This Week in Matrix 2021-07-16

2021-07-16 — This Week in Matrix — Ben Parsons

Matrix Live 🎙

Dept of Spec 📜

Spec

anoa announced:

Here's your weekly spec update! The heart of Matrix is the specification - and this is modified by Matrix Spec Change (MSC) proposals. Learn more about how the process works at https://spec.matrix.org/unstable/proposals.

MSC Status

New MSCs:

MSCs with proposed Final Comment Period:

MSCs in Final Comment Period:

  • No MSCs are in FCP.

Closed MSCs:

Spec Updates

Several members of the Spec Core Team reviewed MSC2674 (Event relationships) this week in order to help push along the efforts to finally ship aggregations in the spec. Otherwise MSC3245 (voice messages via extensible events) is moving along with final comment period proposed this week. The implementation in Element Web in reportedly working well, helping to prove the spec in practice. And finally, MSC3277 (scheduled messages) which appeared over the weekend to try and allow for scheduling events to send later in Matrix (and all the fun edge cases that come with it).

Thanks to everyone who submitted, read and reviewed MSCs this week. It takes people to move this stuff forward!

2021-07-16-9h_yU-stacked_area_chart.png

Dept of GSoC 🎓️

Google Summer of Code 2021: first evaluations complete!

We heard from Callum last week, and will have more reports in future, but for now just know that all seven GSoC projects are progressing well. To remind yourself ot this year's projects, see the list provided by Google or our welcome blog post.

Alexandre Franke added:

I reckon you can count the two Fractal interns as well. :)

Reckon you're right pardner! We'll look forward to a roundup of the work done for Fractal too.

Dept of Servers 🏢

Dendrite / gomatrixserverlib

Dendrite is a next-generation homeserver written in Go

Neil Alexander told us:

In case you missed it, we released Dendrite 0.4.0 on Monday and wrote a blog post about it! It's taken us a little while to get to this release, but it includes a number of quality-of-life improvements and changes that will significantly reduce the amount of resources needed to run a Dendrite server. The full changelog is available on GitHub and many juicy details in the aforementioned blog post, but at a high level this release includes:

  • All-new state storage, designed to reduce the amount of disk space that the roomserver takes up to store room state by aggressively deduplicating state blocks and snapshots

  • Improved appservice support, with a number of bridges now working with Dendrite

  • Shared secret registration (using the same API shape as Synapse)

  • Optimisations in the federation API /send and /get_missing_events endpoints to reduce memory usage

  • Improved state resolution v2 performance when dealing with power level events

  • Per-room queuing to reduce head-of-line blocking on the roomserver input API

  • Lots of bug fixes around invites, registration, sync and media, and 5 panics fixed

Since the release, we've been working on:

  • Completing key notary support

  • Fixing state_default for power levels in gomatrixserverlib

  • Resolving some issues around rejecting invites, particularly when the remote server is not available

  • Reducing the cost of checking if the local server is in a given room

Since our last update, our Sytest compliance numbers have been on the rise again, taking us ever closer to our goals:

  • Client-server APIs: 61%, up from 60% last time

  • Server-server APIs: 92%, up from 80% last time

  • Appservice APIs: 52%

As always, please feel free to join us in #dendrite:matrix.org for general Dendrite chat, and #dendrite-dev:matrix.org if you are interested in contributing!

Synapse

callahad told us:

The big news of the week is the release of Synapse 1.38, which converts several integer columns to bigint, allowing Synapse to process more than 2 billion (231) events. Which, incidentally, matrix.org did last week 📈:

2021-07-16-N2mUM-synapse-event-bigint.png

But that's not the only thing new in Synapse 1.38. We also landed the ability to set an expiry time on cache entries, allowing you to reclaim memory from infrequently accessed caches. Configuring this to "1h" on matrix.org has already yielded a noticeable reduction in overall memory use 📉:

2021-07-16-3j8uF-synapse-1.38-cache-expiry.png

We'd encourage you to read the full announcement for more — See you next week 👋!

Registration management for Token Authenticated Registration

callum told us:

Another short update about my GSoC project, this time about the Synapse admin API for managing tokens. https://calcuode.com/matrix-gsoc/2021-07-16_admin-api.html

See also Matrix Live with Callum last week.

Homeserver Deployment 📥️

Kubernetes

Ananace said:

This week too brings updates to my Helm Charts, with Synapse having been updated to 1.38.0.

Dept of Bridges 🌉

matrix-puppeteer-line

Fair said:

A bridge for LINE Messenger based on running LINE's Chrome extension in Puppeteer.

Docker is now supported, via Dockerfiles that actually work now! But for the time being, Docker images must be built manually, as I am yet to deploy a Docker registry for prebuilt images.

Also, sample systemd service unit configuration files are now available, courtesy of @lecris:lecris.me 🙂

For more info on all of this, see SETUP.md.

What I'm working on next is a bot command to list all of your LINE contacts & groups (similar to mautrix-whatsapp's list <contacts|groups>), and the ability to sync a LINE DM by inviting a contact to a Matrix DM. This will allow messaging LINE contacts that the bridge didn't yet create a portal for.

And please, feel free to try out this bridge! It should be serviceable for day-to-day usage now. I still won't be able to host a public instance of it for a while, though (as it is fairly hefty due to having to run Chrome), so you'll have to self-host if you want to try it.

Discussion: #matrix-puppeteer-line:miscworks.net

Issue page: https://src.miscworks.net/fair/matrix-puppeteer-line/issues

Dept of Clients 📱

Nheko

Nheko is a desktop client using Qt and C++17. It supports E2EE and intends to be full featured and nice to look at

Nico (@deepbluev7:neko.dev) told us:

This week we fixed bugs. Switching room should now be quite a bit faster again and once Qt 6.3 is released with some important bugfixes, scrolling in Nheko should be super smooth. (We can't enable that flag yet, because of 3 bugs in the item pooling code in Qt.)

Other bugfixes:

  • Inline images sometimes wouldn't show, but now inline emotes and images should render once they are loaded! (This took me a year to figure out)

  • You can now send edits in encryted rooms again, if they are a reply to an event.

  • No more reply fallback in the room list.

  • At some point timed out verification requests started showing up on startup. That regression is fixed now.

  • Fix rooms not showing up after login because we were off by one.

