Home | Notifications | New Note | Local | Federated | Search | Logout

Federated Timeline


philip@philip@gotosocial.wittamore.fr (2026-05-12 05:32:43) Today's meme ---Attachments--- image: https://gotosocial.wittamore.fr/fileserver/01E0N133PG0C67EPNJXQABQ254/attachment/original/01KRCBV6CJVDKAGNF1M1G9FNKY.jpeg

hoboshrimps :fatyoshi:@hoboshrimps@mastodon.social (2026-05-12 07:31:54) #plushtodon

Look at this magnificent boy ---Attachments--- image: https://files.mastodon.social/media_attachments/files/116/558/312/904/370/525/original/38f420f655585d52.jpeg

philip@philip@gotosocial.wittamore.fr (2026-05-12 05:24:21) My 16 year old car needed tender loving care as the two front suspension springs were broken, both back tyres were 8 years old and although not used were starting to split, oil changes were needed for boh motor and gear box, headlights needed polishing, rear suspension needed checking, ... needless to say my bank account took a hit.
Kilometrage is low so I'm keeping it for local driving, but it won't be going to Paris or the UK again.

Reply to @Profpatsch@mastodon.xyz Beady Belle Fanchannel@Profpatsch@mastodon.xyz (2026-05-12 07:17:21) @mbajur it's also kind of hard to parse cleanly and securely because Mastodon uses @user@example.com and others user@example.com, so hard to distinguish what's domain and what @ you can ignore …

Reply to @Profpatsch@mastodon.xyz Beady Belle Fanchannel@Profpatsch@mastodon.xyz (2026-05-12 07:15:37) @mbajur maybe what you could try to do is serve your actor activity JSON from root, but I'd wager most webfinger implementations reject handles with an empty user part

Reply to @mbajur@mastodon.social Beady Belle Fanchannel@Profpatsch@mastodon.xyz (2026-05-12 07:13:05) @mbajur I think we are trying to standardize instance actors in an FEP, but I haven't heard of pure domain actor names

Edit: https://socialhub.activitypub.rocks/t/fep-2677-identifying-the-application-actor/3646

evacide@evacide@hachyderm.io (2026-05-12 06:15:27) If you are in your late thirties to mid-forties right now, there is a good chance that you have spent most of your life in a cycle of making some sort of home on the internet only to have it crumble beneath you like chalk and having to start over.

Reply to @silverpill@mitra.social nicole mikołajczyk@mkljczk@pl.fediverse.pl (2026-05-12 05:51:27) @silverpill just filtering known posts

Bytebro 🇬🇧 🇺🇦 🇬🇱@bytebro@mastodonapp.uk (2026-05-12 05:37:08) I was thinking earlier, that sitting here on Fedi when I get home, with my reasonably curated feeds, is very much like sitting in a nice coffee house or perhaps a lovely quiet bar. We just chat, and now and again someone will go "ooo, that reminds me..." and we all go off on a tangent for a while. At some point various people will wander off to a couch or whatever, but a couple of new people will wander in and join us.

I LIKE it here. Really. It's exactly as I recall the old BBS days, and early Usenet (before the "September That Never Ended" in 1993, of course).

Reply to @mkljczk@pl.fediverse.pl silverpill@silverpill@mitra.social (2026-05-12 05:12:46) @mkljczk How it works? Just a timeline of known federated posts but filtered by instance?

Reply to @caohuak@moon.lonewolf.zone silverpill@silverpill@mitra.social (2026-05-12 04:53:48) @caohuak @frost @caohuak @caohuak Cool. I am not adding it to UI yet, but there will be a CLI command for testing some activities - including the Bite activity.

JesseBot@jessebot@social.smallhack.org (2026-05-12 04:22:51) Really appreciating GoToSocial's reply and boost requests feature, especially when discussing code of conducts.

I'm able to reject replies and boosts on this instance and it makes me much more confident about posting things. Sure, other instances may not respect those things, but it doesn't matter to me because they can't bother me here. I love the fediverse, and I especially love GoToSocial's approach to it :gotosocial:​ :heart_cyber:​

#gotosocial

Reply to @evan@cosocial.ca Adële 🐁!@adele@social.pollux.casa (2026-05-12 04:16:13) @evan I agree with you. These tools can be useful if you know what you do...
https://adele.pages.casa/md/blog/sometimes-i-use-llms.md

Reply to @silverpill@mitra.social CaohuaK ❄️@caohuak@moon.lonewolf.zone (2026-05-12 03:30:54) @silverpill @frost @caohuak @caohuak iceshrimp.net can handle it too.

