Home | Notifications | New Note | Local | Federated | Search | Logout
Federated Timeline
Jeff@box464@mastodon.social (2026-05-21 07:52:19)
Came home to a LOTTA fediverse apps to update... 🍤 :mastodon: ⚫
The Tor Project@torproject@mastodon.social boosted:
@securedrop@social.freedom.press (2026-05-20 06:08:30)
We're grateful to @torproject and Funding the Commons for including us in this crowdfunding campaign alongside nine other cool projects as a new way to fund internet freedom!
https://internetfreedom.torproject.org/projects/securedrop/
The Tor Project@torproject@mastodon.social boosted:
@OpenArchive@mstdn.social (2026-05-20 09:15:54)
RE: https://social.coop/@al/116602493515831222
Grateful to @torproject and Funding the Commons for featuring us in this crowdfunding campaign at this critical time—10 projects, one mission:
#InternetFreedom.
The Tor Project@torproject@mastodon.social boosted:
@ooni@mastodon.social (2026-05-20 19:52:07)
Our ability to continue our work is at risk, but with your help, there is a new way to fund internet freedom.
Join the quadratic funding campaign to support OONI and our friends: https://internetfreedom.torproject.org/projects/ ✊
Every contribution helps. Small donations can have outsized impact ❤️
#FundInternetFreedom
@torproject @securedrop @guardianproject @lockdownsystems
xchange @OpenArchive
@OpenArchive @unredacted
---Attachments---
image: https://files.mastodon.social/media_attachments/files/116/606/511/416/391/916/original/dff1711c90374549.png
The Tor Project@torproject@mastodon.social boosted:
@OpenArchive@mstdn.social (2026-05-20 20:14:51)
What if $1 could stretch as far as $100?
The campaign is live!
We’re exploring a new way to fund #InternetFreedom. One small contribution can have a huge impact. Become part of it here: internetfreedom.torproject.org/projects/ope...
@0n_odv @torproject
---Attachments---
image: https://media.mstdn.social/media_attachments/files/116/606/607/531/933/032/original/fd10adb97f8d30e1.png
The Tor Project@torproject@mastodon.social boosted:
@BPFreeSpeech@mastodon.social (2026-05-20 20:51:04)
Ricochet Refresh helps journalists & human rights defenders stay safe. Small contributions can have an outsized impact!
Join the campaign to fund internet freedom: https://internetfreedom.torproject.org/projects/
@torproject @securedrop @guardianproject @ooni @OpenArchive @unredacted_org
#FundInternetFreedom
https://www.ricochetrefresh.net/
---Attachments---
image: https://files.mastodon.social/media_attachments/files/116/606/753/958/512/730/original/0551b402c158552f.png
Reply to @c30@mk.c30.life
:onmyou::vc:Charlie Root@relay@mastodon.hakurei.win (2026-05-21 07:33:07)
@c30 Twitterと同じく1万文字にしてる
なんならMastodonの文字カウントは日本語も英語も1文字としてカウントするからTwitterより多い
せど@c30@mk.c30.life (2026-05-21 07:28:56)
8192文字遅れるここのサーバー
Reply to @rumisan@eth.rumiserver.com
佐々木/네코가와@nounashi7298@social.nekokawa.net (2026-05-21 07:04:03)
@rumisan お好み焼き食って帰れ
Reply to @chlo@w.chlo.is
silverpill@silverpill@mitra.social (2026-05-21 07:00:58)
@chlo Did that change fix the Sharkey problem?
@caohuak
fedicat@fedicat@pc.cafe boosted:
@stefan@stefanbohacek.online (2026-05-21 06:28:04)
"Decentralised social media ecosystems allow independently operated communities to communicate across shared protocols without being controlled by a single corporation.
One such example is the Fediverse, which includes platforms like micro-blogging site Mastodon and video sharing site PeerTube."
https://theconversation.com/nearly-everything-we-use-online-is-owned-by-big-tech-theres-a-better-way-forward-282969
#news #TechNews #technology #fediverse
Reply to @tadano@mt.watamelon.win
silverpill@silverpill@mitra.social (2026-05-21 06:36:42)
@tadano
>why instances like ryona.agency, tsundere.love, annihilation.social aren't loading images
Might be caused by bad connectivity.
But if this behavior is consistent, I could look into it.
>why @relaystalker is STILL getting stuck on follow requesting with relay accounts
https://github.com/yukimochi/Activity-Relay/issues/102
Maybe a clanker could fix it?
>how to get tor/tor federation up with this docker setup
>how to federate over I2P
https://codeberg.org/silverpill/mitra/src/branch/main/docs/onion.md
https://codeberg.org/silverpill/mitra/src/branch/main/docs/i2p.md
But I don't know how to make it work with docker
>duplicate key bug
I am interested in debugging this. Database integrity should be maintained.
