Home | Notifications | New Note | Local | Federated | Search | Logout
fedicat@fedicat@pc.cafe
The official account for the Fedicat fediverse iOS client available on TestFlight. I try to include other fediverse stuff to keep it interesting.
the website: https://fedicat.com/
daily builds on tesflight: https://testflight.apple.com/join/b6GatWTY
some code on codeberg: https://codeberg.org/technicat/fedicat
me, myself, and I: https://technicat.com/
Joined: 2026-04-16 05:05:56
116 notes, 1 following, 1 followers
fedicat@fedicat@pc.cafe (2026-05-21 09:10:10)
interesting instance
---Attachments---
image: https://cdn.masto.host/pccafe/media_attachments/files/116/609/660/309/293/119/original/89b86a95c528a698.jpeg
fedicat@fedicat@pc.cafe boosted:
@FediFollows@social.growyourown.services (2026-05-21 08:18:53)
#BritishColumbia Canada accounts to follow:
BC NEWS
@thetyee - Independent news in BC
@british-columbia-cbcnews - BC news on CBC
@TheProvince - The Province
@VancouverSun - Vancouver Sun
ENVIRONMENT
@index - Environmental news in Western Canada
CULTURE
@CloudscapeComics - Vancouver non-profit comic society & publisher
@relay - Community calendar of anti-corporate music events in Vancouver
@thegraffitiexpress - Graffiti on trains passing through Kamloops
🧵 1/5
Reply to @box464@mastodon.social
fedicat@fedicat@pc.cafe (2026-05-21 08:00:04)
@box464 days like this I'm glad I don't do server side
fedicat@fedicat@pc.cafe boosted:
@box464@mastodon.social (2026-05-21 07:52:19)
Came home to a LOTTA fediverse apps to update... 🍤 :mastodon: ⚫
fedicat@fedicat@pc.cafe boosted:
@stefan@stefanbohacek.online (2026-05-21 06:28:04)
"Decentralised social media ecosystems allow independently operated communities to communicate across shared protocols without being controlled by a single corporation.
One such example is the Fediverse, which includes platforms like micro-blogging site Mastodon and video sharing site PeerTube."
https://theconversation.com/nearly-everything-we-use-online-is-owned-by-big-tech-theres-a-better-way-forward-282969
#news #TechNews #technology #fediverse
fedicat@fedicat@pc.cafe boosted:
@fedicat@pc.cafe (2026-05-21 05:14:22)
trying out a policy of hiding link preview images that have no alt text
---Attachments---
image: https://cdn.masto.host/pccafe/media_attachments/files/116/608/733/038/995/673/original/70a9119146bdb770.jpeg
image: https://cdn.masto.host/pccafe/media_attachments/files/116/608/733/117/172/327/original/a5a972c9140a2826.jpeg
fedicat@fedicat@pc.cafe boosted:
@fediversereport@mastodon.social (2026-05-21 00:37:12)
Various projects on the open social web are working towards private data, whether that's @Mastodon getting funding for adding E2EE, Lemmy's upcoming 1.0 release featuring private communities, or Bluesky's work on expanding atproto with permissioned data.
Bounded communities with private data using open protocols sound quite like @matrix however.
I'm taking a closer look, as this comparison turns out to be quite a lot stranger than expected
https://connectedplaces.online/reports/fr163-decrypting-matrix/
fedicat@fedicat@pc.cafe boosted:
@silverpill@mitra.social (2026-05-21 05:57:34)
- https://github.com/mastodon/mastodon/releases/tag/v4.5.10
- https://hollo.social/@fedify/019e4675-05bc-7725-bcf4-aa51d6af70a0
- https://shrimp.meow.company/notes/amhmis327j0wve4w
- https://shrimp.meow.company/notes/amhmiqtsbwgmt158
- https://activitypub.software/TransFem-org/Sharkey/-/releases/2025.4.7
- https://hubzilla.org/item/53f3509f-d63d-494c-a431-ac84df9c6a57
- https://w.on-t.work/activitypub/may-2026-vulnerability
>Fix Linked-Data Signature bypass through JSON-LD graph restructuring features
JSON-LD adds nothing to Fediverse except bugs and security vulnerabilities.
