Open Tech Will Save Us #1
This week we held the first in a series of virtual meetup events, Open Tech Will Save Us.
We were really excited to make this event feel like a real meetup - with a live chat, and interactivity from the chance to ask questions of the speakers. There was a great response, with participants in a 100+ user room chatting about the talks and generally adding to the atmosphere.
Lineup included:
- Saúl Ibarra Corretgé from Jitsi on the rapid growth they've experienced since the start of the 2020 crisis
- David Dias from IPFS introducing gossipsub in libp2p, including the security hardening work that they've been putting into v1.1!
- Valère, from Matrix and Riot, who presented on the importance of UX and cross-signing keys in end-to-end encrypted communications.
Dept of Spec 📜
anoa said:
Here's your weekly spec update!
MSC Status
Merged MSCs:
- No MSCs were merged this week
MSCs in Final Comment Period:
- No MSCs are currently in FCP
New MSCs:
Spec Core Team
This week the Spec Core Team will be focusing on MSC2457 (password invalidation), MSC2454 (SSO UI Auth), and MSC2472 (Symmetric SSSS), which each have proposed FCPs in flight.
Before next TWIM we'll be carrying out a long-overdue retro to go over how we've been doing in the last few months. We'll then continue to do those regularly once a month and post conclusions from those meetings here.
Dept of Servers 🏢
Conduit (New Rust Homeserver)
timo told us:
This week was really successful for the homeserver project. Not only does event sending and syncing work properly, but creating/joining rooms, state events and the public room directory works as well. But the biggest archievement I made this week is Riot support.
Big thanks to MTRNord for fixing bugs in Riot web and deploying an instance of Riot with all patches applied and to jplatte and @iinuwa for improving the ruma libraries.
Today we did the first actual test of the new homeserver. We had ~5 people sending and syncing messages in a room and all of them were able to send messages almost instantly. We'll see how well that scales when we implement federation in the future.
Check out the repository on https://git.koesters.xyz/timo/conduit and our Matrix room on #conduit:koesters.xyz. If you want to try out the server yourself, you can try to connect to it using https://riot.nordgedanken.de/#/register (though it might be offline when you read this)
Dendrite / gomatrixserverlib
Neil Alexander told us:
- Support code for version 3 and version 4 rooms has now been merged.
Synapse
Neil told us:
The main focus continues to be performance and we are starting to make good progress in figuring out how to split out and shard the event streams. This is a project where most of the bang will come all at once, rather than there being multiple small incremental improvements.
Aside from that we continue to improve the SSO experience, landing UIA support for CAS providers. We also made a small change to the default behaviour so that only room admins can enable e2ee (applies to new rooms only).
Next week, is more of the same. Expect a few short term performance improvements (specifically to help with cross signing UX) and more SSO support.
Dept of Bridges 🌉
Gitea webhooks bridge
s7evink told us:
As of this PR Gitea has the ability to directly send webhooks to Matrix. Currently it's only in the master branch, but should be in Gitea 1.12.0 which is due by May.
script for forwarding unread Wilma messages to Matrix
mijutu said:
I wrote a script for forwarding unread Wilma messages to Matrix. Wilma is a website and mobile app for teacher-parent communication. Download the script from https://k2c42.dy.fi/git/wilmatrix.git and give feedback at #wilmatrix:ellipsis.fi
mijutu seems to lament:
Recently Wilma usage increased from occasional messages to everyday messages, so I had to do something.
vurpo gave us some background:
Wilma has been widely used and well-known in Finland for over a decade, but not sure how well-known it is elsewhere?
There was just an article (not in English) about the origins of Wilma, that was interesting
So someone got an Amiga in the 80s and decided to make a scheduling program for their local school, and add a bit of time and now there is a web interface, login for students, teachers, and parents with messaging, homework, grades and everything
mautrix-facebook and mautrix-hangouts
Tulir told us:
As promised last week, mautrix-facebook and mautrix-hangouts now support end-to-bridge encryption. It works the same way in all bridges, so the instructions from the mautrix-telegram wiki work for all of them.
👨💻 IRC Bridge
Half-Shot reported:
Hello everyone. The IRC bridge has hit
0.17.0-rc1. This release is lighter than past releases, but fixes a few nasty bugs. Please test and report back :)Highlights include:
Disconnect a PM room from IRC when another user is invited, and disallow invites to PM rooms.
On name change, inform Matrix users, if their preferred IRC name is taken.
Add ability to deactivate users permanently via the DebugAPI.
Two bugfixes on the
!storepassfeature, both bugs would cause the user to be unable to use the bridge 😟.
mx-puppet-bridge
mx-puppet-bridge is a general bridging library that supports (double)bridging and relays. The goal is to make it as easy as possible for others to bridge new third-party protocols to matrix. Support room Donate
sorunome offered:
Soo.....mx-puppet-bridge also supports plumbed rooms now. That means that this one little library supports all types of bridges mentioned in https://matrix.org/bridges/ Yay!
Skype bridge in matrix-docker-ansible-deploy
Slavi told us:
Thanks to Rodrigo Belem's efforts, matrix-docker-ansible-deploy now supports bridging to Skype via the mx-puppet-skype bridge. See our Setting up MX Puppet Skype bridging documentation page for getting started.
ofono SMS/MMS bridge
Somehow it seems we never previously featured untidylamp's ofono SMS/MMS bridge. This is a Python3 project to bridge Matrix and SMS/MMS messages via ofono.
