Home | Notifications | New Note | Local | Federated | Search | Logout
Federated Timeline
Reply to @liaizon@social.wake.st
silverpill@silverpill@mitra.social (2026-05-19 19:50:35)
@liaizon Cool, I didn't know their 'meta' instance is federated
:onmyou::vc:Charlie Root@relay@mastodon.hakurei.win (2026-05-19 19:45:31)
なお、繋がっている先はMisskeyとは限らないことに注意
:onmyou::vc:Charlie Root@relay@mastodon.hakurei.win boosted:
@10anweb@misskey.io (2026-05-19 18:18:06)
Misskey=ioではないため、雑にMisskeyを主語にすると当たり判定デカくなりすぎて事故るとされている
Misskey.ioの話をしたい時はとりあえずioって言っときゃいいんだ:blobcat_katahaba:
---Attachments---
image: https://media.misskeyusercontent.com/io/df28c8e5-3b54-425b-8ef8-83d8bb4087c4.png
silverpill@silverpill@mitra.social boosted:
@nogajun@mastodon.social (2026-05-19 17:29:58)
XMPPとActivityPubとのブリッジだそう。XMPPもメッセンジャープロトコルからいろんなものに伸びてるから、こういうのはおもしろいね #activitypub #xmpp
Barbapulpe/xmpp-ap-bridge: XMPP / ActivityPub Bridge to chat between XMPP and the Fediverse.: https://github.com/Barbapulpe/xmpp-ap-bridge
Reply to @light@noc.social
silverpill@silverpill@mitra.social (2026-05-19 19:14:38)
@light I am specifically interested in transports. We have our own data model and authentication/authorization procedures (ActivityPub + FEP-ef61), the missing component is P2P networking.
Basically, I want to send activities to peers directly, without relying on FEP-ef61 gateways, and without leaking IP addresses.
@n0iroh @VeilidNetwork
ねてす@OW331515@misskey.io (2026-05-19 19:05:17)
オリキャラちゃそ
---Attachments---
image: https://media.misskeyusercontent.com/io/abd7cbb9-e12f-4ee8-bd89-0611346aa32b.webp?sensitive=true
Coro@Coro@mstdn.maud.io (2026-05-19 18:59:19)
Bambul Studio にライセンス違反の疑惑があるっぽい。ctx: スライサー「Bambul Studio」 は OrccaSlicer (AGPL) の fork
---
jarczakpawel/OrcaSlicer-bambulab: This is the end....
https://github.com/jarczakpawel/OrcaSlicer-bambulab#update-16052026---bambu_networking-and-agpl
苺あんここ@10anweb@misskey.io (2026-05-19 18:18:06)
Misskey=ioではないため、雑にMisskeyを主語にすると当たり判定デカくなりすぎて事故るとされている
Misskey.ioの話をしたい時はとりあえずioって言っときゃいいんだ:blobcat_katahaba:
---Attachments---
image: https://media.misskeyusercontent.com/io/df28c8e5-3b54-425b-8ef8-83d8bb4087c4.png
SparklingOutlaw🍥@nogajun@mastodon.social (2026-05-19 17:29:58)
XMPPとActivityPubとのブリッジだそう。XMPPもメッセンジャープロトコルからいろんなものに伸びてるから、こういうのはおもしろいね #activitypub #xmpp
Barbapulpe/xmpp-ap-bridge: XMPP / ActivityPub Bridge to chat between XMPP and the Fediverse.: https://github.com/Barbapulpe/xmpp-ap-bridge
naturaleza24@naturaleza24@mast.lat (2026-05-19 16:21:43)
#fotografie #nature #photography
---Attachments---
image: https://media.mast.lat/mast/media_attachments/files/116/600/030/771/093/215/original/930d5be7398b91bf.png
naturaleza24@naturaleza24@mast.lat (2026-05-19 16:17:44)
#fotografie #nature #photography
---Attachments---
image: https://media.mast.lat/mast/media_attachments/files/116/600/016/103/073/071/original/aa3ee7e8aeb38033.png
naturaleza24@naturaleza24@mast.lat (2026-05-19 16:09:45)
#fotografie #nature #photography
---Attachments---
image: https://media.mast.lat/mast/media_attachments/files/116/599/984/648/087/426/original/1f532e521aacc781.png
naturaleza24@naturaleza24@mast.lat (2026-05-19 16:05:16)
#fotografie #nature #photography
---Attachments---
image: https://media.mast.lat/mast/media_attachments/files/116/599/966/944/743/094/original/97f0ec513a6a49ec.png
naturaleza24@naturaleza24@mast.lat (2026-05-19 16:04:28)
#fotografie #nature #photography
---Attachments---
image: https://media.mast.lat/mast/media_attachments/files/116/599/963/625/102/451/original/7c87346cf42c08e9.png
Reply to @Crell@phpc.social
Adële 🐁!@adele@social.pollux.casa (2026-05-19 14:37:16)
@Crell I didn’t know it was possible. I will look more precisely on next conferences. Thanks for the idea
fedicat@fedicat@pc.cafe boosted:
@nathanlovestrees@disabled.social (2026-05-19 10:20:54)
