While it's awesome to see that #Matrix made it to version 1.0 with Synapse, I recommend to stay relaxed about this release.
While hanging out in Synapse Admins yesterday, I felt like the release might be a bit rushed. When you are on 0.99.2 relax and update at the end of the week. I'm sure we'll see a 1.0.1 very soon.
Riot v1.1.1 is on its way to your desktop 🎉
The Flatpak was updated. Just waiting for the build to finish and publishing to flathub.
When Gnome Software is configured properly on your system, you'll just get a notification that Riot was updated in Background as soon as it made it to your system 🚀
For everyone else: Run `flatpak update` tomorrow and it should wait for you to install 🙂
Ouch… I just had to realize that @matrix doesn't provide the ability to block other homeservers.
It's not possible because it messes up room states, great.
At the same time this will cause legal trouble for every server admin when illegal content is federated to your server due to a user of your server being in a channel it got shared.
Due to this it's a bad idea to recommend running a homeserver for more people than yourself. ☹️
There are new keys for the official matrix repositories with the key ids:
Those come along with a new package that are build on fresh infrastructure. No details if they now sign packages offline, yet.
Since Matrix reset all logins recently, you may lost some of your E2EE keys. Those were erased when being forcefully logged out.
Those who used the Key Backup mechanism by Matrix.org can recover quite easily, those who didn't bother to set them up, might have a problem.
In #e2e:matrix.org we discussed that today and someone provided a detailed guide on how to recover using BTRFS:
Matrix.org just announced they are back once more:
Let's hope things stay up as they are. There are definitely some new challenges to tackle, which came up in their issue tracker:
Let's see if they got really rid of the attacker 🤞
Too early to be happy, seems like the attacker found their way in and is still around on Matrix's infrastructure.
The attack has proven themselves to have shell access on their synapse instance, which is definitely bad. It means that all user accounts are compromised and have to be reset.
There will go a lot of efforts into figuring out the details and fixing the vulnerability.
Meanwhile, send some love to the people behind matrix!
Matrix is coming back up! One of the first things happening was writing a new blog post about the incident which you can find here:
TL;DR: Some outdated software was discovered and cracked by an attack which then had access to various data points.
Important: Change your password ASAP (including NickServ when you used the IRC bridges)
Hint: The homeserver is not back up yet.
Seems like Matrix.org is getting ready to come back!
If you wonder where the CodiMD community channel went, here is a short text explaining it:
TL;DR: Matrix.org is rebuilding their infrastructure from scratch after a security incident.
@matrix Turns out that there was a successful compromise of the Matrix infrastructure happening.
Details from Matrix on Twitter: https://twitter.com/matrixdotorg/status/1116388572922302466
You may ask how that could happen, but more important: It didn't stay unnoticed and that's a good sign.
For those who run on Matrix.org and wonder why there is no connection:
Matrix announced an emergency maintenance… on Twitter:
Sadly @matrix didn't receive the love it deserves and informs the Fediverse.
Anyway, that's why we have a community. We compensate short coming of each other and together make sure the world becomes a better place!
Do you know what's great? When things just work.
Do you know what's even greater? When you merge something, and it causes upgrades on at least a few hundred but maybe a few thousand devices and it just works.
Those of you who run an up-to-date Fedora version will get it installed automatically in background. Just great :)
I'm a professional relationship therapist for programs and their users.
This is my personal microblog. It's filled with my fun, joy and silliness.