matrix.org/content/blog/2023/03/2023-03-03-this-week-in-mat...

286 lines
19 KiB
Markdown
Raw Permalink Blame History

This file contains ambiguous Unicode characters

This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

+++
title = "This Week in Matrix 2023-03-03"
path = "/blog/2023/03/03/this-week-in-matrix-2023-03-03"
[taxonomies]
author = ["Thib"]
category = ["This Week in Matrix"]
+++
## Matrix Live
{{ youtube_player(video_id="YB0vBc81DvI") }}
## Dept of Spec 📜
[Andrew Morgan (anoa)](https://matrix.to/#/@andrewm:element.io) announces
> Here's your weekly spec update! The heart of Matrix is the specification - and this is modified by Matrix Spec Change (MSC) proposals. Learn more about how the process works at https://spec.matrix.org/proposals.
>
> ## MSC Status
>
> **New MSCs:**
>
> * [MSC3973: Search users in the user directory with the Widget API](https://github.com/matrix-org/matrix-spec-proposals/pull/3973)
> * [MSC3972: Lexicographical strings as an ordering mechanism](https://github.com/matrix-org/matrix-spec-proposals/pull/3972)
> * [MSC3971: Sharing image packs](https://github.com/matrix-org/matrix-spec-proposals/pull/3971)
>
> **MSCs in Final Comment Period:**
>
> * [MSC3966: `event_property_contains` push rule condition](https://github.com/matrix-org/matrix-spec-proposals/pull/3966) (merge)
> * [MSC3873: event\_match dotted keys](https://github.com/matrix-org/matrix-spec-proposals/pull/3873) (merge)
> * [MSC3758: Add `event_property_is` push rule condition kind](https://github.com/matrix-org/matrix-spec-proposals/pull/3758) (merge)
>
> **Accepted MSCs:**
>
> * *No MSCs were accepted this week.*
>
> **Closed MSCs:**
>
> * [MSC3887: List matching push rules](https://github.com/matrix-org/matrix-spec-proposals/pull/3887)
>
> ## Spec Updates
>
> Other than spec text fixes in the [matrix-spec repo](https://github.com/matrix-org/matrix-spec/pulls?q=is%3Apr+sort%3Aupdated-desc), the Spec Core Team has mainly been focusing on push notifications, push rules and generally improving notifications across Matrix. This includes improving behaviour such as accidentally notifying someone when you mention their name, accidentally notifying people when you reply to a message, accidentally notifying when you edit a message and so on. The relevant MSCs are [MSC3958](https://github.com/matrix-org/matrix-spec-proposals/pull/3958), [MSC3873](https://github.com/matrix-org/matrix-spec-proposals/pull/3873), [MSC3966](https://github.com/matrix-org/matrix-spec-proposals/pull/3966) and [MSC3758](https://github.com/matrix-org/matrix-spec-proposals/pull/3758).
>
> In addition, review of [MSC3575](https://github.com/matrix-org/matrix-spec-proposals/pull/3575) (Sliding Sync) and other sliding sync MSCs saw some in-depth review from [Nico](https://github.com/deepbluev7).
>
> ## Random MSC of the Week
>
> The random MSC of the week is... [MSC3013: Encrypted Push](https://github.com/matrix-org/matrix-spec-proposals/pull/3013)!
>
> When you get a push notification for a new message on your phone, you may wonder how that message travels from your homeserver to you. Typically it isn't done directly - instead, when you receive a message that should notify you, your homeserver will generate a push notification specifically for you, and send this off to a Matrix Push Gateway. That Push Gateway is then configured to send your notification off to a service which knows how to route it to your device. This is usually Apple's Push Notification Service in the case of iOS devices, or Google's Firebase Cloud Messaging service in the case of Android devices (though FCM supports iOS devices too!). Your phone's OS will keep a consistent connection to one of these services if an app has registered for push notifications, and thus you can receive notifications from apps even when your Matrix client is not running.
>
> But doesn't that leak all of your message notifications to Apple or Google? 😱 Not quite. While clients can choose to include all contents of a message in a push notification, most instead opt for only including the event's ID. When the push notification containing that event ID reaches your phone, it wakes up a small portion of your Matrix client which goes and fetches the full message content from the homeserver (plus encryption keys if the message needs to be decrypted). This way, you can still get a notification without your Matrix client needing to be open all the time. However, some metadata (such as when you are getting a notification) is still leaked to Apple/Google. Since the third-party service knows the event ID, it can correlate which users are in the same room by cross-referencing event IDs in notifications across multiple users.
>
> It's also a bit of a resource drain that the client needs to go and talk to the homeserver to fetch the full event content. Ideally we'd just include it all in the notification - but then we end up sharing too much information with the push provider!
