Home | Notifications | New Note | Local | Federated | Search | Logout

Federated Timeline


warabi餅@w4rabimochi@misskey.io boosted: @w4rabimochi@misskey.io (2026-05-04 15:43:20) ​:chippai:​​:golden_bikini_week:​ ---Attachments--- image: https://media.misskeyusercontent.com/io/d3249678-d165-4e6f-bf31-757b8f06de9a.png?sensitive=true

warabi餅@w4rabimochi@misskey.io (2026-05-04 22:01:16) OC一覧 ---Attachments--- image: https://media.misskeyusercontent.com/io/webpublic-c133697b-73cf-40a1-982f-0d971dcfeab0.png?sensitive=true
image: https://media.misskeyusercontent.com/io/webpublic-de7d1f35-145a-4eca-a3d1-04d9362ad66b.webp?sensitive=true

山野ろかみず@EN6cUMxx0rE6FFz@misskey.io (2026-05-04 22:00:12) ぎゅってされたいヴィルシーナ ---Attachments--- image: https://media.misskeyusercontent.com/io/webpublic-6dae26ca-7644-4e87-b848-5d60c008218e.webp

猫乃またたび:verified_blue: @mttb2ccp@misskey.io (2026-05-04 21:56:44) あと、相変わらずネロアリスちゃんが公式に守護られすぎてるので、僕がちゃんと脱がせておきました☺️

​:korega_seikai_dayonaa:​ ---Attachments--- image: https://media.misskeyusercontent.com/io/f4460e57-e7ea-4876-81fe-3e85983b212d.webp?sensitive=true

Adële 🐁!@adele@social.pollux.casa (2026-05-04 21:52:58) #SmolFedi is a lightweight, no-JavaScript Fediverse web client written in PHP.

v1.2.6 is availableLocalized in English, German, Spanish and French 🌍Add Explore page: trending posts, trending hashtags, trending links, and suggested accountsAdd scheduled post featureSource/download

Demo instance

#smolweb #fediverse #nojs

Michael Kratzenberg 📢@kratzen@berg.mobilecourant.org boosted: @czarbucks@vmst.io (2026-05-04 21:07:00) The standard Fox News fare of BS and partisan slurs over reality apparently targeted #Asheville a week or so ago and I had missed it.

They did manage to talk only to Republicans.

https://www.foxnews.com/us/charming-mountain-escape-battling-homelessness-homeowners-say-turned-postcard-city-go-zone

Today, the #AVLWatchdog had a pretty good rejoinder, including the fact that one of the Repubs they had interviewed is not only running for Governor, but also the head of Trump's FEMA, which should be providing funds for the area to recover after Helene:

https://avlwatchdog.org/opinion-i-spent-an-afternoon-in-downtown-asheville-and-lived-to-tell-about-it/

Edge@czarbucks@vmst.io (2026-05-04 21:07:00) The standard Fox News fare of BS and partisan slurs over reality apparently targeted #Asheville a week or so ago and I had missed it.

They did manage to talk only to Republicans.

https://www.foxnews.com/us/charming-mountain-escape-battling-homelessness-homeowners-say-turned-postcard-city-go-zone

Today, the #AVLWatchdog had a pretty good rejoinder, including the fact that one of the Repubs they had interviewed is not only running for Governor, but also the head of Trump's FEMA, which should be providing funds for the area to recover after Helene:

https://avlwatchdog.org/opinion-i-spent-an-afternoon-in-downtown-asheville-and-lived-to-tell-about-it/

Michael Kratzenberg 📢@kratzen@berg.mobilecourant.org (2026-05-04 21:04:13) A government "by the people, for the people" probably meant something else back in the day- but right now our president is a convicted rapist and accused pedophile who is spending our tax dollars on a shiny gold ballroom for him and his buddies.
Not a lot of gov cash spent helping the rest of us...

Michael Kratzenberg 📢@kratzen@berg.mobilecourant.org boosted: @peggystuart.bsky.social@bsky.brid.gy (2026-05-03 23:49:31) Asheville, NC high schoolers are currently schooling the presidency on what real leadership looks like. It is inspiring to see thousands marching behind a generation that is done waiting for permission from a government that doesn't care about the people. ---Attachments--- https://agaric.us-west.host.bsky.network/xrpc/com.atproto.sync.getBlob?did=did:plc:7fo4kehjjc7fbnan4dkyqrty&cid=bafkreihyscnes56ndmtsjnalcyuzy7gexqj2t4dihbkaddrdivuhdhy5vm

dansup@dansup@mastodon.social (2026-05-04 19:39:03) I made a lot of progress on the new Pixelfed UI this past weekend, and I can't wait to ship it so you can see how amazing :pixelfed: can be with a modern design and more stable backend/federation 😉

Todd Sundsted@toddsundsted@epiktistes.com (2026-05-04 19:38:57) Release v3.3.7 of Ktistec fixes several bugs and introduces two enhancements.

