ricferrer (@ricferrer@mastodon.social)
🤔 Anyone have experience with the #ActivityPub plug-in for #Wordpress ? How has it been? Are posts displayed well on #mastodon and #pixelfed ?
I am exploring adding it to the website of two of my projects that already run on Wordpress. 🚀#vountain #hafven
Show Original Post
dansup (@dansup@mastodon.social)
So one tricky aspect I had to solve with Loops is how we use a hashid of the snowflake id for videos, comments and replies in public links, but also deference them to their full ActivityPub permalink.
I built a `matchUrlTemplate` helper that uses regexes to match our url schemas in a way that supports `/v/abcdefg1-` and `/ap/users/1/video/1234567890` links.
It works great, and I will be bringing this to Pixelfed to improve federation support ✨
Show Original Post
yawnbox (@yawnbox@disobey.net)
if you have ever been curious about running a web application firewall (WAF) in front of Mastodon or other fediverse instance, i've published a repo containing the #openappsec policy we're now using, which is also configured to maintain strong privacy protections. i've recently turned on prevent mode, blocking critical events
https://code.disobey.net/dd/ap-waf
there's a lot of skip exceptions needed in order to not block required ActivityPub transactions. even things like changing a password in Mastodon is seen as a critical (false) positive
given the number of skip exclusions, there's a lot of attack surface that admins won't be able to action on since so much of ActivityPub looks malicious, and a targeted attack could easily take advantage of these necessary skip policies
i'm curious if any ActivityPub devs have ever run a WAF in front of their instance, and curious if any improvements can be made to the spec to reduce transactions that look like malicious behavior
i have to trust that for the ActivityPub exclusions, Mastodon properly sanitizes inputs and so the overall risk is still low
either way, this is a big win for overall risk reduction for anyone serious about protecting their community
#MastoAdmin #ActivityPub #Mastodon #OpenAppSec
Show Original Post
kariboka (@kariboka@mastodon.social)
Tire suas dúvidas sobre as redes:
https://na-real.bolha.dev/@kariboka@mastodon.social
Kari'boka nasceu pobre mas também nasceu otário.
#nareal #activitypub #obonde #bsky #xmpp #mastodon
Show Original Post
kariboka (@kariboka@mastodon.social)
A minha vida nos últimos anos tem se resumido a:
1. depressão
2. Tentar sobreviver
3. Estudar protocolos abertos com bastante foco no #xmpp e #activitypub
Eu não me considero grande coisa, por isso me chateia muito ver pessoas com qualificações melhores e maior alcance deliberadamente optar por escolher o pior caminho possÃvel.
Se eu que sou um bosta percebo isso com tanta clareza, não tem nada que justifique esse #oBonde escolher contribuir pra um rede nazista.
Show Original Post
klu9 (@klu9@ohai.social)
TIL I had no idea who actually controlled #ActivityPub . Concerning to hear that #Fediverse developers don't really have a hand in it.
Show Original Post
57-2 (@57-2@apreso.de)
How will a post without a title and inline images appear in a Mastodon client? And how about a hyperlink?
Holding a book at the edge of the lake in Blücherpark, Cologne (testing for ALT text)Four blue boats facing the lake in Blücherpark with a yellow bulbGlass bricks atHansaring stationAnd where will these keywords appear?
#activityPub #testing
Show Original Post
maikel (@maikel@vmst.io)
@fishidwardrobe I'm aware of the second point. I'm not so sure of the first.
I watched recently a video of Evan and someone else explaining their work so far on adding e2ee to Activity Pub, the video mention a reference implementation for this work (e2ee on AP).
Which is what made me think
> wait, if one of the points of this presentation is them discussing a possible future reference implementation of this, does that mean there's a refernece implmentation of activity pub somewhere I'm not aware of? 🤔
Show Original Post
fanden (@fanden@helvede.net)
@leanderlindahl Maybe Podverse is what you're looking for? https://podverse.fm/about It's already fediverse-ready.
There's also the federated Castopod platform to parallel UP, https://castopod.org/ Not quite Mastodon, but compatible through ActivityPub.
#podcast #fediverse #ActivityPub #Podverse #CastoPod
Show Original Post
notes (@notes@peculiar.florist)
connectedplaces.online/reports/fediverse-report-148-on-protocol-governance/
On the complexities of protocol governance.
There are only two organisations that are active in the fediverse that are a paid member of the W3C: Meta and the Social Web Foundation.
With the Social Web Foundation also receiving funding from Meta, the company that built Threads now has more institutional standing in ActivityPub governance than any of the organisations actually building open fediverse software.
Mastodon gGmbH, Framasoft, and others are not W3C members and cannot participate in the Working Group unless they are invited.#CHATONS #fediverse #fedivers #ActivityPub #w3c #Mastodon #Peertube #Lemmy #mBin #Piefed #NodeBB #Iceshrimp #Pixelfed #Loops
Show Original Post
c (@c@tarte.nuage-libre.fr)
Fediverse Report – #149 – On Protocol Governance
On the complexities of protocol governance.
There are only two organisations that are active in the fediverse that are a paid member of the W3C: Meta and the Social Web Foundation. With the Social Web Foundation also receiving funding from Meta, the company that built Threads now has more institutional standing in ActivityPub governance than any of the organisations actually building open fediverse software. Mastodon gGmbH, Framasoft, and others are not W3C members and cannot participate in the Working Group unless they are invited.
Show Original Post