Home | Notifications | New Note | Local | Federated | Search | Logout
fedicat@fedicat@pc.cafe
The official account for the Fedicat fediverse iOS client available on TestFlight. I try to include other fediverse stuff to keep it interesting.
the website: https://fedicat.com/
daily builds on tesflight: https://testflight.apple.com/join/b6GatWTY
some code on codeberg: https://codeberg.org/technicat/fedicat
me, myself, and I: https://technicat.com/
Joined: 2026-04-16 05:05:56
114 notes, 1 following, 1 followers
fedicat@fedicat@pc.cafe boosted:
@apps@toot.fedilab.app (2026-06-10 05:16:47)
RE: https://toot.fedilab.app/@apps/115572783993063223
This post is about 7 months old, and #HolosSocial went far beyond it since. It now has #E2EE DMs with the Signal protocol, and real identity portability. You can use a custom domain so your identity rests on your own name and keys, and keep your media on your own cloud. Leaving a relay is no longer a migration, you just point your domain elsewhere and keep going. This remains optional, you have time to discover the app and enable things later that will give you full independence on #ActivityPub.
Reply to @stefan@stefanbohacek.online
fedicat@fedicat@pc.cafe (2026-06-10 05:36:29)
@stefan I've found them useful just for categorizing posts and compacting my feed, e.g. I have a bunch of posts in my feed hidden under a filter titled "AI" (including my own posts), so I have an idea what the post is about and tap to read it if I'm in the mood
fedicat@fedicat@pc.cafe boosted:
@stefan@stefanbohacek.online (2026-06-10 05:20:36)
RE: https://mastodon.gamedev.place/@eniko/116721882359641197
Filters are an awesome feature and likewise, big fan.
Definitely recommend getting familiar with it, if your server/platform has it!
https://stefanbohacek.com/blog/on-fediverse-content-warnings-and-filters/
fedicat@fedicat@pc.cafe (2026-06-10 02:50:38)
new doc for mastodon annual reports
https://docs.joinmastodon.org/methods/annual_reports/
fedicat@fedicat@pc.cafe boosted:
@HolosSocial@mastodon.social (2026-06-10 02:47:11)
Having lists that mix accounts and hashtags is now possible in #HolosSocial 1.9.0.
To follow a topic, you often need both: a few accounts and the hashtags people use for it. Putting them in one list gives you the full picture in a single feed. It also keeps your home timeline clean, since busy hashtags stay in their list instead of flooding everything else.
---Attachments---
image: https://files.mastodon.social/media_attachments/files/116/721/400/565/097/323/original/ec282808ac082c36.png
image: https://files.mastodon.social/media_attachments/files/116/721/400/608/574/614/original/5162bda1a9dda8ff.png
fedicat@fedicat@pc.cafe (2026-06-10 02:45:57)
new one
https://github.com/mastodon/documentation/commit/03ad754b529d929dca2949cb5f79712c594573a7
fedicat@fedicat@pc.cafe (2026-06-10 02:35:23)
mastodon alpha collection api is deprecated (I wasn't sure if it was just going to disappear so I turned it off, went on a road trip for a week, and now it's back on in fedicat but with the final v1 endpoints)
https://github.com/mastodon/mastodon/commit/b48f907b20e2c9909665a484041845697d26f17c
fedicat@fedicat@pc.cafe boosted:
@mastoblaster@mastoblaster.app (2026-06-10 02:27:06)
With the latest MastoBlaster builds, feedback reporting issues or problems has dropped dramatically. There will probably be a few more TestFlight builds, but I think the time is coming to promote the app to "stable" and release it officially on the App Store.
As a reminder, the app will remain free for all friends of BSD Cafe, illumos Cafe, or anyone using it to connect to snac instances.
More details once I've worked out a few specifics.
Stay tuned!
#MastoBlaster #MastoBlasterUpdates
fedicat@fedicat@pc.cafe boosted:
@HolosSocial@mastodon.social (2026-06-10 02:05:40)
#HolosSocial 1.9.0 is available.
