Home | Notifications | New Note | Local | Federated | Search | Logout

Federated Timeline


深井青実:io:@DeepBlue@misskey.io (2026-05-24 08:17:21) 採点カラオケで100点が出るまで同じ曲を歌い続けないと部屋から出れない ---Attachments--- image: https://media.misskeyusercontent.com/io/7ac08644-cf00-409b-b9a7-27add088c549.webp

:hosimiya_mion::star_stroke:@hos1miya@misskey.0sakana.xyz (2026-05-24 08:16:45) SAITAMACHINECITY

Reply to @hos1miya@misskey.0sakana.xyz :hosimiya_mion::star_stroke:@hos1miya@misskey.0sakana.xyz (2026-05-24 08:14:46) これやるだけで東武の乗り換えはだいぶ改善しそうだけど
建て替えなんかしなくても

ささきち¦C108 1日目ー東イ20a@ssk_chi@misskey.io (2026-05-24 08:13:53) ​:ohayoo:​​:meow_beanbag:​

Marc Palmer@marcpalmer@iosdev.space (2026-05-24 08:10:11) I second this. Someone had told me about this by chance and it enabled me to spot a kid in trouble and pull them out of strong currents around some rocks years ago.

https://bsky.app/profile/did:plc:yfvwmnlztr4dwkb7hwz55r2g/post/3mmkiu77uhk2y

:hosimiya_mion::star_stroke:@hos1miya@misskey.0sakana.xyz (2026-05-24 08:09:47) 大宮、IC専用でいいからケト側の壁に改札欲しい

:hosimiya_mion::star_stroke:@hos1miya@misskey.0sakana.xyz (2026-05-24 07:59:51) 80000系増えたなぁ

Reply to @silverpill@mitra.social silverpill@silverpill@mitra.social (2026-05-24 07:16:21) @tadano @MK2boogaloo I pushed the fix to the main branch. Also allowed media proxy to serve application/octet-stream

Reply to @0461fcbecc4c3374439932d6b8f11269ccdb7cc973ad7a50ae362db135a474dd@mostr.pub silverpill@silverpill@mitra.social (2026-05-24 06:28:33) @0461fcbecc4c3374439932d6b8f11269ccdb7cc973ad7a50ae362db135a474dd @8c593cc6084205228f9d5f826249596710bbbee6236d54e2c74b2826d00e4c83 The client is a separate project, Mitra Mini. Partially based on Mitra, but I had to rebuild other parts from scratch.

It is the only implementation, and has at least two users 😆

Reply to @phnt@fluffytail.org silverpill@silverpill@mitra.social (2026-05-24 06:23:24) @phnt

>Although you would still need some way to publish that key and a valid Actor for verification, a server.

I just realized that it could be effective in island networks, where domains are allowlisted.

Reply to @silverpill@mitra.social Alex Gleason@0461fcbecc4c3374439932d6b8f11269ccdb7cc973ad7a50ae362db135a474dd@mostr.pub (2026-05-24 06:18:11) Is Mitra the only serious one who implements it? How many users do you have?

fedicat@fedicat@pc.cafe boosted: @FediFollows@social.growyourown.services (2026-05-24 05:48:10) #Ohio USA accounts to follow:

OHIO NEWS
@ColumbusDispatc - The Columbus Dispatch
@clevelandnews - The Plain Dealer / Cleveland.com
@index@oxfreepress.com - Oxford independent local news site

ACTIVISM
@heartlandurbanist (videos) & @mattcaff (personal) - Organiser/urbanist promoting better housing & transit

HAM RADIO
@w8lt - Amateur Radio & RF Club at Ohio State Univ

CULTURE
@index@clevelandwinds.org - Wind ensemble orchestra at Cleveland State Univ

FOOD
@Satoshi - Vegan restaurant in Cleveland

🧵 1/3

fedicat@fedicat@pc.cafe boosted: @fedihost@mstdn.social (2026-05-24 06:06:46) RE: https://social.growyourown.services/@FediTips/116625090914322439

We are currently taking steps to mitigate this exploit and will notify those who have been impacted.
#PeerTube

Reply to @0461fcbecc4c3374439932d6b8f11269ccdb7cc973ad7a50ae362db135a474dd@mostr.pub silverpill@silverpill@mitra.social (2026-05-24 06:09:33) @0461fcbecc4c3374439932d6b8f11269ccdb7cc973ad7a50ae362db135a474dd @8c593cc6084205228f9d5f826249596710bbbee6236d54e2c74b2826d00e4c83 Yes. Relays are usually called gateways, but the architecture is very similar.

https://codeberg.org/ap-next/ap-next/src/branch/main/nomadpub.md

Reply to @phnt@fluffytail.org silverpill@silverpill@mitra.social (2026-05-24 06:07:26) @phnt Yesterday, a proposal was submitted that offered a solution to this exact problem: https://codeberg.org/fediverse/fep/src/branch/main/fep/baf5/fep-baf5.md. I don't like some parts of it (see discussion), but it's a step in the right direction

FediHost@fedihost@mstdn.social (2026-05-24 06:06:46) RE: https://social.growyourown.services/@FediTips/116625090914322439

We are currently taking steps to mitigate this exploit and will notify those who have been impacted.
#PeerTube

Reply to @silverpill@mitra.social Alex Gleason@0461fcbecc4c3374439932d6b8f11269ccdb7cc973ad7a50ae362db135a474dd@mostr.pub (2026-05-24 05:58:43) Is it clients & relays?

