From 161fdd392d1a2ec37a5a97247618d9f929faebe4 Mon Sep 17 00:00:00 2001 From: Aminda Suomalainen Date: Fri, 19 Aug 2022 10:37:22 +0300 Subject: [PATCH] blog/{mppn,mcasbo}: fix warning on server versions This also removes mentions of Conduit as after discussing feedback, I agree that it's not affiliated with either New Vector Limited or Matrix Foundation, so referring to it is unfair. --- .../2021-08-03-matrix-perfect-privacy-not.md | 3 +++ ...x-community-abuse-security-by-obscurity.md | 24 +++---------------- 2 files changed, 6 insertions(+), 21 deletions(-) diff --git a/blog/_posts/2021-08-03-matrix-perfect-privacy-not.md b/blog/_posts/2021-08-03-matrix-perfect-privacy-not.md index 53ffca4..e51cd36 100644 --- a/blog/_posts/2021-08-03-matrix-perfect-privacy-not.md +++ b/blog/_posts/2021-08-03-matrix-perfect-privacy-not.md @@ -84,6 +84,9 @@ and as your room is hosted on every homeserver that has users in your room, have a single homeserver that hasn't explicitly enabled it, or doesn't otherwise support it, and the room history never goes away. Executing `/upgraderoom {{site.matrixLatestRoomVersion}}` or any other version [will also remove the event](https://github.com/matrix-org/synapse/issues/11279). +***WARNING! Always before executing `/upgraderoom` check that everyone in your room has a recent Matrix server that supports your target room version. Otherwise you may lock your users out.*** For example `/invite @version:maunium.net` and once it joins, say +`!servers` and once it finishes printing server versions you can `!servers match SOFTWARE < 1.0` to get list of servers running SOFTWARE smaller than 1.0. Once aware of what servers are being used, either check their changelogs/documentation/support_rooms/admins for their support to your target version e.g. {{site.matrixLatestRoomVersion}}. + In case there isn't enough confusion, retention shouldn't be confused with actual [self-destructing/disappearing messages](https://github.com/vector-im/element-meta/issues/82). *Technical note: sorry about calling reference homeserver implementation by the matrix.org team issue diff --git a/blog/_posts/2021-12-05-matrix-community-abuse-security-by-obscurity.md b/blog/_posts/2021-12-05-matrix-community-abuse-security-by-obscurity.md index 8aad809..e5b0e5b 100644 --- a/blog/_posts/2021-12-05-matrix-community-abuse-security-by-obscurity.md +++ b/blog/_posts/2021-12-05-matrix-community-abuse-security-by-obscurity.md @@ -30,16 +30,8 @@ smaller steps: 2. ***WARNING*** You should check [the Matrix spec](https://spec.matrix.org/latest/rooms/) for the latest stable room version. Or maybe the [unstable spec](https://spec.matrix.org/unstable/rooms/)? Or maybe you should just [search GitHub](https://github.com/matrix-org/matrix-spec-proposals/issues?q=room%20version)? - I have no idea how that works as the time of writing both are missing room versions 8 and 9. - 3. ***WARNING*** Traditionally homeservers by other parties than Matrix.org - (read Synapse/Dendrite) lag behind on supported room versions and you may break - your room for people using those. At the time of adding this note (2021-12-14), the - spec v1.1 is a month and couple of days old (2021-09-11) and room version 7 is not implemented by Conduit. - 1. Yes, at the time of writing this post I am recommending version 9, - while the aforementioned variable is {{ site.matrixLatestRoomVersion }}, - as that is what Element encourages and features such as restricted rooms - require and as this post hints, Matrix is even more impossible to manage - without those. + 3. ***WARNING! Always before executing `/upgraderoom` check that everyone in your room has a recent Matrix server that supports your target room version. Otherwise you may lock your users out.*** For example `/invite @version:maunium.net` and once it joins, say +`!servers` and once it finishes printing server versions you can `!servers match SOFTWARE < 1.0` to get list of servers running SOFTWARE smaller than 1.0. Once aware of what servers are being used, either check their changelogs/documentation/support_rooms/admins for their support to your target version e.g. {{site.matrixLatestRoomVersion}}. 4. Clear cache and reload so the old space maybe disappears. 5. See also [Element-web#19208: Allow upgrading spaces](https://github.com/vector-im/element-web/issues/19208) 6. Now that there is a space, right click it to create a new room under it and @@ -98,9 +90,7 @@ you simply use `/devtools` and ban the entire server by sending a completely new so having to do this 20 times is nothing to you. *2022-01-10 addition:* this becomes worse as Matrix Synapse alongside [the Matrix protocol itself will authorise everything done by servers that don't honour the `m.room.server_acl` event](https://github.com/matrix-org/matrix-spec/issues/928) -so as per the guide, you will have to acl those servers too (or the ACL might as well not exist). Sadly at the time -of writing that also includes Conduit, so all Conduits must be ACLed too, -even if they weren't malicious. A minor comfort is that Conduit doesn't currently support room versions 7, 8 and 9 +so as per the guide, you will have to acl those servers too (or the ACL might as well not exist). ### Icing on the cake @@ -166,11 +156,3 @@ going to stop using Matrix. * [Obligatory changelog link](https://github.com/Mikaela/mikaela.github.io/commits/master/blog/_posts/2021-12-05-matrix-community-abuse-security-by-obscurity.md) -* * * * * - -* 2022-02-07: Conduit implemented ACL a couple of weeks ago, [Matrix Spec version is nowadays 1.2](https://matrix.org/blog/2022/02/02/matrix-v-1-2-release), but [no Element supports knocking from room version 7 (of Matrix 1.1)](https://github.com/vector-im/element-meta/issues/43) to my knowledge. -* 2022-07-29: Conduit has had room versions 7, 8 and 9 for some time now, Matrix Spec version - has been at version 1.3 for a couple of weeks (2022-06-16), Dendrite has - supported room version 10 since around that time, Synapse has it in rc that - hopefully releases next week and Elements still don't support knocking - (from Matrix room version 7).