Home | Notifications | New Note | Local | Federated | Search | Logout
Federated Timeline
Veronica Explains@veronica@explains.social (2026-05-21 22:58:55)
I genuinely believe that the Fediverse offers the best chance of recapturing the friendly, optimistic Internet I loved as a kid.
We've got flaws, sure. I've been critical of aspects of fedi culture, and will continue to do so.
But this place represents hope, and hope is where we start.
佐々木/네코가와@nounashi7298@social.nekokawa.net (2026-05-21 22:41:41)
全く意味はないのに
検索ボックスでちゃんと大文字小文字を区別して入力する派
BotKit by Fedify :botkit:@botkit@hollo.social (2026-05-21 22:20:24)
BotKit security updates: 0.3.3 and 0.4.2
If you use BotKit, update to a patched release now. CVE-2026-42462 affects Fedify's Linked Data Signature handling, and BotKit inherits the exposure through its dependency on Fedify.
The vulnerability allows an attacker to use JSON-LD graph-restructuring features—specifically @graph, @included, and @reverse—to reshape a signed ActivityPub activity without invalidating its Linked Data Signature. This can cause BotKit (via Fedify) to interpret a different ActivityPub object shape than was originally signed. The fix normalizes Linked Data Signature-verified activities against Fedify's local JSON-LD context before interpreting them, and rejects the JSON-LD constructs that enable the attack.
All versions of BotKit up to 0.3.2 (in the 0.3.x branch) and 0.4.1 (in the 0.4.x branch) are affected. Patched releases are 0.3.3 and 0.4.2.
For BotKit 0.4.x, update @fedify/botkit:
npm update @fedify/botkit
yarn upgrade @fedify/botkit
pnpm update @fedify/botkit
bun update @fedify/botkit
deno update @fedify/botkit
For BotKit 0.3.x, update @fedify/botkit:
npm update @fedify/botkit@0.3.3
yarn upgrade @fedify/botkit@0.3.3
pnpm update @fedify/botkit@0.3.3
bun update @fedify/botkit@0.3.3
deno update @fedify/botkit@0.3.3
If you use other BotKit-related packages (e.g., @fedify/botkit-postgres), update them as well. After updating, redeploy.
The CVE ID is CVE-2026-42462. See also fedify-dev/fedify#773 for Fedify's own announcement.
Thanks to @Claire for the report and responsible disclosure.
If anything is unclear, feel free to ask on GitHub Discussions or Matrix.
warabi餅@w4rabimochi@misskey.io boosted:
@foyfoy@misskey.io (2026-05-21 21:09:07)
【NSFW/R18】毎晩挑発してくるデカミクさん
---Attachments---
image: https://media.misskeyusercontent.com/io/webpublic-9fea9e1b-5087-477b-8493-6c44bb94f1c0.webp?sensitive=true
Tokyo Camera Club@tokyocameraclub@mstdn.tokyocameraclub.com (2026-05-21 21:30:45)
ブースト、お気に入り大歓迎!sorajiro_photo_1028さんの投稿作品です。
【sorajiro_photo_1028さん】
https://tokyocameraclub.com/mstdn/sorajiro_photo_1028/
【投稿作品】
https://tokyocameraclub.com/mstdn/sorajiro_photo_1028/116423187008470967
【登録はこちら:東京カメラ部インスタンス】
https://mstdn.tokyocameraclub.com/
東京カメラ部インスタンスに登録いただき、ハッシュタグ「#tokyocameraclub」を付けていただいた投稿が対象となります。ぜひ、気軽にご参加ください。
---Attachments---
image: https://s3-ap-northeast-1.amazonaws.com/mastodon-production/media_attachments/files/116/612/572/468/661/691/original/f49b544bb5501307.jpeg
Reply to @Coro@mstdn.maud.io
Coro@Coro@mstdn.maud.io (2026-05-21 21:17:37)
Bambu Lab is abusing the open source social contract - Jeff Geerling
https://www.jeffgeerling.com/blog/2026/bambu-lab-abusing-open-source-social-contract/
Reply to @Coro@mstdn.maud.io
Coro@Coro@mstdn.maud.io (2026-05-21 21:11:20)
‘Fuck you, Bambu’: How one private message could change the face of 3D printing | The Verge
https://www.theverge.com/tech/931532/bambu-agpl-pawel-jarczak-open-source-threat-dmca-github
フォイフォイ🔞@foyfoy@misskey.io (2026-05-21 21:09:07)
【NSFW/R18】毎晩挑発してくるデカミクさん
---Attachments---
image: https://media.misskeyusercontent.com/io/webpublic-9fea9e1b-5087-477b-8493-6c44bb94f1c0.webp?sensitive=true
Reply to @stefano@mastodon.bsd.cafe
The Real Grunfink@grunfink@comam.es (2026-05-21 21:00:31)
If what 'split domains' mean is "running #snac in subdomain.example.com but identify as accounts from example.com" then no, it's not supported.