  • Fix some cases where the loading spinner wouldn't stop animating and as such consistently use CPU, when a room is open.

  • Cache db transactions to reduce allocations and memory zeroing when loading a room or scrolling.

  • Fix some edge cases in the blurhash decoding, that could lead to brownish image previews.

  • Fix accepting an invite not placing you in the joined room.

Element Clients

With updates supplied by the teams

Delight team

  • We’ve been shepherding through MSCs to improve private spaces, namely MSC3083 (Restricting room membership based on space membership)
  • Meanwhile, we’re also implementing outstanding polish, planning steps for Spaces to exit beta

Web

  • v1.7.33-rc.1 now up for testing on https://staging.element.io/ with support for blurhash, draggable picture-in-picture view for calls
  • Contributing to element web? There are new labels and magic keywords for pull requests to show better information in the changelogs. See the contributor guide for more detail.
  • Do you use the master branch of element web or any of the web projects? Please let us know - it may go away soon.

Android

  • Still polishing the voice message feature: add support for Android 5, improve timeline rendering, improve animation in the composer, support for RTL language
  • Work on the account notification settings

Hydrogen

A minimal Matrix chat client, focused on performance, offline functionality, and broad browser support. https://github.com/vector-im/hydrogen-web/

Bruno said:

Still working on getting a big update out today with rendering of formatted messages and a brand new member list in the right panel!

Dept of SDKs and Frameworks 🧰

PyQuotient

Aksem told us:

First news about Python bindings for libQuotient, C++ Qt-based Matrix SDK

After a month of hard work, we(I as GSoC student and kitsune as mentor) have bindings with tests for almost all core classes and also initial version of the demo client, in which you can log in with a password or SSO, the server you enter is resolved automatically and also after successful login data is being synchronized. There is also a possibility to log out. So this part is on the same level as in Quotient.

Also, a small video with the client in action.

Dept of Events and Talks 🗣️

Hack'n'Sun, the partially-Matrix-based summer tinkering camp

Nik offered:

Over the first weeks of July, Teckids e.V. held their annual summer camp for kids between 9 and 15 years. This year, after we started introducing Matrix and Element as a chat platform from September 2020 onwards, the camp was heavily relying on the platform for various parts.

Before the camp started, we invited all 90 participants to a chat room to get together, share a bit about what they expect, already did with coding and technical stuff, talk about what food they'd like to have for the barbecue, and stuff like that. Many of them engaged in the discussion, and started exploring Element (before you ask, yes, we hat a lot of snow and party poppers 😛!). Some got really excited that they could even change or add features to Element, or ask for such changes – we had to promise to hold a session where we find out how to add one new animation to Element. Unfortunately, Element is developed on GitHub, so the potential young contributors are locked out by the exclusive Terms of Use there. We are trying to reach out to Element HQ to find a solution.

During the camp, verifying crypto sessions using emojis again made for a good party game to get to know each other (like, find the kid a nickname belongs to on the camp site, start verificaiton, and compare emojis – a lot of fun that we, again, did not even have to start, because someone always finds out about it and asks what it is about).

Now that everyone got to know Matrix for chatting, in one of our workshops, the participants discovered that not only people, but also devices can send messages, and react to replies – in that workshop, the kids built a chat-ops IoT door beel (for their tent on site, or room at home). They soldered a circuit board to fit an ESP (MicroPython) micro controller on, and coded a small program (using templates with differing complexity levels), defining what the door bell should send when a button is pressed, on what messages to react, and the like. We produced a fun video about the project (German audio, English subtitles): https://eduvid.org/videos/watch/20a50c25-ecb4-48c0-9b13-de2548f290d4?subtitle=en . The (minimal and somewhat buggy) MicroPython client library is published as µtrix.

Now, sadly, the event is over, and we slowly see (as expected, only a part of the) participants moving over to our long-term project chatrooms; we will start clearing the virtual camp site chatroom during the weekend to make room for a new group.

Asked about the regularity of these events, Nik replied:

We are still experimenting with our new camp formats. As bad as it all is, COVID caused a lot of innovation here because we were forced to leave the known roads we normally travelled, and now we are starting to integrate all that new stuff (like really embracing Matrix) into outdoor and presence events. I think we are on a really good way with it, and surely I will keep posting updates that might be of interest for the greater community.

Dept of Interesting Projects 🛰️

Cactus Comments 🌵

carl announced:

Cactus Comments is a federated comment system for the open web built on Matrix.

This week, I'm reporting the changes to our backend service since it last appeared on

  • Feature: Restrict which users can interact with cactusbot (contributed by Karmanyaah Malhotra in MR !3).

  • Feature: Include comment section id in room name.

  • Bugfix: Malformed events no longer cause a crash loop.

  • Bugfix: Users can no longer register a site without a name.

  • Hotfix: Mitigated timeouts under heavy load with a temporary LRU cache.

  • Internal: Pin sub-dependencies.

  • Internal: Heavy linting in CI.

All these changes are available from version 0.5.0.

Demo: https://cactus.chat/demo

Matrix room: #cactus:cactus.chat

Introductory blog post: https://cactus.chat/blog/hello-cactus-comments/

Source code: https://gitlab.com/cactus-comments

Dept of Guides 🧭

New business-oriented guide to using Matrix and Element

The Reidel Law Firm from Galveston, Texas have produced an excellent business-oriented guide to using Matrix and Element. As they announced in a blog post last month:

Reidel Law Firm remains committed to providing top notch legal services in Franchise Law, International Trade Law, and Business Law while maintaining accessibility, (one of our Firm’s core values) to our clients, colleagues, and friends of the firm. Utilizing our own secured chat platform allows us to be in communication with our clients around the world while maintaining the utmost in data security and client privacy.

Schuyler "Rocky" Reidel added:

I believe in Matrix+Element and encourage my clients and law firms to get ahead of the curve or get left behind and become irrelevant. Email has to die, its just the worst. Also, I forgot to note earlier that the guide is copyright free. I hope other business owners will use and revise it for their own uses.

Strong words! You can find the guide from Reidel on their website.

Final Thoughts 💭

Room of the week

timokoesters told us:

Hi everyone! Did you ever feel lost in the Matrix world? The room directory is big, but it's still hard to find something you like. Or are you a room moderator, but there is not much activity in your room because it doesn't have enough users?

