We'd like to welcome Twitter to the world of decentralised communication protocols after Jack Dorsey's announcement this week that Twitter is building a decentralised social media team. It seems that the constraints they're working with are to focus on decentralised reputation (supporting different content filtering algorithms), incentive models (presumably some kind of token) and avoiding consensus-based standards processes. It's worth noting that we've been working on decentralised reputation stuff in Matrix for a while now - of which MSC2313 - Moderation policies as rooms is the most concrete result so far, and it's great to see Twitter thinking about how to adopted different filtering mechanisms for their content. It sounds as if they're approaching this from a blockchain/incentives angle however, so it remains to be seen whether they'll be interested in our work - especially as Matrix doesn't have a microblogging client yet (but only because nobody has made one yet). We'll be trying to talk to them whatever to see if we can be of use, eitherway :)
Here's your weekly update for what happened in spec land!
While it may look quiet from the state changes list, there's actually been a flurry of activity on MSC2376 and MSC2385 (for disabling URL previews on a per-message basis), MSC2380 (for a method of querying the metadata of a piece of media without downloading it) and MSC2346 (for showing metadata about the bridges that are currently active in the room)! Now's the time to jump in if you want to have your say!
- No MSCs were merged this week.
MSCs in Final Comment Period
- No MSCs in FCP.
Spec Core Team:
The Spec Core Team is on the same track as last week with no specific 3 MSC focus, but working on bringing up a lot of MSCs across the board.
Synapse 1.7.0 is out, check out all the details here, admins can now specify message retention policies at a server and room level. We also changed the defaults for the room directory to be privacy preserving by default.
Several packaging projects have been updated to deploy the new version:
Alexandre Franke told us:
We gained the ability to save spellcheck language per room, which makes me quite happy as I keep switching between English speaking and French speaking ones and was growing tired of those red underlines and having to switch manually every time.
Data is stored in
Continuum, Kotlin client for the desktop:
Updated to Kotlin Json and HTTP libraries, removed Moshi and Retrofit from dependencies
When there is an error when loading notifications, one can click to retry or view the cause
nheko mostly fixed bugs regarding the new file encryption this week and did some organizational stuff:
- We fixed a compliance issue, where Riot couldn't decrypt our media
- You can now actually see your encrypted images, when you sent them
- We fixed some tests regarding our session key export
- We fixed our coverage of our automated tests
- We did some prepwork for device verification
- A few minor usability fixes and code cleanups
benoit told us:
RiotX v0.10.0 has been released on Tuesday, with some bug fixes and a new Breadcrumbs drawer to switch between rooms super super fast. Give it a try! Now we are implementing workflow when the access token get invalidated, with SoftLogout support. Also, we are still working on improving the initial sync management, which can be a long task on big account, and that causes some problem with the current implementation. Among various other subjects: matrix.to support, room profile screen, verification in DM, cleanup dependencies to reach the F-Droid store, we are quite busy!
This week, we released Riot-iOS 0.10.4 with a couple of hot fixes on device verification. In parallel, we have been still working on verification by DM both on UI and SDK sides. As a collateral effect, the aggregation of
m.referencehas been implemented in the SDK. This means the SDK is now ready for message threading !
Cross-signing keys and secret storage can be created in Settings for advanced users with the cross-signing feature flag enabled in labs, though please keep in mind that these features are still in development. More work is still needed to change to verifying users instead of devices. More accessibility fixes have landed as well.
as part of all the work around cross-signing, we're shifting device verification to happen in the context of DMs so verification is done per-user rather than per-device, and so you can track your verification history and generally massively improve the UX. valere made a great video of how this is shaping up between RiotX and Riot/Web...
Release 2.2.0 of the ma1sd (fork mxisd) https://github.com/ma1uta/ma1sd/releases/tag/2.2.0 Changes:
- support of the MSC2140 (hash lookup)
- support of the MSC2134 (API v2)
ma1sd hotfix 2.2.1 released with a lot of bugfixes. Also the v2 API (MSC2140) was disabled by default because it breaks backward compatibility in lookup behaviour.
I have created a modular bot for writing Matrix bot functionality in Python easily. It already has bunch of modules ranging from weather to calendar integration and more will come. Even the location bot from last week's TWIM is now implemented as a module. I hope you find it useful. PR's of new modules are always welcome. https://github.com/vranki/hemppa
A Bot to sync LDAP groups to matrix rooms. Rooms will be created automatically and group member changes are reflected in the matrix rooms. The bot is currently in beta and documentation will be added in the next weeks. New features for simple integration will be added soon. Have a look at the repo: https://git.sr.ht/~davidlang/mlrbd
I've started a new project: mautrixfs is a Matrix client as a FUSE filesystem. It's very WIP and currently only supports reading events by ID. I'm hoping to have something more useful in a week or two.
tulir later added:
for media uploads, I just realized that my asynchronous uploads MSC would make it significantly easier to implement. It could have a file you read to allocate a mxc uri and then you could simply write the data to the file corresponding to that mxc uri
Finnish computer culture paper magazine Skrolli published two articles spanning 5 pages about Matrix in latest edition. For non-subscribers the digital edition readable with mobile app is free for limited time. Read more (in Finnish) at https://skrolli.fi/
See you next week, and be sure to stop by #twim:matrix.org with your updates!
