fedicat@fedicat@pc.cafe

Home | Notifications | New Note | Local | Federated | Search | Logout

fedicat@fedicat@pc.cafe

The official account for the Fedicat fediverse iOS client available on TestFlight. I try to include other fediverse stuff to keep it interesting.

the website: https://fedicat.com/
daily builds on tesflight: https://testflight.apple.com/join/b6GatWTY
some code on codeberg: https://codeberg.org/technicat/fedicat
me, myself, and I: https://technicat.com/
Joined: 2026-04-16 05:05:56
117 notes, 1 following, 1 followers


fedicat@fedicat@pc.cafe boosted:
@evacide@hachyderm.io (2026-05-12 06:15:27)
If you are in your late thirties to mid-forties right now, there is a good chance that you have spent most of your life in a cycle of making some sort of home on the internet only to have it crumble beneath you like chalk and having to start over.


fedicat@fedicat@pc.cafe boosted:
@stefan@stefanbohacek.online (2026-05-12 02:39:42)
FediLearns Classifieds is a pretty neat project from @inherentlee that lets you find people offering to teach various skills.

And you can submit a listing yourself!

https://fedilearns.fyi 

#fediverse #FediLearns


fedicat@fedicat@pc.cafe boosted:
@mkljczk@pl.fediverse.pl (2026-05-12 01:54:33)
adding a feature to nicolium that lets you add a link to my profile to the menu, i know some of you really wanted this feature
---Attachments---
image: https://mediapl.fediverse.pl/media/4d/4e/a3/4d4ea317229ceeb05561cc1410172b4a4a83c2d6770005091d6d192ea23fa65c.png


fedicat@fedicat@pc.cafe boosted:
@mkljczk@pl.fediverse.pl (2026-05-12 00:30:50)
now nicolium+iceshrimp.net users can browse other instances' timelines by clicking the instance favicon next to account username (just as with pleroma)


fedicat@fedicat@pc.cafe boosted:
@botkit@hollo.social (2026-05-12 00:49:48)
BotKit security updates: 0.3.2 and 0.4.1
If you use BotKit, update to a patched release now.  A private network protection bypass affects Fedify's remote document loading code, and it also affects BotKit which depends on Fedify.

The validatePublicUrl() function in Fedify, which ensures resources aren't fetched from private or loopback addresses, failed to correctly identify certain IPv6 literals. Specifically, URLs with private IPv4 addresses encoded as IPv4-mapped IPv6 literals (e.g., http://[::ffff:127.0.0.1]/) could bypass the check.

This vulnerability could allow an attacker to provide a malicious URL that bypasses security checks, potentially allowing them to make the bot fetch internal resources or interact with services on the private network that should not be accessible from the public internet.

All versions of BotKit up to 0.3.1 (in the 0.3.x branch) and 0.4.0 (in the 0.4.x branch) are affected.  Patched releases are 0.3.2 and 0.4.1.

For BotKit 0.4.x, update @fedify/botkit:


npm  update  @fedify/botkit
yarn upgrade @fedify/botkit
pnpm update  @fedify/botkit
bun  update  @fedify/botkit
deno update  @fedify/botkit
For BotKit 0.3.x, update @fedify/botkit:


npm  update  @fedify/botkit@0.3.2
yarn upgrade @fedify/botkit@0.3.2
pnpm update  @fedify/botkit@0.3.2
bun  update  @fedify/botkit@0.3.2
deno update  @fedify/botkit@0.3.2
If you use other BotKit-related packages (e.g., @fedify/botkit-sqlite), update them as well. After updating, redeploy.

Thanks to Changkyun Kim (@me) for the report and responsible disclosure.

If anything is unclear, feel free to ask on GitHub Discussions or Matrix.


