their friends and colleagues.

Dept of Ping

Here we reveal, rank, and applaud the homeservers with the lowest ping, as measured by pingbot, a maubot that you can host on your own server.

#ping:maunium.net

Join #ping:maunium.net to experience the fun live, and to find out how to add YOUR server to the game.

#ping-no-synapse:maunium.net

Join #ping-no-synapse:maunium.net to experience the fun live, and to find out how to add YOUR server to the game.

That's all I know

See you next week, and be sure to stop by #twim:matrix.org with your updates!

Matrix Live

Dept of Spec 📜

TravisR says

Here's your weekly spec update! The heart of Matrix is the specification - and this is modified by Matrix Spec Change (MSC) proposals. Learn more about how the process works at https://spec.matrix.org/proposals.

MSC Status

New MSCs:

• MSC3994: Display why an event caused a notification
• MSC3993: Room takeover
• MSC3991: Power level up! Taking the room to new heights
• MSC3989: Redact origin field on events
• MSC3995: [WIP] Linearized Matrix

MSCs in Final Comment Period:

• No MSCs are in FCP.

Merged MSCs:

• MSC3980: Dotted Field Consistency

Spec Updates

This last week the core team has been working on Linearized Matrix, which now exists in MSC form. The idea is still very much in flux, but the MSC covers a large part of the backing context for the overall approach. More detail about IETF116, Linearized Matrix, and the overall mission can be found in last week's TWIM, and we're happy to answer any questions in #matrix-spec:matrix.org on Matrix.

Meanwhile, the Spec Core Team (SCT) has been focusing on Matrix 2.0 MSCs for OIDC, VoIP, etc alongside quite a few other smaller MSCs. You can follow along with the SCT's weekly priorities in the #sct-office:matrix.org room on Matrix.

Random MSC of the week

Today's random proposal is MSC3860: Media Download Redirects! Quite a few medium-large servers use a CDN of some kind to host media shared in rooms, and currently the usefulness of that CDN is diminished by servers not necessarily being able to tell clients that the media is actually found on another URL. This proposal formalizes HTTP 307 redirects, and the SCT is interested to hear if this will break any clients - check it out, leave some comments, and let us know :)

Dept of Servers 🏢

Construct (website)

A performance-oriented homeserver with minimal dependencies.

Jason Volk announces

Construct features a Github webhook bot built into the server as a loadable module. This is something which existed from the very first days of the project and something I've worked on intermittently. For those that don't remember shortly after reactions were released in Riot, Construct was the first to make use of them as status indicators for continuous integration by reacting with 🟡 and 🟢. Sometime later we were one-upped by the creativity of the folks over at #nheko whose bot sends a very baroque set of reactions for individual Gitlab jobs.

Last week Construct added a rather large Docker image matrix both for release consumption and to replace the the Appveyor CI. I'm sad to see Appveyor go since only a couple weeks ago they were very helpful with a support ticket of mine, but our needs now have exceeded that and I prefer to do things myself.

This week I'd like to present Construct's live-action continuous-integration status bar. Each box is actually a clickable hyperlink to the Github actions page, so when something turns red you can find the error.

If you're interested in a demonstration, I would have some screencasts but nothing I've tried yet seems to work in wayland. As always, feel free to check out #construct:zemos.net for a live demonstration of the real thing.

Dept of Clients 📱

Quaternion (website)

A Qt5-based IM client for Matrix

kitsune says

Quaternion 0.0.96 beta

The first beta of Quaternion's new version has been published earlier this week, with (still work-in-progress and incomplete at the moment) E2EE support as the main highlight. The release notes can be found at the usual place at GitHub. Most of the changes are actually due to using libQuotient 0.7 under the hood so it's a short read this time; but make sure to check the E2EE section in the library release notes (two key things: don't use encryption if it's the only device you're logged in from, and don't expect Quaternion to decrypt historical messages). Translators are welcome to update the strings at the usual place (you only need strings tagged dev).