By the way, I retried the activity, but it was ignored because I forgot to set canBite to anyone. ---Attachments--- image: https://moon.lonewolf.zone/media/89ce69c286e44f086f8231b8439d17d970add592b4c404b0869eddd24a357113.png

Evan Prodromou@evan@cosocial.ca (2026-05-12 03:08:37) Hey, all. Thanks so much. I'm yes, but. I find that using AI to scan code and documents can be really helpful in finding high-level errors. But it's not perfect, and has false negatives and false positives. I think it's a good tool for people who understand the problem space, but might not be great for someone who isn't familiar with what the code does or the docs mean.

Reply to @caohuak@moon.lonewolf.zone silverpill@silverpill@mitra.social (2026-05-12 03:05:59) @caohuak Sent

@frost @caohuak @caohuak

FediFollows@FediFollows@social.growyourown.services (2026-05-12 03:03:09) 🔭 #Observatories & #Telescopes to follow:

@esoastronomy - European Southern Observatory
@astro_jcm - Astronomer & media officer at ESO
@ehtelescope - Global radio telescope network
@ORB_KSB - Royal Observatory of Belgium (in English, Dutch, French)
@WestportObservatory - Community observatory in Connecticut USA
@StellaLunaObs - Private observatory in Ohio USA
@BGO - Automated observatory in Nova Scotia, Canada
@spacelizard - Instrument scientist at Australian Astronomical Observatory in Sydney

fedicat@fedicat@pc.cafe boosted: @stefan@stefanbohacek.online (2026-05-12 02:39:42) FediLearns Classifieds is a pretty neat project from @inherentlee that lets you find people offering to teach various skills.

And you can submit a listing yourself!

https://fedilearns.fyi

#fediverse #FediLearns

Stefan Bohacek@stefan@stefanbohacek.online (2026-05-12 02:39:42) FediLearns Classifieds is a pretty neat project from @inherentlee that lets you find people offering to teach various skills.

And you can submit a listing yourself!

https://fedilearns.fyi

#fediverse #FediLearns

Linguist Gone Foreign 🌏@linguistgoneforeign@mastodon.social (2026-05-12 02:12:05) I'm very happy to see how my 3-year journey replacing big tech with privacy-oriented, humane platforms is shaping:

Gmail: Tuta and Proton

Google Calendar: Fossify

Google Maps: Organic Maps

Twitter: Mastodon

Facebook, Instagram: Pixelfed

WhatsApp, Telegram: Signal

Android: GrapheneOS

Windows: Linux Mint

It was overwhelming, it took time and research. But I can tell you that another digital experience is possible.

Now I'm thrilled to have devices that belong to ME, like in the old days.

fedicat@fedicat@pc.cafe boosted: @mkljczk@pl.fediverse.pl (2026-05-12 01:54:33) adding a feature to nicolium that lets you add a link to my profile to the menu, i know some of you really wanted this feature ---Attachments--- image: https://mediapl.fediverse.pl/media/4d/4e/a3/4d4ea317229ceeb05561cc1410172b4a4a83c2d6770005091d6d192ea23fa65c.png

nicole mikołajczyk@mkljczk@pl.fediverse.pl (2026-05-12 01:54:33) adding a feature to nicolium that lets you add a link to my profile to the menu, i know some of you really wanted this feature ---Attachments--- image: https://mediapl.fediverse.pl/media/4d/4e/a3/4d4ea317229ceeb05561cc1410172b4a4a83c2d6770005091d6d192ea23fa65c.png

fedicat@fedicat@pc.cafe boosted: @mkljczk@pl.fediverse.pl (2026-05-12 00:30:50) now nicolium+iceshrimp.net users can browse other instances' timelines by clicking the instance favicon next to account username (just as with pleroma)

fedicat@fedicat@pc.cafe boosted: @botkit@hollo.social (2026-05-12 00:49:48) BotKit security updates: 0.3.2 and 0.4.1
If you use BotKit, update to a patched release now. A private network protection bypass affects Fedify's remote document loading code, and it also affects BotKit which depends on Fedify.

The validatePublicUrl() function in Fedify, which ensures resources aren't fetched from private or loopback addresses, failed to correctly identify certain IPv6 literals. Specifically, URLs with private IPv4 addresses encoded as IPv4-mapped IPv6 literals (e.g., http://[::ffff:127.0.0.1]/) could bypass the check.

This vulnerability could allow an attacker to provide a malicious URL that bypasses security checks, potentially allowing them to make the bot fetch internal resources or interact with services on the private network that should not be accessible from the public internet.

All versions of BotKit up to 0.3.1 (in the 0.3.x branch) and 0.4.0 (in the 0.4.x branch) are affected. Patched releases are 0.3.2 and 0.4.1.