This is why I want to share rooms (or spaces) I find interesting.


This week's room is: #formula1:matrix.org

"The pinnacle of motorsport! We're in an exciting time in Formula 1 with a close championship and exciting battles. Come hang out and chat about the upcoming race in Silverstone on July 18th!"


If you want to suggest a room for this section, tell me in #roomoftheweek:fachschaften.org

Dept of Ping 🏓

Here we reveal, rank, and applaud the homeservers with the lowest ping, as measured by pingbot, a maubot that you can host on your own server.

#ping:maunium.net

Join #ping:maunium.net to experience the fun live, and to find out how to add YOUR server to the game.

RankHostnameMedian MS
1envs.net517
2kif.rocks552
3maunium.net652
4synapse.clippyco.com677.5
5maescool.be697
6utzutzutz.net788
7kapsi.fi789
8liberta.casa831.5
9trolla.us855
10nordgedanken.dev1106

#ping-no-synapse:maunium.net

Join #ping-no-synapse:maunium.net to experience the fun live, and to find out how to add YOUR server to the game.

RankHostnameMedian MS
1dendrite.nordgedanken.dev89
2construct.supercable.onl197
3pc.koesters.xyz:6167217.5
4conduit.rs566
5dendrite.neilalexander.dev729
6dendrite.s3cr3t.me856
7dendrite01.fiksel.info872.5

That's all I know 🏁

See you next week, and be sure to stop by #twim:matrix.org with your updates!

Synapse 1.38.0 released

2021-07-13 — Releases — Dan Callahan

Synapse 1.38.0 is out now!

NOTE: We released Synapse 1.38.1 on Thursday, July 22nd. It mitigates a client bug with Synapse 1.38.0's smaller sync responses which prevented new Element Android sessions from successfully participating in encrypted conversations. Server administrators are strongly encouraged to upgrade.

(Big) Integers

Synapse's database schema used integer columns in a few places where values could potentially overflow a maximum value of 231. One such column is events.stream_ordering, which surpassed 231 on matrix.org last week.

To prevent overflows, Synapse 1.38 will automatically convert several integer columns to bigint as a background update. While homeservers will function normally during this task, it could result in increased disk I/O for several hours or days. Note that homeservers may need several gigabytes of free space to successfully rebuild associated database indexes and complete the upgrade.

See the upgrade notes for more details.

Expiring Caches

Synapse has a new configuration option, caches.expiry_time, which can be set to enable evicting items from caches if they go too long without being accessed. This helps servers reclaim memory used by large yet infrequently used caches.

Smaller Sync Responses

The response to /sync now omits optional keys when they would otherwise be empty. This can significantly reduce the size of incremental syncs, as demonstrated in #6579. Thanks to deepbluev7 for initially submitting this in #9919, which made it into this release via #10214.

Everything Else

A few other items worth calling out:

  • This release includes an experimental implementation of MSC2918: Refresh tokens, which adds initial support for complementary access / refresh tokens in line with OAuth best practices (#9450).
  • Synapse now ships a script to review recently registered accounts, which can be useful in cleaning up servers in the wake of malicious, automated registrations like we witnessed during last month's spam attack.
  • We've also fixed a few rough edges (#10263, #10303, #10336) in the spam mitigations from 1.37.1, and would encourage you to update.
  • The Admin API for querying user information now includes information about a user's SSO identities in its response.

These are just the highlights; please see the Upgrade Notes and Release Notes for a complete list of changes in this release.

Synapse is a Free and Open Source Software project, and we'd like to extend our thanks to everyone who contributed to this release, including deepbluev7, dklimpel, fkr, and sideshowbarker

Dendrite 0.4.0 Released

2021-07-12 — Releases — Neil Alexander

After quite a significant gap between releases — version 0.3.11 was released at the beginning of March — we're happy to finally announce the release of Dendrite 0.4.0 today!

The full changelog for the release is available on GitHub, but we wanted to take the opportunity to talk a little about some of the changes that have gone into this release.

Recently our release cadence for Dendrite has slowed as we have spent more time within the team working on Pinecone and Low Bandwidth Matrix. These are major areas of research for us which we hope will unlock a number of new opportunities within the Matrix ecosystem, allowing us to build on Matrix anywhere and to reduce the protocol-level footprint. However, Dendrite has not been forgotten amidst the excitement and we will be spending more time working on Dendrite again in the coming months.

State storage

One of the major features in v0.4.0 is that we've introduced newly-refactored state storage in the roomserver database. The goal here is to make state storage significantly more efficient by ensuring that we deduplicate state blocks and snapshots wherever we can. By ensuring that all state blocks and snapshots are ordered strictly, and by enforcing uniqueness constraints on the hashes of the blocks/snapshots, we've been able to achieve this.

This was largely spurred on by watching dendrite.matrix.org consuming a rather alarming amount of disk space on a daily basis. In this particular instance, moving to the new state storage resulted in a 15x improvement on disk utilisation for state blocks and a further 2x improvement for state snapshot references immediately after the migration, and the growth rate of the database has slowed substantially since.

Ensuring that we don't waste disk space is one of the most important factors in ensuring that Dendrite operates well at any scale — future datacentre deployments supporting many users will find storage overheads decreased and small/embedded single-user deployments (such as P2P, on mobile devices or in the browser) will fit much more effectively onto resource-constrained targets.

After upgrading to v0.4.0, Dendrite will run an automatic migration to update your homeserver to the new state storage format. This might take a while on larger databases so please expect some downtime.

Optimisations

We've continued to squeeze further optimisations into the federation and state resolution code, aiming to reduce the amount of CPU burn and memory utilisation. Some of the feedback that we receive most often from those that have been experimenting with the Dendrite betas is around the sudden spikes in resource usage, especially when joined to large rooms.

The bulk of this resource usage comes either from attempting to reconcile missing events or running state resolution in rooms with lots of members, as potentially large state sets of events need to be brought into memory in order to do so. We've introduced some transaction-level caches for dealing with missing auth/prev events to reduce the memory pressure and we've also tweaked the caching around around /get_missing_events to ensure we don't duplicate any state events in memory.

Resource spikes aren't completely eliminated but this should smooth out CPU and memory utilisation significantly. In the case of dendrite.matrix.org, which is joined to some 6500 rooms at present, memory utilisation of the Dendrite process typically sits around 1.5GB at present.