Security is a focus in this release. Every gap in input sanitization or escaping is a potential vulnerability, and I've been systematically closing them. I am also carefully, and maybe conservatively, restricting things like supported URL schemes and uploaded file types.

The two enhancements improve compatibility with Mastodon-compatible clients. Mastodon's OAuth tokens don't expire, and Mastodon clients don't know how to handle tokens that do. Sliding expiration ensures that tokens in active use stay alive, while unused tokens eventually expire.

Here's the full changelog:

Added

Sliding token expiration for OAuth2 access tokens.
Mastodon-compatible API: /api/v1/accounts/update_credentials endpoint.
Fixed

Prevent pinning of (and auto-unpin) private objects.
Don't save a quote if the quoted actor cannot be dereferenced.
Fix rendering of federated actor profile attachment values.
Remove href attributes with unsafe schemes from sanitized HTML.
Escape interpolated values in view helpers and the actor icon streaming refresh.
Restrict upload extensions and serve uploads with X-Content-Type-Options: nosniff.
Escape publicKey and scrub Tag.href.
Sanitizer no longer permits single-quote attribute injection.
Ensure bearer-token sessions cannot reach the web UI.
Require client authentication on the OAuth token endpoint.
I'm working on performance improvements for the next release. A rewrite of the Slang template library looks like it will cut both build time and executable size by around 10%!

📡 Stay tuned!

#ktistec #crystallang #activitypub #fediverse

Fedilab Apps@apps@toot.fedilab.app (2026-05-04 19:15:14) Settings in #Fedilab have been reworked to improve the UX.

A search feature is now available to filter them. The settings are also organized into clearer categories, and the matching item is highlighted when you tap it.

To translators, this feature introduces many new keywords used for filtering. Thank you for your contribution. ---Attachments--- image: https://cdn.masto.host/tootfedilabapp/media_attachments/files/116/515/780/126/706/207/original/f0d728b62a415316.png
image: https://cdn.masto.host/tootfedilabapp/media_attachments/files/116/515/780/205/309/400/original/e4af90d79f186665.png
image: https://cdn.masto.host/tootfedilabapp/media_attachments/files/116/515/780/300/285/137/original/b488760409a51b5e.png

Reply to @tak4 たかし@tak4 (2026-05-04 18:15:29) パッケージマネージャでライブラリをインストールすると著作権に関する文書もついてくる様なのでそれを一つ一つ調べ、テキストファイルにまとめればいいはず

たかし@tak4 (2026-05-04 18:06:15) ライブラリを静的リンクした実行形式を配布する場合、帰属表示が面倒臭いかも

warabi餅@w4rabimochi@misskey.io boosted: @gyuuhimochi@misskey.io (2026-05-04 15:28:14) ​:golden_bikini_week:​ ---Attachments--- image: https://media.misskeyusercontent.com/io/2b72580a-32c1-4cfc-8703-38eebc349cc9.png?sensitive=true

Reply to @phnt@fluffytail.org Phantasm@phnt@fluffytail.org (2026-05-04 17:36:00) @silverpill Basically the way I see it is another round of reinventing a perfectly functional wheel once again.

たかし@tak4@mstdn.y-zu.org (2026-05-04 17:34:41) やはりアバターを設定可能なsnsでは魚の絵をアバターにしよう

Reply to @silverpill@mitra.social Phantasm@phnt@fluffytail.org (2026-05-04 17:09:56) @silverpill It's just more stuff nobody wanted and nobody will implement. Emelia is correct in sticking to RFC, but the issue is that there has to be a really good reason to implement two separate authentication mechanisms and C2S isn't a compelling argument. I'm not annoyed by which OAuth version to choose, or what new scopes to make, or what page long flow chart the flow will required. This shouldn't exist at all.

Stick the OAuth endpoints of your server software into the Actor under "endpoints", talk MastoAPI scopes to them and be done with it. If you are implementing a fedi app, chances are high you are working with MastoAPI already in some way (unless you are doing Misskey), introducing a completely new mechanism for authentication is a recipe for disaster.

