Our great sponsors
-
matrix-docker-ansible-deploy
🐳 Matrix (An open network for secure, decentralized communication) server setup using Ansible and Docker
-
WorkOS
The modern identity platform for B2B SaaS. The APIs are flexible and easy-to-use, supporting authentication, user identity, and complex enterprise features like SSO and SCIM provisioning.
Thank you, that saves me time searching for dups. You'll have to forgive me, in 30 years I have only ever seen one bug fixed in response to a report I filed online.
But hope springs eternal: <https://github.com/vector-im/element-web/issues/16599>.
The stuck messages are still there, in a newly upgraded Android Element 1.1.0, same as in the last two upgrades to 1.0.14 marked (2021-01-30) and 1.0.17 (2021-02-14). Other people report the same: <https://github.com/vector-im/element-android/issues/2494>
Android Element 1.1.0 seems to spam the notifications log less than previous versions. I see it at 22:16, 22:17, 22:18, 22:20, 22:35, so maybe backing off now.
I can imagine that the slowness (endless spinner when scrolling back in a room transcript) might be a consequence of delays in my homeserver -- privacytools.io -- but the app offers no hint as to where the stall is. Does my homeserver have anything to do with slowness of rooms ? I also don't see any way to check the version of Synapse running on the homeserver. Should I be able to find that?
For those interested in self-hosting the home server, I would recommend https://github.com/spantaleev/matrix-docker-ansible-deploy - the documentation is fantastic and it’s very well maintained.
I ran the response for the Apr 2019 incident that you're digging up, and fwiw:
* The breach impacted the free best-effort matrix.org server & infrastructure, not Element Matrix Services (the subject of this HN thread).
* We didn't "revoke user keys", we logged users out on matrix.org whose password hashes & login access tokens had been exposed.
* At the time we were in beta, and there was only one mechanism to logout users: a 'hard logout' used to evict client sessions which would cause them to clean up their local data; the common case where as a user you want to kick off old sessions and don't want to leave your keys littered around. Before exiting beta in June 2019, we implemented 'soft logout' as a mechanism to expire access_tokens without clients cleaning up data: https://github.com/matrix-org/synapse/issues/4280. Given the urgency to protect user data immediately after the breach, we couldn't release new clients to expedite soft logout, so had to go with hard logout.
* However, any user who backs up their E2EE keys, either online (the default configuration), or offline was unaffected. To repeat: the default configuration was to nag the user into backing up their keys, encrypted, on the server, for precisely this sort of situation. And to the best of my knowledge I don't recall anyone who reported having lost data to us.