Federated Timeline

Home | Notifications | New Note | Local | Federated | Search | Logout

Federated Timeline

Firestorm Books@firestorm@kolektiva.social (2026-05-11 01:14:57)
Our collective endorses the "Sunshine Over Surveillance" open letter published by Sunshine Labs, which urges Asheville City Council to vote NO on a $1.14M DOJ grant to expand surveillance through the creation of a "real time intelligence center," and the authorization of a separate 7.5-year contract with Axon.

In particular, we agree with the following major objections articulated by the authors:

"Public participation and procurement have been bypassed. Council has heard from only APD and the vendors. The 7.5-year Axon contract has had no committee review and is being authorized through Sourcewell—a cooperative-purchasing exemption that bypasses competitive bidding.

Residents need more information. The proposed Axon contract and the existing Flock contract are both unpublished. APD has refused a public records request for Flock audit logs. One agency on APD's Flock data-sharing list is Florida Fish & Wildlife—reported by @404mediaco to be running thousands of Flock searches on behalf of ICE.

Federal money is not free money. The current administration has explicitly conditioned federal funding on local ICE cooperation and pursued legal action against jurisdictions that limit it. The grant resolution itself acknowledges that compliance terms will be set "at the Federal level"—and reviewed only AFTER acceptance. Separately, Axon held approximately $31.9 million in ICE contracts in 2025.

Civilian oversight has been dismantled. Asheville's Citizens Police Advisory Committee was paused in 2020 and dismantled in 2024. APD points to self-audits—but in San Francisco, SFPD shared Flock data with ICE and out-of-state agencies 1.6 million times in violation of state law, undetected through two consecutive quarterly audits."

---

As an abolitionist organization, Firestorm believes that police reform is unrealistic and opposes any investment in policing. Sunshine Labs demonstrates that even non-abolitionists should reject the undemocratic and opaque proposals under conside
---Attachments---
image: https://kolektiva.social/system/media_attachments/files/116/551/164/667/057/729/original/0d5a6b5378f64b49.jpg
image: https://kolektiva.social/system/media_attachments/files/116/551/164/655/022/214/original/ab4441bd716a0cc4.jpeg


Reply to @fedicat@pc.cafe
fedicat@fedicat@pc.cafe (2026-05-11 01:09:06)
@liaizon @cheeaun there's quite a bit more to add, it's like quote posts so you get notifications about getting added to a collection and you can remove yourself from a collection, and I just added a check to see if a collection is marked sensitive and thus hide it with a warning like posts


Michael Kratzenberg 📢@kratzen@berg.mobilecourant.org boosted:
@gabrielesvelto@mas.to (2026-05-10 19:14:09)
I had heard about the CloudFlare job cuts, what I had not realized is that after announcing them the company lost over 23% of its value in one sitting. I guess the trick of announcing job cuts to pump up your stock doesn't work anymore.
---Attachments---
image: https://media.mas.to/media_attachments/files/116/549/735/976/650/705/original/3983c8ccf9914111.png


Reply to @liaizon@social.wake.st
fedicat@fedicat@pc.cafe (2026-05-11 00:54:06)
@liaizon @cheeaun I think so! The official mastodon ios app has recent commits (which I've been referencing to figure out what's available) but I don't think it's updated on the app store yet. The advantage of testflight, I can knock out a change 1-2 times a day.


fedicat@fedicat@pc.cafe boosted:
@vernissage@mastodon.social (2026-05-10 18:02:24)
Today we released #Vernissage 1.36.0 🎉

The biggest change is support for pinning photos to your user profile, synchronized with other Fediverse platforms that support the "featured" collection. This release also includes smaller fixes, such as better error logging and improved status parsing to HTML with hashtags. The iOS app has been submitted to Apple for review and should be on your phones soon.

Thank you to everyone supporting and helping the project! 💚😊
---Attachments---
image: https://files.mastodon.social/media_attachments/files/116/549/466/446/651/440/original/8e17186bacc846ff.png
image: https://files.mastodon.social/media_attachments/files/116/549/466/759/440/617/original/ff8243f603eea045.png
image: https://files.mastodon.social/media_attachments/files/116/549/467/107/189/393/original/7d82d95a46f3e688.png
image: https://files.mastodon.social/media_attachments/files/116/549/467/499/768/860/original/694e8a30d440a3ca.png


fedicat@fedicat@pc.cafe boosted:
@vernissage@mastodon.social (2026-05-10 18:05:15)
Today we released a new version of #Vernissage, and I’d like to share a brief look at what’s coming next.