>how to pull past posts from profiles quickly so I am not looking at a profile timeline with gaping holes
Make yourself an admin and click on "Load latest posts" in profile menu.
fedicat@fedicat@pc.cafe boosted:
@fedicat@pc.cafe (2026-05-21 05:14:22)
trying out a policy of hiding link preview images that have no alt text
---Attachments---
image: https://cdn.masto.host/pccafe/media_attachments/files/116/608/733/038/995/673/original/70a9119146bdb770.jpeg
image: https://cdn.masto.host/pccafe/media_attachments/files/116/608/733/117/172/327/original/a5a972c9140a2826.jpeg
Stefan Bohacek@stefan@stefanbohacek.online (2026-05-21 06:28:04)
"Decentralised social media ecosystems allow independently operated communities to communicate across shared protocols without being controlled by a single corporation.
One such example is the Fediverse, which includes platforms like micro-blogging site Mastodon and video sharing site PeerTube."
https://theconversation.com/nearly-everything-we-use-online-is-owned-by-big-tech-theres-a-better-way-forward-282969
#news #TechNews #technology #fediverse
Reply to @tadano@mt.watamelon.win
silverpill@silverpill@mitra.social (2026-05-21 06:23:06)
@tadano @p @relaystalker @Wiz @mischievoustomato It's a correct description.
Reply to @julian@activitypub.space
silverpill@silverpill@mitra.social (2026-05-21 06:18:00)
No, it's not wrong.
I think the good of group moderation currently outweighs the theoretical bad of same-origin impersonation.
:minahoshi_omotedero:¡るみ㌨Да!:minahoshi_omotedero:@rumisan@eth.rumiserver.com (2026-05-21 06:15:44)
大阪に着きました
---Attachments---
image: https://data.rumiserver.com/rumimisskey/file/original/webpublic/webpublic-4805044d-6e4f-4c23-b310-b21d012cc55e.webp
fedicat@fedicat@pc.cafe boosted:
@fediversereport@mastodon.social (2026-05-21 00:37:12)
Various projects on the open social web are working towards private data, whether that's @Mastodon getting funding for adding E2EE, Lemmy's upcoming 1.0 release featuring private communities, or Bluesky's work on expanding atproto with permissioned data.
Bounded communities with private data using open protocols sound quite like @matrix however.
I'm taking a closer look, as this comparison turns out to be quite a lot stranger than expected
https://connectedplaces.online/reports/fr163-decrypting-matrix/
fedicat@fedicat@pc.cafe boosted:
@silverpill@mitra.social (2026-05-21 05:57:34)
- https://github.com/mastodon/mastodon/releases/tag/v4.5.10
- https://hollo.social/@fedify/019e4675-05bc-7725-bcf4-aa51d6af70a0
- https://shrimp.meow.company/notes/amhmis327j0wve4w
- https://shrimp.meow.company/notes/amhmiqtsbwgmt158
- https://activitypub.software/TransFem-org/Sharkey/-/releases/2025.4.7
- https://hubzilla.org/item/53f3509f-d63d-494c-a431-ac84df9c6a57
- https://w.on-t.work/activitypub/may-2026-vulnerability
>Fix Linked-Data Signature bypass through JSON-LD graph restructuring features
JSON-LD adds nothing to Fediverse except bugs and security vulnerabilities.
Of course, there is an alternative to Linked Data signatures that doesn't require Linked Data, much simpler and more secure:
FEP-8b32: Object Integrity Proofs
#activityPub #fedidev
warabi餅@w4rabimochi@misskey.io (2026-05-21 06:01:06)
:ohayoo:
silverpill@silverpill@mitra.social (2026-05-21 05:57:34)
- https://github.com/mastodon/mastodon/releases/tag/v4.5.10
- https://hollo.social/@fedify/019e4675-05bc-7725-bcf4-aa51d6af70a0
- https://shrimp.meow.company/notes/amhmis327j0wve4w
- https://shrimp.meow.company/notes/amhmiqtsbwgmt158
- https://activitypub.software/TransFem-org/Sharkey/-/releases/2025.4.7
- https://hubzilla.org/item/53f3509f-d63d-494c-a431-ac84df9c6a57
- https://w.on-t.work/activitypub/may-2026-vulnerability
>Fix Linked-Data Signature bypass through JSON-LD graph restructuring features
JSON-LD adds nothing to Fediverse except bugs and security vulnerabilities.
Of course, there is an alternative to Linked Data signatures that doesn't require Linked Data, much simpler and more secure:
FEP-8b32: Object Integrity Proofs
#activityPub #fedidev
Reply to @silverpill@mitra.social
julian@julian@activitypub.space (2026-05-21 05:36:09)
@silverpill@mitra.social said:
In some cases, FEP-fe34 recommends same-actor policy as an additional protection against implementation bugs and against implementations that don't enforce actor boundaries on purpose. Update/Delete authorization is one of those cases (admittedly, the wording is a bit confusing in that paragraph...)
