I'm curious what other devs think about this. If an actor posts an C2S #ActivityPub Create/Note to the outbox, what would you think if the object created by the server was a different type (e.g., Article)?
FEP drafting: Am I using “side effects” here the same way as other ActivityPub developers? I've seen the term used a bunch in casual conversation, but my personal understanding of it is kinda fuzzy.
there is currently a #Piefed Hackathon going on if anyone is interested in partaking. There are groups working on spanish, german, french and japanese translations, and a bunch of other things.
It’s really surprising to me that the #fediverse hasn’t agreed on a standardized way to open cross-instance #activitypub objects and instead relies on links that open in the browser. #urischeme
First talk today at the Social Web Devroom we have @pfefferle talking about the state of WordPress's fediverse integration#FOSDEM #ActivityPub #fedidev
Cryptographic public-keys are one way that one can have an identity (on the Fediverse, and elsewhere) while also having privacy — through a pseudonymous identity.
While working on #Fedify, I noticed something about how #Misskey handles #ActivityPub object access. When a remote server requests a followers-only post or DM with a valid HTTP Signatures (draft-cavage) from an authorized actor, Misskey still returns 404 instead of the content. It seems Misskey only checks the visibility field (public/home) without verifying the signature at all.
So one tricky aspect I had to solve with Loops is how we use a hashid of the snowflake id for videos, comments and replies in public links, but also deference them to their full ActivityPub permalink.
if you have ever been curious about running a web application firewall (WAF) in front of Mastodon or other fediverse instance, i've published a repo containing the #openappsec policy we're now using, which is also configured to maintain strong privacy protections. i've recently turned on prevent mode, blocking critical events
Hi @pfefferle@mastodon.social, I was trying to figure out something else (which I’ll ask in a separate topic), and then went down a rabbit-hole when I discovered I could no longer find @notiz.blog (:point_left: see, no link!)
I’ve seen hints of backfill working really well, but hadn’t seen good examples until recently. As more and more instances upgrade to the newer versions of Mastodon that support context, backfill from Mastodon instances will improve across the board.
Threaded applications often have the need to move and remove content between groups/communities for curation purposes (i.e. resolving miscategorization, spam, etc.)
"Critical concept: IRIs are opaque identifiers. You cannot infer meaning from the string pattern — only by dereferencing and inspecting the data." [1] This applies to URIs too. Sadly, almost no #ActivityPub implementations use this principle. Multi-tenant servers and simple account portability (with personal domains) would be relatively easy if they did.🙄 It is what it is...
[Fedify] is a #TypeScript framework for building #ActivityPub servers that participate in the #fediverse. It reduces the complexity and boilerplate typically required for ActivityPub implementation while providing comprehensive federation capabilities.
Found this helpful resource by Ben Boyter (@boyter@honk.boyter.org): a collection of sequence diagrams explaining how #ActivityPub/#WebFinger works in practice—covering post creation, follows, boosts, deletions, and user migration.
A ReDoS (Regular Expression Denial of Service) vulnerability has been discovered in Fedify’s HTML parsing code. This vulnerability could allow a malicious federated server to cause denial of service by sending specially crafted HTML responses.
A while back I mentioned the idea of “Fedify Studio”—a web-based toolkit for #ActivityPub debugging and development. I’ve been quietly working on shaping that idea into something more concrete.
NodeBB has a very simple allow/deny list capability at present. You paste in a bunch of newline-separated domains, and we block (or optionally, only allow) them all.
Currently I am grappling with the specifics behind how to federate out the deletion of a topic in a category (or in ForumWG terms, the deletion of a context from an audience.)
nutomic@lemmy.ml reported a federation issue with a NodeBB instance and we debugged it. It turns out Lemmy is unable to handle actors who have image or icon set to null.
p3x.de
Steve Bate
@reiver ⊼ (Charles) :batman:
Julian Fietkau
wakest ⁂
洪 民憙 (Hong Minhee) :nonbinary:
Ricardo Ferrer Rivero🇪🇺
Stegodon Microblog
julian
lps
dansup
yawnbox
shopkeeper
👁
Paul Campbell
Fedify: ActivityPub server framework
Sebastian Lasse