Reply to @cheeaun@mastodon.social
fedicat@fedicat@pc.cafe (2026-05-11 12:33:59)
@cheeaun I haven't used it until now, for this case, but I started using it also to bulk fetch reply-to accounts in feeds


Reply to @cheeaun@mastodon.social
fedicat@fedicat@pc.cafe (2026-05-11 12:25:14)
@cheeaun that's a good point, although I use the call that fetches multiple accounts

https://docs.joinmastodon.org/methods/accounts/#index


fedicat@fedicat@pc.cafe (2026-05-11 11:27:07)
first pass at displaying mastodon tagged collections
---Attachments---
image: https://cdn.masto.host/pccafe/media_attachments/files/116/553/575/671/154/923/original/599842993636ec71.jpeg


fedicat@fedicat@pc.cafe boosted:
@msracheyb@mastodon.social (2026-05-11 04:31:55)
#introductions 
Thought i'd give the #fediverse another go.  I'm an #occupationaltherapist living in #cornwall.  I work in #mentalhealth and also do #autism assessments. I'm a keen amateur  photographer mostly taking photos with my phone at the moment. I'd love to connect with people on here.  My interests are #photography #music #reading #books #walking #countryside #nature #mentalhealth #autism #adhd #neurodivergence #scandinavia #dogs #animals #antifascist #environment
---Attachments---
image: https://files.mastodon.social/media_attachments/files/116/551/933/924/821/099/original/259bf50f03d80bb6.jpg


fedicat@fedicat@pc.cafe boosted:
@FediFollows@social.growyourown.services (2026-05-11 08:08:14)
🗽 #NewYork accounts to follow:

ARTS & CULTURE
@index@broadwaynews.com - News on musicals, shows & plays on Broadway
@index@hyperallergic.com - Art news from New York
@TrekLongIsland - Star Trek convention in Long Island
@index@untappedcities.com - Cultural news & events in NY
@Playbill - Theatre magazine based in NY

HACKING
@OffTheHook - Hacker radio show since 1988
@NYC2600@mastodon.social & @NYC2600@infosec.exchange - Hackers’ meetup group in NYC

🧵 Thread page 1 of 5

#NYC


fedicat@fedicat@pc.cafe (2026-05-11 06:12:10)
I like the mom and pop store feel of the fediverse


fedicat@fedicat@pc.cafe boosted:
@polykit@chaos.social (2026-05-11 05:27:06)
Visibility still feels like the weak spot on PeerTube, so I built PeerSeek, my own search index, live at https://peerseek.video

Results are ranked how I think they should be and there is still a lot of work to be done. Please try it out and give me some feedback, or let me know if it's useful in any way.

#peertube #search #index #visibility #video #peerseek #fediverse
---Attachments---
image: https://assets.chaos.social/media_attachments/files/116/552/139/737/431/819/original/806db6cc4e8b6f20.png


Reply to @deutrino@mstdn.io
fedicat@fedicat@pc.cafe (2026-05-11 04:26:00)
@deutrino I think it's self-defeating, if I was shopping around for a new social media home and saw that, I'd just go to bluesky


fedicat@fedicat@pc.cafe boosted:
@vyr@princess.industries (2026-05-11 03:49:11)
just released slurp 1.1.1, which fixes a boneheaded bug that broke imports entirely. thanks to @lucy for the diagnosis and patch.

binaries here: https://codeberg.org/vyr/slurp/releases/tag/v1.1.1

i've added a test that covers the prereqs for archive import and some helpers to make writing future GTS-testrig-based tests easier.

#slurp


Reply to @cheeaun@mastodon.social
fedicat@fedicat@pc.cafe (2026-05-11 03:59:11)
@cheeaun @nethad @moshidon you could have multiple collections, but I still haven't seen anyone with more than one collection


fedicat@fedicat@pc.cafe boosted:
@stefan@stefanbohacek.online (2026-05-10 23:48:47)
I made a small update to the Join the Fediverse mini zine page.

https://jointhefediverse.net/zine

You can now customize the QR code on the last page using the Fediverse Invitation link builder: https://stefanbohacek.com/project/fediverse-invitation/#link-builder

I hope people will find these tools useful for promoting their communities!