But, you can have snac running from a subdirectory of your main domain (which, as far as I know, no other fediverse implementation does). I.e. you can have your snac root in example.com/social and then you can identify as you@example.com . So you have no unnecessary subdomain just to be you.
Which is what I do for this very domain.
CC: @mms@bsd.cafe
Coro@Coro@mstdn.maud.io boosted:
@gaitifuji@fedibird.com (2026-05-21 20:41:18)
「誤報」と否定する高市首相に「そのとおりです」と政府が追随…「政府が否定=誤報」となる時代の違和感 | 文春オンライン https://bunshun.jp/articles/-/88693?utm_source=twitter.com&utm_medium=social&utm_campaign=onlinePublished
“権力の側が「答え」を発信し、それがそのまま“正解”として広がっていく。監視されるべき側が、“正解”を示す側になってしまう。それで本当にいいのだろうか”
ガイチ@gaitifuji@fedibird.com (2026-05-21 20:41:18)
「誤報」と否定する高市首相に「そのとおりです」と政府が追随…「政府が否定=誤報」となる時代の違和感 | 文春オンライン https://bunshun.jp/articles/-/88693?utm_source=twitter.com&utm_medium=social&utm_campaign=onlinePublished
“権力の側が「答え」を発信し、それがそのまま“正解”として広がっていく。監視されるべき側が、“正解”を示す側になってしまう。それで本当にいいのだろうか”
Thayer@Thayer@mastodon.social (2026-05-21 20:39:05)
☆☆☆RECRUITING!☆☆☆
Mastofam: I'm the exclusive recruiting partner for Oxford University's Bennett Institute for Applied Data Science led by Ben Goldacre and I'm hiring a few roles. I'm keen to hear from Head of Engineering candidates in the £90-95k zone, and senior developers (Python/JS and or devops/infra) in the £80-85k zone.
Location: remote UK only (+ no visa sponsorship)
Salary: as above, non negotiable
Full details via email > thayer@team-prime.com
The Fulcrum ⚒️ ⛓️💥 🏴☠️@SymfonyStation@drupal.community (2026-05-21 20:38:55)
Hollo announces: Hollo 0.9.0 is out. https://hollo.social/@hollo/019e451e-f368-70e2-b993-77d01a14a677 #hollo #fediverse #ActivityPub
Dale Hitchenor@dhitchenor@fe.disroot.org (2026-05-21 19:59:24)
Hello all,
My apologies for my tardiness; life does get in the way sometimes.
On a good note, Hubzilla was updated to 11.2.1 about a day ago, and the docker image is about an hour or so away from being released. I want to personally thank you for your patience; the runners are busy crunching the code, and building as we speak.
Special thanks goes out to the Hubzilla devs, and contributors for their fine work. If you are curious, you can find their work at:
https://framagit.org/hubzilla/core
The release is available for review at:
https://framagit.org/hubzilla/core/-/releases
And of course, when it drops, the docker image will be available at:
https://hub.docker.com/r/dhitchenor/hubzilla
I hope this finds you all well; please stay safe, and I'll see you on the fediverse.
Todd Sundsted@toddsundsted@epiktistes.com (2026-05-21 19:50:48)
Release v3.3.9 of Ktistec continues the security hardening work from recent releases, with further progress on the Mastodon-compatible API.
Of note: all network connections now go through a new Ktistec::Network module. This allows Ktistec to limit the size of HTTP bodies it reads, on both inbound and outbound requests, and ensures it only opens connections to valid remote IP addresses.
Here's the full changelog:
Added
New Mastodon-compatible APIs.
Fixed
Close DNS rebinding window for outbound HTTP requests.