For this beta, both the pre-built packages at GitHub and the Flatpak (NB: you have to use the Flathub beta channel to get it) have E2EE switched on and you cannot turn it off; so please don't use this version for anything serious (I know you waited for so long; it's still the first beta, okay?). The work on making E2EE opt-in on a per-account basis is ongoing, and there's still a laundry list of things to do before the final 0.0.96 is released, with a lot of quick and easy fixes - so please help with closing them off to make the release come sooner!

Element iOS (website)

Secure and independent communication for iOS, connected via Matrix. Come talk with us in #element-ios:matrix.org!

Ștefan announces

Happy Monday everybody, ending yet another exciting week in iOS land that brought us:

• Push notifications in ElementX (albeit with no content until we figure out the rusty bits)
• Blocking users from the content reporting screen
• An improved direct message room details screen
• Developer tools that make it easier to deal with translations plus some bug fixes in that area
• Improvements to our screen templates and fixes for some flakey tests as a result
• A lot of sliding sync bug and performance fixes courtesy of our crack Rust Team™
• Our first look at end to end media sending (pre-processed image sent in an encrypted room)
• An improved timeline item debug menu
• and more..
• Meanwhile a new Element release is on the way with significant improvements for read marker and the ability to mention a @room

Last but not least, with Localazy now fully setup, please join us in making ElementX the nicest Matrix client to use in any language at https://localazy.com/p/element

Cinny (website)

Cinny is a Matrix client focused on simplicity, elegance and security

Lozenge says

Cinny v2.2.6

Security release

• Update matrix-js-sdk to v24: Address CVE-2023-28427

Our hosted versions are already up-to-date. If you are self hosting, please update to v2.2.6 as soon as possible.

Release: https://github.com/cinnyapp/cinny/releases/tag/v2.2.6

Folds

Our work on Folds (the design system for Cinny) is finished and it's now getting incorporated into Cinny itself. You can find the design system code on Github and a live demo here.

Dept of Non Chat Clients 🎛️

Chess client on Matrix ♟️

Bram reports

I built a chess client on Matrix! You can now play chess with your friends using a Matrix server as your back-end. It's a hacky design built in two weeks time, but it's ready for demo purposes. Users can log in using an access token or using a username and password, and they'll be able to receive and send invites.

The chess games work in any room, but I'll gladly accept games from people who challenge mr-demo in #elm-sdk-development:noordstar.me in the next week. No promises that I'm good at the game though. ;)

You can view the source code here, and you can use the live demo version: https://chess.noordstar.me/

This client is meant as a proof-of-concept for the Elm SDK, so any and all feedback is welcome! You can contact me at #elm-sdk:matrix.org .

export matrix messages (website)

A commandline utility to export matrix messages

Aine reports

emm (export matrix messages) v0.9.6

Long time no see! The emm tool got new release with proper handling of replaced (edited) messages.

Why project doesn't get much updates you ask? Because it does the job almost perfectly! Try it yourself and find out 😉

Check out the source code (has binary releases) and say "hi!" in the #emm:etke.cc

Dept of SDKs and Frameworks 🧰

Elm SDK - first test client

Bram reports

As by Elm's guidelines, packages and SDK's in Elm aren't just published as they're being developed - they're published when they're finished and can be used widely.

For this reason, the final phase of developing the Elm SDK is to test, make examples, and ask the community for feedback. For this reason, I've built a chess client as a demo version.

Hopefully,

• This shows the performance optimization of Elm to the Matrix community. The entire client fits in a 57,22kB JavaScript file, which is quite small when considering that Hydrogen's JavaScript file is 13 times as large.
• This shows the potential of using Matrix to the Elm community as a simple back-end for the purpose of "and now you can do this with other Elm clients".

For this reason, I am asking both communities for feedback - what tiny Elm clients would you like to see created?

Trixnity (website)

Multiplatform Kotlin SDK for Matrix

Benedict announces

Trixnity v3.6.0 is released. There is also a website with documentation for Trixnity now 🚀

features/improvements:

• matrix 1.6 support
• BREAKING CHANGE: more flexible API for loading events
• added SSO redirect endpoints
• cleaner logging messages

bugfixes:

• also catch deserialization exceptions on decrypting olm events
• fix server discovery from UserId

Dept of Ops 🛠

synadm (website)

Command line admin tool for Synapse (Matrix reference homeserver)

jacksonchen666 announces

It's been only a little bit since our last TWIM. But since v0.40, we did some improvements on how synadm handles very special characters (e.g. /), automated releases, and control over whether certificates should be verified.