Of course, there is an alternative to Linked Data signatures that doesn't require Linked Data, much simpler and more secure:
FEP-8b32: Object Integrity Proofs
#activityPub #fedidev
fedicat@fedicat@pc.cafe (2026-05-21 05:14:22)
trying out a policy of hiding link preview images that have no alt text
---Attachments---
image: https://cdn.masto.host/pccafe/media_attachments/files/116/608/733/038/995/673/original/70a9119146bdb770.jpeg
image: https://cdn.masto.host/pccafe/media_attachments/files/116/608/733/117/172/327/original/a5a972c9140a2826.jpeg
fedicat@fedicat@pc.cafe boosted:
@reiver@mastodon.social (2026-05-21 04:55:59)
Here is my work-in-progress FEP for using JSON Resume with ActivityPub:
FEP-6158: ActivityPub 'Resume' Object: JSON Resume expressed as JSON-LD
https://codeberg.org/reiver/fep/src/branch/fep-6158/fep/6158/fep-6158.md
I prefer to write for clarity, so it still needs work.
#ActivityPub #ActivityStreams #FediDev #ProToGo #JSONLD #JSONResume #fep6158 #fep_6158
fedicat@fedicat@pc.cafe boosted:
@golemwire@social.golemwire.com (2026-05-21 02:58:36)
I'm really glad #snac uses mode 660 for many of its data files. It makes it really easy for me to add my main user to my server's snac group, and be able to administer as my normal user without su'ing into the snac user.
Lots of people don't seem to think these details through, or they just forget about #unix features. The Snac author ( @grunfink@comam.es ) did it though! Thanks!
Addendum: I also just learned about using the setgid bit on a directory. That was used, too. Cool! https://www.gnu.org/software/coreutils/manual/html_node/Directory-Setuid-and-Setgid.html
fedicat@fedicat@pc.cafe boosted:
@FediGarden@social.growyourown.services (2026-05-21 03:58:10)
RE: https://cupoftea.social/@Whiskeyomega/116604022593863925
Will runs a really nice public Mastodon server at CupOfTea.social and has put a lot of work into providing people a place on the Fediverse. Unfortunately in real life he has had a neighbour attacking him by throwing a hammer through his window. If you'd like to help him you can do so through his server's ko-fi page which he links in his post below.
fedicat@fedicat@pc.cafe boosted:
@fedify@hollo.social (2026-05-21 02:35:44)
Fedify security updates: 1.9.11, 1.10.10, 2.0.18, 2.1.14, and 2.2.3
If you use Fedify, update to a patched release now. CVE-2026-42462 affects Fedify's Linked Data Signature handling. An attacker could use JSON-LD graph-restructuring features to change how a signed activity is interpreted without invalidating its Linked Data Signature.
Fedify verifies incoming ActivityPub activities with several mechanisms, including HTTP Signatures, Object Integrity Proofs, and Linked Data Signatures. The vulnerable path is Linked Data Signatures: the signature is checked over the canonical RDF graph, but JSON-LD can represent the same graph in more than one JSON shape. In affected versions, that gap could let a signed activity be reshaped so that Fedify reads a different ActivityPub object shape than intended.
The fix makes Fedify normalize Linked Data Signature-verified activities against Fedify's local JSON-LD context before interpreting them, and rejects JSON-LD constructs that can preserve the signed RDF graph while changing the ActivityPub object shape consumed by Fedify.
Patched releases are 1.9.11, 1.10.10, 2.0.18, 2.1.14, and 2.2.3. The GitHub Security Advisory is GHSA-9rfg-v8g9-9367, and the CVE ID is CVE-2026-42462.
Update @fedify/fedify:
npm update @fedify/fedify
yarn upgrade @fedify/fedify
pnpm update @fedify/fedify
bun update @fedify/fedify
deno update @fedify/fedify
After updating, redeploy. If you run other Fedify-based servers, update those too.
Thanks to @Claire for the report and responsible disclosure.
If anything is unclear, ask below.
fedicat@fedicat@pc.cafe boosted:
@hollo@hollo.social (2026-05-21 02:39:43)
Hollo security updates: 0.7.17, 0.8.6, and 0.9.1
If you run Hollo, update to a patched release now. CVE-2026-42462 affects Fedify's Linked Data Signature handling, and Hollo depends on Fedify for ActivityPub federation.
Fedify verifies incoming ActivityPub activities with several mechanisms, including HTTP Signatures, Object Integrity Proofs, and Linked Data Signatures. The vulnerable path is Linked Data Signatures: the signature is checked over the canonical RDF graph, but JSON-LD can represent the same graph in more than one JSON shape. In affected versions, that gap could let a signed activity be reshaped so that Fedify reads a different ActivityPub object shape than intended—without invalidating the signature.