Limit the size of HTTP bodies the server reads.
Sanitize RSS feed output to prevent CDATA breakout.
Destroy all sessions and access tokens on account termination.
Changed
Ensure all GET and POST requests utilize Ktistec::Network.
Process local recipients in-process in inbox/outbox activity processors.
As always, it's worth upgrading for the security fixes!
#ktistec #crystallang #activitypub #fediverse
Reply to @Coro@mstdn.maud.io
Coro@Coro@mstdn.maud.io (2026-05-21 19:03:44)
> SFC will launch a standing committee to discuss software freedom and rights in the 3D printer community.Details on this committee will be forthcoming in June 2026.
Reply to @Coro@mstdn.maud.io
Coro@Coro@mstdn.maud.io (2026-05-21 19:01:14)
SFC が Bambu Studio の AGPL 違反を確認。
---
Comprehensive Response to Bambu's AGPLv3 Violations - Software Freedom Conservancy
https://sfconservancy.org/news/2026/may/18/bambu-studio-3d-printer-agpl-violation-response/
Tuta@Tutanota@mastodon.social (2026-05-21 18:57:15)
Take a look at these alternative browsers to Google Chrome & let us know which is your favorite! 🌐 🔐
If you're looking for a new browser find out more 👉 https://tuta.com/blog/best-private-browsers
@firefox @duckduckgo @puffin @Waterfox @ecosia @palemoon @zenbrowser @mullvadnet @torproject @Waterfox @Freenet @librewolf
---Attachments---
image: https://files.mastodon.social/media_attachments/files/116/611/949/680/935/071/original/0107c93c1dd1b9fe.png
佐々木/네코가와@nounashi7298@social.nekokawa.net (2026-05-21 18:11:25)
AMDのSkyBridge復活しないかなー
俺は無駄な希望的観測をしたい
xz@xz@ebadf.port0.org (2026-05-21 18:09:00)
One annoyance with my small #snac instance - or any small Fediverse island regardless of the software - is the missing visibility of the rest of the network. For followed hashtags, I am missing out on most posts as I am not federating with most instances.
The usual solution is to use an ActivityPub relay. This, however, resulted in receiving looots of posts, hitting file size and inode limits on this small VM. Thus, I gave up this experiment a while ago.
Now, I just stumbled about https://relay.fedi.buzz/ from @astro@c3d2.social, which allows to only follow certain hashtags, which is kinda exactly what I wanted ❤️
After following the Subscribing to Fediverse Relays section from snac(8), I came up with the following jq(1) command to subscribe each hashtag I am already following on my #snac instance. And yes, this would be way faster to do by hand for those six hashtags in total.
$ # Create multiple snac follow commands for each hashtag the "xz"
$ # user follows. The "data" directory is the $SNAC_BASEDIR.
$ jq -j \
'.followed_hashtags.[] | "snac follow data relay https://relay.fedi.buzz/tag/",.[1:],"; "' \
< data/user/xz/user.json
snac follow data relay https://relay.fedi.buzz/tag/openbsd; snac follow data relay https://relay.fedi.buzz/tag/snac; [ . . . ]
If the generated commands are looking not suspicious enough, rerun the command within $() or execute the output manually.
Finally, I am able to doomscroll #biketooter for weird and ridiculously expensive bikes from my instance; yay!