In this release you can now share posts and profiles across the Fediverse apps (web+ap), add hashtags to your lists alongside accounts, subscribe to hashtags from the timeline, and search your followed ones. Quick list creation from a profile, and you can now hide individual bottom tabs.
It also brings several fixes and reworked multi-account data isolation.
Release notes: https://codeberg.org/tom79/Holos-App/releases/tag/1.9.0
fedicat@fedicat@pc.cafe boosted:
@mkljczk@pl.fediverse.pl (2026-06-10 00:35:09)
while working on the deck i’ve done some improvements to hotkey navigation that will also affects users in single-column mode
#nicolium
fedicat@fedicat@pc.cafe boosted:
@FediFollows@social.growyourown.services (2026-06-09 08:23:28)
#Arizona USA accounts to follow:
ARIZONA NEWS
@azpm - PBS & NPR affiliate in Southern Arizona
@azmirror.com - News feed of Arizona Mirror
@PatagoniaRT - Local news for Mountain Empire communities of Canelo, Elgin, Patagonia, Sonoita in Santa Cruz County
@index - LGBTQIA+ news in Arizona
TECHNOLOGY
@PLUG - Linux user group in Phoenix
@cactuscon - Hacker conference in AZ
SCIENCE & ACADEMIC
@redata - Research data repository at Univ of Arizona
🧵 Thread page 1 of 3
#Phoenix
fedicat@fedicat@pc.cafe boosted:
@cogdog@cosocial.ca (2026-06-09 12:16:45)
Fediverse help call. Our non profit org’s Mastodon account is on server of project that went under, the maintainer has server running but let domain lapse (I can connect with IP address added to my hosts file). I have downloaded follows and lists, as well as full archive.
If I cant convince to renew domain, can wemigrate. Advice for moving? And where? Paging @stefan @FediTips
fedicat@fedicat@pc.cafe boosted:
@Punah@loops.video (2026-06-09 00:30:38)
Working on adding Starter Kits. The UI/UX is definitely not final but it works. It's super cool that more platforms Like Loops and now Mastodon have it.
#Loops #LoopsDev #StarterKits #Punah #PunahApp
---Attachments---
video: https://loopsusercontent.com/videos/286957193274361512/290697669109046604/uDQTOa3LaFwRqhZgE0lhsdg2uXGTjVloh6zHVj97.720p.mp4
fedicat@fedicat@pc.cafe boosted:
@hollo@hollo.social (2026-06-09 00:08:21)
Hollo security updates: 0.7.18, 0.8.7, and 0.9.4
If you run Hollo, update to a patched release now. CVE-2026-50131 affects Fedify's SSRF protection, and Hollo depends on Fedify for ActivityPub federation.
Fedify guards against SSRF (Server-Side Request Forgery) when fetching remote ActivityPub objects, documents, and media by validating that the resolved destination is a public IP address. The previous SSRF fix (GHSA-p9cg-vqcc-grcx) blocked common private and local ranges such as 10.0.0.0/8, 127.0.0.0/8, 169.254.0.0/16, 172.16.0.0/12, and 192.168.0.0/16, but the validation was incomplete—it still treated several special-use IPv4 ranges as public destinations that should have been rejected. These include carrier-grade NAT (100.64.0.0/10), benchmarking and internal testing networks (198.18.0.0/15), multicast (224.0.0.0/4), reserved (240.0.0.0/4), IETF protocol assignments (192.0.0.0/24), and documentation ranges (192.0.2.0/24, 198.51.100.0/24, 203.0.113.0/24).
An attacker who controls a remote ActivityPub object or media URL could therefore cause a Hollo instance to initiate outbound requests to non-public or special-use network ranges, depending on the deployment environment and network routing.
For full technical details of the underlying vulnerability, see the Fedify security advisory and the Fedify security announcement.