The fix makes Fedify normalize Linked Data Signature-verified activities against its local JSON-LD context before interpreting them, and rejects JSON-LD constructs that can preserve the signed RDF graph while changing the ActivityPub object shape. For full technical details of the underlying vulnerability, see the Fedify security announcement.
All Hollo versions up to and including 0.7.16, 0.8.5, and 0.9.0 are affected. Patched releases are 0.7.17 for the 0.7.x series, 0.8.6 for the 0.8.x series, and 0.9.1 for the 0.9.x series.
For 0.7.x deployments, update to 0.7.17:
docker pull ghcr.io/fedify-dev/hollo:0.7.17
For 0.8.x deployments, update to 0.8.6:
docker pull ghcr.io/fedify-dev/hollo:0.8.6
For 0.9.x deployments, update to 0.9.1:
docker pull ghcr.io/fedify-dev/hollo:0.9.1
After pulling the new image, restart your Hollo container. If you deploy from source, pull the corresponding release tag and restart.
Thanks to @Claire for the report and responsible disclosure to the Fedify project.
If anything is unclear, ask below.
fedicat@fedicat@pc.cafe boosted:
@mirlo@musician.social (2026-05-21 00:12:02)
We are open source, cooperatively-run, community-led and in the process of joining the social web. We're also working collaboratively with others in the space towards different modes of decentralisation, going against enshittification and one-size-fits-all approaches.
If you'd like to support our work and help allocate more resources towards these things, there are several ways to do so at the link below. Thank you! 💪🐦⬛
https://mirlo.space/team/tip
#SupportUs #Fediverse #Support #Coop #Coops
fedicat@fedicat@pc.cafe boosted:
@box464@mastodon.social (2026-05-20 20:43:43)
@hollo releases a new major version update, 0.90. Too many changes to hit in a single post! Skimming, the most notable to users will be the switch from Pico CSS (my weekend hobbyist fave) to Uno CSS. At least in screenshots, the new UI is taking on a polished look.
Planning to upgrade, but need to review this a bit more before flipping the switch.
https://github.com/fedify-dev/hollo/discussions/496
#FediDev #ActivityPub
fedicat@fedicat@pc.cafe boosted:
@vernissage@mastodon.social (2026-05-20 22:15:51)
If you’d like to support the project and have a little free time, I’d really appreciate your help with translations. Every contribution makes a difference. 🤩
The translations have already been pre-translated automatically, so the main task is to review and approve them. Once all language translations are approved, the new version of the app will be released to production.
You can join the translation team here:
https://crowdin.com/project/vernissageweb
#Vernissage #Translation #OpenSource #Fediverse
fedicat@fedicat@pc.cafe boosted:
@sharkey@sharkey.team (2026-05-20 22:48:26)
We've released 2025.4.7, containing the security fixes mentioned. Work on merging the security fixes into develop is underway.
RE: https://sharkey.team/notes/amckzae8d8ka0001
fedicat@fedicat@pc.cafe boosted:
@MastodonEngineering@mastodon.social (2026-05-20 22:53:32)
We just released Mastodon 4.5.10, 4.4.17, and 4.3.23.
These versions contain several medium and high severity security fixes.
Also, please note that this marks the final Mastodon v4.3 update, this branch is now unsupported. If you are still using it, please move to a newer version as soon as possible.
Full release notes and update instructions are available on the GitHub releases page.
https://github.com/mastodon/mastodon/releases
#MastoAdmin
fedicat@fedicat@pc.cafe boosted:
@dansup@mastodon.social (2026-05-20 22:59:45)
Loops is the privacy focused alternative to TikTok, a fully self-hostable + ActivityPub federated platform.
A few highlights:
- Starter Kits: https://joinloops.org/starter-kits
- Embeds: https://dansup.github.io/loops-embed-demo/
- Atom feeds: https://loops.video/feeds/1.atom
Learn more: https://joinloops.org/why-loops-matters
#Loops #TikTok
fedicat@fedicat@pc.cafe boosted:
@peertube@framapiaf.org (2026-05-20 23:13:47)
For platforms already running #PeerTube release candidate version 8.2.0-rc.1, we have also released version 8.2.0-rc.2, which includes these fixes as well: https://github.com/Chocobozzz/PeerTube/releases/tag/v8.2.0-rc.2
fedicat@fedicat@pc.cafe boosted:
@reiver@mastodon.social (2026-05-20 23:13:47)
I may have written a JSON-LD schema for JSON Resume.
It is defined in terms of ActivityPub.
