Federated Timeline

Home | Notifications | New Note | Local | Federated | Search | Logout

Federated Timeline


ffuentes@ffuentes@mastodon.sdf.org (2026-05-22 02:11:50)
Does anyone’s else use #takesama as client? it works pretty well with this #mastodon instance and #snac


Michael Kratzenberg 📢@kratzen@berg.mobilecourant.org (2026-05-22 00:57:16)
I unequivocally stand in solidarity with Cuba against the baseless Warmongering from the Trump admin.
It is abundantly clear that the actions taken by the DOJ is posturing for war and these actions are purely corrupt and inhumane.
How many wars will the "Peace-Loving" Trump start for his own gain.


:majidekapurin_cry_up:マジでデカいプリン@majidedekaipurin@misskey.io (2026-05-22 00:30:44)

---Attachments---
image: https://media.misskeyusercontent.com/io/79fea506-34ad-41a5-9b10-f559aa06fc9a.png


fedicat@fedicat@pc.cafe boosted:
@SymfonyStation@drupal.community (2026-05-21 20:38:55)
Hollo announces: Hollo 0.9.0 is out. https://hollo.social/@hollo/019e451e-f368-70e2-b993-77d01a14a677 #hollo #fediverse #ActivityPub


fedicat@fedicat@pc.cafe boosted:
@smrms@toot.community (2026-05-20 01:58:54)
Anyone else in the fediverse who does fieldwork in #linguistics ? #languages #language #indigenouslanguages #minoritylanguages (if you have suggestions for hashtags that will help me find other field linguists, please add them in a comment to this toot)


fedicat@fedicat@pc.cafe boosted:
@toddsundsted@epiktistes.com (2026-05-21 19:50:48)
Release v3.3.9 of Ktistec continues the security hardening work from recent releases, with further progress on the Mastodon-compatible API.

Of note: all network connections now go through a new Ktistec::Network module. This allows Ktistec to limit the size of HTTP bodies it reads, on both inbound and outbound requests, and ensures it only opens connections to valid remote IP addresses.

Here's the full changelog:

Added

New Mastodon-compatible APIs.
Fixed

Close DNS rebinding window for outbound HTTP requests.
Limit the size of HTTP bodies the server reads.
Sanitize RSS feed output to prevent CDATA breakout.
Destroy all sessions and access tokens on account termination.
Changed

Ensure all GET and POST requests utilize Ktistec::Network.
Process local recipients in-process in inbox/outbox activity processors.
As always, it's worth upgrading for the security fixes!

#ktistec #crystallang #activitypub #fediverse


fedicat@fedicat@pc.cafe boosted:
@atomicpoet@atomicpoet.org (2026-05-20 08:23:04)
This Saturday, I’m speaking at @vanlug about the #Fediverse.

It will be held at Burnaby Public Library during 2PM-4PM.

Want to attend? Here’s where to register:

https://luma.com/ahm1hi2s

#VanLUG


fedicat@fedicat@pc.cafe boosted:
@grunfink@comam.es (2026-05-21 21:00:31)
If what 'split domains' mean is "running #snac in subdomain.example.com but identify as accounts from example.com" then no, it's not supported.

But, you can have snac running from a subdirectory of your main domain (which, as far as I know, no other fediverse implementation does). I.e. you can have your snac root in example.com/social and then you can identify as you@example.com . So you have no unnecessary subdomain just to be you.

Which is what I do for this very domain.

CC: @mms@bsd.cafe


fedicat@fedicat@pc.cafe boosted:
@linguistgoneforeign@mastodon.social (2026-05-12 02:12:05)
I'm very happy to see how my 3-year journey replacing big tech with privacy-oriented, humane platforms is shaping:

Gmail: Tuta and Proton

Google Calendar: Fossify

Google Maps: Organic Maps

Twitter: Mastodon

Facebook, Instagram: Pixelfed

WhatsApp, Telegram: Signal

Android: GrapheneOS

Windows: Linux Mint

It was overwhelming, it took time and research. But I can tell you that another digital experience is possible.

Now I'm thrilled to have devices that belong to ME, like in the old days.

fedicat@fedicat@pc.cafe boosted:
@botkit@hollo.social (2026-05-21 22:20:24)
BotKit security updates: 0.3.3 and 0.4.2
If you use BotKit, update to a patched release now. CVE-2026-42462 affects Fedify's Linked Data Signature handling, and BotKit inherits the exposure through its dependency on Fedify.

