jrollans.com is a Fediverse instance that uses the ActivityPub protocol. In other words, users at this host can communicate with people that use software like Mastodon, Pleroma, Friendica, etc. all around the world.
This server runs the snac software and there is no automatic sign-up process.
I know, it has been a while :D. However, we are happy to release v1.8.1!
Mainly a lot of bug fixes / improvements. Composer package dependency updates. Lot of documentation and language improvements (we also got Catalan now fully translated, thanks!). Feel free to upgrade to PHP v8.4 as well.
A noticeable fronted difference to point out is that we now put thumbnails in a lightbox by default. Although this can be changed by the end-user at: ⚙ Settings -> Under "Threads" section -> "Thread thumbnails opens full screen" option.
See full release notes: https://github.com/MbinOrg/mbin/releases/tag/v1.8.1
For the question whether Encyclia's ORCID bridge should be opt-in or opt-out (that is, whether we should bridge ORCID records without their owners' knowledge), I – @julian – will speak personally for a moment.
It is the central design question of Encyclia and one that has been on my mind since I started prototyping the platform. I have put as much thought into it as I am capable of, and I have sought feedback from multiple privacy and safety experts.
Week in Fediverse 2025-03-28
Servers
- Hollo v0.5.5
- Pixelfed v0.12.5
- Manyfold v0.105.0
- Mitra v3.21.0
- Gancio v1.25.0
- Merp Relay v0.2.2
- March 2025: Search Update (Bandwagon)
- PieFed development update Mar 2025
- Funkwhale 2.0 Alpha candidate
- Pinka: A commenting server that bridges static sites to ActivityPub sites
Clients
- Fedilab v3.31.0
- Mastodon for iOS v2025.1
- Pixelfed (React Native) v1.2.0.1
- Voyager v2.26.0
- Interstellar v0.9.0
Tools and Plugins
- Enable Mastodon Apps for WordPress v1.4.1
- Lemmy Community Seeder (LCS): A tool to seed communities, so your users have something in their All feed
- Meh… another comment system
For developers
- Fedify v1.5.0
- ActivityPods v2.1.1
Protocol
- FEP-5711: Inverse Properties for Collections
- Lemmy RFC 0008: Plugins
Articles
- Pixelfed leaks private posts from other Fediverse instances
- But It's Public, You Posted It On the Internet
- New Paradigms in Trust and Safety: Navigating Defederation on Decentralized Social Media Platforms
- PeerTube: the Fediverse’s decentralized video platform (part 2: creator edition)
- Fediverse Report – #109
-----
#WeekInFediverse #Fediverse #ActivityPub
Previous edition: https://mitra.social/objects/0195ba9c-b3d5-7402-e337-39b10034bcfc
Les projets les plus actifs (que j'ai trouvé) qui proposent un support #ActivityPub généraliste pour #DjangoFramework
- Pyfed, @kene29 Très belle librairie mais très jeune (2024). Cherche des testeurs & contributeurs.
https://dev.funkwhale.audio/funkwhale/pyfed/
- django-activitypub-toolkit @raphael Activement développé https://github.com/mushroomlabs/django-activitypub-toolkit
- Takahé: An efficient ActivityPub Server, for small installs with multiple domains. Compatible API Mastodon mais n'a pas bougé depuis plus d'un an https://docs.jointakahe.org/en/latest/features/
🚀 New on #TheFutureIsFederated 👩🚀
#PeerTube: the Fediverse’s decentralized video platform (part 2: creator edition)
My PeerTube account: @elena
mentioning @Framasoft @peertube @paige @srosset @MakerTube
#ActivityPub #tech #Fediverse #activism #BigTech #SocialMedia #FOSS #blog
Is there any #ActivityPub / #Mastodon URI scheme used in the wild that would allow me to open an ActivityPub account directly in my Android app?
I've seen 'acct' and 'web+ap' mentioned but none seem to be implemented.
The goal is that given a text of "Here is my Mastodon profile acct:daniel@gultsch.social" #Conversations_im can link that directly into #Tusky. (Just like mailto and xmpp URIs open my E-Mail or IM app respectively)
Maybe it is because my self-hosted #Mastodon server went down 14-hours yesterday due to a Debian package update that screwed up NGINX and server admin is heavily on my mind, but I woke up in a panic, even screaming "Oh F*ck" ready to take action, because I was in a realistic dream that I had a WordPress blog that received thousands of spam replies with links and when I went to delete all those out of quarantine, I actually approved them and fed the ActvitiyPub firehose tens of thousands of spam.
It left me with wondering if replies originating on a #ActivityPub enabled #WordPress blog federates or not. Time to do some reading.
@dansup The follower approval feature itself in #activitypub is the vulnerability. It is wrong to give users the expectation that their social media posts are private. Also, approving followers reminds me of DRM on mp3 files. What are we doing?
Is there a way to discuss #hyperlocal things on #mastodon / #fediverse / #activitypub ?
Para controlar quem tem acesso (ao menos inicial) a determinado conteúdo, a maneira indicada, atualmente, seria com criptografia assimétrica. Isso sim pode vir a ser especificado pelo ActivityPub, na troca de atividades não públicas. Não sei se já há essa previsão, senão poderiam sugeri-la ao grupo de trabalho da Web Social no W3C. Porém, mesmo assim, penso ser algo talvez inviável: garantido mesmo seria apenas se todos dominassem totalmente as próprias máquinas sem poder compartilhá-las, tanto remetente quanto destinatário das mensagens, aí morre a ideia de Web Social também.