warabi餅@w4rabimochi@misskey.io boosted:
@ks_aya@misskey.io (2026-05-20 21:36:24)
:skeb:依頼待ってます
---Attachments---
image: https://media.misskeyusercontent.com/io/webpublic-a757283c-8e36-45b5-a695-4454aa3728e5.png?sensitive=true
image: https://media.misskeyusercontent.com/io/webpublic-b93bd613-d06f-4019-98c1-b21e3bfd3b5a.png?sensitive=true
image: https://media.misskeyusercontent.com/io/4a981370-813f-4753-bd7b-65c397498eec.webp?sensitive=true
image: https://media.misskeyusercontent.com/io/5619911d-4654-4e39-a8a9-7e11e8f9d874.webp?sensitive=true
image: https://media.misskeyusercontent.com/io/webpublic-94f1291d-61f4-409f-a3d6-2077411fa92d.png?sensitive=true
image: https://media.misskeyusercontent.com/io/3a4fc98e-5668-4b52-9e06-10e72b0e75c0.webp?sensitive=true
image: https://media.misskeyusercontent.com/io/webpublic-c539ed35-c4d3-46e8-a92b-0ca05be476ad.png?sensitive=true
image: https://media.misskeyusercontent.com/io/300b646e-3616-4120-9c25-f935339ae49a.webp?sensitive=true
image: https://media.misskeyusercontent.com/io/webpublic-9208288d-b663-439a-b01a-f2a49d2584b3.png?sensitive=true
image: https://media.misskeyusercontent.com/io/a5a8a6ab-6a5d-4494-a3fd-513dd2e30d21.webp?sensitive=true
image: https://media.misskeyusercontent.com/io/webpublic-96039857-23b3-4bf2-b38c-0f839d7a7d09.png?sensitive=true
image: https://media.misskeyusercontent.com/io/webpublic-87b3a1e5-7919-412f-85cb-c41c9445ce4e.png?sensitive=true
image: https://media.misskeyusercontent.com/io/0b5876e5-24e5-49c0-af67-12858e57d6f6.webp?sensitive=true
image: https://media.misskeyusercontent.com/io/70a5ebd7-8e74-4566-a2be-095230a6e646.webp?sensitive=true
image: https://media.misskeyusercontent.com/io/webpublic-8b3a1d51-7e5f-47fc-8d3d-bad89a9d9d7a.png?sensitive=true
image: https://media.misskeyusercontent.com/io/webpublic-2f4aa4ac-d8aa-4ba9-82b0-0270a4e08c9f.png?sensitive=true
warabi餅@w4rabimochi@misskey.io boosted:
@djheycha@misskey.io (2026-05-21 17:48:39)
クリスタのタイムラプス初めて使ってみた
25minらくがき
---Attachments---
video: https://media.misskeyusercontent.com/io/07495a7a-aa26-420e-b271-e1fda0d73895.mp4?sensitive=true
warabi餅@w4rabimochi@misskey.io (2026-05-21 18:01:34)
:kapo__n:
RE: https://misskey.io/notes/amiihum50q84032e
---Attachments---
image: https://media.misskeyusercontent.com/io/webpublic-25770ba2-b081-464a-b988-2f1abb9dc6b7.webp?sensitive=true
DJ喜茶@djheycha@misskey.io (2026-05-21 17:48:39)
クリスタのタイムラプス初めて使ってみた
25minらくがき
---Attachments---
video: https://media.misskeyusercontent.com/io/07495a7a-aa26-420e-b271-e1fda0d73895.mp4?sensitive=true
Reply to @mms@mastodon.bsd.cafe
Stefano Marinelli@stefano@mastodon.bsd.cafe (2026-05-21 16:19:45)
@mms really? I think it can be done.
@grunfink - what do you think?
fedicat@fedicat@pc.cafe boosted:
@jerry@infosec.exchange (2026-05-21 11:06:26)
If you run a mastodon instance, it's time to patch. Some high severity security 🐜 🐞 🐝 got fixed today.
fedicat@fedicat@pc.cafe boosted:
@impressia@mastodon.social (2026-05-21 13:36:58)
🚀 A new version of Impressia has been released today!
This update fixes the icon color of the delete action and a French wording typo, improves the display of comment counts, introduces the ability to edit statuses, enables triggering place searches by submitting the text field, and enhances the accessibility of the instances page.
All changes were implemented by @pylapp - huge thanks for the great work 🤩
Impressia@impressia@mastodon.social (2026-05-21 13:36:58)
🚀 A new version of Impressia has been released today!
This update fixes the icon color of the delete action and a French wording typo, improves the display of comment counts, introduces the ability to edit statuses, enables triggering place searches by submitting the text field, and enhances the accessibility of the instances page.
All changes were implemented by @pylapp - huge thanks for the great work 🤩
warabi餅@w4rabimochi@misskey.io (2026-05-21 12:45:09)
今日は午前中から温泉入って美味しいもの食べて:saikou:
warabi餅@w4rabimochi@misskey.io (2026-05-21 12:44:21)
お蕎麦食べた
:t_oishii::blobcat_mogumogu:
---Attachments---
image: https://media.misskeyusercontent.com/io/webpublic-d6460f23-5dc9-475c-9e2c-10fdc520fb6f.webp
Older Notes