The vulnerability allows an attacker to use JSON-LD graph-restructuring features—specifically @graph, @included, and @reverse—to reshape a signed ActivityPub activity without invalidating its Linked Data Signature. This can cause BotKit (via Fedify) to interpret a different ActivityPub object shape than was originally signed. The fix normalizes Linked Data Signature-verified activities against Fedify's local JSON-LD context before interpreting them, and rejects the JSON-LD constructs that enable the attack.

All versions of BotKit up to 0.3.2 (in the 0.3.x branch) and 0.4.1 (in the 0.4.x branch) are affected. Patched releases are 0.3.3 and 0.4.2.

For BotKit 0.4.x, update @fedify/botkit:

npm update @fedify/botkit
yarn upgrade @fedify/botkit
pnpm update @fedify/botkit
bun update @fedify/botkit
deno update @fedify/botkit
For BotKit 0.3.x, update @fedify/botkit:

npm update @fedify/botkit@0.3.3
yarn upgrade @fedify/botkit@0.3.3
pnpm update @fedify/botkit@0.3.3
bun update @fedify/botkit@0.3.3
deno update @fedify/botkit@0.3.3
If you use other BotKit-related packages (e.g., @fedify/botkit-postgres), update them as well. After updating, redeploy.

The CVE ID is CVE-2026-42462. See also fedify-dev/fedify#773 for Fedify's own announcement.

Thanks to @Claire for the report and responsible disclosure.

If anything is unclear, feel free to ask on GitHub Discussions or Matrix.

Nova@Chishiki611@enby.life boosted:
@hollo@hollo.social (2026-05-21 02:39:43)
Hollo security updates: 0.7.17, 0.8.6, and 0.9.1
If you run Hollo, update to a patched release now. CVE-2026-42462 affects Fedify's Linked Data Signature handling, and Hollo depends on Fedify for ActivityPub federation.

Fedify verifies incoming ActivityPub activities with several mechanisms, including HTTP Signatures, Object Integrity Proofs, and Linked Data Signatures. The vulnerable path is Linked Data Signatures: the signature is checked over the canonical RDF graph, but JSON-LD can represent the same graph in more than one JSON shape. In affected versions, that gap could let a signed activity be reshaped so that Fedify reads a different ActivityPub object shape than intended—without invalidating the signature.

The fix makes Fedify normalize Linked Data Signature-verified activities against its local JSON-LD context before interpreting them, and rejects JSON-LD constructs that can preserve the signed RDF graph while changing the ActivityPub object shape. For full technical details of the underlying vulnerability, see the Fedify security announcement.

All Hollo versions up to and including 0.7.16, 0.8.5, and 0.9.0 are affected. Patched releases are 0.7.17 for the 0.7.x series, 0.8.6 for the 0.8.x series, and 0.9.1 for the 0.9.x series.

For 0.7.x deployments, update to 0.7.17:

docker pull ghcr.io/fedify-dev/hollo:0.7.17
For 0.8.x deployments, update to 0.8.6:

docker pull ghcr.io/fedify-dev/hollo:0.8.6
For 0.9.x deployments, update to 0.9.1:

docker pull ghcr.io/fedify-dev/hollo:0.9.1
After pulling the new image, restart your Hollo container. If you deploy from source, pull the corresponding release tag and restart.

Thanks to @Claire for the report and responsible disclosure to the Fedify project.

If anything is unclear, ask below.


Reply to @Coro@mstdn.maud.io
Coro@Coro@mstdn.maud.io (2026-05-21 23:39:43)
Bambu Lab 3D printers: Never again - YouTube

https://youtu.be/eb48MdtNaDQ


Reply to @chlo@w.chlo.is
silverpill@silverpill@mitra.social (2026-05-21 23:02:58)
@chlo @caohuak Good to know. I am thinking about adding a configuration option that enables embedding for Accept(Follow) activity.


Veronica Explains@veronica@explains.social (2026-05-21 22:58:55)
I genuinely believe that the Fediverse offers the best chance of recapturing the friendly, optimistic Internet I loved as a kid.

We've got flaws, sure. I've been critical of aspects of fedi culture, and will continue to do so.

But this place represents hope, and hope is where we start.


佐々木/네코가와@nounashi7298@social.nekokawa.net (2026-05-21 22:41:41)
全く意味はないのに
検索ボックスでちゃんと大文字小文字を区別して入力する派

BotKit by Fedify :botkit:@botkit@hollo.social (2026-05-21 22:20:24)
BotKit security updates: 0.3.3 and 0.4.2
If you use BotKit, update to a patched release now. CVE-2026-42462 affects Fedify's Linked Data Signature handling, and BotKit inherits the exposure through its dependency on Fedify.