Home | Notifications | New Note | Local | Federated | Search | Logout
Federated Timeline
深井青実:io:@DeepBlue@misskey.io (2026-05-24 08:17:21)
採点カラオケで100点が出るまで同じ曲を歌い続けないと部屋から出れない
---Attachments---
image: https://media.misskeyusercontent.com/io/7ac08644-cf00-409b-b9a7-27add088c549.webp
:hosimiya_mion::star_stroke:@hos1miya@misskey.0sakana.xyz (2026-05-24 08:16:45)
SAITAMACHINECITY
Reply to @hos1miya@misskey.0sakana.xyz
:hosimiya_mion::star_stroke:@hos1miya@misskey.0sakana.xyz (2026-05-24 08:14:46)
これやるだけで東武の乗り換えはだいぶ改善しそうだけど
建て替えなんかしなくても
ささきち¦C108 1日目ー東イ20a@ssk_chi@misskey.io (2026-05-24 08:13:53)
:ohayoo::meow_beanbag:
Marc Palmer@marcpalmer@iosdev.space (2026-05-24 08:10:11)
I second this. Someone had told me about this by chance and it enabled me to spot a kid in trouble and pull them out of strong currents around some rocks years ago.
https://bsky.app/profile/did:plc:yfvwmnlztr4dwkb7hwz55r2g/post/3mmkiu77uhk2y
:hosimiya_mion::star_stroke:@hos1miya@misskey.0sakana.xyz (2026-05-24 08:09:47)
大宮、IC専用でいいからケト側の壁に改札欲しい
:hosimiya_mion::star_stroke:@hos1miya@misskey.0sakana.xyz (2026-05-24 07:59:51)
80000系増えたなぁ
Reply to @silverpill@mitra.social
silverpill@silverpill@mitra.social (2026-05-24 07:16:21)
@tadano @MK2boogaloo I pushed the fix to the main branch. Also allowed media proxy to serve application/octet-stream
Reply to @0461fcbecc4c3374439932d6b8f11269ccdb7cc973ad7a50ae362db135a474dd@mostr.pub
silverpill@silverpill@mitra.social (2026-05-24 06:28:33)
@0461fcbecc4c3374439932d6b8f11269ccdb7cc973ad7a50ae362db135a474dd @8c593cc6084205228f9d5f826249596710bbbee6236d54e2c74b2826d00e4c83 The client is a separate project, Mitra Mini. Partially based on Mitra, but I had to rebuild other parts from scratch.
It is the only implementation, and has at least two users 😆
Reply to @phnt@fluffytail.org
silverpill@silverpill@mitra.social (2026-05-24 06:23:24)
@phnt
>Although you would still need some way to publish that key and a valid Actor for verification, a server.
I just realized that it could be effective in island networks, where domains are allowlisted.
Reply to @silverpill@mitra.social
Alex Gleason@0461fcbecc4c3374439932d6b8f11269ccdb7cc973ad7a50ae362db135a474dd@mostr.pub (2026-05-24 06:18:11)
Is Mitra the only serious one who implements it? How many users do you have?
fedicat@fedicat@pc.cafe boosted:
@FediFollows@social.growyourown.services (2026-05-24 05:48:10)
#Ohio USA accounts to follow:
OHIO NEWS
@ColumbusDispatc - The Columbus Dispatch
@clevelandnews - The Plain Dealer / Cleveland.com
@index@oxfreepress.com - Oxford independent local news site
ACTIVISM
@heartlandurbanist (videos) & @mattcaff (personal) - Organiser/urbanist promoting better housing & transit
HAM RADIO
@w8lt - Amateur Radio & RF Club at Ohio State Univ
CULTURE
@index@clevelandwinds.org - Wind ensemble orchestra at Cleveland State Univ
FOOD
@Satoshi - Vegan restaurant in Cleveland
🧵 1/3
fedicat@fedicat@pc.cafe boosted:
@fedihost@mstdn.social (2026-05-24 06:06:46)
RE: https://social.growyourown.services/@FediTips/116625090914322439
We are currently taking steps to mitigate this exploit and will notify those who have been impacted.
#PeerTube
Reply to @0461fcbecc4c3374439932d6b8f11269ccdb7cc973ad7a50ae362db135a474dd@mostr.pub
silverpill@silverpill@mitra.social (2026-05-24 06:09:33)
@0461fcbecc4c3374439932d6b8f11269ccdb7cc973ad7a50ae362db135a474dd @8c593cc6084205228f9d5f826249596710bbbee6236d54e2c74b2826d00e4c83 Yes. Relays are usually called gateways, but the architecture is very similar.
https://codeberg.org/ap-next/ap-next/src/branch/main/nomadpub.md
Reply to @phnt@fluffytail.org
silverpill@silverpill@mitra.social (2026-05-24 06:07:26)
@phnt Yesterday, a proposal was submitted that offered a solution to this exact problem: https://codeberg.org/fediverse/fep/src/branch/main/fep/baf5/fep-baf5.md. I don't like some parts of it (see discussion), but it's a step in the right direction
FediHost@fedihost@mstdn.social (2026-05-24 06:06:46)
RE: https://social.growyourown.services/@FediTips/116625090914322439
We are currently taking steps to mitigate this exploit and will notify those who have been impacted.
#PeerTube
Reply to @silverpill@mitra.social
Alex Gleason@0461fcbecc4c3374439932d6b8f11269ccdb7cc973ad7a50ae362db135a474dd@mostr.pub (2026-05-24 05:58:43)
Is it clients & relays?