That's all the notable changes in synadm. But if you really want to get into the raw changelogs, you can read all the commits or look at the release notes.

Dept of Bots 🤖

Phish Bot

dzlandis reports

Introducing Phish Bot, a Matrix bot that detects phishing/malicious links sent in your chat rooms and notifies users that the links are malicious. Invite Phish Bot to a room to get started.

• Github: dzlandis/Phish-Matrix-Bot
• Matrix Space: #phishbot:matrix.org
• Support Room: #phishbotsupport:matrix.org
• Announcements Room: #phishbotannouncements:matrix.org

hasskbot the vacuum bot

Oleg reports

Did you know you can control your robot vacuum cleaner via Matrix?

How?

Using home-assistant and hasskbot! 😉

I added the docs how to configure this.

Similar approach can be used to control any entity in home-assistant via hasskbot.

Hasskbot v1.0.2 is now based on the latest Opsdroid version, which includes simpler logging when running in a container.

Dept of Events and Talks 🗣️

Matrix Salon podcast

Christian Paul (jaller94) reports

Meet anoa, one of the Spec core team members.

We talked about Matrix events at FOSDEM 2023, the Matrix Spec core team and Matrix Spec changes (MSCs).

RSS feed: https://anchor.fm/cdb34188/podcast/rss Episode link: https://podcasters.spotify.com/pod/show/matrix-podcast0/episodes/Anoa-English-episode---Spec-core-team--FOSDEM-2023-e21ufnm Fediverse post: https://mastodontech.de/@jaller94/110157776518946999

Dept of Ping

Here we reveal, rank, and applaud the homeservers with the lowest ping, as measured by pingbot, a maubot that you can host on your own server.

#ping:maunium.net

Join #ping:maunium.net to experience the fun live, and to find out how to add YOUR server to the game.

#ping-no-synapse:maunium.net

Join #ping-no-synapse:maunium.net to experience the fun live, and to find out how to add YOUR server to the game.

That's all I know

See you next week, and be sure to stop by #twim:matrix.org with your updates!

Matrix Live

Dept of Status of Matrix 🌡️

uhoreg announces

Messaging Layer Security approved by the IETF

The IETF has approved Messaging Layer Security (MLS) for publication. MLS is an end-to-end encryption method designed for group messaging. We have been working on integrating a variant of MLS into Matrix. Keep an eye out for demos in the near future.

Dept of Spec 📜

Andrew Morgan (anoa) [GMT-8] says

Here's your weekly spec update! The heart of Matrix is the specification - and this is modified by Matrix Spec Change (MSC) proposals. Learn more about how the process works at https://spec.matrix.org/proposals.

MSC Status

New MSCs:

• MSC3987: Push actions clean-up
• MSC3985: Break-out rooms
• MSC3984: Sending key queries to appservices

MSCs in Final Comment Period:

• MSC3980: Dotted Field Consistency (merge)

Accepted MSCs:

• MSC3923: Bringing Matrix into the IETF process
• MSC2677: Annotations and reactions

Closed MSCs:

• No MSCs were closed/rejected this week.

Spec Updates

Last week we mentioned that we'd have more to share this week about an easier API for accessing rooms in Matrix, and while it was our intention to have an MSC out by now, our priorities shifted slightly after the MIMI working group session at IETF 116. Some exciting news on that front though: our proposed easier API, called Linearized Matrix (apologies to all the mathematicians), is very much in line with what the working group is thinking about. So much so that we're going through the effort of writing up Matrix as a series of proper Internet-Draft specifications.

We don't currently have an up-to-date document which covers Linearized Matrix completely, but the short version is it allows a server to support individual rooms being linear arrays instead of DAGs. This doesn't prevent a DAG-capable server from joining the room and speaking full-blown DAG either, which is particularly important for compatibility with the existing Matrix network. Currently our efforts on Linearized Matrix are in implementation rather than documentation, though once things are slightly more stable we'll be getting an MSC out there for everyone to review more easily. Watch this space for news.