Does this mean NodeBB is wrong is allowing different actors on the same origin to publish Updates and Deletes? I do not know of a way to reconcile this with the ability to have moderators carry out their actions.
Reply to @phnt@fluffytail.org
silverpill@silverpill@mitra.social (2026-05-21 05:32:48)
@phnt @tadano @mischievoustomato Yeah I also figured out automated publishing to the package registry: https://codeberg.org/silverpill/minimitra/src/branch/main/.woodpecker/build.yaml#L20
Haven't tried to publish deb yet, but according to the documentation deb is supported.
Reply to @silverpill@mitra.social
Phantasm@phnt@fluffytail.org (2026-05-21 05:24:49)
@silverpill @tadano @mischievoustomato You can also publish the deb package to the Gitea Debian package registry, if that wasn't removed on Codeberg. So users can add the registry as a repository and get updates via system updates as well.
fedicat@fedicat@pc.cafe (2026-05-21 05:14:22)
trying out a policy of hiding link preview images that have no alt text
---Attachments---
image: https://cdn.masto.host/pccafe/media_attachments/files/116/608/733/038/995/673/original/70a9119146bdb770.jpeg
image: https://cdn.masto.host/pccafe/media_attachments/files/116/608/733/117/172/327/original/a5a972c9140a2826.jpeg
fedicat@fedicat@pc.cafe boosted:
@reiver@mastodon.social (2026-05-21 04:55:59)
Here is my work-in-progress FEP for using JSON Resume with ActivityPub:
FEP-6158: ActivityPub 'Resume' Object: JSON Resume expressed as JSON-LD
https://codeberg.org/reiver/fep/src/branch/fep-6158/fep/6158/fep-6158.md
I prefer to write for clarity, so it still needs work.
#ActivityPub #ActivityStreams #FediDev #ProToGo #JSONLD #JSONResume #fep6158 #fep_6158
silverpill@silverpill@mitra.social (2026-05-21 05:04:46)
@0461fcbecc4c3374439932d6b8f11269ccdb7cc973ad7a50ae362db135a474dd This is one of the reasons I don't build on Nostr. It's full of delusional bitcoin cultists
Reply to @mischievoustomato@tsundere.love
silverpill@silverpill@mitra.social (2026-05-21 05:03:21)
@mischievoustomato @tadano I figured out how to do CI, so now we can build packages automatically on Codeberg
Reply to @reiver@mastodon.social
@reiver ⊼ (Charles) :batman:@reiver@mastodon.social (2026-05-21 04:55:59)
Here is my work-in-progress FEP for using JSON Resume with ActivityPub:
FEP-6158: ActivityPub 'Resume' Object: JSON Resume expressed as JSON-LD
https://codeberg.org/reiver/fep/src/branch/fep-6158/fep/6158/fep-6158.md
I prefer to write for clarity, so it still needs work.
#ActivityPub #ActivityStreams #FediDev #ProToGo #JSONLD #JSONResume #fep6158 #fep_6158
Nova@Chishiki611@enby.life boosted:
@fedify@hollo.social (2026-05-21 02:35:44)
Fedify security updates: 1.9.11, 1.10.10, 2.0.18, 2.1.14, and 2.2.3
If you use Fedify, update to a patched release now. CVE-2026-42462 affects Fedify's Linked Data Signature handling. An attacker could use JSON-LD graph-restructuring features to change how a signed activity is interpreted without invalidating its Linked Data Signature.
Fedify verifies incoming ActivityPub activities with several mechanisms, including HTTP Signatures, Object Integrity Proofs, and Linked Data Signatures. The vulnerable path is Linked Data Signatures: the signature is checked over the canonical RDF graph, but JSON-LD can represent the same graph in more than one JSON shape. In affected versions, that gap could let a signed activity be reshaped so that Fedify reads a different ActivityPub object shape than intended.
The fix makes Fedify normalize Linked Data Signature-verified activities against Fedify's local JSON-LD context before interpreting them, and rejects JSON-LD constructs that can preserve the signed RDF graph while changing the ActivityPub object shape consumed by Fedify.
Patched releases are 1.9.11, 1.10.10, 2.0.18, 2.1.14, and 2.2.3. The GitHub Security Advisory is GHSA-9rfg-v8g9-9367, and the CVE ID is CVE-2026-42462.
Update @fedify/fedify:
npm update @fedify/fedify
yarn upgrade @fedify/fedify
pnpm update @fedify/fedify
bun update @fedify/fedify
deno update @fedify/fedify
After updating, redeploy. If you run other Fedify-based servers, update those too.
Thanks to @Claire for the report and responsible disclosure.
If anything is unclear, ask below.
Older Notes