Our great sponsors
-
nimb
NIMB IRC Matrix Bridge (NIMB) is a simple client tool that bridges IRC and Matrix channels and forwards messages from one to others
-
WorkOS
The modern identity platform for B2B SaaS. The APIs are flexible and easy-to-use, supporting authentication, user identity, and complex enterprise features like SSO and SCIM provisioning.
-
mash-playbook
🐋 Ansible playbook which helps you host various FOSS services as Docker containers on your own server
Your security advisory has been quite helpful and I could reproduce the issue involving CR. It is particularly enlightening to know that the null byte could also cause the same issue because some IRC servers may interpret the null byte too as a line ending.
It is late here but I have pushed a quick fix to plug this loophole: <https://github.com/susam/nimb/commit/c5d6c4c>. Review comments, feedback, pull requests, patches, etc. are very welcome! This comment thread has been productive and constructive. Thank you!
Review comments, pull requests, feedback, etc. are welcome. T
I've been using heisenbridge[0] to do my Matrix to IRC bridging and I like it. Not a broader solution to the problem since most people don't want to run their own services, but it works well for me and is no different to a bouncer for IRC servers, noone knows it's actually Matrix on the other side.
https://github.com/hifi/heisenbridge
You're not allowed null bytes in IRC messages: https://modern.ircdocs.horse/#parameters
Some IRC servers (especially those written in C) may interpret it as a line end, so you would have a similar issue
The issue in question here is https://github.com/matrix-org/matrix-appservice-irc/issues/1... (and https://github.com/matrix-org/matrix-appservice-irc/pull/133...) which accidentally regressed due to other stability work done for Libera (specifically, keeping the IRC-side connections persistent, rather than reconnecting when the bridge starts). As a result there was an race condition edge case where users on the Matrix side could read history in the IRC channel while still connecting the Matrix users on the IRC side. This was one of the straws that broke the camel's back in terms of Libera wanting the bridge disabled. The other was the confusion over https://matrix.org/blog/2023/07/what-happened-with-the-archi....
I really appreciate you sharing your concerns, and for all the hope and energy you've put into Matrix to date. Very much to your point, we're not yet in a state where I recommend Matrix to friends and family. Right now I only use it with people in FOSS and other circles where folks are a little more patient with the tech.
Only time will tell, and of course I'm biased as the Matrix.org Foundation's Managing Director, but I think there's good reason to remain hopeful:
The spec continues to evolve with major improvements expected in feature set and performance in the next year as we get to the 2.0 spec release, the Foundation is staffing up and beginning to fundraise, we're on the cusp of holding our first ever community elections to seat a Governing Board, and adoption has continued doubling on an annual basis.
I invite you and anyone else who is invested and/or concerned to join us in the Foundation's new office room – it's a way to get a view into ongoing activities, ask questions, provide direct feedback, and celebrate all the little wins on our way to collective success: https://matrix.to/#/#foundation-office:matrix.org
Yes! And don't forget MASH [0], its a collection of Ansible roles that is compatible with the Matrix Docker Ansible Deploy playbook. In case you want to add more services to your Matrix server.
[0]: https://github.com/mother-of-all-self-hosting/mash-playbook