State Resolution v2 has also seen further optimisations in the power-level checking, which should reduce CPU usage even more.

Bridges

Thanks to Half-Shot's perseverence and contributions, we've merged a couple PRs and worked on some further fixes for getting Application Services working correctly in Dendrite. Whilst not entirely feature-complete and with a number of features still to go, enough support is now present to support basic bridging functionality.

We've done quite a bit of preliminary testing with matrix-appservice-irc and have also heard a number of success stories from the community with mautrix-whatsapp and mautrix-telegram. Others may work too — let us know what you find!

Bug-hunting

A number of bugs in various places (including the roomserver, federation API and media API) which could cause Dendrite to crash have also been fixed. Some of these have been contributed by the community in pull requests, so we extend our thanks to anyone who has submitted a fix to the project.

A special mention also goes to Jakob Varmose Bentzen for reporting a security issue to us around the legacy /v1/register endpoint, where a flaw in the legacy shared secret registration allowed malicious users to create accounts. We've since removed this legacy endpoint and the vulnerability is now fixed.

What's next

There are still a number of missing user-facing features which we will be working on over the coming months, as well as some architectural issues that we will look to address.

A notable area of work involves attempting to remove the dependency on Kafka for polylith deployments. Kafka is very resource-heavy in operation and somewhat limits us to the types of interactions that we can perform between components. It's also very difficult to manage retention correctly, in the interests of not endlessly consuming disk space here either.

As usual, Dendrite is still considered beta so you may not want to rely on it for production systems, although it should be stable enough to experiment with. If you find any bugs or anything that doesn't look right, please let us know:

We're also open to contributions, so don't be afraid to open pull requests. Finally, thanks for your continued support!

— Team Dendrite

This Week in Matrix 2021-07-09

2021-07-09 — This Week in Matrix — Ben Parsons

Matrix Live 🎙

Dept of Status of Matrix 🌡️

Ansible Community considers Matrix

Gwmngilfen offered:

I'm the Principal Data Scientist for the Ansible Community. We're hoping to switch to Matrix as our primary platform in the near future, and I've just written up my thoughts on why that's a good idea, what the consequences might be, and where we go from here. Find it at https://ansible.github.io/community/posts/matrix_and_ansible.html

Dept of Spec 📜

Spec

anoa told us:

Here's your weekly spec update! The heart of Matrix is the specification - and this is modified by Matrix Spec Change (MSC) proposals. Learn more about how the process works at https://spec.matrix.org/unstable/proposals.

MSC Status

New MSCs:

MSCs with proposed Final Comment Period:

  • No MSCs entered proposed FCP state this week.

MSCs in Final Comment Period:

  • No MSCs are in FCP.

Merged MSCs:

  • No MSCs were merged this week.

Spec Updates

A concrete plan has been drafted for publishing the new spec release, and is currently undergoing execution. This release will include many changes that have built up since the last release (back before the new spec redesign even), as well as the new Matrix Global Version Number scheme. Look forward to it dropping soon!

Otherwise Bruno has been hard at work continuing to push forward the various aggregation MSCs (1 2 3 4). MSC3083 (restricted room memberships) is being updated as part of finalising the new Spaces feature as well as MSC2716 (history import).

As well as lots of new MSCs as listed above. Busy times!

2021-07-09-ADEDa-stacked_area_chart.png

Dept of Servers 🏢

Conduit

Conduit is a Matrix homeserver written in Rust https://conduit.rs

timokoesters said:

The last two weeks I worked on a few very big optimizations. We also almost finished sqlite support for Conduit, which is slower than sled in benchmarks, but has much better RAM usage characteristics.

  • Batch up and cache /sync responses for when clients time out

  • LRU cache for deserialized PDUs

  • More efficient state res by only fetching events it needs

Dendrite / gomatrixserverlib

Neil Alexander said:

Rumours of Dendrite's demise have been greatly exaggerated. Stay tuned for more updates very soon.

We will stay highly tuned!

Synapse

Synapse is a popular homeserver written in Python.

callahad offered:

Big(int) news! This week Matrix.org processed its 2^31st event, exceeding the range of a PostgreSQL integer column for the first time. This caused a bit of a scramble in the aftermath of last week's spam attack, as we had a few integer columns in our schema which we needed to convert to bigint. Fortunately, we were able to complete the change sufficiently in advance (#8255), and also took the opportunity to audit other columns and sequences in the database which could conceivably overflow. Synapse 1.38, due out next week, will automatically migrate homeservers when they upgrade. We run the migration as a background task, so homeservers should continue functioning as normal throughout, though they may use a bit more disk and memory, especially when rebuilding indexes for the new bigint column.

We're also starting to hone in on our team's goals for this quarter, and it's looking like our primary focus will be on improving room join speeds. Wish us luck!

Lastly, we're overjoyed to announce that @reivilibre, a former intern on the backend team, joined Element this week! We can't wait to see where he helps us take Synapse!

Homeserver Deployment 📥️

Kubernetes

Ananace said:

This week too gets a Helm Chart update, with element-web having been updated to 1.7.32

Dept of Bridges 🌉

matrix-puppeteer-line progresses

Fair reported:

matrix-puppeteer-line: A bridge for LINE Messenger based on running LINE's Chrome extension in Puppeteer.

This week was spent on adding proper support for LINE user joins/leaves (though invites/kicks are still a TODO), bug fixes, and ease of deployment. Docker and systemd setups will be ready shortly.

And this bridge should soon be listed on https://matrix.org/bridges/, if it isn't already 🙂 Thanks madlittlemods (Eric Eastwood) for accepting the PR!

Discussion: #matrix-puppeteer-line:miscworks.net

Issue page: https://src.miscworks.net/fair/matrix-puppeteer-line/issues

Dept of Clients 📱

Element Clients

Updates provided by the teams!

Delight team

  • Spaces:
    • iOS development is progressing, some (dev) can see spaces in the left panel
    • Wrapping up work on new settings for restricted rooms, and UI to promote the feature to space admins
    • Maintenance and bug fixing.