#fediverse #JoinTheFediverse #FediverseZine #zine #FediverseInvitation


fedicat@fedicat@pc.cafe boosted:
@FediVideo@social.growyourown.services (2026-05-10 23:53:26)
Ctrl Alt Rees makes fun cheerful videos about retro computing and retro gaming. You can follow the account at:

➡️ @rees 

They've already made almost 400 videos. If these haven't federated to your server yet, you can browse them all at https://makertube.net/a/rees/videos

#FeaturedPeerTube #RetroComputing #RetroGaming #ComputingHistory #PeerTube


fedicat@fedicat@pc.cafe boosted:
@pixelfed@mastodon.social (2026-05-10 21:28:51)
Did you know Pixelfed supports embeds?

https://dansup.github.io/pixelfed-embed


Reply to @liaizon@social.wake.st
fedicat@fedicat@pc.cafe (2026-05-11 01:36:12)
@liaizon @cheeaun there's nothing like a quote approval policy that I know of, I only noticed the remove option from their ios app code but just realized it's in the web client
---Attachments---
image: https://cdn.masto.host/pccafe/media_attachments/files/116/551/251/980/096/391/original/2b558178d85a5e66.png


fedicat@fedicat@pc.cafe (2026-05-11 01:21:19)
registered another test account on mastodon.social and the onboarding email is disappointingly mastodon-centric and written like someone's angling for a marketing job at apple ("unparalleled creativity"), mastodon is the best, follow and be followed on mastodon, no mention of the fediverse


Reply to @fedicat@pc.cafe
fedicat@fedicat@pc.cafe (2026-05-11 01:09:06)
@liaizon @cheeaun there's quite a bit more to add, it's like quote posts so you get notifications about getting added to a collection and you can remove yourself from a collection, and I just added a check to see if a collection is marked sensitive and thus hide it with a warning like posts


Reply to @liaizon@social.wake.st
fedicat@fedicat@pc.cafe (2026-05-11 00:54:06)
@liaizon @cheeaun I think so! The official mastodon ios app has recent commits (which I've been referencing to figure out what's available) but I don't think it's updated on the app store yet. The advantage of testflight, I can knock out a change 1-2 times a day.


fedicat@fedicat@pc.cafe boosted:
@vernissage@mastodon.social (2026-05-10 18:02:24)
Today we released #Vernissage 1.36.0 🎉

The biggest change is support for pinning photos to your user profile, synchronized with other Fediverse platforms that support the "featured" collection. This release also includes smaller fixes, such as better error logging and improved status parsing to HTML with hashtags. The iOS app has been submitted to Apple for review and should be on your phones soon.

Thank you to everyone supporting and helping the project! 💚😊
---Attachments---
image: https://files.mastodon.social/media_attachments/files/116/549/466/446/651/440/original/8e17186bacc846ff.png
image: https://files.mastodon.social/media_attachments/files/116/549/466/759/440/617/original/ff8243f603eea045.png
image: https://files.mastodon.social/media_attachments/files/116/549/467/107/189/393/original/7d82d95a46f3e688.png
image: https://files.mastodon.social/media_attachments/files/116/549/467/499/768/860/original/694e8a30d440a3ca.png


fedicat@fedicat@pc.cafe boosted:
@vernissage@mastodon.social (2026-05-10 18:05:15)
Today we released a new version of #Vernissage, and I’d like to share a brief look at what’s coming next.

Before the summer holidays, we plan to implement hashtag following and prepare all app strings for translation, then publish them in a translation system so the community can help. During the summer, we’ll focus on push notifications for the iOS app and keep crushing the currently reported bugs. After the holidays, we hope to release multilingual support in both the iOS and Angular apps. 😊


fedicat@fedicat@pc.cafe boosted:
@dansup@mastodon.social (2026-05-10 19:11:13)
Love the feeling of working on Pixelfed again after taking a break to build Loops.

The community on Pixelfed is straight up goals, so many vibrant photographers from around the world sharing moments we love to see.

The lack of influencers is refreshing.


fedicat@fedicat@pc.cafe boosted:
@dansup@mastodon.social (2026-05-10 19:17:11)
I spent 7 years working on Pixelfed almost every day, and in the past 18 months we've went from 200k users to over 1 million!

Some could argue the break after FediCon to build Loops was a mistake, but the fediverse needed a solid short video platform and I didn't want to force that on Pixelfed.

