Home | Notifications | New Note | Local | Federated | Search | Logout
Federated Timeline
fedicat@fedicat@pc.cafe boosted:
@grishka@mastodon.social (2026-05-22 07:15:27)
I did it. #Smithereen 1.0 is officially out now. Only took me 6.5 years from an idea to something I can proudly call a stable release.
---Attachments---
image: https://files.mastodon.social/media_attachments/files/116/614/866/422/305/225/original/00a9a8be3d4227b3.png
Reply to @julian@activitypub.space
Rimu@rimu@piefed.social (2026-05-22 07:41:56)
Yes.
This is easy in FEP 1b12-land because each community has a list of moderators so receiving instances know who to allow.
Getting a list of instance admins requires calling the Lemmy API, unfortunately. So PieFed has a cron job that does that once per day for all instances. Admins rarely change.
Reply to @julian@activitypub.space
julian@julian@activitypub.space (2026-05-22 07:34:23)
@nutomic@lemmy.ml @rimu@piefed.social @bent0_b0x@norden.social — do y'all send Delete activities with the moderator actor?
(Announce wrapping aside.)
Reply to @thisismissem@activitypub.space
julian@julian@activitypub.space (2026-05-22 07:32:58)
@thisismissem hmm, I believe Lemmy and Piefed send cross actor Deletes, but they might be Announces by the group actor.
They (and I) don't use moderatedBy but rather the group actor's attributedTo
Just want to make sure you're aware of that existing prior art.
Gregory@grishka@mastodon.social (2026-05-22 07:15:27)
I did it. #Smithereen 1.0 is officially out now. Only took me 6.5 years from an idea to something I can proudly call a stable release.
---Attachments---
image: https://files.mastodon.social/media_attachments/files/116/614/866/422/305/225/original/00a9a8be3d4227b3.png
佐々木/네코가와@nounashi7298@social.nekokawa.net (2026-05-22 07:11:24)
おはようございます
Emelia@thisismissem@activitypub.space (2026-05-22 06:16:26)
Well, yeah, that's why I linked what T&S is doing here to fix the moderator use case. At present I don't know of anyone sending cross-actor delete/update actions, so we'd be adding capability with the moderatedBy
fedicat@fedicat@pc.cafe (2026-05-22 06:02:01)
my filters are more like an automatic labeling system, and a warning to myself that I'm posting too much about AI
julian@julian@activitypub.space (2026-05-22 05:20:21)
Started working on bringing ActivityPub Polls to NodeBB :clipboard:
First step is adding in separate handling of the Question object. Right now NodeBB treats it as a "Note-like" and renders it like a post :smile: 50% of the way there... will need to link it to nodebb-plugin-poll...
One complication... the plugin ties votes to users. This data isn't reflected over-the-wire in AP, only the aggregate voter counts are shared :thinking_face: [...]
https://github.com/NodeBB/nodebb-plugin-poll/pull/157
Eugen Rochko@Gargron@mastodon.social (2026-05-22 04:27:04)
When I was growing up, we had operating systems that exposed a lot of the technical details about their inner workings, and websites that let us use code to customize them, like MySpace and Geocities. UX designers in tech have since optimized away most of the stuff that allowed and encouraged people to learn to use technology and now people get confused by files and browser tabs. And as the knowledge shrinks, more and more things have to be simplified away. I only ever see it as a one way road.
fedicat@fedicat@pc.cafe boosted:
@Thayer@mastodon.social (2026-05-21 20:39:05)
☆☆☆RECRUITING!☆☆☆
Mastofam: I'm the exclusive recruiting partner for Oxford University's Bennett Institute for Applied Data Science led by Ben Goldacre and I'm hiring a few roles. I'm keen to hear from Head of Engineering candidates in the £90-95k zone, and senior developers (Python/JS and or devops/infra) in the £80-85k zone.
Location: remote UK only (+ no visa sponsorship)
Salary: as above, non negotiable
Full details via email > thayer@team-prime.com
fedicat@fedicat@pc.cafe boosted:
@HolosSocial@mastodon.social (2026-05-22 02:56:36)
I built #HolosSocial for Linux (AppImage and deb files), and it works just fine on my Raspberry Pi.
Holos Social@HolosSocial@mastodon.social (2026-05-22 02:56:36)
I built #HolosSocial for Linux (AppImage and deb files), and it works just fine on my Raspberry Pi.