VoIP

  • Improvements to in-call designs on Android
  • Dial pad improvements about to land on web

Web

  • Working on performance testing on large accounts to catch slowdowns and generally improve app performance
  • More under-the-hood TypeScript conversion
  • Message bubbles experiment almost ready to land!
  • Working on universal macOS builds for the desktop app

Android

  • Element Android 1.1.12 is now live on the PlayStore, will be available on F-Droid soon
  • We are polishing the voice message feature
  • Also we are progressing well on the RustSDK integration

SchildiChat

SpiritCroc reported:

SchildiChat is a fork of Element that focuses on UI changes such as message bubbles and a unified chat list for both direct messages and groups, which is a more familiar approach to users of other popular instant messengers.

There are two announcements that we can share with you this week:

  • SchildiChat for Android is back in the Google Play Store! Users who have previously installed the release using our own F-Droid repo will be able to update without the need to re-install. All previous ways to install the app will remain available as well.

  • You can now help us translate SchildiChat using Weblate! Note that this only contains SchildiChat-specific translations, we continue to use Element's translations where possible.

Apart from that, we have mainly been focusing on smaller improvements and fixes, while staying up-to-date with new Element releases.

For more information about SchildiChat, feel free to visit our website or check out our source code!

Also, feel free to join our Matrix rooms, which you can find in the new SchildiChat space: #schildichat:matrix.org

Nheko

Nheko is a desktop client using Qt and C++17. It supports E2EE and intends to be full featured and nice to look at

Nico (@deepbluev7:neko.dev) told us:

Spaces work is making progress. Some rooms can now be previewed. To improve that situation, I wrote an MSC to preview specific rooms. Alternatively we will try to get the previews for the few rooms you aren't joined to from the space summary API, currently we are just fetching the exisiting state. You can also now join previewed rooms and the design of joining invites was adapted to match it.

red_sky☄️ went through the pain of fixing the Windows builds after we changed our http backend last week. So if you want to try it out, you can test it on Windows. We also replaced the old, boring spinner with an animated Nheko logo. If you see that a lot and think it is Nheko's fault, don't hesitate to open an issue! But in most cases it will probably be your server. Sadly no screenshot of how the spinner looks like, my server is too fast and taking a proper screenshot is too much effort because of that. ;p

We also fixed an issue with updating device lists in the develop version of Nheko. If you were using the nightlies, now is a good time to update! In more E2EE news, symmetric megolm backup fixes the issues I had with the online key backup, so looking forward to implementing that.

2021-07-09-dl7gn-clipboard.png

Dept of SDKs and Frameworks 🧰

Opsdroid 0.23

Cadair offered:

The latest release of opsdroid is out with various fixes which can be seen in the changelog. The main point to note for matrix users is that older versions of matrix-nio (the matrix client library used by opsdroid) did not support the synapse change to omit optional fields from sync. Therefore if you are using our docker images you will need to update to 0.23 to get a container with the newest matrix-nio included.

The other change which is relevant to matrix users is that Oleg has added support for version 2 of the Rasa NLU framework, so you can once again do open source, self hosted natural language bots.

Dept of Bots 🤖

home-assistant-bot release v2.0.1

Oleg announced:

This release adds a fix for compatibility with Synapse >= v1.38.0

This bot is based on opsdroid bot framework and aims to control actions in home-assistant via Matrix.

Feel free to come by at #home-assistant-bot:fiksel.info 😉

Dept of Interesting Projects 🛰️

Server_Stats Statistical Data

MTRNord offered:

Thanks to Gwmngilfen I touched RStudio and toyed a little with some data as well.

You can find some graphs over at https://github.com/MTRNord/server_stats_r_statistics/blob/main/scripts/rooms_members.md

For the first graph the credit fully goes to Gwmngilfen :)

The second one is in log scale for both axis but essentially the same :)

This is obviously currently very spare but I hope to add more statistics when I understand R lang :) This is in fact my first time doing something with R so my skillset is limited :)

Dept of Guides 🧭

Matrix Bot inside of a Docker Container

krazykirby99999 announced:

Run Matrix Python bots inside of Docker Containers with Simple-Matrix-Bot-Lib and Docker!

This is a guide for isolating and running your Matrix bot within a Docker container. It is also applicable to bots written using other libraries and languages.

https://simple-matrix-bot-lib.readthedocs.io/en/latest/usage-with-docker.html

New Public Rooms 🏟️

Room of the week

timokoesters told us:

Hi everyone! Did you ever feel lost in the Matrix world? The room directory is big, but it's still hard to find something you like. Or are you a room moderator, but there is not much activity in your room because it doesn't have enough users?

This is why I want to share rooms (or spaces) I find interesting.


This week's space is: #mathematics-on:matrix.org

Biggest room: #mathematicsq&a:matrix.org

"For questions about any part of maths!"


If you want to suggest a room for this section, tell me in #roomoftheweek:fachschaften.org

Final Thoughts 💭

Cadair offered:

In meta twim news, the twim updates bot (which posts in #twim_updates:cadair.com) has been upgraded to opsdroid 0.23 and now correctly keeps the formatted body when an event is edited.

Dept of Ping 🏓

Here we reveal, rank, and applaud the homeservers with the lowest ping, as measured by pingbot, a maubot that you can host on your own server.

#ping:maunium.net

Join #ping:maunium.net to experience the fun live, and to find out how to add YOUR server to the game.

RankHostnameMedian MS
1envs.net477
2kapsi.fi568.5
3trolla.us708.5
4matrix.debian.social735
5rollyourown.xyz747
6semisol.dev767
7boba.best771.5
8matrix.sp-codes.de784
9shortestpath.dev871.5
10nordgedanken.dev872

#ping-no-synapse:maunium.net

Join #ping-no-synapse:maunium.net to experience the fun live, and to find out how to add YOUR server to the game.

RankHostnameMedian MS
1dendrite.neilalexander.dev602.5
2dendrite.s3cr3t.me803.5
3dendrite01.fiksel.info831.5
4conduit.rs2172.5

That's all I know 🏁

See you next week, and be sure to stop by #twim:matrix.org with your updates!

This Week in Matrix 2021-07-02

2021-07-02 — This Week in Matrix — Ben Parsons

Matrix Live 🎙

Dept of Status of Matrix 🌡️

We missed it at the time, but wanted to share in TWIM. Terence Eden, noted UK technologist, shared a thorough, compelling argument for the UK Government to use Matrix as a foundation for the digital workplace.