>
> This MSC proposes a solution; encrypt the message content and send that in the notification! Message contents are encrypted using a public key provided by the client to the homeserver when registering for push notifications. The ciphertext passes through the Push Gateway (which may be run by a separate entity to your homeserver) and the Push Notification service (run by Apple, Google, etc.) and then finally down to your client where it is decrypted without the need for a web request as the private key will just be stored in the client.
>
> And since a separate encryption key is being used per-device, ciphertexts of the same event will differ when encrypted for different users - eliminating the Push Gateway/Push Notification Service from being to correlate notifications across users (timing attacks are still possible, but this can be reduced by introducing a small amount of jitter into when notifications are sent out).
>
> Anyhoo, if you're big on privacy (or security against those running Push Gateway/Notification Services), check out this MSC!
<!-- more -->
## Dept of Servers 🏢
### Synapse ([website](https://github.com/matrix-org/synapse/))
Synapse is a Matrix homeserver implementation developed by the matrix.org core team
[Shay](https://matrix.to/#/@shayshay:matrix.org) announces
> Welcome to another edition of the Synapse section of TWIM. This week
> we've released Synapse v1.78.0, packed with features and bugfixes.
>
> Some notable highlights include:
>
> * an update to the command line export data tool
> * implemented the experimental `exact_event_match` push rule condition from [MSC3758](https://github.com/matrix-org/matrix-spec-proposals/pull/3758)
> * implemented [MSC3873](https://github.com/matrix-org/matrix-spec-proposals/pull/3873) to disambiguate push rule keys with dots in them.
> * allow Synapse to use a specific Redis [logical database](https://redis.io/commands/select/) in worker-mode deployments.
> * fixed a bug introduced in Synapse 1.76 where 5 second delays would occasionally occur in deployments using workers.
>
> Plus much more! You can check out the details [here](vector://vector/webapp/(https://matrix.org/blog/posts)) or take a deep dive in the release notes [here](https://github.com/matrix-org/synapse/releases/tag/v1.78.0).
### Construct ([website](https://github.com/matrix-construct/construct))
A performance-oriented homeserver with minimal dependencies.
[Jason Volk](https://matrix.to/#/@jevolk:matrix.org) reports
> This week, seven additional endpoints from the synapse admin API have been ported to Construct. These include user room listings, account data, devices, pushers, and forward extremities pruning. This week it also became easier for admins to tune database options to meet their needs through the configuration system. To put things into perspective, the server now has 2184 configurable items which can be set by an environment variable. Construct also has 6177 statistical items which can be reported to a Prometheus metrics daemon.
>
> Lastly I would like to share good news on the compatibility front after taking some time to investigate why Construct and Conduit have trouble federating. I reached out with a patchset to the folks over at Ruma and I would like to take this opportunity to commend their hospitality. Their conduct has been nothing short of diplomatic, giving confidence we can now iron out any kinks in the coming weeks.
>
> Find it at [#construct:zemos.net](https://matrix.to/#/#construct:zemos.net)
## Dept of Clients 📱
### Neochat ([website](https://invent.kde.org/network/neochat))
A client for matrix, the decentralized communication protocol
[Carl Schwan](https://matrix.to/#/@carl:kde.org) says
> This Monday, I attended a workshop from the European Commission in Brussels around interoperability between messaging services under the Digital Market Act. This was quite interesting and I wrote about it on my blog https://carlschwan.eu/2023/03/02/digital-market-act-workshop-in-brussels
### Element Web/Desktop ([website](https://github.com/vector-im/element-web))
Secure and independent communication, connected via Matrix. Come talk with us in [#element-web:matrix.org](https://matrix.to/#/#element-web:matrix.org)!
[Johannes Marbach](https://matrix.to/#/@johannesm:element.io) reports
> * This week weve been really doubling down on fixing bugs from our backlog. Included in this are items such as stuck notifications and ensuring that messages are sent in the correct order when connectivity is interrupted.
> * While were looking at stuck notifications issues, were also taking the opportunity to redesign our notifications settings screen. We plan on simplifying the options by reducing some noise and improving the copy.
> * We have also started a design investigation into how to improve the accessibility of our product with labels and greater contrast.
### Element iOS ([website](https://github.com/vector-im/element-ios))
Secure and independent communication for iOS, connected via Matrix. Come talk with us in [#element-ios:matrix.org](https://matrix.to/#/#element-ios:matrix.org)!
[Ștefan](https://matrix.to/#/@stefan.ceriu:matrix.org) announces
> * This week weve been focussed on fixing the bug whereby a message will show as encrypted in the room list, but is actually decrypted when youre viewing the timeline.
