There are new keys for the official matrix repositories with the key ids:
CF45A512DE2DA058 (synapse)
D7B0B66941D01538 (riot)

Those come along with a new package that are build on fresh infrastructure. No details if they now sign packages offline, yet.

Updated my OpenPGP-signed Riot verification keys, now that I run an own homeserver.

Just if you want to verify me without me being around :)

Since Matrix reset all logins recently, you may lost some of your E2EE keys. Those were erased when being forcefully logged out.

Those who used the Key Backup mechanism by can recover quite easily, those who didn't bother to set them up, might have a problem.

In we discussed that today and someone provided a detailed guide on how to recover using BTRFS:!boLskYiwabbCQNNhl

After Matrix has restored its major services, they noticed that the GPG keys used for signing packages where compromised.

The key IDs are:

AD0592FE47F0DF61 (synapse)
E019645248E8F4A1 (Riot/Web)

Please make sure to no longer use those keys. just announced they are back once more:

Let's hope things stay up as they are. There are definitely some new challenges to tackle, which came up in their issue tracker:

Let's see if they got really rid of the attacker 🤞

Too early to be happy, seems like the attacker found their way in and is still around on Matrix's infrastructure.

The attack has proven themselves to have shell access on their synapse instance, which is definitely bad. It means that all user accounts are compromised and have to be reset.

There will go a lot of efforts into figuring out the details and fixing the vulnerability.

Meanwhile, send some love to the people behind matrix!

The homeservers are back up 🎉

It seems like they are missing some pictures right now, I guess those will come back later.

Make sure you change your password (and NickServ passwords) and happy chatting!

See you around 👋

Matrix is coming back up! One of the first things happening was writing a new blog post about the incident which you can find here:

TL;DR: Some outdated software was discovered and cracked by an attack which then had access to various data points.

Important: Change your password ASAP (including NickServ when you used the IRC bridges)

Hint: The homeserver is not back up yet.

If you wonder where the CodiMD community channel went, here is a short text explaining it:

TL;DR: is rebuilding their infrastructure from scratch after a security incident.

@matrix Turns out that there was a successful compromise of the Matrix infrastructure happening.

Details from Matrix on Twitter:

You may ask how that could happen, but more important: It didn't stay unnoticed and that's a good sign.

For those who run on and wonder why there is no connection:

Matrix announced an emergency maintenance… on Twitter:

Sadly @matrix didn't receive the love it deserves and informs the Fediverse.

Anyway, that's why we have a community. We compensate short coming of each other and together make sure the world becomes a better place!

Looking for opinions on Flatpak isolation for .

Right now we only allow write access to the Downloads directory, which causes problem with drag and drop and sending files in general. We currently considering to give access to the entire home directory, but the big question is: Allow writing or read-only access?

Discussion can be found here:

If someone is into CPP or electron development, please have a look at:

By the way, for those of you who didn't already get the update: Riot 1.0.6 is available as flatpak 🎉

Do you know what's great? When things just work.

Do you know what's even greater? When you merge something, and it causes upgrades on at least a few hundred but maybe a few thousand devices and it just works.

Oh and by the way I merged 1.0.5 recently which is rolled out to all users who use it from there :)

Those of you who run an up-to-date Fedora version will get it installed automatically in background. Just great :)

The Riot 1.0.4 flatpak is out 🎉

Given that you run an up-to-date version of Gnome Software, it'll by installed automatically in background 🙂

Otherwise it's time to run `flatpak update`!

I'm now an official maintainer of the Riot flatpak on flathub 🎉

I will try to make sure that we get the latest and greatest version of Riot as flatpak as soon as possible.

For those who run Riot as Flatpak and want to try the latest version, I created a PR. And buildbot was so friendly to provide a build of it, so you don't have to trust me:

/cc @matrix

Sheogorath's Microblog

This instance is the microblog to my blog. You'll probably find more recent content here while finding more elaborated content on the blog.

Impressum / Datenschutz