This is a long read, but a detailed argument. Also please note that this is was produced for the purpose of an MSc course of study, it was not commissioned for any other purpose, as the preamble makes clear.

Next, a high billing for Beeper this week, who have been working hard and getting product out!

Beeper update

Tulir reported:

It's been a month since our last update. A lot of the work since then has been on making everything more reliable, but we've also added new features to our clients and started making some new bridges.

Desktop

  • Added thread UI for Slack-bridged rooms. Internally they're just replies like before, but the client will intelligently collapse replies in Slack rooms into threads.

  • Merged upstream Element additions like voice messages.

iOS

  • Released Beeper iOS to Testflight.

Android

  • Added grouping rooms by chat network based on the m.bridge state event. The UI is similar to spaces, but they're not actual Matrix spaces (yet).

  • Added support for Android 11's "conversation" notifications.

Bridges

  • Android Messages is turning out difficult to reverse-engineer to a sufficiently reliable level, so we're building a new SMS bridge into our Android app. It'll also be available as a standalone open-source app, which already exists at https://gitlab.com/beeper/android-sms (but doesn't have any setup instructions yet).

  • We've funded development of a LinkedIn bridge. sumner will post a more detailed update about that.

We're hiring React, iOS, Android and SRE/Devops engineers. If you're interested, check out https://angel.co/company/beeperhq or DM Eric Migicovsky.

2021-07-02-CS1WM-image.png

Dept of Spec 📜

MSC state changes:

Bruno has been working on aggregations as part of his work for Hydrogen. He reported:

I've been cleaning up the relations MSCs, finding a balance between documenting the current state and not losing track of community concerns. I've started with MSC 2674 which is the very basic format of relations, and will move on to annotations/reactions (MSC 2677) next week.

Spec progress graph

Dept of Servers 🏢

Synapse

Synapse is a popular homeserver written in Python.

callahad announced:

We're pleased to announce the release of Synapse 1.37.1 this week, which includes mitigations for the recent distributed spam attack across the public Matrix network. We advise upgrading as soon as possible.

Otherwise, Synapse 1.37 highlights include:

...and a bunch of smaller bug fixes and performance improvements.

Check out the blog post for more.

Homeserver Deployment 📥️

Kubernetes

Ananace offered:

Got another week of Helm Chart updates, with the Synapse chart getting a bunch of worker improvements and additional configurability, as well as being updated to first 1.37.0 and then 1.37.1

Dept of Bridges 🌉

LinkedIn <-> Matrix Bridge

sumner reported:

I'm excited to announce that I started working on a new bridge for bringing LinkedIn messages to Matrix! It's currently in the early stages of development and not production-ready. The current feature set includes: backfill from LinkedIn, user name and profile picture sync, message sending from Matrix -> LinkedIn, and real-time message puppetting from LinkedIn -> Matrix. There's much more to come, and you can join #linkedin-matrix:nevarro.space for updates. Development is being funded by Beeper, and is being designed with integration into Beeper as it's primary goal. However, the bridge is open source (Apache 2.0) and will be available to self-host. The source code is here: https://github.com/sumnerevans/linkedin-matrix.

Great work from Sumner! Glad to see people have the option to bridge their LinkedIn messages!

matrix-puppeteer-line update

Fair reported:

matrix-puppeteer-line: A bridge for LINE Messenger based on running LINE's Chrome extension in Puppeteer.

Better LINE->Matrix read receipt bridging is now supported in the testing branch! The bridge now checks all LINE chats (not just the most recently-used one) to see if messages you sent have been read (in LINE). This works by cycling through all LINE chats where the final message is posted by you and doesn't have a "Read" marker on it yet (or for multi-user chats, if your last message hasn't been read by everyone in the room).

With that, I'll consider the bridge to be in Early Beta! 🎉 I'm now testing the bridge for myself to iron out a few kinks, and am preparing a PR to the matrix.org webpage to have this listed on https://matrix.org/bridges/.

Discussion:

#matrix-puppeteer-line:miscworks.net Issue page: https://src.miscworks.net/fair/matrix-puppeteer-line/issues

Matrix Adapter for WebThings 0.4.0

Christian told us:

This addon for the WebThings gateway lets you send Matrix messages when your IoT fridge is empty – or whatever you have connected to your gateway.

The update fixes predefined messages getting sent to the default room and is the first to be tested against gateway version 1.0.0. https://gitlab.com/webthings/matrix-adapter or in the addon list of your WebThings gateway

Dept of Clients 📱

NeoChat

Carl Schwan announced:

This week, NeoChat gained support for a Global Menu on Plasma and macOS. Aside from that, we fixed a few crashes.

But the biggest news of the week is that we will get funding from NLNet to implement E2EE support in Quotient and NeoChat as part of their grants to improve the internet. We will report on our progress on that front here!

This is terrific news, big thanks to NLNet for making this choice!

FluffyChat

FluffyChat is the cutest cross-platform matrix client. It is available for Android, iOS, Web and Desktop.

krille said:

FluffyChat 0.33.0 has been released.

Just a more minor bugfixing release with some design changes in the settings, updated missing translations and for rebuilding the arm64 Linux Flatpak.

Features

  • redesigned settings

  • Updated translations - thanks to all translators

  • display progress bar in first sync

  • changed Linux window default size

  • update some dependencies

Fixes

  • Favicon on web

  • Database not storing files correctly

  • Linux builds for arm64

  • a lot of minor bugs

Nheko

Nheko is a desktop client using Qt and C++17. It supports E2EE and intends to be full featured and nice to look at

Nico (@deepbluev7:neko.dev) offered:

Hello World! I am here to bring you Nheko news!

We merged the Spaces branch, which means Nheko master can now show some spaces. Peeking unjoined rooms, nesting spaces and creating them should be coming soon. We are also looking into how to fit knocking into the UI (we already rendered incoming knocks in the timeline for a while).

You can also now edit still pending messages, which should help if your server is slow and you notice a typo. The edit will then get queued and be sent as soon as the server acknowledges they received the original message. Apart from that there have been some improvements to the readability of the room list and some other UI elements.