針金紳士@harignaeshinshi@misskey.io (2026-05-22 02:43:53)
今回は表紙から描かないと逃げそうなので、退路を断つ(╹◡╹)とりあえず仮置きまで
---Attachments---
image: https://media.misskeyusercontent.com/io/f8ffce28-835d-44cc-bc27-40387990f591.webp?sensitive=true
fedicat@fedicat@pc.cafe boosted:
@ffuentes@mastodon.sdf.org (2026-05-22 02:11:50)
Does anyone’s else use #takesama as client? it works pretty well with this #mastodon instance and #snac
ffuentes@ffuentes@mastodon.sdf.org (2026-05-22 02:11:50)
Does anyone’s else use #takesama as client? it works pretty well with this #mastodon instance and #snac
leisure@leisure_ul@misskey.io (2026-05-22 01:46:09)
黒Tヤッチョ #超かぐや姫
---Attachments---
image: https://media.misskeyusercontent.com/io/857ef656-904f-4015-91a1-0c66b2c4b668.jpg
Michael Kratzenberg 📢@kratzen@berg.mobilecourant.org (2026-05-22 00:57:16)
I unequivocally stand in solidarity with Cuba against the baseless Warmongering from the Trump admin.
It is abundantly clear that the actions taken by the DOJ is posturing for war and these actions are purely corrupt and inhumane.
How many wars will the "Peace-Loving" Trump start for his own gain.
:majidekapurin_cry_up:マジでデカいプリン@majidedekaipurin@misskey.io (2026-05-22 00:30:44)
---Attachments---
image: https://media.misskeyusercontent.com/io/79fea506-34ad-41a5-9b10-f559aa06fc9a.png
fedicat@fedicat@pc.cafe boosted:
@SymfonyStation@drupal.community (2026-05-21 20:38:55)
Hollo announces: Hollo 0.9.0 is out. https://hollo.social/@hollo/019e451e-f368-70e2-b993-77d01a14a677 #hollo #fediverse #ActivityPub
fedicat@fedicat@pc.cafe boosted:
@smrms@toot.community (2026-05-20 01:58:54)
Anyone else in the fediverse who does fieldwork in #linguistics ? #languages #language #indigenouslanguages #minoritylanguages (if you have suggestions for hashtags that will help me find other field linguists, please add them in a comment to this toot)
fedicat@fedicat@pc.cafe boosted:
@toddsundsted@epiktistes.com (2026-05-21 19:50:48)
Release v3.3.9 of Ktistec continues the security hardening work from recent releases, with further progress on the Mastodon-compatible API.
Of note: all network connections now go through a new Ktistec::Network module. This allows Ktistec to limit the size of HTTP bodies it reads, on both inbound and outbound requests, and ensures it only opens connections to valid remote IP addresses.
Here's the full changelog:
Added
New Mastodon-compatible APIs.
Fixed
Close DNS rebinding window for outbound HTTP requests.
Limit the size of HTTP bodies the server reads.
Sanitize RSS feed output to prevent CDATA breakout.
Destroy all sessions and access tokens on account termination.
Changed
Ensure all GET and POST requests utilize Ktistec::Network.
Process local recipients in-process in inbox/outbox activity processors.
As always, it's worth upgrading for the security fixes!
#ktistec #crystallang #activitypub #fediverse
fedicat@fedicat@pc.cafe boosted:
@atomicpoet@atomicpoet.org (2026-05-20 08:23:04)
This Saturday, I’m speaking at @vanlug about the #Fediverse.
It will be held at Burnaby Public Library during 2PM-4PM.
Want to attend? Here’s where to register:
https://luma.com/ahm1hi2s
#VanLUG
fedicat@fedicat@pc.cafe boosted:
@grunfink@comam.es (2026-05-21 21:00:31)
If what 'split domains' mean is "running #snac in subdomain.example.com but identify as accounts from example.com" then no, it's not supported.
But, you can have snac running from a subdirectory of your main domain (which, as far as I know, no other fediverse implementation does). I.e. you can have your snac root in example.com/social and then you can identify as you@example.com . So you have no unnecessary subdomain just to be you.
Which is what I do for this very domain.
CC: @mms@bsd.cafe
fedicat@fedicat@pc.cafe boosted:
@linguistgoneforeign@mastodon.social (2026-05-12 02:12:05)
I'm very happy to see how my 3-year journey replacing big tech with privacy-oriented, humane platforms is shaping:
Gmail: Tuta and Proton
Google Calendar: Fossify
Google Maps: Organic Maps
Twitter: Mastodon
Facebook, Instagram: Pixelfed
WhatsApp, Telegram: Signal
Android: GrapheneOS
Windows: Linux Mint
It was overwhelming, it took time and research. But I can tell you that another digital experience is possible.