All Hollo versions up to and including 0.7.17, 0.8.6, and 0.9.3 are affected. Patched releases are 0.7.18 for the 0.7.x series, 0.8.7 for the 0.8.x series, and 0.9.4 for the 0.9.x series.
For 0.7.x deployments, update to 0.7.18:
docker pull ghcr.io/fedify-dev/hollo:0.7.18
For 0.8.x deployments, update to 0.8.7:
docker pull ghcr.io/fedify-dev/hollo:0.8.7
For 0.9.x deployments, update to 0.9.4:
docker pull ghcr.io/fedify-dev/hollo:0.9.4
After pulling the new image, restart your Hollo container. If you deploy from source, pull the corresponding release tag and restart.
Thanks to Chaitanya Vilas Garware for the report and responsible d
fedicat@fedicat@pc.cafe boosted:
@mkljczk@pl.fediverse.pl (2026-06-09 00:10:37)
meow?
---Attachments---
image: https://mediapl.fediverse.pl/media/a5/28/45/a528450d84413f612027af1809c361504a69d48acd2699d94ce1b6c8df6c7b7a.png
fedicat@fedicat@pc.cafe boosted:
@botkit@hollo.social (2026-06-09 00:20:09)
BotKit security updates: 0.3.4 and 0.4.3
If you use BotKit, update to a patched release now. CVE-2026-50131 affects Fedify's SSRF protection for remote document and media loading, and BotKit inherits the exposure through its dependency on Fedify.
Fedify validates remote ActivityPub document and media URLs before fetching them, including direct IP literals and hostnames resolved through DNS, to protect against Server-Side Request Forgery (SSRF). The vulnerable path is validatePublicUrl(): affected versions rejected common private and local addresses, but still treated several special-use IPv4 ranges—including carrier-grade NAT, benchmarking, multicast, reserved, and documentation networks—as public internet destinations. An attacker could use these special-use IP address ranges to bypass Fedify's SSRF protections and cause a BotKit server to initiate requests to non-public or special-use network destinations, depending on the deployment environment and network routing.
The fix makes Fedify validate resolved addresses against public-network expectations instead of relying on the incomplete denylist. It rejects additional special-use IPv4 ranges before remote document or media fetching proceeds.
All versions of BotKit up to 0.3.3 (in the 0.3.x branch) and 0.4.2 (in the 0.4.x branch) are affected. Patched releases are 0.3.4 and 0.4.3.
For BotKit 0.4.x, update @fedify/botkit:
npm update @fedify/botkit
yarn upgrade @fedify/botkit
pnpm update @fedify/botkit
bun update @fedify/botkit
deno update @fedify/botkit
For BotKit 0.3.x, update @fedify/botkit:
npm update @fedify/botkit@0.3.4
yarn upgrade @fedify/botkit@0.3.4
pnpm update @fedify/botkit@0.3.4
bun update @fedify/botkit@0.3.4
deno update @fedify/botkit@0.3.4
After updating, redeploy. The GitHub Security Advisory is GHSA-xw9q-2mv6-9fr8, and the CVE ID is CVE-2026-50131. See also fedify-dev/fedify#796 for Fedify's own announcement.
Thanks to Chaitanya Vilas Garware for the report and responsible
fedicat@fedicat@pc.cafe boosted:
@stefan@stefanbohacek.online (2026-06-09 00:22:48)
RE: https://mastodon.iftas.org/@iftas/116715105294380557
Heads-up! I know I have a few mutuals on this server.
Reply to @stefan@stefanbohacek.online
fedicat@fedicat@pc.cafe (2026-06-09 00:21:42)
@stefan pretty cool!
---Attachments---
image: https://cdn.masto.host/pccafe/media_attachments/files/116/715/166/204/456/561/original/c8acd9ff42bfe491.jpeg
fedicat@fedicat@pc.cafe boosted:
@stefan@stefanbohacek.online (2026-06-08 21:48:51)
A little tool I made to "fediversify" your profile image.
https://avatars.jointhefediverse.net
Hope you'll like it!