Last but not least, we switched out our entire http backend from Boost to Curl. For that I wrote a simple wrapper around Curl. This fixes about 10 issues around connection shutdown, brings proxy support, http/2 and http/3 support and in general makes Nheko crash less and reduces latency a LOT! This will obviously cause some pain for packagers, but I hope it isn't too bad. Some of the issues this fixes only had 2 digits in our bugtracker and one was even filed by benpa!

Have a nice weekend everyone! ♥

2021-07-02-0r-zH-clipboard.png

Fractal

Alexandre Franke told us:

Chris tweaked the UI in various places. It’s a lot of small details that together make for a smoother experience. I encourage you to read the details in the description of !782. This is the only MR that landed since last week, but our people have been hard at work nonetheless. Kai blogged about his journey working on the search bar of doom and Alejandro shared his own struggle. In the meantime, Julian’s work has mostly happened upstream in matrix-rust-sdk.

Element Clients

Updates sent by the teams

Delight team

  • Spaces:
    • Research: We’ve been reaching out to people to walk us through how they use Spaces now and what they’d like to see different to help us learn and iterate;
    • Restricted room access: Some good progress towards shipping improved team spaces

Web

  • v1.7.32-rc.1 is on https://staging.element.io/ in advance of release on Monday - please test!
  • Some major progress on conversion to TypeScript, finding some bugs along the way. The main source of the element-desktop project is now fully converted to TypeScript!
  • A styled player component for the audio messages feature, available in the labs section.

iOS

Android

  • We are actively implementing the highly expected voice message feature!
  • A release candidate v1.1.12 will be available during the week-end
  • We are focusing to fix some crashes, to improve the stability of the application

Vocie messages!

kazv

tusooa reported:

kazv is a matrix client based on libkazv.

Talk to us on #kazv:tusooa.xyz .

Updates

  1. @tusooa:tusooa.xyz fixed a thread-safety issue that caused crashes. https://lily.kazv.moe/kazv/kazv/-/merge_requests/6

  2. We now have a new developer @nannanko:tusooa.xyz . She implemented a login failure prompt for kazv. https://lily.kazv.moe/kazv/kazv/-/merge_requests/4

You can get the current AppImage build at https://lily.kazv.moe/kazv/kazv/-/jobs/611/artifacts/browse .

Dept of SDKs and Frameworks 🧰

matrix-bot-sdk v0.5.19

TravisR announced:

v0.5.19 of the matrix-bot-sdk is out now with fixed power level checking (with an added utility function), improved default error logging, and a typo fix in reply creation. Check it out, and visit #matrix-bot-sdk:t2bot.io for help & support.

Dept of Ops 🛠

Matrix Navigator 0.1.2

Christian told us:

It's an alpha-stage webapp for developers to replace curl for room state administration.

This week I added features for better member management, including kick, ban and unban. https://gitlab.com/jaller94/matrix-navigator

Dept of Services 🚀

GoMatrixHosting v0.5.1 🚀

Michael told us:

Exciting new update, we can now wireguard an on-premises server from just about anywhere and make it work with the AWX system. This is useful when your server doesn't have a static or public IP address, or when some other networking issue prevents you from running a Matrix service on it.

Follow of on GitLab: https://gitlab.com/GoMatrixHosting

Or come say hello on Matrix: #general:gomatrixhosting.com


* Add '00 - Create Wireguard Server' template for AWX admin to provision Wireguard servers that on-premises servers can use to connect.

* Subscription involved can view an additional '0 - {{ subscription_id }} - Provision Wireguard Server' template.
* Add /docs/Setup_Wireguard_Server.md guide.

* Add onboarding script for Windows 10 users.
* Raise maximum download size to 200MB.

Dept of Bots 🤖

Mjolnir

TravisR offered:

Mjolnir is a moderation bot for communities on Matrix. It helps with a lot of the actions covered by the moderation guide, including capabilities to apply bans from other trusted communities. It's still a bit terse in its documentation, but if you're looking for a featureful moderation bot then it's worth a go.

In related news, Mjolnir v0.1.18 is out with a couple quality of life fixes - if you've been bothered by the log spam, it's now fixed :)

Dept of Guides 🧭

Matrix Limits

Ryan said:

I started a tiny repo to collect various limits and related factoids about the Matrix specification and implementations. I hope that distilling and summarising such things at glance will make it easier to see what is and is not possible.

If you know of more that should be listed, please contribute! 🙂

Self hosting your own Matrix server on a Raspberry Pi

Peter Roberts announced:

@ed:selfhostingblog.com of theselfhostingblog.com has written a guide on getting started with Synapse on a Raspberry Pi using Docker Compose. You can read it here.

Public Rooms News 🏟️

Matrix Science Reading Group

Florian said:

Together with J. Ryan Stinnett, I created the 🔖 #matrix-science-reading-group:dsn.tm.kit.edu for exchange of and on scientific papers, books and related resources on all things Matrix: Topics ranging from peer-to-peer broadcast overlay networks over conflict-free replicated data types to end-to-end encryption. Investigating security, performance, deployability, or whatever else is interesting, by methods from observation over simulation to formal verification. 🎓️ Please join if you want to read about papers that might not be Matrix-related enough to make it into TWIM, or want to engage in the discussion. 😊 The resulting papers are collected at: https://github.com/jryans/awesome-matrix#research

German Element translation feedback

Libexus announced:

Hallo deutschsprachige Matrix-Community!

#element-uebersetzung-feedback:matrix.org ist ein Raum für Feedback zur deutschsprachigen Übersetzung aller Element-Clients.

Hast du einen Fehler gefunden, ist etwas unklar oder hast du ein Anliegen an uns? Dann schreibe es gerne hier hinein!

Jederzeit willkommen sind natürlich auch neue Übersetzerinnen und Übersetzer. Joint dazu einfach #element-translation-de:matrix.org, #element-translations:matrix.org und lest euch den Translation Guide durch.


Hello German-speaking Matrix community!

#element-uebersetzung-feedback:matrix.org is a room for feedback about the German translation of Element.

Have you found a mistake, is something unclear or do you have a suggestion? Please write it there!

Also, we are always happy about new translators (for all languages!). Just join #element-translations:matrix.org and have a look at the translation guide on how to get started!

Room of the week

timokoesters told us:

Hi everyone! Did you ever feel lost in the Matrix world? The room directory is big, but it's still hard to find something you like. Or are you a room moderator, but there is not much activity in your room because it doesn't have enough users?

