Our team’s homeserver is adrestia.iohkdev.io.
All team channels are contained within the Adrestia Space.
Web client
You can log in immediately with your web browser, without installing any client software by visiting:
Authentication
Any user with an active iohk.io Google Account can log in.
Some people have username/password accounts. These were created manually with the Matrix Synapse user admin API.
| Login Type | Example username | Auth method | Who administers accounts |
|---|---|---|---|
| IOHK Google | @rodney.lorrimar:adrestia.iohkdev.io | SSO via account.google.com | GApps domain admin |
| Homeserver account | @rvl:adrestia.iohkdev.io | Username/Password | root@adrestia.iohkdev.io |
| Matrix Federated | @rvl:matrix.org | Username/Password | User themself |
Federated Login
If you have a user on another Matrix homeserver (e.g. matrix.org), then you can ask to be invited into rooms on our homeserver.
However you may wish to keep your personal accounts separate from IOHK.
MFA
Sadly, neither U2F nor TOTP are supported by Matrix and Element yet.
But if you use your Google account to log in then you will get MFA through Google.
Changing your password
Unless using your Google account to log in, you will have a password.
- When changing your password, export your E2E room keys when prompted!
- It will need a temporary password to encrypt the file. It’s probably easiest just to use your new password for this purpose.
- After changing your password, import your E2E room keys again.
-
Delete the
element-keys.txtfile from your downloads directory when finished.
Rooms and Spaces
Once you are logged in, ask someone to invite you to the Adrestia space (it’s a private space).
Within this space we have multiple rooms available:
- #team:adrestia.iohkdev.io (invite only) - Adrestia team and special guests.
- #testing:adrestia.iohkdev.io - Used for experimenting with Matrix chat.
- #dev:adrestia.iohkdev.io (invite only) - Development discussion.
End-to-end Encryption
This is a way to send messages via a Matrix homeserver, without the server operator being able to read the messages.
Security Key
The Security Key (also called “Recovery Key”) is an encryption key stored locally by Matrix clients, used for creating session keys, storing end-to-end encryption keys, and so on.
It is formatted as 12 quartets of alphanumeric characters, e.g.
EsTD cdDd eEff 0011 2233 4455 6677 8899 aabb ccdd eeff gg1FCross-signing
Cross-signing is where you verify your other login sessions. For example, you may have login sessions on multiple computers, each with their own session key.
If you cross-sign all your sessions, then other clients can consider all of your logins to be verified, just by verifying one of your logins.
And, importantly, you will be able to read your encrypted history on other logins.
To enable it, choose Set up encryption in your Element settings.
“Unable to decrypt” errors
Not quite sure why this happens. Possible causes:
-
The sender doesn’t know you exist, because when they sent the the message their server hadn’t yet seen you were in the room.
-
Lack of cross-signing (“verification” of other user’s sessions).
How to send direct messages which aren’t E2E encrypted
Under Element at least, direct messages to other users default to being E2E encrypted, and you can’t change it.
In case you need it, a workaround is:
- Create a new private room with encryption disabled.
- Invite the other user to this room.
-
Run the command
/coverttodmin this room.
Other clients
You can use any Matrix client to connect to this homeserver. Here is a list. Apparently it’s even possible to use Matrix from Emacs setup.
Homeserver Software
Our homeserver is running Matrix Synapse under NixOS 21.05.
Logging
All messages are logged and stored in the server’s PostgreSQL database, which is backed up with encryption.
Keep in mind that unless you enable end-to-end encryption in your room, message content will be stored as plaintext in the PostgreSQL event_json table.
Room Settings
Some recommendations for settings.
Space
Adrestia.
Private/Public
Private channels are invitation only.
Encryption
- Use E2E encryption for your direct messages.
- Use E2E encryption for special rooms.
- Until we resolve the (un)usability issues with E2E encryption, don’t enable it on our commonly used rooms.
History
TBD
Publish names
TBD
Federation
Federation works on this homeserver, as long as the room had the “Enable guest access” Security & Privacy advanced setting enabled when it was created.
Note: once the “Enable guest access” option has been disabled once, it will never be possible to invite users from other homeservers, no matter what the setting is changed to.
Message Search
Search works in the Element client. Click the little magnifying glass button in the upper-right corner.
Encrypted messages
I found this nugget:
Element can’t securely cache encrypted messages locally while running in a web browser. Use Element Desktop for encrypted messages to appear in search results.
Glossary
- Matrix: a messaging protocol, the project which develops the messaging protocol, and the organisation which runs the Matrix project.
- Homeserver: a HTTP server running Matrix server software. The Matrix protocol is federated, which means that users on one homeserver can join chat rooms on another homeserver. The homeserver handles authentication of its users, and hosts rooms.
- matrix.org: This domain name functions both as the Matrix project web site, and also as the domain name for a large public Matrix homeserver.
- Synapse: The reference implementation of a Matrix homeserver. There is also a new homeserver under development called “Dendrite.”
- Element: a Matrix client implemented with web technologies such as React. It can deployed on any HTTP server - in this form it is called Element Web. Or it can be installed as an Electron app on the desktop or mobile devices.
- Riot: This is what the Element client used to be called before they renamed it.
“Missing” Features
The following things would be nice to have in Matrix, but currently aren’t implemented:
- Message threads
- Custom emoji
- U2F