> * In labs; Check out our rich text editor, its in progress and improving every update! As with all our features, please test them out and leave us feedback.
> * The public test flight for Element X is now available. More details in [#element-x-ios:matrix.org](https://matrix.to/#/#element-x-ios:matrix.org)
> - Work is progressing well and our current focus is joining and creating rooms
### Element Android ([website](https://github.com/vector-im/element-android))
Secure and independent communication for Android, connected via Matrix. Come talk with us in [#element-android:matrix.org](https://matrix.to/#/#element-android:matrix.org)!
[benoit](https://matrix.to/#/@benoit.marty:matrix.org) announces
> * Improvements to polls are ongoing; specifically relating to the relationship between notifications and room member votes
> * Weve also added an unread indicator to the spaces icon so that you can see how many unread messages you have in other spaces.
> * Also, our rich text editor is in Labs and getting regular updates and improvements. Check it out and let us know what you think.
## Dept of Non Chat Clients 🎛️
### Somix (Formerly matrix-social)
[imbev](https://matrix.to/#/@imbev:matrix.org) announces
> Social Media app powered by Matrix
>
> matrix-social is now known as Somix.
>
> The git repo has been moved to https://codeberg.org/imbev/Somix
## Dept of SDKs and Frameworks 🧰
### matrix-js-sdk
[Johannes Marbach](https://matrix.to/#/@johannesm:element.io) reports
> The team maintaining matrix-js-sdk are currently discussing deprecation of the browserify-based distribution channel. By our current analysis, usage seems fairly low while at the same time it's posing drastic technological challenges to us during the integration of matrix-rust-sdk's cryptography module. If you are a current user of the browserified release of the SDK, we'd like to hear from you in https://github.com/matrix-org/matrix-js-sdk/issues/3189.
### mautrix-go
[tulir](https://matrix.to/#/@tulir:maunium.net) announces
> mautrix-go has had e2ee support for a few years already, but previously the interface was quite difficult to use for making bots and other small programs, as it required implementing parts of the storage and other things manually. That has changed with the upcoming 0.15 release, which adds a crypto helper that can handle everything for you with just a few extra lines of code. The documentation is unfortunately not great yet, but the [example](https://github.com/mautrix/go/blob/master/example/main.go) has been updated to use the new helper, so it should be a decent starting point for writing e2ee-capable bots in Go (and if it explodes, you can ask for help in [#:maunium.net](https://matrix.to/#/#:maunium.net))
### Elm SDK
[mr-demo](https://matrix.to/#/@mr-demo:matrix.org) says
> I'm excited to share that I've made significant progress on my Elm SDK for Matrix! Last time, I mentioned that a version 1.0.0 release was approaching, and today I have great news - I've got a working MVP! While it's not ready for use yet, it's a significant step forward.
>
> To give you a taste of what the SDK can do, I've written some simple code that demonstrates how to use it to authenticate with a Matrix server and send messages to a room. Take a look:
>
> ```elm
> -- Example code from the MVP of the new Elm SDK for Matrix
> -- It's a bit simplified, but it shows the idea of the SDK.
> -- Functionality includes handling credentials, syncing rooms, and sending messages
>
> type Msg
> = Cred (Result X.Error CredUpdate)
> | PushButton String
>
> type alias Model =
> Credentials
>
> init : ( Model, Cmd Msg )
> init =
> let
> cred =
> Matrix.fromAccessToken
> { baseUrl = "https://matrix.example.org"
> , accessToken = "my-personal-access-token"
> }
> in
> ( cred, Matrix.sync cred )
> ```
>
> I've built an incredibly basic client that managed to compress to under 36kB (for scale: Hydrogen is around 748kB) of gzipped JavaScript. The final version will be a bit larger, but this SDK might make way for very compact asset sizes.
>
> Feel free to reach out at Bram if you'd like to know more about when the first version is coming out!
### matrix-rust-sdk ([website](https://github.com/matrix-org/matrix-rust-sdk))
Next-gen crypto-included SDK for developing Clients, Bots and Appservices; written in Rust with bindings for Node, Swift and WASM
[Jonas Platte](https://matrix.to/#/@jplatte:flipdot.org) announces
> * The [sliding sync improvement meta-issue](https://github.com/matrix-org/matrix-rust-sdk/issues/1579) seems really close to being finished off
> * Added support for [encrypting and uploading files without creating the corresponding `m.room.message` attachment from it](https://github.com/matrix-org/matrix-rust-sdk/pull/1577), useful for custom event types (thanks to Sam Wedgwood!)
> * We improved our examples to [show how to persist a session](https://github.com/matrix-org/matrix-rust-sdk/pull/1565) (thanks to Kévin Commaille!)