Now I'm thrilled to have devices that belong to ME, like in the old days.
fedicat@fedicat@pc.cafe boosted:
@botkit@hollo.social (2026-05-21 22:20:24)
BotKit security updates: 0.3.3 and 0.4.2
If you use BotKit, update to a patched release now. CVE-2026-42462 affects Fedify's Linked Data Signature handling, and BotKit inherits the exposure through its dependency on Fedify.
The vulnerability allows an attacker to use JSON-LD graph-restructuring features—specifically @graph, @included, and @reverse—to reshape a signed ActivityPub activity without invalidating its Linked Data Signature. This can cause BotKit (via Fedify) to interpret a different ActivityPub object shape than was originally signed. The fix normalizes Linked Data Signature-verified activities against Fedify's local JSON-LD context before interpreting them, and rejects the JSON-LD constructs that enable the attack.
All versions of BotKit up to 0.3.2 (in the 0.3.x branch) and 0.4.1 (in the 0.4.x branch) are affected. Patched releases are 0.3.3 and 0.4.2.
For BotKit 0.4.x, update @fedify/botkit:
npm update @fedify/botkit
yarn upgrade @fedify/botkit
pnpm update @fedify/botkit
bun update @fedify/botkit
deno update @fedify/botkit
For BotKit 0.3.x, update @fedify/botkit:
npm update @fedify/botkit@0.3.3
yarn upgrade @fedify/botkit@0.3.3
pnpm update @fedify/botkit@0.3.3
bun update @fedify/botkit@0.3.3
deno update @fedify/botkit@0.3.3
If you use other BotKit-related packages (e.g., @fedify/botkit-postgres), update them as well. After updating, redeploy.
The CVE ID is CVE-2026-42462. See also fedify-dev/fedify#773 for Fedify's own announcement.
Thanks to @Claire for the report and responsible disclosure.
If anything is unclear, feel free to ask on GitHub Discussions or Matrix.
Nova@Chishiki611@enby.life boosted:
@hollo@hollo.social (2026-05-21 02:39:43)
Hollo security updates: 0.7.17, 0.8.6, and 0.9.1
If you run Hollo, update to a patched release now. CVE-2026-42462 affects Fedify's Linked Data Signature handling, and Hollo depends on Fedify for ActivityPub federation.
Fedify verifies incoming ActivityPub activities with several mechanisms, including HTTP Signatures, Object Integrity Proofs, and Linked Data Signatures. The vulnerable path is Linked Data Signatures: the signature is checked over the canonical RDF graph, but JSON-LD can represent the same graph in more than one JSON shape. In affected versions, that gap could let a signed activity be reshaped so that Fedify reads a different ActivityPub object shape than intended—without invalidating the signature.
The fix makes Fedify normalize Linked Data Signature-verified activities against its local JSON-LD context before interpreting them, and rejects JSON-LD constructs that can preserve the signed RDF graph while changing the ActivityPub object shape. For full technical details of the underlying vulnerability, see the Fedify security announcement.
All Hollo versions up to and including 0.7.16, 0.8.5, and 0.9.0 are affected. Patched releases are 0.7.17 for the 0.7.x series, 0.8.6 for the 0.8.x series, and 0.9.1 for the 0.9.x series.
For 0.7.x deployments, update to 0.7.17:
docker pull ghcr.io/fedify-dev/hollo:0.7.17
For 0.8.x deployments, update to 0.8.6:
docker pull ghcr.io/fedify-dev/hollo:0.8.6
For 0.9.x deployments, update to 0.9.1:
docker pull ghcr.io/fedify-dev/hollo:0.9.1
After pulling the new image, restart your Hollo container. If you deploy from source, pull the corresponding release tag and restart.
Thanks to @Claire for the report and responsible disclosure to the Fedify project.
If anything is unclear, ask below.
Reply to @Coro@mstdn.maud.io
Coro@Coro@mstdn.maud.io (2026-05-21 23:39:43)
Bambu Lab 3D printers: Never again - YouTube
https://youtu.be/eb48MdtNaDQ
Reply to @chlo@w.chlo.is
silverpill@silverpill@mitra.social (2026-05-21 23:02:58)
@chlo @caohuak Good to know. I am thinking about adding a configuration option that enables embedding for Accept(Follow) activity.
Veronica Explains@veronica@explains.social (2026-05-21 22:58:55)
I genuinely believe that the Fediverse offers the best chance of recapturing the friendly, optimistic Internet I loved as a kid.
We've got flaws, sure. I've been critical of aspects of fedi culture, and will continue to do so.
But this place represents hope, and hope is where we start.
Older Notes