Following IETF 116, we have an immense amount of work ahead of us to define Matrix as the standard for interoperable chat, but we're well on our way on getting through it all. Namely, we're going around and mapping Matrix's functionality onto MIMI's concepts, defining Matrix as a proper IETF standard along the way. The expected outcome of this for the implementation authors of Matrix is a spec that is significantly easier to follow, finally.

For an idea of what's ahead, here's what the SCT will be looking at over the next several months:

• Linearized Matrix (implementation & MSC)
• Extensible Events (at least the core types) - this will serve as the basis for an interoperable messaging format in our IETF drafts
• Decentralized MLS & interoperability of crypto
• Clarification gaps and bugs in the current spec
• Pseudonymous user IDs and account portability
• Almost certainly something that was missed when writing this list

Considering the above list, the Matrix 2.0 objectives (sliding sync, OIDC, native VoIP conferencing, and faster room joins), and the core team's work around mentions, abuse reporting, and more, the SCT will be a bit busy. That said, if you have MSCs you think we should be looking at, let us know in the #sct-office:matrix.org room. We've recently started doing our weekly planning in that room too, which should help give an idea for what the SCT is expecting to look at each week.

Random MSC of the Week

The random MSC of the week is... [WIP] MSC2966: Usage of OAuth 2.0 Dynamic Client Registration in Matrix!

This MSC provides a mechanism for implementing Dynamic Client Registration (RFC 7591) for OAuth 2.0 between Matrix clients and homeservers. Without this, homeserver admins would need to manually configure OAuth metadata (Redirect URIs, application names, client secrets, and more) for every Matrix client that wanted to connect to the homeserver. Since that doesn't really scale in an environment that allows anyone to use any client they like, dynamic registration is critical! Dynamic registration allows clients to communicate this metadata to the homeserver at the login/registration step.

MSC2966 is part of a series of MSCs that add first-class OpenID Connect (OIDC) support to Matrix. You can see an overview of the related MSCs (here) and https://areweoidcyet.com/ for the latest progress on integrating OIDC into the Matrix spec!

Dept of Servers 🏢

Synapse (website)

Synapse is a Matrix homeserver implementation developed by the matrix.org core team

Shay says

It's yet another Friday which means it's TWIM day. This week the backend team released Synapse 1.80.0. Notable highlights include:

• Fixed a bug in which the POST /_matrix/client/v3/rooms/{roomId}/report/{eventId} endpoint would return the wrong error if the user did not have permission to view the event. This aligns Synapse's implementation with MSC2249
• Fixed a bug introduced in Synapse 1.75.0rc1 where the SQLite port_db scriptwould fail to open the SQLite database
• Stabilized support for MSC3966: event_property_contains push condition
• Fixed a long-standing bug in which the user directory would assume any remote membership state events represent a profile change

and much more! You can learn more here in the release notes: https://github.com/matrix-org/synapse/releases.

Nico says

It has been quiet for a while, but mostly because I was busy or I felt like there was nothing worth talking about. But this time I fixed a bug, that I am actually so proud of, that I need to share it!

I regularly ban users in my rooms temporarily, if they are behaving like an asshole and I want to show them, that such a behaviour is not accepted, even if they usually contribute useful stuff. This tactic has in general worked pretty well and led to a noticeable improvement in the conversation culture in those rooms.

HOWEVER one bug has plagued us for ages and made this method way more destructive, than it should be. Everytime you banned someone on a single user homeserver or even just if they were the only user in the room from that server, you couldn't unban them. That is because there is no member in the room anymore to send the unban event to, so the other server never received an unban. Now, you might think, why is that a problem, you can join the room initially as well. And that was my thought as well, but considering that this bug was transferred to Github in 2016 and several people looked at it, I thought it was just way more complicated to fix. But since I hit this a few times a year and sometimes even multiple times a month, I spent a lot of time looking at the issue on Github. And I did see a few times, that there was a Complement test for it and every server passed that test, but only Synapse got blocklisted. So it couldn't be a fundamental problem...

