15 KiB
+++ date = "2023-05-05" title = "This Week in Matrix 2023-05-05" path = "/blog/2023/05/05/this-week-in-matrix-2023-05-05"
[taxonomies] category = ["This Week in Matrix"] author = ["Thib"] +++
Matrix Live
{{ youtube_player(video_id="4KlNILNItGQ") }}
Dept of Social Good 🙆
Denise announces
we know there have been some questions about the recent ban on Element by the Indian Central Government. We are still trying to get answers ourselves and have put out a public statement on our understanding of the situation so far: https://element.io/blog/india-bans-flagship-client-for-the-matrix-network/
Dept of Spec 📜
Andrew Morgan (anoa) reports
Here's your weekly spec update! The heart of Matrix is the specification - and this is modified by Matrix Spec Change (MSC) proposals. Learn more about how the process works at https://spec.matrix.org/proposals.
MSC Status
New MSCs:
- MSC4011: Thumbnail media negotiation
- MSC4010: Push rules and account data
- MSC4009: E.164 Matrix IDs
- MSC4006: "completed elsewhere" hangup reason.
- MSC4005: Explicit read receipts for sent events
MSCs in Final Comment Period:
- MSC3882: Allow an existing session to sign in a new session (merge)
- MSC3860: Media Download Redirects (merge)
- MSC2659: Application service ping endpoint (merge)
- MSC2463: Exclusion of MXIDs in push rules content matching (close)
- MSC2249: Require users to have visibility on an event when submitting reports (merge)
Accepted MSCs:
- No MSCs were accepted this week.
Closed MSCs:
- No MSCs were closed/rejected this week.
Spec Updates
Lots of MSCs moving through the pipeline this week! Plus a myriad of spec changes too! The spec seems to be gently humming along.
In other news, the next release of the spec, v1.7, is coming up in the not-too-distant future. In keeping with our roughly quarterly release schedule - the release of v1.6 was on February 14th, 2023 - a new release of the spec should come some time in next few weeks.
We haven't set a date yet, but expect to do so soon. So watch this space!
Random MSC of the Week
The random MSC of the week is... MSC3741: Revealing the useful login flows to clients after a soft logout!
This MSC fixes an edge case in the spec. Imagine the following scenario. You're logged into your homeserver via an SSO flow (let's say by signing into GitLab), and then you try to change your password on GitLab. Doing so may cause a "soft logout" to occur for your Matrix client. A soft logout, by the way, happens when your access token is invalidated, but your client is told explicitly not to wipe its local state (including encryption keys).
Your Matrix client is telling you to log back in again, and in doing so calls out to the
GET /_matrix/client/v3/login
endpoint to see what login methods are available. Your homeserver supports both password-based and SSO-based login, so that's what you get back. Your client happily presents you both options. You try to type your GitLab password, but it's incorrect. And you've just given your GitLab password to this Matrix homeserver in plaintext - oh no!The problem here stems from the fact that
GET /login
is unauthenticated. The homeserver doesn't know who you are when you attempt to log in again, and thus can't tailor the available login methods to those that make sense for you. This MSC aims to fix this by having your Matrix client, upon trying to learn how to log in again after a soft logout, provide your expired access token in anAuthorization
request header. The homeserver can then check and see that 1) you were just soft logout'd and 2) you are an account that is authorised via SSO - so it doesn't make sense to suggest you log in again via a password specific to your Matrix homeserver!While this MSC discusses a valuable solution, it is worth considering that the User-Interactive Authentication system as a whole is going to be completely replaced by OpenID Connect instead, which will make this problem (and solution) moot. Still, that day is not here yet, so if you suffer from this problem today, this may be one method to deal with it.
Dept of Servers 🏢
Synapse (website)
Synapse is a Matrix homeserver implementation developed by the matrix.org core team
Shay reports
It's yet another Friday which means TWIM day. This week the backend team released Synapse v1.83.0rc1. Notable highlights include:
- Add an admin API endpoint to query the largest rooms by disk space used in the database.
- Add Nginx loadbalancing example with sticky mxid for workers
- Disable push rule evaluation for rooms excluded from sync.
- Add experimental support for MSC3970: Scope transaction IDs to devices.
And so much more! To read about everything in the release, take a look at the release notes here and otherwise have a great week.
Dept of Clients 📱
Quadrix (website)
A Minimal, simple, multi-platform chat client for the Matrix protocol.
JFA says
Version 1.6.5 of Quadrix (Matrix client for mobiles and desktops) has been released and is available in the respective app stores.
The latest changes include the replacement of the Jitsi Meet videoconferencing functionality with an embedded version of Element Call, using matrix-widget-api. Quadrix loads the Element Call web app located at https://element-call.netlify.app, which is the continually updated dev version. The Quadrix implementation is not quite compatible with Element Web, since it uses non-encrypted WebRTC signalling, but that's something I'll be working on in the next weeks.
Please go test-drive Element Call in Quadrix and leave feedback/comments at #quadrix:matrix.org or in the issues at https://github.com/alariej/quadrix (stars welcome :-)
Element Web/Desktop (website)
Secure and independent communication, connected via Matrix. Come talk with us in #element-web:matrix.org!
andybalaam reports
We’re still on our stability drive!