They say:
I'm running this with ubuntu touch on my nexus 5. The goal is to have this hosted on my PinePhone.
integration for Kallithea
andrewsh announced:
speaking of integrations, I wrote an infra-basic integration for Kallithea three years ago: https://kallithea-scm.org/repos/integration/matrix
Dept of Clients 📱
Riot Web
Ryan said:
v1.5.16-rc.1 is now available at https://riot.im/staging with quite a few things, including:
default in-app home page for new users
a simpler SSO sign in flow
SSO user authentication support for flows like removing sessions (requires homeserver support as well)
better read marker behaviour for grouped events like room creation
support for Jitsi configuration via .well-known from the homeserver
lots of cross-signing polish
Overall, the team is focused on finishing up cross-signing which is targeting release next week (assuming there are no surprises). 🎉
RiotX
valere said:
Wild SQLDelight migration branches popup'ed in PR
Main Focus is still on getting cross-signing out No release this week, but here is develop change log:
Develop Change log:
Features ✨:
- Cross-Signing | Bootstrapping cross signing with 4S from mobile (#985)
Improvements 🙌:
Cross-Signing | Setup key backup as part of SSSS bootstrapping (#1201)
Cross-Signing | Gossip key backup recovery key (#1200)
Show room encryption status as a bubble tile (#1078)
Bugfix 🐛:
Cross- Signing | After signin in new session, verification paper trail in DM is off (#1191)
Failed to encrypt message in room (message stays in red), [thanks to pwr22] (#925)
Cross-Signing | web <-> riotX After QR code scan, gossiping fails (#1210)
gomuks
Tulir told us:
gomuks got some minor improvements:
commands to download and open any files (rather than just images like before)
a toggle for markdown and html input
Riot-iOS
Manu said:
We continued to improve the implementation of cross-signing. One of added features is the gossip of the private key of the key backup: when you complete the security on a new sign-in, this new device automatically retrieves all message keys from your key backup. All your e2ee history is available with no additional effort.
Meanwhile, we have been updating the Riot iOS codebase to better support iOS 13 SDK and Xcode 11.x. Check https://github.com/vector-im/riot-ios/milestone/32 for the progress of this work.
Dept of SDKs and Frameworks 🧰
libQuotient 0.6 beta
kitsune announced:
libQuotient 0.6 beta is out - developers and packagers are most welcome to try it out and iron the wrinkles before the release. This release is not too different from libQMatrixClient 0.5.3 that already incorporated many fixes from the main line; however, it includes: the new name (libQuotient, that is); proper rate-limiting (wait times advised by the homeserver are respected); the library is less prone to crash at logout and closing a connection; and, finally, initial work on E2EE done over the last year's Google Summer of Code is included in the library now. The list is fairly brief, as I didn't have too much time to work on Quotient in the last 6 months; but now that my switching jobs and continents is more or less complete, we're going to move faster.
ruma
jplatte reported:
Endpoints are continually being updated, and instead of just repeating this vague statement again and again, here is a number: at least 60% of our endpoint definitions are up-to-date with r0.6.0.
We're also getting lots of feedback from conduit's development. Some of things we're now planning to change based on that will require large-scale refactorings that haven't yet started, but will hopefully happen in the coming months.
matrix-rust-sdk progress
poljar said:
The matrix-rust-sdk is steadily progressing, improvements have been made on many fronts thanks to devinr528 (better event emitting, easier tests, room name calculation...).
The encryption side of things has been going on as well and a sneak peek can be found here https://streamable.com/xjb83d#
Dept of Ops 🛠
matrix-docker-ansible-deploy Jitsi
Slavi announced:
matrix-docker-ansible-deploy's Jitsi setup has seen lots of improvements around authentication, thanks to teutat3s. Refer to our Jitsi docs page for getting started or to learn how to rebuild your existing Jitsi installation in a more secure manner.
I asked: does this include the most recent version? https://jitsi.org/news/features-update-april-2020/
Slavi said:
it should! We've updated all Jitsi images today and reworked some things, due to a new release from the Jitsi guys, which fixes some security issues.
Dept of Bots 🤖
Send Sentry issues to a Matrix room
jaywink offered:
If you want your Sentry issues to a Matrix room, there is now a new bot for that: https://github.com/matrix-org/matrix-sentry-webhooks . Currently it supports a simple "projects to rooms" mapping and should work with both legacy webhook integrations and integration platform webhooks.
Dept of Ping 🏓
Here we reveal, rank, and applaud the homeservers with the lowest ping, as measured by pingbot, a maubot that you can host on your own server. Join #ping:maunium.net to experience the fun live, and to find out how to add YOUR server to the game.
| Rank | Hostname | Median MS |
|---|---|---|
| 1 | gottliebtfreitag.de | 403 |
| 2 | maescool.be | 469 |
| 3 | nerdsin.space | 503 |
| 4 | envs.net | 512.5 |
| 5 | lyseo.edu.ouka.fi | 544 |
| 6 | maunium.net | 576 |
| 7 | imninja.net | 577 |
| 8 | matrix.vgorcum.com | 697 |
| 9 | kapsi.fi | 751.5 |
| 10 | chat.matrix4me.de | 913 |
That's all I know 🏁
See you next week, and be sure to stop by #twim:matrix.org with your updates!
The Foundation needs you
The Matrix.org Foundation is a non-profit and only relies on donations to operate. Its core mission is to maintain the Matrix Specification, but it does much more than that.
It maintains the matrix.org homeserver and hosts several bridges for free. It fights for our collective rights to digital privacy and dignity.
Support us