Reply to @0461fcbecc4c3374439932d6b8f11269ccdb7cc973ad7a50ae362db135a474dd@mostr.pub
silverpill@silverpill@mitra.social (2026-05-24 05:50:38)
@0461fcbecc4c3374439932d6b8f11269ccdb7cc973ad7a50ae362db135a474dd @8c593cc6084205228f9d5f826249596710bbbee6236d54e2c74b2826d00e4c83 It's hard - but not too hard, people launch new ActivityPub projects all the time. I considered Nostr back in 2023 but now it's too late, because I designed a protocol that I believe is better than Nostr, and its backward compatible with Fediverse (so it inherits its network effects).
FediFollows@FediFollows@social.growyourown.services (2026-05-24 05:48:10)
#Ohio USA accounts to follow:
OHIO NEWS
@ColumbusDispatc - The Columbus Dispatch
@clevelandnews - The Plain Dealer / Cleveland.com
@index@oxfreepress.com - Oxford independent local news site
ACTIVISM
@heartlandurbanist (videos) & @mattcaff (personal) - Organiser/urbanist promoting better housing & transit
HAM RADIO
@w8lt - Amateur Radio & RF Club at Ohio State Univ
CULTURE
@index@clevelandwinds.org - Wind ensemble orchestra at Cleveland State Univ
FOOD
@Satoshi - Vegan restaurant in Cleveland
🧵 1/3
:hosimiya_mion::star_stroke:@hos1miya@misskey.0sakana.xyz (2026-05-24 05:47:56)
:ohayo:
Reply to @evan@cosocial.ca
silverpill@silverpill@mitra.social (2026-05-24 05:39:15)
@evan This is my mistake, thanks for pointing out. It should be changed to "...where embedded objects are owned by another local actor".
I think Create.object.attributedTo == Create.actor is a different thing, because it is related to authorization, whereas the requirement we're discussing here is related to authentication.
In general, yes, none of this was built into ActivityPub. But over the years implementers figured out authentication and authorization on their own, and now this is how federation works. People expect that same-origin embeddings can be cached as is, without re-fetching.
@general
Reply to @apps@toot.fedilab.app
fedicat@fedicat@pc.cafe (2026-05-24 05:39:09)
@apps fine line between milestone and millstone
fedicat@fedicat@pc.cafe boosted:
@Feditext@mastodon.social (2026-05-24 05:30:15)
We're back! Brian fixed the issue and Feditext should work again for all of our TestFlight users. If it doesn't, please manually open TestFlight and check for a new build.
#Feditext
Reply to @Feditext@mastodon.social
Feditext@Feditext@mastodon.social (2026-05-24 05:30:15)
We're back! Brian fixed the issue and Feditext should work again for all of our TestFlight users. If it doesn't, please manually open TestFlight and check for a new build.
#Feditext
Fedilab Apps@apps@toot.fedilab.app (2026-05-24 05:22:30)
I read your concerns and I deeply appreciate them. The goal was only to give more visibility on what is being fixed and improved. Things are working well as they are, and some of you warned me about side effects. If I ever start to feel uncomfortable with milestones, from pressure or anything else, I can always tell you and stop. What we all want is to make Fedilab better.
silverpill@silverpill@mitra.social boosted:
@jae@mastodon.bsd.cafe (2026-05-24 00:52:47)
as the world turns, does does single-binary #fediverse frontends. just implemented background pollling for notifications with a subtle indicator. still sitting at ~14mb binary tested against #pleroma #mastodon #gotosocial #mitra
---Attachments---
image: https://media.bsd.cafe/bsdmmedia01/media_attachments/files/116/624/687/166/850/305/original/cb93f47b41219953.png
Reply to @silverpill@mitra.social
Phantasm@phnt@fluffytail.org (2026-05-24 05:20:49)
@silverpill
>this measure is ineffective and can easily be circumvented by changing the keyId parameter of a signature.
I never thought about it like that, but that too is a way to circumvent it. Although you would still need some way to publish that key and a valid Actor for verification, a server. If a remote server implementing restrictions on fetching based on signatures only disallows the instance Actor, then that is a way to bypass that restriction. Although I think there currently is no implementation that does that. Mastodon instead blocks everything on the domain including all subdomains and GTS probably does the same. No idea how the Misskey forks and Iceshrimp.NET do it though. Of course using different domains works as well.
>Servers MUST NOT allow clients to publish activities where embedded objects are owned by another actor.
Unrelated to the this FEP, but this came up when fixing the recent Pleroma security issues. There is no agreed upon way of federating moderation decisions to remote instances. It is logical when validating remote Update Activities to only allow Activities that update Objects owned by the same Actor, however that is never guaranteed when for example an admin on a remote instance forces a post to be NSFW. Similarly Delete Activities can have the Actor be the moderator, but Object actually owned by user.
Reply to @silverpill@mitra.social
Alex Gleason@0461fcbecc4c3374439932d6b8f11269ccdb7cc973ad7a50ae362db135a474dd@mostr.pub (2026-05-24 05:17:56)
Those things are too hard on ActivityPub. Join the dark side.
Reply to @jae@mastodon.bsd.cafe
silverpill@silverpill@mitra.social (2026-05-24 05:12:50)
@jae tui? looks great
Reply to @8c593cc6084205228f9d5f826249596710bbbee6236d54e2c74b2826d00e4c83@mostr.pub
silverpill@silverpill@mitra.social (2026-05-24 05:11:08)
@8c593cc6084205228f9d5f826249596710bbbee6236d54e2c74b2826d00e4c83 @0461fcbecc4c3374439932d6b8f11269ccdb7cc973ad7a50ae362db135a474dd
ActivityPub.
We now getting capabilities previously available only on SSB & Nostr. Key-based identity, local-first clients.
Older Notes