Now this summer belongs to Pixelfed.

Stay tuned, I want to improve the web and mobile apps for the next million or ten million new Pixelfed members 🚀

#Pixelfed


fedicat@fedicat@pc.cafe boosted:
@fedify@hollo.social (2026-05-10 23:13:33)
Fedify security updates: 1.9.10, 1.10.9, 2.0.16, 2.1.12, and 2.2.1
If you use Fedify, update to a patched release now.  A private network protection bypass affects Fedify's remote document loading code.  URLs with private IPv4 addresses encoded as IPv4-mapped IPv6 literals, such as http://[::ffff:7f00:1]/, could pass validatePublicUrl() even though they refer to private or loopback addresses.

Fedify uses validatePublicUrl() when fetching remote ActivityPub documents and related resources.  An attacker who can make a Fedify server fetch an attacker-controlled URL may be able to bypass the private address checks that are intended to reduce SSRF risk.

All versions up to and including 2.2.0 are affected.  Patched releases are 1.9.10, 1.10.9, 2.0.16, 2.1.12, and 2.2.1.

For Fedify 1.x, update @fedify/fedify:

npm update @fedify/fedify
yarn upgrade @fedify/fedify
pnpm update @fedify/fedify
bun update @fedify/fedify
deno update @fedify/fedify

For Fedify 2.x, update both @fedify/fedify and @fedify/vocab-runtime:

npm update @fedify/fedify @fedify/vocab-runtime
yarn upgrade @fedify/fedify @fedify/vocab-runtime
pnpm update @fedify/fedify @fedify/vocab-runtime
bun update @fedify/fedify @fedify/vocab-runtime
deno update @fedify/fedify @fedify/vocab-runtime

After updating, redeploy.  If you run other Fedify-based servers, update those too.

Thanks to Changkyun Kim (@me) for the report and responsible disclosure.

If anything is unclear, ask below.


fedicat@fedicat@pc.cafe boosted:
@hollo@hollo.social (2026-05-10 23:42:19)
Hollo security updates: 0.7.15 and 0.8.3
If you run Hollo, update to a patched release now.  A private network protection bypass in Fedify, the ActivityPub framework Hollo depends on, affects remote document loading.  URLs with private IPv4 addresses encoded as IPv4-mapped IPv6 literals, such as http://[::ffff:7f00:1]/, could pass URL validation even though they refer to private or loopback addresses.

Hollo uses Fedify to fetch remote ActivityPub documents and related resources.  An attacker who can make your Hollo instance fetch an attacker-controlled URL may be able to bypass the private address checks that are intended to reduce SSRF (Server-Side Request Forgery) risk.

All Hollo versions up to and including 0.7.14 and 0.8.2 are affected.  Patched releases are 0.7.15 for the 0.7.x series and 0.8.3 for the 0.8.x series.  For full technical details of the underlying vulnerability, see the Fedify security announcement.

For 0.7.x deployments, update to 0.7.15:


docker pull ghcr.io/fedify-dev/hollo:0.7.15
For 0.8.x deployments, update to 0.8.3:


docker pull ghcr.io/fedify-dev/hollo:0.8.3
After pulling the new image, restart your Hollo container.  If you deploy from source, pull the corresponding release tag and restart.

Thanks to Changkyun Kim (@me) for the report and responsible disclosure to the Fedify project.

If anything is unclear, ask below.


fedicat@fedicat@pc.cafe boosted:
@stefan@stefanbohacek.online (2026-05-10 23:50:11)
The zine is available in almost 30 languages, but volunteers are still working on translating the zine page itself.

Care to help us out?

https://github.com/jointhefediverse-net/jointhefediverse.net/issues/179


fedicat@fedicat@pc.cafe boosted:
@apps@toot.fedilab.app (2026-05-11 00:00:14)
Following the recommendations I got, I set up a #NodeBB forum to discuss the projects #Fedilab, #Holos, #CastLab and #Fedle.

Each category federates over #ActivityPub, so you can follow it directly from your Fediverse account: @fedilab, @holos, @castlab, @fedle.

More details: https://forum.fedilab.app/post/2

Older Notes