Before the summer holidays, we plan to implement hashtag following and prepare all app strings for translation, then publish them in a translation system so the community can help. During the summer, we’ll focus on push notifications for the iOS app and keep crushing the currently reported bugs. After the holidays, we hope to release multilingual support in both the iOS and Angular apps. 😊


fedicat@fedicat@pc.cafe boosted:
@dansup@mastodon.social (2026-05-10 19:11:13)
Love the feeling of working on Pixelfed again after taking a break to build Loops.

The community on Pixelfed is straight up goals, so many vibrant photographers from around the world sharing moments we love to see.

The lack of influencers is refreshing.


fedicat@fedicat@pc.cafe boosted:
@dansup@mastodon.social (2026-05-10 19:17:11)
I spent 7 years working on Pixelfed almost every day, and in the past 18 months we've went from 200k users to over 1 million!

Some could argue the break after FediCon to build Loops was a mistake, but the fediverse needed a solid short video platform and I didn't want to force that on Pixelfed.

Now this summer belongs to Pixelfed.

Stay tuned, I want to improve the web and mobile apps for the next million or ten million new Pixelfed members 🚀

#Pixelfed


fedicat@fedicat@pc.cafe boosted:
@fedify@hollo.social (2026-05-10 23:13:33)
Fedify security updates: 1.9.10, 1.10.9, 2.0.16, 2.1.12, and 2.2.1
If you use Fedify, update to a patched release now.  A private network protection bypass affects Fedify's remote document loading code.  URLs with private IPv4 addresses encoded as IPv4-mapped IPv6 literals, such as http://[::ffff:7f00:1]/, could pass validatePublicUrl() even though they refer to private or loopback addresses.

Fedify uses validatePublicUrl() when fetching remote ActivityPub documents and related resources.  An attacker who can make a Fedify server fetch an attacker-controlled URL may be able to bypass the private address checks that are intended to reduce SSRF risk.

All versions up to and including 2.2.0 are affected.  Patched releases are 1.9.10, 1.10.9, 2.0.16, 2.1.12, and 2.2.1.

For Fedify 1.x, update @fedify/fedify:

npm update @fedify/fedify
yarn upgrade @fedify/fedify
pnpm update @fedify/fedify
bun update @fedify/fedify
deno update @fedify/fedify

For Fedify 2.x, update both @fedify/fedify and @fedify/vocab-runtime:

npm update @fedify/fedify @fedify/vocab-runtime
yarn upgrade @fedify/fedify @fedify/vocab-runtime
pnpm update @fedify/fedify @fedify/vocab-runtime
bun update @fedify/fedify @fedify/vocab-runtime
deno update @fedify/fedify @fedify/vocab-runtime

After updating, redeploy.  If you run other Fedify-based servers, update those too.

Thanks to Changkyun Kim (@me) for the report and responsible disclosure.

If anything is unclear, ask below.


fedicat@fedicat@pc.cafe boosted:
@hollo@hollo.social (2026-05-10 23:42:19)
Hollo security updates: 0.7.15 and 0.8.3
If you run Hollo, update to a patched release now.  A private network protection bypass in Fedify, the ActivityPub framework Hollo depends on, affects remote document loading.  URLs with private IPv4 addresses encoded as IPv4-mapped IPv6 literals, such as http://[::ffff:7f00:1]/, could pass URL validation even though they refer to private or loopback addresses.

Hollo uses Fedify to fetch remote ActivityPub documents and related resources.  An attacker who can make your Hollo instance fetch an attacker-controlled URL may be able to bypass the private address checks that are intended to reduce SSRF (Server-Side Request Forgery) risk.

All Hollo versions up to and including 0.7.14 and 0.8.2 are affected.  Patched releases are 0.7.15 for the 0.7.x series and 0.8.3 for the 0.8.x series.  For full technical details of the underlying vulnerability, see the Fedify security announcement.

For 0.7.x deployments, update to 0.7.15:


docker pull ghcr.io/fedify-dev/hollo:0.7.15
For 0.8.x deployments, update to 0.8.3:


docker pull ghcr.io/fedify-dev/hollo:0.8.3
After pulling the new image, restart your Hollo container.  If you deploy from source, pull the corresponding release tag and restart.

Thanks to Changkyun Kim (@me) for the report and responsible disclosure to the Fedify project.