Reply to @phnt@fluffytail.org silverpill@silverpill@mitra.social (2026-05-04 17:02:55) @phnt I don't quite understand what this is all about. It seems that Emelia is suggesting sticking to RFCs while Evan is pushing for a custom solution.
Is OAuth 2.1 a bad thing? On the surface, it is an improvement, basically an update to OAuth 2.0 that makes it less ambiguous and more secure.

Wilson "Beans Clock" Scraddock@beanclock@jorts.horse (2026-05-04 16:56:28) when i was about 14 i tried to add star wars day to the wikipedia page for the 4th of may, and a moderator rejected it saying it was a lame joke even the worst daytime radio presenter wouldn't make. well who's laughing now buddy? that's right. the unstoppable death march of capitalism

fedicat@fedicat@pc.cafe boosted: @sabrinkmann@hachyderm.io (2026-05-04 16:46:24) "The future is federated" presenting at #2mr from @_elena ---Attachments--- image: https://media.hachyderm.io/media_attachments/files/116/515/190/405/851/611/original/9d402ba2108008fb.jpg

warabi餅@w4rabimochi@misskey.io boosted: @zenokidon1@misskey.io (2026-05-04 13:27:23) 💎シンデレラ『ふふ♡ 今夜は王子様の全部搾り取ってあげるわ..♡』

[フル手描きボイス付アニメ全見放題❣️]
https://fantia.jp/posts/3947198 ---Attachments--- image: https://media.misskeyusercontent.com/io/338ecd92-435e-4663-9b4d-8ae732ca186b.gif?sensitive=true

Samuel Brinkmann@sabrinkmann@hachyderm.io (2026-05-04 16:46:24) "The future is federated" presenting at #2mr from @_elena ---Attachments--- image: https://media.hachyderm.io/media_attachments/files/116/515/190/405/851/611/original/9d402ba2108008fb.jpg

Phantasm@phnt@fluffytail.org (2026-05-04 16:23:45) >We will end up with an OAuth profile for ActivityPub, but it'll probably just be mostly identical to the OAuth profile from AT Protocol.

Literally nobody cares. Nobody asked. Nobody is implementing this shitshow: https://github.com/swicg/activitypub-api/issues/1#issuecomment-3708524521
We solved the issue a long time ago.
image.png

RT: https://activitypub.space/post/1839 ---Attachments--- image: https://upload.fluffytail.org/media/a2/3d/b6/a23db6e43b3dd885e23ddf22aa065f34fbc68f0b7a806eeadc73b42eab84ab26.png?name=image.png

Reply to @chlo@w.chlo.is silverpill@silverpill@mitra.social (2026-05-04 16:10:44) @chlo You probably need to add --features production flag:cargo build --release --features production

https://codeberg.org/silverpill/mitra#building-from-source

Jim DeLaHunt@jdlh@mstdn.ca (2026-05-04 16:06:31) @hongminhee @liaizon @Edent @north @Profpatsch (1/3)

Report back from #FediForum last week. Held a good session on #GloballyInclusive handles. Just a few attendees, but one knew the technical issues deeply and was well connected to ActivityPub design. Session notes will likely appear at https://fediforum.org/topics/#topic-internationalization in a few weeks. For now, here is a summary:

#i18n #GloballyInclusiveFediverse #Fediverse #Multilingual

naturaleza24@naturaleza24@mast.lat (2026-05-04 15:52:43) #fotografie #nature #photography ---Attachments--- image: https://media.mast.lat/mast/media_attachments/files/116/514/981/902/190/504/original/3b25f46220ad22c4.png

naturaleza24@naturaleza24@mast.lat (2026-05-04 15:49:40) #fotografie #nature #photography ---Attachments--- image: https://media.mast.lat/mast/media_attachments/files/116/514/970/328/909/073/original/b741da0d9a196a33.png

warabi餅@w4rabimochi@misskey.io boosted: @myonshiso@misskey.io (2026-01-18 03:19:17) ノゾミすき、膝枕して ---Attachments--- image: https://media.misskeyusercontent.com/io/webpublic-fad660b5-2e52-4cad-b7c1-8320bb5bec77.webp?sensitive=true

warabi餅@w4rabimochi@misskey.io boosted: @horin2509@misskey.io (2026-05-04 12:46:45) ニコ バック🔞​:niko_face_normal:​ ---Attachments--- image: https://media.misskeyusercontent.com/io/webpublic-60fbdf52-8634-48ce-bf5a-85d28cca24fe.webp?sensitive=true
Older Notes