Hello people, it’s Synapse 1.7.0 time.
This release includes some long requested features, most notably the ability to automatically delete message data after a predefined period. For more details take a look at the config here ─ it should be pretty self explanatory.
Another significant change this release is to explicitly set room directories to be private by default. Previously it was possible to inadvertently configure the directory to be visible to arbitrary Matrix servers and the internet in general.
This means that for those admins who want their room directories to be publicly searchable (matrix.org for instance) they need to explicitly say so in the config. For more details see the upgrade notes and our blog post explaining the situation in greater detail.
We also have early support for ephemeral messages, as well as the ability to specify a reason when rejecting an invite (amongst other actions).
Aside from all of that, we want to let you know about some changes on the horizon. Currently Synapse runs Sqlite by default. This is great in that it gets new admins going quickly without needing to install and configure Postgres. The downside of using Sqlite is that it offers very poor performance, especially once a server tries to join the federation. In truth Sqlite is only really there to demonstrate the service, but for anything other than the most trivial cases it is essential to migrate to Postgres.
Over the past few months we’ve been working to improve the migration path to Postgres such that finally we feel confident to actively encourage admins to migrate. What’s more, in a future release we will forcibly prevent SQLite-backed servers federating unless the admin explicitly sets a config flag to show that they understand the trade-off they are making.
Overall we see these changes as something that will improve everyone’s experience of the matrix federation. We’ll talk more about this closer to the time, but please expect a change in the coming months and if you are running SQLite, consider this a nudge to get yourself migrated.
As always, you can get the new update here or any of the sources mentioned at https://github.com/matrix-org/synapse. Also, check out our Synapse installation guide page
The changelog since 1.6.1 follows:
This release changes the default settings so that only local authenticated users can query the server's room directory. See the upgrade notes for details.
Support for SQLite versions before 3.11 is now deprecated. A future release will refuse to start if used with an SQLite version before 3.11.
Administrators are reminded that SQLite should not be used for production instances. Instructions for migrating to Postgres are available here. A future release of synapse will, by default, disable federation for servers using SQLite.
No significant changes since 1.7.0rc2.
/admin/v2/usersendpoint with pagination. Contributed by Awesome Technologies Innovationslabor GmbH. (#5925)
/account/3pid/add, meaning the user's password will be required to add a third-party ID to their account. (#6119)
/_matrix/federation/unstable/net.atleastfornow/state/<context>API as drafted in MSC2314. (#6176)
events_afterfields in the response to
register_user()while using LDAP auth module. (#6406)
synapse_port_dbnot exiting with a 0 code if something went wrong during the port process. (#6470)
public_baseurlisn't set when necessary. (#6379)
/messagesin the future. (#6392)
I chatted to Kilian from the new Nio project about his progress on a new iOS client.
Yesterday we announced the availability of zipped hoodies! The resulting avalanche of orders was a shock for our local Post Office, who watched with surprise as I burst in, laden with packages like a mule.
Here's your news for what happened in spec-land last week!
- MSC2367: Add reason field to all membership events
- MSC2324: Facilitating early releases of software dependent on spec
MSCs in Final Comment Period
No MSCs are in FCP...
The spec core team is focused on implementing a bunch of MSCs so that we can make progress with the spec.
Neil told us:
This week we've mainly been tying up loose ends on the matrix.org data centre migration. Outside of that one interesting feature to land on develop is that of configurable message retention. It means that as an admin you can set a default period after which messages will be removed from the server (a year say), what’s more the default is configurable on a per room basis via state events. Note, this feature applies to messages only, not media (on its way!). Configurable message retention will be make it into the next versioned release.
After 2 long years, matrix-synapse-ldap3 has finally gained another release: v0.1.4. If you want to allow users to sign in to Synapse using their LDAP accounts, then this is the module for you.
Get the release notes here: https://github.com/matrix-org/matrix-synapse-ldap3/releases/tag/v0.1.4
Alexandre Franke offered:
4.2.2 got released! Get it now off Flathub.