For BotKit 0.4.x, update @fedify/botkit:


npm update @fedify/botkit
yarn upgrade @fedify/botkit
pnpm update @fedify/botkit
bun update @fedify/botkit
deno update @fedify/botkit
For BotKit 0.3.x, update @fedify/botkit:


npm update @fedify/botkit@0.3.2
yarn upgrade @fedify/botkit@0.3.2
pnpm update @fedify/botkit@0.3.2
bun update @fedify/botkit@0.3.2
deno update @fedify/botkit@0.3.2
If you use other BotKit-related packages (e.g., @fedify/botkit-sqlite), update them as well. After updating, redeploy.

Thanks to Changkyun Kim (@me) for the report and responsible disclosure.

If anything is unclear, feel free to ask on GitHub Discussions or Matrix.

BotKit by Fedify :botkit:@botkit@hollo.social (2026-05-12 00:49:48) BotKit security updates: 0.3.2 and 0.4.1
If you use BotKit, update to a patched release now. A private network protection bypass affects Fedify's remote document loading code, and it also affects BotKit which depends on Fedify.

The validatePublicUrl() function in Fedify, which ensures resources aren't fetched from private or loopback addresses, failed to correctly identify certain IPv6 literals. Specifically, URLs with private IPv4 addresses encoded as IPv4-mapped IPv6 literals (e.g., http://[::ffff:127.0.0.1]/) could bypass the check.

This vulnerability could allow an attacker to provide a malicious URL that bypasses security checks, potentially allowing them to make the bot fetch internal resources or interact with services on the private network that should not be accessible from the public internet.

All versions of BotKit up to 0.3.1 (in the 0.3.x branch) and 0.4.0 (in the 0.4.x branch) are affected. Patched releases are 0.3.2 and 0.4.1.

For BotKit 0.4.x, update @fedify/botkit:


npm update @fedify/botkit
yarn upgrade @fedify/botkit
pnpm update @fedify/botkit
bun update @fedify/botkit
deno update @fedify/botkit
For BotKit 0.3.x, update @fedify/botkit:


npm update @fedify/botkit@0.3.2
yarn upgrade @fedify/botkit@0.3.2
pnpm update @fedify/botkit@0.3.2
bun update @fedify/botkit@0.3.2
deno update @fedify/botkit@0.3.2
If you use other BotKit-related packages (e.g., @fedify/botkit-sqlite), update them as well. After updating, redeploy.

Thanks to Changkyun Kim (@me) for the report and responsible disclosure.

If anything is unclear, feel free to ask on GitHub Discussions or Matrix.

nicole mikołajczyk@mkljczk@pl.fediverse.pl (2026-05-12 00:30:50) now nicolium+iceshrimp.net users can browse other instances' timelines by clicking the instance favicon next to account username (just as with pleroma)

Reply to @Coro@mstdn.maud.io Coro@Coro@mstdn.maud.io (2026-05-12 00:20:17) 「都市の鼓動」【全体的に厳しいNewCycle】Part6 - YouTube

https://youtu.be/TnfnvxQ2oBs

mbajur@mbajur@mastodon.social (2026-05-12 00:03:20) Does #mastodon support a root level domain handles yet? Like, say, user having his AP-enabled single-user website under example.com having a @example.com handle instead of @something@example.com

#help #fedidev #fediverse #mastodev #activitypub #needhelp

Reply to @Coro@mstdn.maud.io Coro@Coro@mstdn.maud.io (2026-05-11 23:56:21) > 米自動車業界と超党派議員らは「中国に米市場へのいかなるアクセ​スも与えないでほしい」と強く求めている。トランプ氏は(2026-)1月、中国の自動車‌メーカーが米国内に工場を建設し米国人を雇用したいと考えるなら「素晴らしい」と発言。「私はそれを大いに歓迎する。中国にも、日本にも進出してもらおう」と述べた。

「中国車販売認めるな」、米業界・議会が訴え 首脳会談控え懸念 | ロイター

https://jp.reuters.com/world/security/SOLBHHVOUZNC7IRQEV2WOKFABM-2026-05-11/

Reply to @Coro@mstdn.maud.io Coro@Coro@mstdn.maud.io (2026-05-11 23:49:24) EV に乗り換えてほしくないから補助金を続けてるんじゃないかと思わなくもない。日本市場だけ守ってもしょうがない気もするが。まだ、近い将来の EV 移行を政権が認識できていないというか認めたがらないのか?
---
> 経済産業省によると、直近のガソリンの全国平均価格は1リットル当たり169.7円だったが、補助金がなければ200.6円と歴史的に見ても高水準となっていた。補助がなくなった場合、EVに乗り換えるインセンティブが働く可能性が高い。

「EV不毛の地」日本で変化の兆し、4月2.6倍-中東情勢が今後影響も - Bloomberg

https://www.bloomberg.com/jp/news/articles/2026-05-11/TDTU4VKJH6V400
Older Notes