Reply to @0461fcbecc4c3374439932d6b8f11269ccdb7cc973ad7a50ae362db135a474dd@mostr.pub silverpill@silverpill@mitra.social (2026-05-24 05:50:38) @0461fcbecc4c3374439932d6b8f11269ccdb7cc973ad7a50ae362db135a474dd @8c593cc6084205228f9d5f826249596710bbbee6236d54e2c74b2826d00e4c83 It's hard - but not too hard, people launch new ActivityPub projects all the time. I considered Nostr back in 2023 but now it's too late, because I designed a protocol that I believe is better than Nostr, and its backward compatible with Fediverse (so it inherits its network effects).

FediFollows@FediFollows@social.growyourown.services (2026-05-24 05:48:10) #Ohio USA accounts to follow:

OHIO NEWS
@ColumbusDispatc - The Columbus Dispatch
@clevelandnews - The Plain Dealer / Cleveland.com
@index@oxfreepress.com - Oxford independent local news site

ACTIVISM
@heartlandurbanist (videos) & @mattcaff (personal) - Organiser/urbanist promoting better housing & transit

HAM RADIO
@w8lt - Amateur Radio & RF Club at Ohio State Univ

CULTURE
@index@clevelandwinds.org - Wind ensemble orchestra at Cleveland State Univ

FOOD
@Satoshi - Vegan restaurant in Cleveland

🧵 1/3

:hosimiya_mion::star_stroke:@hos1miya@misskey.0sakana.xyz (2026-05-24 05:47:56) ​:ohayo:​

Reply to @evan@cosocial.ca silverpill@silverpill@mitra.social (2026-05-24 05:39:15) @evan This is my mistake, thanks for pointing out. It should be changed to "...where embedded objects are owned by another local actor".

I think Create.object.attributedTo == Create.actor is a different thing, because it is related to authorization, whereas the requirement we're discussing here is related to authentication.

In general, yes, none of this was built into ActivityPub. But over the years implementers figured out authentication and authorization on their own, and now this is how federation works. People expect that same-origin embeddings can be cached as is, without re-fetching.

@general

Reply to @apps@toot.fedilab.app fedicat@fedicat@pc.cafe (2026-05-24 05:39:09) @apps fine line between milestone and millstone

fedicat@fedicat@pc.cafe boosted: @Feditext@mastodon.social (2026-05-24 05:30:15) We're back! Brian fixed the issue and Feditext should work again for all of our TestFlight users. If it doesn't, please manually open TestFlight and check for a new build.

#Feditext

Reply to @Feditext@mastodon.social Feditext@Feditext@mastodon.social (2026-05-24 05:30:15) We're back! Brian fixed the issue and Feditext should work again for all of our TestFlight users. If it doesn't, please manually open TestFlight and check for a new build.

#Feditext

Fedilab Apps@apps@toot.fedilab.app (2026-05-24 05:22:30) I read your concerns and I deeply appreciate them. The goal was only to give more visibility on what is being fixed and improved. Things are working well as they are, and some of you warned me about side effects. If I ever start to feel uncomfortable with milestones, from pressure or anything else, I can always tell you and stop. What we all want is to make Fedilab better.

silverpill@silverpill@mitra.social boosted: @jae@mastodon.bsd.cafe (2026-05-24 00:52:47) as the world turns, does does single-binary #fediverse frontends. just implemented background pollling for notifications with a subtle indicator. still sitting at ~14mb binary tested against #pleroma #mastodon #gotosocial #mitra ---Attachments--- image: https://media.bsd.cafe/bsdmmedia01/media_attachments/files/116/624/687/166/850/305/original/cb93f47b41219953.png

Reply to @silverpill@mitra.social Phantasm@phnt@fluffytail.org (2026-05-24 05:20:49) @silverpill
>this measure is ineffective and can easily be circumvented by changing the keyId parameter of a signature.

I never thought about it like that, but that too is a way to circumvent it. Although you would still need some way to publish that key and a valid Actor for verification, a server. If a remote server implementing restrictions on fetching based on signatures only disallows the instance Actor, then that is a way to bypass that restriction. Although I think there currently is no implementation that does that. Mastodon instead blocks everything on the domain including all subdomains and GTS probably does the same. No idea how the Misskey forks and Iceshrimp.NET do it though. Of course using different domains works as well.

>Servers MUST NOT allow clients to publish activities where embedded objects are owned by another actor.

Unrelated to the this FEP, but this came up when fixing the recent Pleroma security issues. There is no agreed upon way of federating moderation decisions to remote instances. It is logical when validating remote Update Activities to only allow Activities that update Objects owned by the same Actor, however that is never guaranteed when for example an admin on a remote instance forces a post to be NSFW. Similarly Delete Activities can have the Actor be the moderator, but Object actually owned by user.

Reply to @silverpill@mitra.social Alex Gleason@0461fcbecc4c3374439932d6b8f11269ccdb7cc973ad7a50ae362db135a474dd@mostr.pub (2026-05-24 05:17:56) Those things are too hard on ActivityPub. Join the dark side.

Reply to @jae@mastodon.bsd.cafe silverpill@silverpill@mitra.social (2026-05-24 05:12:50) @jae tui? looks great

Reply to @8c593cc6084205228f9d5f826249596710bbbee6236d54e2c74b2826d00e4c83@mostr.pub silverpill@silverpill@mitra.social (2026-05-24 05:11:08) @8c593cc6084205228f9d5f826249596710bbbee6236d54e2c74b2826d00e4c83 @0461fcbecc4c3374439932d6b8f11269ccdb7cc973ad7a50ae362db135a474dd

ActivityPub.

We now getting capabilities previously available only on SSB & Nostr. Key-based identity, local-first clients.
Older Notes