Under the hood:
As if all that wasn't enough, how about this image of Fractal running on a Librem5, from Adrien Plazas:
Nheko just merged support for encrypted files in e2ee chats. This allows you to send and receive encrypted files and even play videos and other media in the new timeline. Those changes are still on the development branch, but will be included in the next release, which should be 0.7.0. If you want to try it out, you can get development builds here.
- Rewrite all Moshi json adapters with
kotlinxserializers, replace API interface declared using Retrofit with HTTP requests constructed using ktor. The majority of the changes needed to enable multiplatform support is now made.
Released v0.9.1 on Thursday! This version includes a new login flow and account creation flow. Read marker has been reworked, to simplify user experience on mobile. Also you can type and send user pills.
We are now working on room and user profiles, and matrix.to link handling. Verification in DM development is progressing well. Also we implemented a first version of breadcrumbs, to switch between recent rooms very quickly.
Riot-iOS 0.10.3 is on its way to Apple review. The release note is: This release includes bug fixes and improvements, like:
- Ask permission before opening a widget and the integration manager.
- Display room name, user name and user avatar in the Jitsi conference screen.
- Support Welsh and Italian languages.
let me share Messagerie: https://github.com/manuroe/messagerie, an iOS app and, maybe, in the future, a MacOS app.
Messagerie is a chat app written to test SwiftUI and Combine to make a real and, hopefully, useful app. Messagerie misses a lot of things but it has:
- Support of Matrix using SwiftMatrixSDK
- Multi-account (swipe the navigation bar to switch accounts)
- Dark mode and auto-sizing fonts (well, they come for free)
- 4 screens at the moment: a Matrix login screen, a room list, a room screen and a very early beginning of a SwiftUI text composer to post text message
This is a personal and a side project, but RiotX-iOS will probably take benefit from it.
Riot Web is largely focused on nudging cross-signing forward over the last week. Key verification and cross-signing setup continues to make progress. We've also fixed a few bugs and merged some accessibility improvements.
matrix-docker-ansible-deploy has been made more flexible in terms of how its services can be exposed to the web. Reverse-proxying using another local (in-machine or on-the-network) webserver should be easier. SSL-termination using Traefik is now also a possibility, although we're yet to confirm it as a success and document exactly how to do it. Read more in the CHANGELOG.
msc_resolver2 is back and now isn't annoying with all new features like:
- actually showing you the MSC title when it links it
- not posting the same links multiple times
- not posting a link when you've already linked the msc in the original message
- ignoring edits
- ignoring content of replies
rejoice! Code is https://github.com/anoadragon453/msc-chatbot
It would be cool to be able to share location in Matrix rooms. This bot by cos solves the egg part in chicken and egg problem of having no clients able to send or receive location messages. Next we need a mobile client that can send location updates. Which one will be the first? https://github.com/vranki/malobot/
See you next week, and be sure to stop by #twim:matrix.org with your updates!
Matrix merch is some of the most sought-after apparel and adhesive labeling available in the world today. We supply discerning customers with t-shirts, hoodies and stickers which remind them which decentralised, federated, end-to-end encrypted communications protocol is the best choice.
This is all very well, but we wondered whether it would be possible to have a warm, hooded garment which promotes the wearers preference of chat system, and also has a zip on the front.
Today, we’re proud to announce a breakthrough in this area: Matrix Zipped Hoodies are available now from shop.matrix.org!
Here's what happened in spec land this week:
- MSC 1756: cross-signing devices using a master identity key
- MSC 2313: Moderation policies as rooms (ban lists)
Final Comment Period:
- MSC 2324: Facilitating early releases of software dependent on spec
- MSC 2367: Add reason field to all membership events
This week we put out Synapse 1.6.0, and 1.6.1 checkout all the juicy details in the blog post. Aside from that message retention and ephemeral message support continues and we expect the latter to merge early next week.
The next big thing we’ll be looking at is sharding out the Synapse master process so that instances running in worker mode can make full use of the CPU power available. This will make a big difference to matrix.org.
Several packaging projects have been updated to deploy the new version
Additionally, from JCG:
Synapse 1.6.1 has been packaged for VoidLinux, FreeBSD and Alpine Linux, with NixOS waiting to have the PR updating it to 1.6.1 merged. Synapse 1.6.0 has been packaged for Debian Unstable and Ubuntu 20.04.
The container image with the updated LDAP auth provider over at https://gitlab.com/famedly/container/synapse-ldap/container_registry has been updated to 1.6.0 too.
Timothée has been working on a university project to integrate the Yggdrasil library into the CoAP proxy, which allows Matrix homeservers to federate over a pure Yggdrasil connection instead of using IP. The Yggdrasil portion gives full reachability and traffic forwarding between nodes in the mesh even in complicated topologies, and end-to-end encryption as an additional benefit
As a reminder,
Yggdrasil is a proof-of-concept mesh network that is designed to avoid the scaling issues that we've seen in the past with existing mesh systems. It uses a spanning tree-based topology and aims to make all nodes in the mesh fully routable, even at massive scale
New Vector (the startup which the original Matrix team founded in order to hire folks to work on Matrix as their day job) are currently hiring people so if you ever wanted to work on Matrix full time get in touch.