#fediverse
fedicat@fedicat@pc.cafe boosted:
@stefan@stefanbohacek.online (2026-06-08 21:50:31)
Inspired by this recent "promo image" for the fediverse zine I made.
https://stefanbohacek.online/@stefan/116510604283511719
Go check it out, if you haven't seen it yet!
https://jointhefediverse.net/zine
fedicat@fedicat@pc.cafe boosted:
@dansup@mastodon.social (2026-06-08 23:01:40)
Make platforms easy for everyone, and document them with simple knowledge bases or help centers.
It may be a boring topic, but this is how we go mainstream by making your platforms easy to navigate and understand.
The new Loops Support site will be launching later this week, and Pixelfeds Support site will be launching later next month!
#Support #HelpCenters #Pixelfed #Loops
---Attachments---
image: https://files.mastodon.social/media_attachments/files/116/714/836/110/394/520/original/6ae1c721326764f1.png
image: https://files.mastodon.social/media_attachments/files/116/714/836/676/588/360/original/02b0a1f4b4bfc9f3.png
image: https://files.mastodon.social/media_attachments/files/116/714/836/923/326/047/original/09d53dbc5b430c2c.png
fedicat@fedicat@pc.cafe boosted:
@fedify@hollo.social (2026-06-08 23:56:47)
Fedify security updates: 1.9.12, 1.10.11, 2.0.20, 2.1.16, and 2.2.5
If you use Fedify, update to a patched release now. CVE-2026-50131 affects Fedify's public URL validation for remote document and media loading. An attacker could use special-use IP address ranges to bypass Fedify's SSRF protections and cause a Fedify server to initiate requests to non-public or special-use network destinations, depending on the deployment environment and network routing.
Fedify validates remote ActivityPub document and media URLs before fetching them, including direct IP literals and hostnames resolved through DNS. The vulnerable path is validatePublicUrl(): affected versions rejected common private and local addresses, but still treated several special-use IPv4 ranges as public internet destinations. That gap could allow outbound requests to ranges such as carrier-grade NAT, benchmarking, multicast, reserved, and documentation networks.
The fix makes Fedify validate resolved addresses against public-network expectations instead of relying on the incomplete denylist. It rejects additional special-use IPv4 ranges and IPv6 translation or tunneling prefixes, including NAT64, Teredo, and 6to4 addresses, before remote document or media fetching proceeds.
Current patched releases are 1.9.12, 1.10.11, 2.0.20, 2.1.16, and 2.2.5. The GitHub Security Advisory is GHSA-xw9q-2mv6-9fr8, and the CVE ID is CVE-2026-50131.
Update @fedify/fedify:
npm update @fedify/fedify
yarn upgrade @fedify/fedify
pnpm update @fedify/fedify
bun update @fedify/fedify
deno update @fedify/fedify
If your project depends directly on @fedify/vocab-runtime, update that package too.
After updating, redeploy. If you run other Fedify-based servers, update those too.
Thanks to Chaitanya Vilas Garware for the report and responsible disclosure.
If anything is unclear, ask below.
fedicat@fedicat@pc.cafe boosted:
@wild1145@mastodonapp.uk (2026-06-08 06:52:52)
Apologies to those that have had to wait longer than usual for accounts to be approved here on #MastodonAppUK and #Universeodon - We've had a large spike in spam accounts with increasingly legitimate looking reasons for joining and a wider range of domains and IPs than usual. It's taking a lot more work than normal to work out which accounts appear to be legitimate and which ones are bots / bad actors.
fedicat@fedicat@pc.cafe boosted:
@pachli@mastodon.social (2026-06-08 16:08:27)
#pachli development focus for the next couple of weeks is supporting the new #FeaturedCollections feature in the latest Mastodon release.
