r (@r@bsky.brid.gy)
Picking Sides in the Protocol Wars by @ewancroft.uk - ewancroft.uk/blog/3lvzrtk...
#ActivityPub #ATProto #ATProtocol #Nostr
Picking Sides in the Protocol ...
Show Original Post
ewanc26 (@ewanc26@mas.to)
Picking Sides in the Protocol Wars by @ewanc26 - https://ewancroft.uk/blog/3lvzrtkwttz2p
#ActivityPub #ATProto #ATProtocol #Nostr
Show Original Post
offseq (@offseq@infosec.exchange)
🚨 CVE-2025-54888: HIGH severity auth bypass in fedify-dev fedify (<1.3.20, 1.4.0-dev.585–1.4.12, etc). Allows attacker to impersonate any ActivityPub actor. Patch to 1.3.20+ and monitor for abuse! https://radar.offseq.com/threat/cve-2025-54888-cwe-287-improper-authentication-in--7c8f93db #OffSeq #Fedify #Vuln #ActivityPub
Show Original Post
Linux (@Linux@mstdn.ca)
How to Block Meta AI?
You can’t.
But you can slow it down.
The first half of Meta’s bot behaves like any other bot — that part you can block. There are many scripts available that are effective at stopping bots, and they work well.
The second half of Meta’s AI is where the real problem lies.
Meta anticipated that people would eventually catch on to their AI scraping, so they designed a system that uses standard web browsers. The AI doesn’t directly visit your site — it interacts with a browser instance on another system. It just does this using countless small, distributed micro-instances.
#Meta #AI #ArtificialIntelligence #Fediverse #ActivityPub #Mastodon #Misskey
Show Original Post
2025 (@2025@darnell.tv)
Threads as a fun monster, with his shadow companions behind him.
After Meta acquired the Threads.com domain for an undisclosed sum last year, I noticed that Threads.com began forwarding to Threads.net (which included username handles).
Several months later, Adam Mosseri (then head of Threads and current CEO of Instagram) announced that Threads on the web would operate on the .com domain […]
https://darnell.tv/2025/08/09/shadow-net-domain-instagram-youtube-fediverse/
Show Original Post
peachfiend (@peachfiend@mastodon.sdf.org)
@thisismissem there are many #fediverse platforms using #ActivityPub, most of which allow media sharing, and i have never really understood what @pixelfed purports to bring to the party anyway.
Show Original Post
objects (@objects@mitra.social)
A minor update to FEP-fe34: Origin-based security model
https://codeberg.org/fediverse/fep/pulls/662
- Explained how to identify public keys. They can be identified by publicKeyPem and publicKeyMultibase properties ("duck typing").
- Added a warning for JSON-LD consumers. Even innocuously looking property can become publicKeyPem or publicKeyMultibase after doing JSON-LD transformations.
You can read more about this problem in this post: https://socialhub.activitypub.rocks/t/am-i-understanding-something-wrong-or-is-json-ld-remote-context-support-a-gigantic-security-vulnerability-if-any-dumb-c2s-server-implementation-tries-to-federate-with-the-current-network/5439/1
@kopper suggests possible workarounds there but I think they are way too complicated. Just don't do JSON-LD.
#fep_fe34 #jsonld #ActivityPub
Show Original Post
roblen (@roblen@microblog.at)
Reichweitenstarke Blogs und das #ActivityPub Plugin für Wordpress - Fedispace | notes https://notes.fedispace.de/reichweitenstarke-blogs-und-das-activitypub-plugin-fur-wordpress
Die Conclusio kann ich nur unterschreiben. Es wäre fein, wenn man bei Webspaces beim Hoster mehr Optionen hätte - Man zahl mehr und bekommt dafür mehr Space, mehr Prozessorzeit, etc.