> * Our FFI layer is [close to exposing native async functions to foreign languages](https://github.com/matrix-org/matrix-rust-sdk/pull/1587), there is just a panic we need to debug before merging this
> * A [PR for client user avatar URL caching](https://github.com/matrix-org/matrix-rust-sdk/pull/1571) is currently in review
## Dept of Ops 🛠
### mnotify
[stefan](https://matrix.to/#/@rumpelsepp:hackbrettl.de) reports
> The Rust rewrite of [mnotify](https://github.com/rumpelsepp/mnotify) got some updates and starts to get usable. The broken (password) login flow was fixed and the README received some polishing. I run it now to send E2E encrypted notifications from my servers to my phone. The rust-sdk does a very good job!
### matrix-docker-ansible-deploy ([website](https://github.com/spantaleev/matrix-docker-ansible-deploy))
Matrix server setup using Ansible and Docker
[Slavi](https://matrix.to/#/@slavi:devture.com) reports
> Thanks to [Benjamin Kampmann](https://github.com/gnunicorn), [matrix-docker-ansible-deploy](https://github.com/spantaleev/matrix-docker-ansible-deploy) can now install and configure the [Rageshake](https://github.com/matrix-org/rageshake) bug report server.
>
> Additional details are available in our [Setting up Rageshake](https://github.com/spantaleev/matrix-docker-ansible-deploy/blob/master/docs/configuring-playbook-rageshake.md) documentation page.
[Slavi](https://matrix.to/#/@slavi:devture.com) says
> [matrix-docker-ansible-deploy](https://github.com/spantaleev/matrix-docker-ansible-deploy) continues its migration to [Traefik](https://traefik.io/) as its main reverse-proxy like [we've announced a few weeks ago](https://github.com/spantaleev/matrix-docker-ansible-deploy/blob/10b53503704d192d29008745f7d9c28e38f58e25/CHANGELOG.md#backward-compatibility-reverse-proxy-configuration-changes-and-initial-traefik-support).
>
> Traces of [nginx](https://nginx.org/) can still be found and we still keep nginx compatibility for now, but we've already [switched the default reverse-proxy to Traefik](https://github.com/spantaleev/matrix-docker-ansible-deploy/blob/10b53503704d192d29008745f7d9c28e38f58e25/CHANGELOG.md#traefik-is-the-default-reverse-proxy-now) for new installations and are seriously urging existing users to make the switch as well.
## Dept of Bots 🤖
### flip-matrix-bot ([website](https://gitlab.com/FriendlyLinuxPlayers/flip-matrix-bot))
A Matrix bot for the [Friendly Linux Players](https://friendlylinuxplayers.org/) community.
[HER0](https://matrix.to/#/@HER0:matrix.org) reports
> Events can now be marked as not requiring ownership of the game in order to attend! For example, there is a [Keep Talking and Nobody Explodes event](https://friendlylinuxplayers.org/events/7a01da952805b191) scheduled for later this month. Anyone can participate by joining our Mumble server at the scheduled time and having access to a web browser.
>
> In addition, when listing upcoming events (`!f events`), they are now sorted by the time that the event takes place at.
## Dept of Ping
Here we reveal, rank, and applaud the homeservers with the lowest ping, as measured by [pingbot](https://github.com/maubot/echo), a [maubot](https://github.com/maubot/maubot) that you can host on your own server.
### [#ping:maunium.net](https://matrix.to/#/#ping:maunium.net)
Join [#ping:maunium.net](https://matrix.to/#/#ping:maunium.net) to experience the fun live, and to find out how to add YOUR server to the game.
|Rank|Hostname|Median MS|
|:---:|:---:|:---:|
|1|willy.club|340|
|2|matrix.netho.tk|446|
|3|ilmari.org|535|
|4|koyax.org|590|
|5|nognu.de|607.5|
|6|pvv.ntnu.no|611|
|7|kitsunet.info|734|
|8|keks.club|796|
|9|coolegrane.farm|800|
|10|settgast.org|1009|
### [#ping-no-synapse:maunium.net](https://matrix.to/#/#ping-no-synapse:maunium.net)
Join [#ping-no-synapse:maunium.net](https://matrix.to/#/#ping-no-synapse:maunium.net) to experience the fun live, and to find out how to add YOUR server to the game.
|Rank|Hostname|Median MS|
|:---:|:---:|:---:|
|1|dendrite.s3cr3t.me|283|
|2|frai.se|297.5|
|3|dendrite.kootstra.frl|347|
|4|matrix.org|703|
|5|conduit.test.zemos.net:8447|1072.5|
|6|zemos.net|1892|
## That's all I know
See you next week, and be sure to stop by [#twim:matrix.org](https://matrix.to/#/#twim:matrix.org) with your updates!