If anything is unclear, ask below.


fedicat@fedicat@pc.cafe boosted:
@stefan@stefanbohacek.online (2026-05-10 23:50:11)
The zine is available in almost 30 languages, but volunteers are still working on translating the zine page itself.

Care to help us out?

https://github.com/jointhefediverse-net/jointhefediverse.net/issues/179


fedicat@fedicat@pc.cafe boosted:
@apps@toot.fedilab.app (2026-05-11 00:00:14)
Following the recommendations I got, I set up a #NodeBB forum to discuss the projects #Fedilab, #Holos, #CastLab and #Fedle.

Each category federates over #ActivityPub, so you can follow it directly from your Fediverse account: @fedilab, @holos, @castlab, @fedle.

More details: https://forum.fedilab.app/post/2


fedicat@fedicat@pc.cafe boosted:
@mos@trustworthy.contact (2026-05-05 15:10:31)
Fyi I also host the Nicolium Frontend at nicolium.trustworthy.contact


Reply to @Coro@mstdn.maud.io
Coro@Coro@mstdn.maud.io (2026-05-11 00:07:06)
GPLv3, Kotlin の RSS リーダー。使ってみたがかなりいい。
---
ReadYouApp/ReadYou: An Android RSS reader presented in Material You style.

https://github.com/ReadYouApp/ReadYou


Fedilab Apps@apps@toot.fedilab.app (2026-05-11 00:00:14)
Following the recommendations I got, I set up a #NodeBB forum to discuss the projects #Fedilab, #Holos, #CastLab and #Fedle.

Each category federates over #ActivityPub, so you can follow it directly from your Fediverse account: @fedilab, @holos, @castlab, @fedle.

More details: https://forum.fedilab.app/post/2


Fedi.Video@FediVideo@social.growyourown.services (2026-05-10 23:53:26)
Ctrl Alt Rees makes fun cheerful videos about retro computing and retro gaming. You can follow the account at:

➡️ @rees 

They've already made almost 400 videos. If these haven't federated to your server yet, you can browse them all at https://makertube.net/a/rees/videos

#FeaturedPeerTube #RetroComputing #RetroGaming #ComputingHistory #PeerTube


Reply to @stefan@stefanbohacek.online
Stefan Bohacek@stefan@stefanbohacek.online (2026-05-10 23:50:11)
The zine is available in almost 30 languages, but volunteers are still working on translating the zine page itself.

Care to help us out?

https://github.com/jointhefediverse-net/jointhefediverse.net/issues/179


Stefan Bohacek@stefan@stefanbohacek.online (2026-05-10 23:48:47)
I made a small update to the Join the Fediverse mini zine page.

https://jointhefediverse.net/zine

You can now customize the QR code on the last page using the Fediverse Invitation link builder: https://stefanbohacek.com/project/fediverse-invitation/#link-builder

I hope people will find these tools useful for promoting their communities!

#fediverse #JoinTheFediverse #FediverseZine #zine #FediverseInvitation


philip@philip@gotosocial.wittamore.fr boosted:
@adele@social.pollux.casa (2026-05-10 22:55:24)
You want to export your timeline, a specific tag, a list of followed accounts... in your pocket for an offline reading ?

#SmolFedi permits it now!

#XteinkX4 #Xteink #KOReader #epub #ebook

demo instance source/install
---Attachments---
image: https://social.pollux.casa/fileserver/01574KDB89ZFE0EB8QWKD4F6F8/attachment/original/01KR92QNG6J0ATF4SSNSDEF1GE.png


Hollo :hollo:@hollo@hollo.social (2026-05-10 23:42:19)
Hollo security updates: 0.7.15 and 0.8.3
If you run Hollo, update to a patched release now.  A private network protection bypass in Fedify, the ActivityPub framework Hollo depends on, affects remote document loading.  URLs with private IPv4 addresses encoded as IPv4-mapped IPv6 literals, such as http://[::ffff:7f00:1]/, could pass URL validation even though they refer to private or loopback addresses.

Hollo uses Fedify to fetch remote ActivityPub documents and related resources.  An attacker who can make your Hollo instance fetch an attacker-controlled URL may be able to bypass the private address checks that are intended to reduce SSRF (Server-Side Request Forgery) risk.

All Hollo versions up to and including 0.7.14 and 0.8.2 are affected.  Patched releases are 0.7.15 for the 0.7.x series and 0.8.3 for the 0.8.x series.  For full technical details of the underlying vulnerability, see the Fedify security announcement.