mastodon’s best use is for popping in to share all the stuff you did while you weren’t on mastodon
洪 民憙 (Hong Minhee) :nonbinary:@hongminhee@hollo.social (2026-05-19 14:02:59)
The world's first Fedify book, Practical Fedify: Introduction to ActivityPub Microblog Development (実践Fedify——ActivityPubマイクロブログ開発入門), has been published in Japan. This is also the first book I have ever published, and it feels quite surreal that my first book is in Japanese rather than my native language, Korean. This book is an expanded version based on the official English Fedify tutorial, Creating your own federated microblog, with various additions. Yumetsuki Mama (ゆめつきママ) worked on the cute book cover illustration, which features the Fedify dinosaur mascot, Misskey's mascot Ai-chan, and the Mastodon mascot together. It is scheduled to be published in both e-book and print formats on the 22nd by Impress NextPublishing. See also the Amazon Japan.
fedicat@fedicat@pc.cafe boosted:
@Auster@thebrainbin.org (2026-05-17 04:08:32)
Are people backing up the fediverse?
#fediverse
Most fediverse platforms are run by common users, not entities with either monetary, commercial, political or geopolitical interests to keep the platforms alive. But that also means the instances could disappear when money gets tight, if the interest dies out, if there are technical difficulties that are hard to deal with, etc.
This brings me to the opening question, are people taking at least what they find relevant from the fediverse, and backing it up on web archival services, or at least backing up locally as screenshots, HTML/MHTML files, etc., so if their instance or the propagated contents die, at least there is a register the content ever existed?
@fediverse
ささきち¦C108 1日目ー東イ20a@ssk_chi@misskey.io boosted:
@__ka_3@misskey.io (2026-05-18 21:48:02)
:punipuni: #ハァハァ……太もも見せて……
---Attachments---
image: https://media.misskeyusercontent.com/io/6a5c39c4-102d-4310-8b70-d319c1dfdd71.webp?sensitive=true
image: https://media.misskeyusercontent.com/io/webpublic-808abe69-e3c9-4e2b-a785-055ab2e20ec3.png?sensitive=true
image: https://media.misskeyusercontent.com/io/28a85789-5b79-450a-8ed3-9eef9f3494ec.webp?sensitive=true
image: https://media.misskeyusercontent.com/io/e6107f31-c0de-4327-8fb2-054738468961.webp?sensitive=true
佐々木/네코가와@nounashi7298@social.nekokawa.net (2026-05-19 13:34:47)
瀬戸弘司俺は好きだよ
ささきち¦C108 1日目ー東イ20a@ssk_chi@misskey.io boosted:
@hozumik@misskey.io (2026-05-18 09:23:45)
:iiyone__ooo::tamaranai::suki_sugiru: #ハァハァ……太もも見せて……
---Attachments---
image: https://media.misskeyusercontent.com/io/3564d12d-6b5d-4723-9028-e14f598ed35c.webp?sensitive=true
image: https://media.misskeyusercontent.com/io/595fcc8a-c12a-45b3-bdcf-a6a2ce34d289.webp?sensitive=true
image: https://media.misskeyusercontent.com/misskey/91b99ca9-e831-4f13-8554-eedf8b9cf74b.png?sensitive=true
image: https://media.misskeyusercontent.com/misskey/40e8d858-980f-4045-bd59-564f7b85ea4c.jpg?sensitive=true
ささきち¦C108 1日目ー東イ20a@ssk_chi@misskey.io (2026-05-19 13:12:25)
多肉の寄せ植えかわいい:blobcat_cactuswalk:
ささきち¦C108 1日目ー東イ20a@ssk_chi@misskey.io boosted:
@majidedekaipurin@misskey.io (2026-05-19 13:09:05)
これだけ見てほしい 可愛いので
---Attachments---
image: https://media.misskeyusercontent.com/io/webpublic-040a4d68-78ad-4bb8-b039-ff7c8996e3bc.webp
:majidekapurin_cry_up:マジでデカいプリン@majidedekaipurin@misskey.io (2026-05-19 13:09:05)
これだけ見てほしい 可愛いので
---Attachments---
image: https://media.misskeyusercontent.com/io/webpublic-040a4d68-78ad-4bb8-b039-ff7c8996e3bc.webp
ささきち¦C108 1日目ー東イ20a@ssk_chi@misskey.io (2026-05-19 12:57:56)
久々に見たい映画あって予約しちゃった:ameowattention:
fedicat@fedicat@pc.cafe boosted:
@hollo@hollo.social (2026-05-19 12:00:52)
Hollo security updates: 0.7.16 and 0.8.5
If you run Hollo, update to a patched release now. Hollo 0.7.16 and 0.8.5 fix several security issues in ActivityPub federation, the web admin UI, OAuth, and the transitive fast-xml-parser dependency.