- Lots of bug fixing, including some progress on stuck unread messages. When we’re done, we’ll ask people to check for incorrect unreads. We’re not there yet, but we’re getting closer
- We’ve been improving the correctness of our Typescript code by updating it to conform to strict checking
- Our accessibility work continues, with more small fixes
- We’re working on making our automated tests work better by fixing unreliable tests
- We tightened our Content Security Policy to protect against the kinds of vulnerabilities we fixed in the last release
Element Android (website)
Secure and independent communication for Android, connected via Matrix. Come talk with us in #element-android:matrix.org!
benoit reports
- We are getting ready to release Element Android 1.6.0 with the new Crypto Rust SDK (aka ElementR). This will delay the regular release. Also we will do a progressive roll out, as a safety measure.
- This week we welcome Marco, who has started to work on the display of invitations in the list of members of a room in ElementX
Element X Android (website)
Secure and independent communication for Android, connected via Matrix. Come talk with us in #element-android:matrix.org!
benoit says
On ElementX, we are working on media and file attachments. We are adding the picker and we are adding support for rendering attachment in the timeline.
- On ElementX, we are working on media and file attachments. We are adding the picker and we are adding support for rendering attachment in the timeline.
Element X iOS (website)
Everything related to Element but not strictly bound to a client
Ștefan announces
Happy Friday and happy Element X update day. This week we:
- Added support for uploading media
- Introduced a brand new room list contextual menu
- Got our first look at decrypting remote background notifications
- Continued to make very good progress on OIDC support
- And started working on rendering rich replies in the timeline
Dept of SDKs and Frameworks 🧰
libolm 🦎 (website)
uhoreg says
libolm is an implementation of the Olm and Megolm cryptographic ratchets used for end-to-end encryption in Matrix. libolm 3.2.15 has been released. This is mainly a maintenance release that improves the Python packaging and fixes a TypeScript issue. The biggest change is that the Python package can now be installed from pypi.org, the default repository for Python packages. The source package includes the libolm sources, so you do not need libolm to be installed separately any more. All you need is cmake (or possibly GNU make) and a C/C++ compiler, and run
pip install python-olm
. It unfortunately does not yet work on Windows, but should work on UNIX-like operating systems such as Linux and *BSD, and even macOS.In other news: with Element iOS and Element Android switching to the rust crypto SDK, and hence using vodozemac, I'm considering deprecating the iOS and Android bindings for libolm. If you still need those bindings, please let me know.
Dept of Ops 🛠
Synapse Kubernetes Operator (website)
mgoerens says
The Synapse operator provides a way to deploy Synapse, the Heisenbridge, and the Mautrix-Signal bridge on Kubernetes.
Release v0.5.0 & v0.5.1
It was time to cut a new release, though most of the changes are related to various internal improvements and experiments.
Release v0.5.0 & v0.5.1 come with only a few user-facing changes:
Secrets in homeserver.yaml are now randomly generated.
When a bridge is deleted, it is now unregistered from Synapse.
Update container images to their latest available version to date, now deploying:
- Synapse v1.82.0
- Mautrix-signal v0.4.2
- Signald 0.32.2
- Heisenbridge 1.14 (no update since v0.4.0)
If you want to learn more about internal changes, check the release notes
And join the matrix room to chat about the project: https://matrix.to/#/#synapse-operator:matrix.org
FOSDEM Video
The replay of the presentation of this Kubernetes operator at FOSDEM, in the Matrix online devroom, is now available on Youtube: https://www.youtube.com/watch?v=Vsb18jr_VDc
Dept of Services 🚀
MatrixRooms.info (website)
A developers-managed instance of the standalone search engine built for matrix rooms discovery.
Aine reports
During this week at etke.cc we polished the Matrix Rooms Search service and implemented the following improvements:
- Enabled language detection for all (75) supported languages and language analysis for all (29) supported languages by search engine
- Added ability to report illegal rooms (please, keep in mind that we know nothing about the contents of the indexed rooms, so if you think something is illegal - describe it like ELI5, so anyone can read the reason and know for sure if that room should be removed or not)
- Optimized avatars processing on UI
Current index status: 233513 indexed rooms from 19919 matrix servers
One more thing - we've created Liberapay team to crowdfund the project's existence and we welcome everyone to donate and fund the future development and infrastructure costs 🙂
Dept of Ping
Here we reveal, rank, and applaud the homeservers with the lowest ping, as measured by pingbot, a maubot that you can host on your own server.
#ping:maunium.net
Join #ping:maunium.net to experience the fun live, and to find out how to add YOUR server to the game.
Rank | Hostname | Median MS |
---|---|---|
1 | test.zemos.net | 418 |
2 | norrland.xyz | 426 |
3 | matrix.weebl.me | 652 |
4 | matrix.lukeog.com | 758 |
5 | envs.net | 845 |
6 | willy.club | 915 |
7 | wcore.org | 971 |
8 | plocki.org | 1191 |
9 | poldrack.dev | 1315.5 |
10 | zemos.net | 1665 |
#ping-no-synapse:maunium.net
Join #ping-no-synapse:maunium.net to experience the fun live, and to find out how to add YOUR server to the game.
Rank | Hostname | Median MS |
---|---|---|
1 | test.zemos.net | 118 |
2 | l1qu1d.net | 160.5 |
3 | pyrox.dev | 388.5 |
4 | 777.tf | 467 |
5 | rustybever.be | 513 |
6 | zemos.net | 514.5 |
7 | matrix.org | 583.5 |
8 | herkulessi.de | 816.5 |
9 | chat.eutampieri.eu | 1389.5 |
That's all I know
See you next week, and be sure to stop by #twim:matrix.org with your updates!