For example:
'Resume' is a sub-type of an ActivityPub 'Object'. There are some new fields defined. Etc.
...
Now the question is — where do I put it?
Do I create a pull-request to the JSON Resume resume-schema repo?
Do I create a FEP?
Do I put it somewhere else?
#ActivityPub #ActivityStreams #FediDev #ProToGo #JSONLD #JSONresume
fedicat@fedicat@pc.cafe boosted:
@peertube@framapiaf.org (2026-05-20 23:13:46)
We've just published #PeerTube 8.1.6 to fix several security issues. If you're running a platform, please update as soon as possible.
The full changelog can be found here: https://github.com/Chocobozzz/PeerTube/releases/tag/v8.1.6
fedicat@fedicat@pc.cafe boosted:
@vernissage@mastodon.social (2026-05-20 16:24:32)
I have prepared #Vernissage for localization into multiple languages. Language selection will be available both before login and after login in account details.
Support has been added for Finnish, French, German, Italian, Norwegian, Polish, Spanish, and Swedish.
I have added and reviewed the Polish translation. Help with verifying the remaining translations would be greatly appreciated. Work will be handled in Crowdin. 🤩
---Attachments---
image: https://files.mastodon.social/media_attachments/files/116/605/705/181/256/049/original/ad7a6e53720a9ab2.png
image: https://files.mastodon.social/media_attachments/files/116/605/705/482/693/346/original/6cffc510cf3aa2e3.png
image: https://files.mastodon.social/media_attachments/files/116/605/705/798/020/303/original/7e9c376b8060fdc4.png
fedicat@fedicat@pc.cafe boosted:
@hongminhee@hollo.social (2026-05-19 14:02:59)
The world's first Fedify book, Practical Fedify: Introduction to ActivityPub Microblog Development (実践Fedify——ActivityPubマイクロブログ開発入門), has been published in Japan. This is also the first book I have ever published, and it feels quite surreal that my first book is in Japanese rather than my native language, Korean. This book is an expanded version based on the official English Fedify tutorial, Creating your own federated microblog, with various additions. Yumetsuki Mama (ゆめつきママ) worked on the cute book cover illustration, which features the Fedify dinosaur mascot, Misskey's mascot Ai-chan, and the Mastodon mascot together. It is scheduled to be published in both e-book and print formats on the 22nd by Impress NextPublishing. See also the Amazon Japan.
fedicat@fedicat@pc.cafe boosted:
@sharkey@sharkey.team (2026-05-17 09:08:05)
This is your official notice that we'll be making a major security release for Sharkey on the 20th of May, 2026, between 2026-05-20T13:00:00.000Z and 2026-05-20T15:00:00.000Z. Prepare to update immediately upon release. If you are unable to update your instance at the given time, take it offline before the release.
fedicat@fedicat@pc.cafe (2026-05-20 10:07:24)
finally added More buttons for long posts and link preview descriptions so you don’t have to scroll scroll scroll past them
---Attachments---
image: https://cdn.masto.host/pccafe/media_attachments/files/116/604/222/967/485/738/original/88a4e689d3b32263.jpeg
image: https://cdn.masto.host/pccafe/media_attachments/files/116/604/223/084/381/706/original/3b24b54f734eefa2.jpeg
fedicat@fedicat@pc.cafe boosted:
@loadhigh@bitbang.social (2026-05-20 04:31:15)
Today someone (who is not on Mastodon) released a collection of more than 570 distinct operating systems, pre-installed with VM configurations for the 250+ different platforms, going back all the way to 1948.
https://virtualosmuseum.org/
Now, I have to admit I'm posting this without trying it myself, as I'm running low on disk space on this machine.
Because the full download is 121GB (174GB unzipped!). There is also a lighter version at 14GB that will download stuff on demand.
#retrocomputing
fedicat@fedicat@pc.cafe boosted:
@reiver@mastodon.social (2026-05-20 02:42:03)
RE: https://mastodon.social/@reiver/116597879302607072
More on a resume / CV on the Fediverse on Social Web.
Another option could be to use something like "JSON resume":
https://jsonresume.org/
https://github.com/jsonresume/resume-schema/blob/master/job-schema.json
It seems to be popular.
It isn't JSON-LD. Although I think it would be straightforward to translate it to JSON-LD, if that was desired.
#ActivityPub #ActivityStreams #FediDev #ProToGo #JSONLD #JSONresume
fedicat@fedicat@pc.cafe (2026-05-20 02:42:00)
there should be a fediverse event called fedimania
Older Notes