Show Original Post
blog (@blog@fedispace.de)
Reichweitenstarke Blogs und das ActivityPub Plugin für Wordpress
Ich habe einen interessanten Beitrag von Elena Rossini gelesen, in dem sie kurz beschreibt, was ihr öfter im Zusammenhang mit WordPress und dem ActivityPub-Plugin passiert ist.
https://notes.fedispace.de/reichweitenstarke-blogs-und-das-activitypub-plugin-fur-wordpress
#bloggen #wordpress #activitypub
Show Original Post
jack (@jack@leightcap.com)
swear this is first and last #activitypub meta-post. owning the domain of my surname is cool, and if in the position to host your own account, highly recommend snac2 hosted on @OpenBSDAms@bsd.cafe especially if you like knowing underlying infrastructure and treat servers more as pets than cattle
Show Original Post
item (@item@hub.netzgemeinde.eu)
Content warning:Mastodon's previews for Article-type objects still link to the original instead of rendering the content itself, but now they also include the summary along with the title; CW: long (over 3,000 characters), Fediverse meta, Fediverse-beyond-Mastodon meta, quote-post
Okay, while this is not optimal, I'd say it comes close enough to an improvement to be of importance.
Some of us know what it's like to send Article-type objects (and long-form content should always be these according to the ActivityPub spec) to Mastodon. Now, Mastodon's handling of long-form content has changed, believe it or not. Something that neither Friendica nor Hubzilla nor (streams) nor Forte could ever achieve happened under pressure from Flipboard (commercial player), Ghost (quickly growing Substack alternative that's trying to attract professional and commercial users), Automattic (the owner of WordPress) and NodeBB (fairly big bulletin-board forum player that added ActivityPub a while ago).
So much I should say in advance: No, Mastodon does not fully render Article-type objects in their full HTML-formatted glory from the title to dozens of embedded images. Mastodon's own Web interface isn't geared towards that, and neither is any Mastodon app, official or third-party.
Instead, Mastodon still handles Article-type objects by linking to the original like it used to. But it used to show only the title if there was one. If there was no title, all that Mastodon showed was a plain URL. If there was a summary, Mastodon did as Mastodon always does and has been done since 2017, regarded it as a content warning and hid the whole "post" with the title (if there was one) and the link behind it.
What Mastodon does now is finally acknowledge that some software out there actually uses the summary field as a summary field. The preview with the link to the original now also contains the summary, along with the title. If there is either, of course.
So if you're on something that can send or always sends Article-type objects (specialised blogging software, Friendica, (streams), Forte), it's well worth adding a summary to those posts that go out as Article-type objects.
(Speaking of Friendica: Dear Friendica users, please substitute any use of "summary" in this post with "abstract" if you don't know what I'm talking about.)
julian schrieb den folgenden Beitrag Sat, 09 Aug 2025 05:31:48 +0200
Re: Long-form articles
The long form content "movement" (of which I'm adjacent to but not fully involved) started up because two big implementors, Ghost and WordPress, were running into the same issues AP devs have been seeing this whole time, that Mastodon reduces articles to a title and link.The difference is devs got together and pushed for changes, and got them done. Mastodon no longer treats articles the way they used to.
Now you can send in a summary that is used, and that gets you heaps closer to a better UX than what came before.
The long form text FEP aims to provide a way to send an alternative representation for the ubiquitous microblog software on the fediverse, in the form of a note, while still maintaining the use of other objects types (e.g. article)
#Long #LongPost #CWLong #CWLongPost #FediMeta #FediverseMeta #CWFediMeta #CWFediverseMeta #QuotePost #QuoteToot #QuoteBoost #Fediverse #ActivityPub #Mastodon #LongFormContent #ArticleType #Summary
Show Original Post
deimidis (@deimidis@mastodon.uy)
Estoy volviendo a instalar #ghost porque me gusta que hayan incorporado #activitypub . Además para autohostearlo están probando un contenedor de docker. El problema es que lo tienen todo preparado para un servidor que no tiene nada más corriendo ahÃ, y yo tengo un Apache con varios WordPress y Moodle.
Ya logré el proxy reverso de Apache para el ghost. Pero todavÃa tengo que lograr que funcione la parte de ActivityPub (y no soy un especialista en Apache). Espero lograrlo.
(Antes usaba el método de ghost-cli, pero me cansé de pelear con la versión de node de debian y otras yerbas)
Show Original Post