This is why I want to share rooms (or spaces) I find interesting.


This week's room is: #fossmaintainers:matrix.org

"A public space for Free/Open Source Software maintainers to swap notes and discuss their craft. Inspired by https://github.com/github/maintainerweek, all maintainers welcome!"


If you want to suggest a room for this section, tell me in #roomoftheweek:fachschaften.org

Dept of Ping 🏓

Here we reveal, rank, and applaud the homeservers with the lowest ping, as measured by pingbot, a maubot that you can host on your own server.

#ping:maunium.net

Join #ping:maunium.net to experience the fun live, and to find out how to add YOUR server to the game.

RankHostnameMedian MS
1envs.net497
2fluse.duckdns.org653
3m.scd31.com802.5
4maescool.be803
5helderferreira.io828
6nevarro.space842
7tilde.fun842
8fslhome.org952
9fosil.eu987.5
10queersin.space1241

#ping-no-synapse:maunium.net

Join #ping-no-synapse:maunium.net to experience the fun live, and to find out how to add YOUR server to the game.

RankHostnameMedian MS
1dendrite.nordgedanken.dev246
2dendrite.neilalexander.dev578
3dendrite01.fiksel.info1459
4jloa.ovh1586

That's all I know 🏁

See you next week, and be sure to stop by #twim:matrix.org with your updates!

Security update: Synapse 1.37.1 released

2021-06-30 — Releases, Security — Matthew Hodgson

Hi all,

Over the last few days we've seen a distributed spam attack across the public Matrix network, where large numbers of spambots have been registered across servers with open registration and then used to flood abusive traffic into rooms such as Matrix HQ.

The spam itself has been handled by temporarily banning the abused servers. However, on Monday and Tuesday the volume of traffic triggered performance problems for the homeservers participating in targeted rooms (e.g. memory explosions, or very delayed federation). This was due to a combination of factors, but one of the most important ones was Synapse issue #9490: that one busy room could cause head-of-line blocking, starving your server from processing events in other rooms, causing all traffic to fall behind.

We're happy to say that Synapse 1.37.1 fixes this and we now process inbound federation traffic asynchronously, ensuring that one busy room won't impact others. First impressions are that this has significantly improved federation performance and end-to-end encryption stability — for instance, new E2EE keys from remote users for a given conversation should arrive immediately rather than being blocked behind other traffic.

Please upgrade to Synapse 1.37.1 as soon as possible, in order to increase resilience to any other traffic spikes.

Also, we highly recommend that you disable open registration or, if you keep it enabled, use SSO or require email validation to avoid abusive signups. Empirically adding a CAPTCHA is not enough. Otherwise you may find your server blocked all over the place if it is hosting spambots.

Finally, if your server has open registration, PLEASE check whether spambots have been registered on your server, and deactivate them. Once deactivated, you will need to contact [email protected] to request that blocks on your server are removed.

Your best bet for spotting and neutralising dormant spambots is to review signups on your homeserver over the past 3-5 days and deactivate suspicious users. We do not recommend relying solely on lists of suspicious IP addresses for this task, as the distributed nature of the attack means any such list is likely to be incomplete or include shared proxies which may also catch legitimate users.

To ease review, we're working on an auditing script in #10290; feedback on whether this is useful would be appreciated. Problematic accounts can then be dealt with using the Deactivate Account Admin API.

Meanwhile, over to Dan for the Synapse 1.37 release notes.

Synapse 1.37 Release Announcement

Synapse 1.37 is now available!

Note: The legacy APIs for Spam Checker extension modules are now considered deprecated and targeted for removal in August. Please see the module docs for information on updating.

This release also removes Synapse's built-in support for the obsolete ACMEv1 protocol for automatically obtaining TLS certificates. Server administrators should place Synapse behind a reverse proxy for TLS termination, or switch to a standalone ACMEv2 client like certbot.

Knock, knock?

After nearly 18 months and 129 commits, Synapse now includes support for MSC2403: Add "knock" feature and Room Version 7! This feature allows users to directly request admittance to private rooms, without having to track down an invitation out-of-band. One caveat: Though the server-side foundation is there, knocking is not yet implemented in clients.

A Unified Interface for Extension Modules

Third party modules can customize Synapse's behavior, implementing things like bespoke media storage providers or user event filters. However, Synapse previously lacked a unified means of enumerating and configuring third-party modules. That changes with Synapse 1.37, which introduces a new, generic interface for extensions.

This new interface consolidates configuration into one place, allowing for more flexibility and granularity by explicitly registering callbacks with specific hooks. You can learn more about the new module API in the docs linked above, or in Matrix Live S6E29, due out this Friday, July 2nd.

Safer Reauthentication

User-interactive authentication ("UIA") is required for potentially dangerous actions like removing devices or uploading cross-signing keys. However, Synapse can optionally be configured to provide a brief grace period such that users are not prompted to re-authenticate on actions taken shortly after logging in or otherwise authenticating.

This improves user experience, but also creates risks for clients which rely on UIA as a guard against actions like account deactivation. Synapse 1.37 protects users by exempting especially risky actions from the grace period. See #10184 for details.

Smaller Improvements

We've landed a number of smaller improvements which, together, make Synapse more responsive and reliable. We now:

  • More efficiently respond to key requests, preventing excessive load (#10221, #10144)
  • Render docs for each vX.Y Synapse release, starting with v1.37 (#10198)
  • Ensure that log entries from failures during early startup are not lost (#10191)
  • Have a notion of database schema "compatibility versions", allowing for more graceful upgrades and downgrades of Synapse (docs)

We've also resolved two bugs which could cause sync requests to immediately return with empty payloads (#8518), producing a tight loop of repeated network requests.

Everything Else

Lastly, we've merged an experimental implementation of MSC2716: Incrementally importing history into existing rooms (#9247) as part of Element's work to fully integrate Gitter into Matrix.

These are just the highlights; please see the Upgrade Information and Release Notes for a complete list of changes in this release.

Synapse is a Free and Open Source Software project, and we'd like to extend our thanks to everyone who contributed to this release, including aaronraimist, Bubu, dklimpel, jkanefendt, lukaslihotzki, mikure, and Sorunome,

PreviousPage 1
NextPage 3