saaste (@saaste@mementomori.social)
Huomasinpas tuossa jännän ongelman liittyen ActivityPubiin. Näytän omassa blogissani Mastodon-kommentit ja kellonaika toimii linkkinä alkuperäiseen kommenttiin.
Yksi kommenteista tuli Ghost-julkaisujärjestelmästä, jossa on nykyään ActivityPub-tuki. Koska mitään julkista UI:ta kyseiselle kommentille ei ole, linkki johtaa Ghostin tarjoilemaan JSON-tiedostoon.
Ymmärrän mistä tämä johtuu, mutta onhan tuo nyt aika ikävä käyttökokemus, varsinkaan kun minulla ei nähdäkseni ole mitään tapaa selvittää, että aukeaako kommentin takaa ihmisen luettava käyttöliittymä, vai JSON-klöntti.
#ActivityPub #Ghost #Fediverse
Show Original Post
squinky (@squinky@teh.entar.net)
I had a dumb thing in my #ActivityPub implementation.
I was getting these broadcast Delete announcements tied to Person objects from servers out in the wild, and was dutifully trying to validate their signatures. I didn't have the key here, and they're signed by the deleted Person, so loading the key gave a 404.
So the next thing it tried to do was see if loading the Person remotely gave a 404, and if so, it's a legitimate Delete, problem solved.
But what I think was happening was that the attempt to load the Key, then the attempt to load the Person, both flagged the remote server "hey this guy doesn't know about the Delete", and it received another copy of the Delete action. It's possible each Delete caused two copies of itself to get re-queued. Holy forkbomb.
So I stuck a little bit at the top of Delete validation that checks to see if I have the target object, and chucks the message in the bin if not. This was in my original implementation but got lost when I did some refactoring.
It sat for an hour, just processing THOUSANDS of backed up Delete messages.
Show Original Post
r (@r@fed.brid.gy)
Ghost 6.0 adds social web syndication and a built-in reader for platforms like Bluesky, Threads and Mastodon. New analytics too. Prices are going up but publishers have earned over $100M on the platform. #ActivityPub #Newsletters #Bluesky
From @theverge.com
www.theverge.com/news/718286/...
One of the biggest newsletter ...
Show Original Post
smallcircles (@smallcircles@social.coop)
Thanks to @nlnet I was able to revamp and fully update the delightful #fediverse experience curated list, with hundreds of #ActivityPub-related #FOSS projects.
Just now I added a new section Application plugins, that will soon be published at:
https://delightful.coding.social/delightful-fediverse-experience
Until that time you can check out the plugin section in the #Codeberg repo at:
https://codeberg.org/fediverse/delightful-fediverse-experience#application-plugins
Show Original Post
nsrosenqvist (@nsrosenqvist@mastodon.social)
@dansup hey again, can you remind me what the #ActivityPub toolkit you were building previously is calle? Would like to try and use it for a side project
Show Original Post
wordpress-mit-dem-fediverse-verbinden (@wordpress-mit-dem-fediverse-verbinden@pmueller.de)
WordPress mit dem Fediverse verbinden
Sie kennen WordPress, wissen was das Fediverse ist und haben von ActivityPub gehört.
In diesem Beitrag sehen Sie, wie man alles miteinander verbindet und den Blog mit dem ActivityPub-Plugin ins Fediverse bringt. Viel Spaß dabei!
https://pmueller.de/wordpress-mit-dem-fediverse-verbinden/
#ActivityPub #Bloggen #Fediverse #Mastodon #Plugin #SocialMedia #WordPress
Show Original Post
smallcircles (@smallcircles@social.coop)
#ActivityPub #Fedify implementers please take note of the #security vulnerabilities that are fixed in the latest release and update your codebase accordingly.
Show Original Post
stuarticus (@stuarticus@indieweb.social)
I’ve tried setting up Ghost 6 on Vultr and Digital Ocean. Analytics works fine, but I can’t get #ActivityPub to work (using either self-hosted (500 timeouts) or Ghost’s service option (403 errors)).
Show Original Post
smallcircles (@smallcircles@social.coop)
Well, it took some time, but I updated the #Wordforge entry on the #ActivityPub #Fediverse experience list. And made reference to your call for new maintainers.
It will be live on the list soon..
https://delightful.coding.social/delightful-fediverse-experience
Right now the change is visible at:
https://codeberg.org/fediverse/delightful-fediverse-experience#content-management
Show Original Post
cryptadamist (@cryptadamist@universeodon.com)
Ω🪬Ω
Released version 1.0.3 of #FediAlgo, the customizable timeline algorithm / filtering system for your Mastodon feed. Incredibly minor bugfix release.
* Link: https://michelcrypt4d4mus.github.io/fedialgo_demo_app_foryoufeed/
* Code: https://github.com/michelcrypt4d4mus/fedialgo_demo_app_foryoufeed
* Video of FediAlgo in action: https://universeodon.com/@cryptadamist/114395249311910522
* Release notes: https://github.com/michelcrypt4d4mus/fedialgo_demo_app_foryoufeed/releases
#activitypub #algorithm #algorithmicFeed #algorithmicTimeline #Fedi #FediTips #FediTools #Fediverse #Feed #FOSS #GoToSocial #hashtag #hashtags #MastoAdmin #Mastodon #MastodonApi #mastohelp #mastojs #nodejs #nod #opensource #socialmedia #SocialWeb #timeline #TL #typescript #webdev
Show Original Post
fedify (@fedify@hollo.social)
All #Fedify users must immediately update to the latest patched versions. A #critical authentication bypass #vulnerability (CVE-2025-54888) has been discovered in Fedify that allows attackers to impersonate any #ActivityPub actor by sending forged activities signed with their own keys.
This vulnerability affects all Fedify instances and enables complete actor impersonation across the federation network. Attackers can send fake posts and messages as any user, create or remove follows as any user, boost and share content as any user, and completely compromise the federation trust model. The vulnerability affects all Fedify instances but does not propagate to other ActivityPub implementations like Mastodon, which properly validate authentication before processing activities.
The following versions contain the #security fix: 1.3.20, 1.4.13, 1.5.5, 1.6.8, 1.7.9, and 1.8.5. Users should update immediately using their package manager with commands such as npm update @fedify/fedify, yarn upgrade @fedify/fedify, pnpm update @fedify/fedify, bun update @fedify/fedify, or deno update @fedify/fedify.
After updating, redeploy your application immediately and monitor recent activities for any suspicious content. Please also inform other Fedify operators about this critical update to ensure the security of the entire federation network.
The safety and security of our community depends on immediate action. Please update now and feel free to leave comments below if you have any questions.
Show Original Post
blogdiva (@blogdiva@mastodon.social)
@maxleibman 17 years and one of the first Blatinas to join it. am not even mentioned when people talk about the history of BlackTwitter even though i was instrumental in getting many BIPOC on the platform.
oh, and most likely, am the first independent blogger/journalist/reporter to not just use twitter for IRT reporting, but the first to use #ActivityPub to do so. i ran my own Identica before it was cool.
it’s why i haven’t deleted my account: it’s a historical record of many firsts.
Show Original Post