henninguhle (@henninguhle@social.tchncs.de)
Das #Bloggen geht dank #ActivityPub in eine neue Ära. Eigentlich will ich da schon ein Teil davon sein und bin eigentlich auch darauf eingestellt. Aber dann hat man doch Hemmungen, das Alles vollständig umzusetzen
Show Original Post
informatik (@informatik@www.henning-uhle.eu)
Im #UhleBlog:
ActivityPub: Ans Fediverse abgeben lernen?
Der eigene Blog kann mehr, wenn man ihn loslässt. Ist das wirklich so? Ist das Protokoll namens ActivityPub echt so stark, wie es klingt? Ihr werdet lachen, aber es ist mal wieder die Zeit, dass man darüber diskutiert, wie sehr man den eigenen Blog ins Fediverse wandern lässt. Und ich bin dabei völlig ehrlich: Ich tue mich extrem schwer damit. Aber es kann gut sein, dass das der beste Weg ist, die Bloggerszene überleben zu lassen: Lass los. Und ich denke mir: Na, wenn das mal gut geht.
[…]
https://www.henning-uhle.eu/informatik/wordpress-und-bloggen/activitypub-ans-fediverse-abgeben-lernen?mtm_campaign=mastodon #ActivityPub #blog #Bloggen #Community #fediverse #Internet #Software #VGWort #Webseite #Wordpress #Worte
Show Original Post
blog (@blog@matoken.org)
snacとBluesky連携
さくらのナレッジに軽量ActivityPub Server のsnac についての記事を寄稿しました. さくらインターネットのさくらのナレッジにsnacの記事を寄稿 – matoken’s blog ここに書かなかったsnac のことをいくつか書いていこうと思います. 今日はsnac とBluesky 連携について. […]https://matoken.org/blog/2025/12/20/snac-bluesky-bridge/
Show Original Post
botkit (@botkit@hollo.social)
🔒 Security Release: BotKit 0.3.1
We've released BotKit 0.3.1 with an important security fix.
This update addresses CVE-2025-68475 (High severity, CVSS 7.5), a ReDoS vulnerability in Fedify's HTML parsing that could cause denial of service.
If you're using BotKit 0.3.x, please upgrade to 0.3.1 as soon as possible.
#BotKit #Fedify #ActivityPub #fediverse #security
Show Original Post
hollo (@hollo@hollo.social)
セキュリティアップデート: Hollo 0.6.19 リリース
FedifyのHTMLパースコードにおけるセキュリティ脆弱性に対応したHollo 0.6.19をリリースしました。
この脆弱性 (CVE-2025-68475) は ReDoS (正規表現によるサービス拒否) の問題であり、攻撃者がフェデレーション操作中に特別に細工されたHTMLレスポンスを送信することで、サービス停止を引き起こす可能性があります。悪意のあるペイロードは小さい (約170バイト) ですが、Node.jsのイベントループを長時間ブロックする可能性があります。
すべてのHollo運営者の皆様には、直ちにバージョン 0.6.19 へのアップグレードを強くお勧めします。
項目 詳細 CVE CVE-2025-68475 深刻度 高 (CVSS 7.5) 対応 Hollo 0.6.19 にアップグレード#Hollo #セキュリティ #fediverse #ActivityPub
Show Original Post
hollo (@hollo@hollo.social)
보안 업데이트: Hollo 0.6.19 릴리스
Fedify의 HTML 파싱 코드에서 발견된 보안 취약점을 수정한 Hollo 0.6.19를 릴리스했습니다.
이 취약점(CVE-2025-68475)은 ReDoS(정규 표현식 서비스 거부) 문제로, 공격자가 연합 작업 중 특수하게 조작된 HTML 응답을 보내 서비스 장애를 유발할 수 있습니다. 악성 페이로드는 작지만(약 170바이트), Node.js 이벤트 루프를 장시간 차단할 수 있습니다.
모든 Hollo 운영자분들께 즉시 버전 0.6.19로 업그레이드하실 것을 강력히 권고드립니다.
항목 상세 CVE CVE-2025-68475 심각도 높음 (CVSS 7.5) 조치 Hollo 0.6.19로 업그레이드#Hollo #보안 #페디버스 #연합우주 #ActivityPub
Show Original Post
hollo (@hollo@hollo.social)
Security Update: Hollo 0.6.19 Released
We have released Hollo 0.6.19 to address a security vulnerability in Fedify's HTML parsing code.
This vulnerability (CVE-2025-68475) is a ReDoS (Regular Expression Denial of Service) issue that could allow an attacker to cause service unavailability by sending specially crafted HTML responses during federation operations. The malicious payload is small (approximately 170 bytes) but can block the Node.js event loop for extended periods.
We strongly recommend all Hollo operators upgrade to version 0.6.19 immediately.
Field Details CVE CVE-2025-68475 Severity High (CVSS 7.5) Action Upgrade to Hollo 0.6.19#Hollo #Security #Fediverse #ActivityPub
Show Original Post
objects (@objects@fe.disroot.org)
Bueno, pues ya usando mi cuenta de Disroot en Tokodon PC. Parece que ya han mejorado el soporte para cuentas Akkoma y demás, tengo que ir trasteando a ver que mejoras más hay
#Tokodon #Mastodon #Activitypub
Show Original Post
bob (@bob@epicyon.libreserver.org)
I mean, if you really want end to end encryption then just put a contact for that into your profile and then if someone wants to securely DM you they can, and they have the properly implemented and battle tested double ratchet and all that. But no, apparently that's not good enough and it has to be a one stop shop and every fediverse implementation will have to roll its own end-to-end crypto, probably with years of interop bugs and leaks ahead.
#security #sigh #ActivityPub
Show Original Post
daniel (@daniel@gultsch.social)
I consider this a failure on our part but I don’t really know what to do about it. Most arguments against #XMPP don’t hold if you’re building from scratch anyway:
• #Conversations_im looks very outdated: OK, but you are developing your own clients anyway.
• XMPP doesn’t have an SDK: Neither does your #ActivityPub or email stack
• OMEMO is insecure and I would prefer #MLS: Yes, let’s work on that together and you’ll still benefit from XMPP’s 100+ solved IM problems.
Show Original Post
smallcircles (@smallcircles@social.coop)
Fabulous! I took note in the #ActivityPub #C2S tracking issue I keep on the delightful #fediverse experience curated list.
https://codeberg.org/fediverse/delightful-fediverse-experience/issues/130#issuecomment-9083289
Show Original Post
daniel (@daniel@gultsch.social)
As a community, we often ask ourselves how to attract more users to #XMPP. Yet the real tragedy is that people would rather build something entirely new (loosely based on email or #ActivityPub) than consider XMPP. Need end-to-end encryption by default? If compatibility with existing XMPP clients is a secondary concern, you can implement it in your own solution while still benefiting from our two decades of experience in instant messaging.
Show Original Post