On the federation side, three inbox handlers were missing authorization checks. Any remote actor could send a Delete to remove any cached post by IRI, an Update to overwrite or first-materialize a cached post under another actor's name, or a cross-origin Announce whose attacker-controlled embedded body materialized as someone else's post. The checks now differ by activity type. A Delete is ignored unless the deleter's origin matches the cached post author's origin. An Update is ignored unless the activity actor, the embedded object's id, and its attributedTo all share an origin. For Announce, Hollo no longer trusts attacker-supplied embedded content to create or overwrite the original post: unknown cross-origin objects are fetched from their canonical URL, and any newly cached object must have matching id and attributedTo origins. Separately, Follow, Like, EmojiReact, and Announce from a blocked actor were processed normally and still produced notifications; they are now silently dropped at the inbox.
On the web admin side, login and OTP cookies were set without HttpOnly, SameSite, or Secure, and state-changing forms had no Origin or Sec-Fetch-Site check. A single reflected XSS could exfiltrate the admin session, and a malicious page could submit a hidden cross-site form to disable 2FA, delete an account, or silently authorize a rogue OAuth application. The affected dashboard routes and POST /oauth/authorize now run Hono's CSRF middleware, and the login and OTP cookies now carry those attributes.
The transitive fast-xml-parser (carried in via the AWS SDK that backs S3 storage) is now pinned to patched versions, closing one critical and several high-severity advisories. Hollo also now uses constant-time comparison fo
Hollo :hollo:@hollo@hollo.social (2026-05-19 12:00:52)
Hollo security updates: 0.7.16 and 0.8.5
If you run Hollo, update to a patched release now. Hollo 0.7.16 and 0.8.5 fix several security issues in ActivityPub federation, the web admin UI, OAuth, and the transitive fast-xml-parser dependency.
On the federation side, three inbox handlers were missing authorization checks. Any remote actor could send a Delete to remove any cached post by IRI, an Update to overwrite or first-materialize a cached post under another actor's name, or a cross-origin Announce whose attacker-controlled embedded body materialized as someone else's post. The checks now differ by activity type. A Delete is ignored unless the deleter's origin matches the cached post author's origin. An Update is ignored unless the activity actor, the embedded object's id, and its attributedTo all share an origin. For Announce, Hollo no longer trusts attacker-supplied embedded content to create or overwrite the original post: unknown cross-origin objects are fetched from their canonical URL, and any newly cached object must have matching id and attributedTo origins. Separately, Follow, Like, EmojiReact, and Announce from a blocked actor were processed normally and still produced notifications; they are now silently dropped at the inbox.
On the web admin side, login and OTP cookies were set without HttpOnly, SameSite, or Secure, and state-changing forms had no Origin or Sec-Fetch-Site check. A single reflected XSS could exfiltrate the admin session, and a malicious page could submit a hidden cross-site form to disable 2FA, delete an account, or silently authorize a rogue OAuth application. The affected dashboard routes and POST /oauth/authorize now run Hono's CSRF middleware, and the login and OTP cookies now carry those attributes.
The transitive fast-xml-parser (carried in via the AWS SDK that backs S3 storage) is now pinned to patched versions, closing one critical and several high-severity advisories. Hollo also now uses constant-time comparison fo
ささきち¦C108 1日目ー東イ20a@ssk_chi@misskey.io (2026-05-19 11:08:19)
:soda_ice: wip
---Attachments---
image: https://media.misskeyusercontent.com/io/f68cbe36-61c3-41c3-9c5e-96e804499ccc.png?sensitive=true
nathanlovestrees@nathanlovestrees@disabled.social (2026-05-19 10:20:54)
mastodon’s best use is for popping in to share all the stuff you did while you weren’t on mastodon
うなさか@unasaka0309@misskey.io (2026-05-19 09:33:53)
FANZAのランキング見てると自分の性癖が淡白すぎて醤油砂糖みりん酒で煮つけにしたくなる
Older Notes