SimpleX, Matrix, SQLite3

1. SimpleX & Nginx - Studied and configured Nginx TLS offloading using SNI so that the TCP connection is proxy_passed to the SMP server on my own server. Which means that the SMP server process isn't directly visible to the internet at all. All traffic passes through Nginx. I've often served TLS sockets directly and/or used socat or stunnel, but this works great!

2. SimpleX Chat - Fully asynchronous connection model - The version v6.4.0-beta.4 reduces the number of round trips required to setup a connection. Also, quantum-resistant encryption setup is quicker. I run many clients which are "occasionally" or only online at scheduled times. Earlier connection setup might have taken days or several client activation to happen. But now it's just a request > response cycle. ie., protocol chattiness has been reduced significantly. Note that this completes the chat setup, but it still lacks the quantum-resistant encryption, which still requires one more extra round to be set up. Because the initial invitation doesn't contain the full keys needed for it, but the next round does. So the complete handshake still requires two rounds, but communication can be started instantly. Like with HTTP early data. Groups and contact addresses take one round trip to setup PQE, but 1-time invitations (an invite just for you) contain all the key material in the invite itself. This setup is far superior to any other chat platform. I really like that they've thoroughly thought this through. Their full blog post (@ simplex.chat)

3. SimpleX Chat v6.4.2 - Finally added support for ARM / aarch64, it took so long! Because nobody ever uses ARM, right? Yet quite interestingly, the builds are client-only. The server binaries provided are still x86-64 only. Well, nobody ever used ARM servers? Release (@ GitHub)

4. SQLite3 Cipher database corruption - I actually lost one SimpleX Chat database (SQLite3 cipher database) due to corruption. No, it wasn't a wrong passphrase or anything like that, it was clearly a corrupted internal data structure which caused it to fail. Some tables became partially unreadable and no "database level" repair command to fix that was available. Because the data wasn't critical, the only sane way out of that was simply to discard the database, create a new identity, and relaunch.

5. Tuwunel (Open Source Matrix server) - Studied its configuration. I like the amount of configuration options, also comments like "this option is undocumented, please contribute documentation" made some parts of it hilarious.

6. Matrix bad UX. I've got a bunch of invites which I can't accept or decline. It always just says Error. Who designs software and UX like this? Where's the trivial delete/cancel option? Blah!

7. CVE-2025-49090 (@ matrix.org) - Matrix security issue. Uh oh, this is quite bad. It requires all systems and room parameters to be updated in a quite tight time window. I'm expecting to see lots of problems from this. Well, life is. Servers, clients, and actual chat rooms need to be upgraded; this creates major problems for many users. I'm also quite sure that many users don't even know how to upgrade a room. Yet this isn't as bad as it could be. Because it's a federation bug, it means that the federation party has to be malicious. If you've got unfederated rooms or rooms which are only accessible from trusted servers, then you do not have a problem.

8. Matrix.org - postgres-corruption-postmortem (@ matrix.org) - Nice battle story. Yeah, I guess everyone on the sysadmin side has been dealing more or less with database corruption. Indexes, free lists being corrupted, etc. All the fun. Good story, nothing really special. I didn't even think about calling fsync repeatedly. My assumption is that when I do something transactionally and call fsync, if it fails, I'll retry it all. I've never even thought about calling fsync again. It's a bit like calling commit again if a commit fails with an SQL database? (Actually, AI generated error handling code just like that, which obviously isn't the right way to do it) Uh oh?

2026-06-21