So I thought, okay, this is annoying me regularly now, I will just get my hands dirty this time and fix it. Even if it takes me weeks or months. So I set up Complement, allowed the test to run on Synapse and watched it fail. Sadly, the complement logs were so long, that I couldn't find the actual error, but a few tries (and hours of runtime) later I got useful output, searched for the error message in synapse and looked at the code. It looked more complicated than Dendrite, all of the membership transitions were in 1 function instead of different ones. But apart from that, the obvious thing that jumped out was that Synapse verified against the room state if the user was allowed to join before checking if it was in the room and then attempting a remote join. Now usually it makes sense to verify the state locally, but not if you are not in the room, so I just moved the in room check up a bit and moved the local verification behind that check, so that the local state is only used for verification, if we are in the room. And it worked! So apart from indentation changes, this was a 1 line change in Complement, a 1 line change in Sytest (to make it fail on the right error) and a 3 line change in synapse (+ 50 lines or so of indentation changes...). This bug has been bothering me for ages and that was all it took to fix!

Now, bugs often look easy in hindsight, so don't use this to judge the Synapse devs or anyone. I just had the right motivation and a bit of luck finding the problem quickly (and help from Synapse devs). Possibly that change broke something else deep down in Synapse and we get to deal with demons soon. But I am happy for now!

Context links: https://github.com/matrix-org/synapse/pull/15323 https://github.com/matrix-org/synapse/issues/1563 (look, they both start with 15!)

Construct (website)

A performance-oriented homeserver with minimal dependencies.

Jason Volk announces

This week we focused on build system improvements. First, a huge thank you to Giovanni Bottaro for digging into the Ubuntu docker image and slimming it down to nearly half its size. It's still not as compact as our Alpine image, which is the smallest of any of the Matrix servers, but it's the one I would say is the most stable at this time. On the heels of this, I decided to overhaul the docker image matrix. Construct now offers several dozen combination docker images from Ubuntu 22.04, 22.10, Alpine 3.16, 3.17, gcc-10, 11, 12, clang 14, 15, and on arm64 with neon, amd64 with avx, avx2, and avx512.

Check out #test:zemos.net today!

Dept of Clients 📱

Nheko (website)

Desktop client for Matrix using Qt and C++17.

Nico reports

While I was mostly spelunking in CI land, some people did some really cool stuff!

Dtelsing implemented screenshare support on Wayland. This requires a proper pipewire + xdg-desktop-portal ScreenCast interface setup, but it means Nheko will properly ask your OS for a screenshare and your OS then gets to decide, what screen or window you are allowed to share. Especially considering how little documentation there is for this, I am pretty impressed how quickly they got this working and it seems to work quite nicely on the platforms I have tested, but feel free to test it yourself and report issues you find!

LorenDB tweaked the design of our switches, because they bothered him. Now, I have no eye for that, so I can't tell you what changed, but I assume people who can tell if something is pretty will be happy! Ryandesign also fixed the macOS build on case sensitive filesystems, a pseudonymous contributor added querying your own status message to the dbus interface and Nheko now linkifies improperly encoded matrix.to links again.

I think that is all, thank you all for the cool contributions!

Ement.el (website)

Matrix client for Emacs

alphapapa announces

Ement.el, a Matrix client for the GNU Emacs text editor and Lisp environment, has been released at version 0.8. Changes since the last release include:

Additions

• Command ement-create-space creates a new space.
• Command ement-room-toggle-space toggles a room's membership in a space (a way to group rooms in Matrix).
• Visibility of sections in the room list is saved across sessions.
• Command ement-room-list-kill-buffer kills a room's buffer from the room list.
• Set device_id and initial_device_display_name upon login (e.g. Ement.el: [email protected]).

Changes

• Room-related commands may be called interactively with a universal prefix to prompt for the room/session (allowing to send events or change settings in rooms other than the current one).
• Command ement-room-list reuses an existing window showing the room list when possible.
• Command ement-tag-room toggles tags (rather than adding by default and removing when called with a prefix).
• Default room grouping now groups "spaced" rooms separately.

Fixes

• Message format filter works properly when writing replies.
• Improve insertion of sender name headers when using the "Elemental" message format.
• Prompts in commands ement-leave-room and ement-forget-room.