We are remote friendly though find it easier to hire people in some territories than others, so if you have any questions just ask.
On top of this, Neil Alexander, creator of Seaglass and maintainer of Yggdrasil, will be joining New Vector. He said:
I shall most likely be working with the backend team on Synapse/Dendrite and I think there's a couple of other things like the coap-proxy too
I made two pull requests to Sorunome's mx-puppet-bridge projects:
My fellow comrades, today we have released 0.14.0-rc1 of the IRC bridge. The changes are massive and vast, and frankly it probably could have been done in 2 or 3 releases. At any rate, this release contains support for PostgreSQL Datastores and Sentry monitoring, amongst other small quality of life changes. The bridge has also had a total refactor using Typescript, and it's a little bit nicer to look at now.
Annie told us:
- Ditto is now redesigned with a fresh new look!
- Login, send / receive messages, logout
- On Deck:
- Notifications, writing a new message (in that order)
Come chat about UX and things you'd like to see in Ditto!
Matrix room: #ditto:elequin.io
I spent the last few days building my Matrix client Nio 😄 Apple just approved a very early first alpha for TestFlight distribution. It really doesn't do a lot aside from account authentication and displaying recent chats and messages. It is able to handle e2e encryption, but unfortunately doesn't persist the encryption keys right now (meaning it loses them and re-requests them from other clients on being restarted). It's built on SwiftUI and runs on iOS (iPhone and iPad). The app will likely not run as-is on macOS in the future, but I'd love to also build a separate version of Nio for macOS once the iOS app is functional.
Note that this is not connected to the existing Matrix project, matrix-nio.
koma, Kotlin library:
Continuum, desktop client based on koma, version 0.9.31:
- Implement minimal XML parsing without adding additional dependencies to extract user ID and name from
formatted_bodyused by Riot
- Display mentioned users with highlight and avatar.
- Continued work on setting up cross-signing and secret storage keys in labs
- Device verification is moving to the user info panel and happening via DMs also in labs
- Fixes for system theme and read receipts
- Improved signing for Windows builds
- Converting tests towards native promises
We have a new bottom sheet that we are going to use a lot in the coming designs. We used it in the widget permission screen. Meanwhile we are working on user verification by DM
We made a release this week with all the work around privacy for the use of an Integration Manager and widgets.
All flows for registration and login are now supported. Please test them on your specific homeserver configuration in case we miss something. We are also working on user verification by DM.
mvgorcum/docker-matrix:v1.6.1 is now on docker-hub
matrix-docker-ansible-deploy has switched from the bubuntux/riot-web Docker image to the official vectorim/riot-web image. There should be no visible changes for users. We're just hoping for faster releases by keeping closer to upstream.
See you next week, and be sure to stop by #twim:matrix.org with your updates!
Synapse 1.6.0 has landed and is here to brighten your day!
1.6.0's most notable feature is that of label based filtering. It allows for messages to be tagged with a given label so that clients can filter on the label, this means that clients can subscribe to specific topics in a room, such as #lunch.
Completely separately, from here on in new rooms will be version 5 by default, all this means in practice is that servers will respect server signing key validity periods. This won't make a lot of difference in day to day operation, but it is an important security consideration and we now have sufficient penetration across the federation to make version 5 the default.
Aside from that there are a bunch of bug fixes and improvements, including fixing a bug that in some cases prevented messages being decrypted shortly after a restart (#6363) and generally improving the room upgrade experience (#6232, #6235).
The changelog since 1.5.1 follows:
/messages(MSC2326). (#6301, #6310, #6340)
gitis not installed. (#6284)
/purge_roomadmin API. (#6307)
hiddenfield in the
devicestable for SQLite versions prior to 3.23.0. (#6313)
rc_loginratelimiting would prematurely kick in. (#6335)
to_devicestream ID getting reset every time Synapse restarts, which had the potential to cause unable to decrypt errors. (#6363)
site keyrespectively. Contributed by Yash Jipkate. (#6257)
INSTALL.mdEmail section to talk about
account_threepid_delegatesconfiguration option. (#6273)
synapse_port_dbscript. (#6140, #6276)
persist_eventsout from main data store. (#6240, #6300)
logger.warningas the former is deprecated. (#6271, #6314)
federation_server.pyto async/await. (#6279)
lint.shfor code style enforcement & extend it to run on specified paths only. (#6312)
resourcemodule. (#6318, #6336)