This is probably going to drop in multiple Pachli Current releases over the next few weeks. https://github.com/pachli/pachli-android/issues/2319 tracks the work.
fedicat@fedicat@pc.cafe boosted:
@Catfish_Man@mastodon.social (2026-06-08 05:19:08)
#Caturday nonsense
#CatsOfMastodon
---Attachments---
image: https://files.mastodon.social/media_attachments/files/116/710/671/373/304/964/original/8f864afcfef0c656.jpeg
image: https://files.mastodon.social/media_attachments/files/116/710/671/998/627/532/original/62f3af6f5d73de74.jpeg
image: https://files.mastodon.social/media_attachments/files/116/710/672/372/291/452/original/96812d1b76f1f852.jpeg
image: https://files.mastodon.social/media_attachments/files/116/710/673/155/463/364/original/4d67bda436967dde.jpeg
fedicat@fedicat@pc.cafe boosted:
@cheeaun@mastodon.social (2026-06-07 01:42:19)
Probably gone a bit overboard? It's fun though 🤔
Still WIP on local dev. #MastoDev #PhanpySocialDev #SneakPeek
---Attachments---
image: https://files.mastodon.social/media_attachments/files/116/704/158/400/851/880/original/fb28a804bf2bffbc.png
video: https://files.mastodon.social/media_attachments/files/116/704/158/443/097/790/original/83f8e745d791845f.mp4
fedicat@fedicat@pc.cafe boosted:
@sabrinkmann@hachyderm.io (2026-06-02 04:15:16)
The Fediverse is so cool because of the diversity of the different software. In the last weeks, I did build a (completely?) new one. The Menuverse consists of two software: 1) create daily changing dishes like in a canteen, and 2) can aggregate different of this actors in a marketplace. The working title for this is Menuverse.
Every canteen is Fediverse actor and not only can these marketplaces subscribe to this, but also other softwares like Mastodon, Misskey and so on.
I created a demo setup with live data from different university canteens here:
https://mahlzeitheute.de/ This is the marketplace software)
(The data and frontend is currently only in German).
You can also visit or follow the nearest canteen to me here: @fl-ca1.
You can find the full software here: https://codeberg.org/54GradSoftware/menuverse
But please note that this still quite experimental and I would not advise running in production (unsupervised).
I would love to get (technical) feedback, and I'm looking for real canteens who would like to test the software.
More information in the next posts (this is a thread). [1/4]
#fep0837 #FediverseDevs #fediverse
fedicat@fedicat@pc.cafe boosted:
@lauti@bonfire.cafe (2026-06-05 23:05:18)
The next step in our #activitypub implementation is ready! This brings a simple instance actor object along with #webfinger support for it and a #nodeinfo endpoint.
We highly appreciate reviews from any #fedidev 🙏
codeberg.org/Klasse-Methode/...
We are really greatfull for @nlnet@social.nlnet.nl to fund this work and for @linos@graz.social for being such a great mentor!
fedicat@fedicat@pc.cafe boosted:
@betula@fosstodon.org (2026-06-06 23:25:12)
Introducing Betula v1.8.0
#Betula is a self-hosted federated bookmark manager. Tags, notes, search, #Fediverse, archives.
This release introduces import and export of bookmarks in Netscape Bookmark File, Pinboard JSON and Raindrop CSV.
Release notes: https://joinbetula.org/v1.8.0.html
This release was sponsored by @nlnet
May you be happy!
---Attachments---
image: https://cdn.fosstodon.org/media_attachments/files/116/703/612/372/254/233/original/0d6d82f3200cdc30.png
fedicat@fedicat@pc.cafe boosted:
@koen@pixelfed.com (2026-06-07 17:37:08)
Look #plushtodon at #tdose 20 year anniversary edition.
---Attachments---
image: https://pixelfed.web.procolix.eu/public/m/_v2/821091058097852417/b5862bd14-4506fa/IGFyiM4c96u6/VIXA6I5mwmUZCaGu0TO1Lvulpv5WxOhyf6gyiKC4.jpg
Older Notes