For 0.7.x deployments, update to 0.7.15:


docker pull ghcr.io/fedify-dev/hollo:0.7.15
For 0.8.x deployments, update to 0.8.3:


docker pull ghcr.io/fedify-dev/hollo:0.8.3
After pulling the new image, restart your Hollo container.  If you deploy from source, pull the corresponding release tag and restart.

Thanks to Changkyun Kim (@me) for the report and responsible disclosure to the Fedify project.

If anything is unclear, ask below.


Reply to @philip@gotosocial.wittamore.fr
tobi is writing bugs :terminal_cursor:@dumpsterqueer@gts.superseriousbusiness.org (2026-05-10 21:30:51)
@philip it'll be included in the next release


Coro@Coro@mstdn.maud.io (2026-05-10 23:25:28)
GitHub のコメントって埋め込み出来るんだ。


Fedify: ActivityPub server framework@fedify@hollo.social (2026-05-10 23:13:33)
Fedify security updates: 1.9.10, 1.10.9, 2.0.16, 2.1.12, and 2.2.1
If you use Fedify, update to a patched release now.  A private network protection bypass affects Fedify's remote document loading code.  URLs with private IPv4 addresses encoded as IPv4-mapped IPv6 literals, such as http://[::ffff:7f00:1]/, could pass validatePublicUrl() even though they refer to private or loopback addresses.

Fedify uses validatePublicUrl() when fetching remote ActivityPub documents and related resources.  An attacker who can make a Fedify server fetch an attacker-controlled URL may be able to bypass the private address checks that are intended to reduce SSRF risk.

All versions up to and including 2.2.0 are affected.  Patched releases are 1.9.10, 1.10.9, 2.0.16, 2.1.12, and 2.2.1.

For Fedify 1.x, update @fedify/fedify:

npm update @fedify/fedify
yarn upgrade @fedify/fedify
pnpm update @fedify/fedify
bun update @fedify/fedify
deno update @fedify/fedify

For Fedify 2.x, update both @fedify/fedify and @fedify/vocab-runtime:

npm update @fedify/fedify @fedify/vocab-runtime
yarn upgrade @fedify/fedify @fedify/vocab-runtime
pnpm update @fedify/fedify @fedify/vocab-runtime
bun update @fedify/fedify @fedify/vocab-runtime
deno update @fedify/fedify @fedify/vocab-runtime

After updating, redeploy.  If you run other Fedify-based servers, update those too.

Thanks to Changkyun Kim (@me) for the report and responsible disclosure.

If anything is unclear, ask below.


Adële 🐁!@adele@social.pollux.casa (2026-05-10 22:55:24)
You want to export your timeline, a specific tag, a list of followed accounts... in your pocket for an offline reading ?

#SmolFedi permits it now!

#XteinkX4 #Xteink #KOReader #epub #ebook

demo instance source/install
---Attachments---
image: https://social.pollux.casa/fileserver/01574KDB89ZFE0EB8QWKD4F6F8/attachment/original/01KR92QNG6J0ATF4SSNSDEF1GE.png


:meow_bop:ぺこん:miumiuchan_jump:@pekon@misskey.io (2026-05-10 22:39:31)
:meowbaka: #メイドの日
---Attachments---
image: https://media.misskeyusercontent.com/io/6c84aae6-f8f6-4b93-aa57-aa944eda7f3d.webp


Reply to @fedicat@pc.cafe
wakest likes your bugs ⁂@liaizon@social.wake.st (2026-05-10 22:21:14)
@fedicat @cheeaun oh wow your fast! I guess you have the first mobile app to support this feature huh!?


Coro@Coro@mstdn.maud.io (2026-05-10 21:59:30)
そういえば手縫いで刺繍に挑戦したことがあり、地獄でした。(東亜重工のロゴをパーカーに刺繍しようとした)


Reply to @Coro@mstdn.maud.io
Coro@Coro@mstdn.maud.io (2026-05-10 21:58:11)
このシリーズ、実質百合なんじゃないか？


Reply to @dumpsterqueer@gts.superseriousbusiness.org
philip@philip@gotosocial.wittamore.fr (2026-05-10 21:47:36)
@dumpsterqueer

Thanks for the heads up! Returning a heads up for #smolfedi which is currently my favorite gotosocial client.

https://codeberg.org/adele/smolfedi


pixelfed@pixelfed@mastodon.social (2026-05-10 21:28:51)
Did you know Pixelfed supports embeds?

https://dansup.github.io/pixelfed-embed

Older Notes