Feel free to join us in the chat room: #ement.el:matrix.org.

Element Web/Desktop (website)

Secure and independent communication, connected via Matrix. Come talk with us in #element-web:matrix.org!

Danielle reports

• This week we’ve been making some great progress on all notifications fronts:
  • Our stuck notifications MSC is in progress, other work on these bugs is also on-going
  • The new notifications settings pages are designed and being worked on
  • The Intentional Pings MSC is also making progress; hoping to remove those pesky pings and allow us to stop using l33t speak!
• The cloud packaging improvements we’ve been making are nearly at an end - here’s to quicker, more reliable releases for our teams! 🎉
• Other product improvements include updates to the permalinks behaviour - try sending a matrix.to link to a message and let us know what you think.
• Our Product and Design teams have been taking a closer look at community PRs and are putting processes in place to reduce the time PRs are blocked by either department.

Element iOS (website)

Secure and independent communication for iOS, connected via Matrix. Come talk with us in #element-ios:matrix.org!

Ștefan reports

This week in Element X on iOS:

• We’ve been fixing some issues with the timeline including updates to edits and messages that failed to send. You’ll also see the timeline ordering is more reliable also.
• Started to look into OIDC and how we integrate the new systems there
• Room details are making forward progress also and we’ve recently added “Ignore user” right to the DM details screen.
• We have also started working on the media upload flows and are making good progress

Element Android (website)

Secure and independent communication for Android, connected via Matrix. Come talk with us in #element-android:matrix.org!

benoit says

On Element X for Android this week we:

• Introduced push notifications!
• We’re also looking at how we share translations across mobile platforms.
• And! The Room Details screens are continuing to grow; now you can see the room member list.

Release of Element Android get delayed because we want to fix an issue on the timeline first.

Dept of VoIP 🤙

Element Call (website)

Native Decentralised End-to-end Encrypted Group Calls in Matrix, as a standalone web app

Dave reports

We have a new Element Call release -> 0.3.6. This release principally contains a fix for a bug where participants could see video from other users but not be shown themselves (matrix-org/[email protected]). Feature wise you can use Element Call now for screen sharing only (without any media device attached to the computer). Here is the full changelog

Dept of SDKs and Frameworks 🧰

matrix-nio (website)

Paarth Shah announces

Hello all! I'm a new maintainer for this project, and I'm happy to say that we've released a new version, 0.20.2, already available on Pypi!

This release was mainly for upgrading dependencies and fixing bugs, (see the full changelog for details!) but I'm hopeful that I'll be able to dedicate some time to advancing some new features, and being able to help get new contributions rolling in!

matrix-rust-sdk (website)

Next-gen crypto-included SDK for developing Clients, Bots and Appservices; written in Rust with bindings for Node, Swift and WASM

Jonas Platte reports

• Lots of additions to our bindings in the matrix-sdk-ffi crate
  • We've been working on adding bindings to the tracing library to matrix-sdk-ffi such that Kotlin or Swift code like ElementX that calls into the Rust SDK can benefit from the same structured logging infrastructure
  • We switched matrix-sdk-ffi to use the new sqlite crypto store
  • We added Client::ignore_user, Client::get_profile
• We fixed a problem where gappy syncs (which happen mostly when a process using the SDK is suspended and resumed a while later after many events arrived) would result in an invalid timeline item ordering
• We updated the read marker code for the timeline to never insert the marker at the very end

Matrix in the News 📰

Oleg announces

It became a habit to talk about the new Matrix stuff after FOSDEM in the German Podcast Das Duumvirat. 🙂

Feel free to check out the Recording (in 🇩🇪)

Dept of Ping

Here we reveal, rank, and applaud the homeservers with the lowest ping, as measured by pingbot, a maubot that you can host on your own server.

#ping:maunium.net

Join #ping:maunium.net to experience the fun live, and to find out how to add YOUR server to the game.

#ping-no-synapse:maunium.net

Join #ping-no-synapse:maunium.net to experience the fun live, and to find out how to add YOUR server to the game.

That's all I know

See you next week, and be sure to stop by #twim:matrix.org with your updates!