Então, pensando bem, o pessoal que bolou o #ActivityPub por anos já deve ter ponderado essas coisas.
O jeito é conscientizar a galera mesmo, como bem apontou Cadu.
Senão, pensam em alguma outra solução? 😅
Oh, great. #Pixelfed had a broken implementation of "follower-only" posts, _and_ fucked up the disclosure / bugfix release process.
https://fokus.cool/2025/03/25/pixelfed-vulnerability.html
Summary of the bug: If you have a protected account (on Pixelfed, Mastodon, GTS, whatever) and a Pixelfed user followed you and got approved by you, _all_ users on that instance were now able to see your followers-only posts, not just the one you approved.
HOLY FUCK!
Stay the fuck away from loops.video! (https://bajsicki.com/blog/loops-video-terms/)
Also, if you have any followers from an unpatched Pixelfed server, you might want to know that your follower-only posts can be easily read by people who aren't following you. (https://fokus.cool/2025/03/25/pixelfed-vulnerability.html)
If you're hosting a Pixelfed instance: Good luck updating! 🫡
Pixelfed before v0.12.5 has a vulnerability where it could leak your private posts, regardless of whether you are a Pixelfed user or not.
Admins should update ASAP.
When following someone from a different server on the Fediverse, the remote server decides whether you are allowed to do that. This enables features like locked accounts. Due to an implementation mistake, Pixelfed ignores this and allows anyone to follow even private accounts on other servers. If a legitimate user from a Pixelfed instance follows you on your locked account, anyone on that Pixelfed instance can read your private posts.
I wrote a blog post about how I found the vulnerability, how disclosure coordination went and general ramblings about Fediverse safety:
https://fokus.cool/2025/03/25/pixelfed-vulnerability.html
Some grumpy, old users compare the exodus to ActivityPub to those "never-ending Septembers"... Please don’t be one of those users 😅
Paul Frazee ( @pfrazee.com ):
ActivityPump got renamed to ActivityPub — that was a good rename 🙂
Paul Frazee ( @pfrazee.com ):
Bluesky didn't use ActivityPub for 2 reasons —
№1:
Because of the identity issue.
Once you make a choice (of server) you are locked in.
You cannot migrate freely.
(Current Fediverse migration not good enough.)
№2:
The culture on the Fediverse at the time.
There was a culture on the Fediverse of being hostile towards global aggregators.
( @reiver note: AFAICT, this is a very small minority of hyper hostile individuals.)
Nick Gerakines ( @ngerakines.me ):
ActivityPub and Mastodon are effectively the same thing to most people.
( @reiver note: this seems similar to the phrase "the Mastodon in the room".)
#ATmosphereConf #ActivityPub #Fediverse #Mastodon #TheMastodonInTheRoom
Week in Fediverse 2025-03-21
Servers
- streams v25.3.15
- Mitra v3.20.0
- Hubzilla v10.2.0
- PeerTube v7.1.0
- Manyfold v0.104.0
- Lemmy v0.19.10
- NodeBB v4.2.0
- snac v2.74
- ActivityPub for WordPress v5.5.0
- GoToSocial v0.18.3
- Gancio v1.25.0
- tootik v0.15.5
- Activity-Relay v2.0.8
- gathio v1.5.1
- NeoDB v0.11.5.5
- Vernissage Server v1.6.0
- Development Update: Sandcastles edition (Letterbook)
- picverse: ActivityPub based blogengine
- Jaseur: An ActivityPub server implementation in C++ developed using AI agent technology
Clients
- Tusky 28.0
- Pixelfed (React Native) v1.1.0.1
- Blorp v1.0.3
- Tesseract v1.4.32
Tools and Plugins
- Lemmy Schedule v1.14.2
- Lemmy Webhooks v0.21.1
- Enable Mastodon Apps for WordPress v1.4.0
For developers
Protocol
- FEP-c180: Problem Details for ActivityPub
- FEP-ae0c: Fediverse Relay Protocols: Mastodon and LitePub (Finalized)
- FEP-d556: Server-Level Actor Discovery Using WebFinger (Finalized)
Articles
- Website League and the Rise of Island Networks
- The fediverse promises social media without Big Tech – if it can avoid familiar pitfalls
- Silly Mastodon apps
- Hands on with Ghost’s New ActivityPub Beta
- Fediverse Report #108
-----
#WeekInFediverse #Fediverse #ActivityPub
Previous edition: https://mitra.social/objects/01959655-f2a7-6172-cb8c-8d6c51cebb2d
https://github.com/macports/macports-ports/pull/27956
3/3 of GitHub Continuous Integration checks completed successfully!
Thanks to you (and gnemmi, pmjv, daltux, inz, Popolon, sn4il, mistivia, zen, Menel, uhuru, anzu, violette, and rozenglass; hopefully I didn't miss anyone?) for the continued improvements!
As with previous PRs I have submitted, I am abstaining from commit access until I have less chaos in my life to be able to take on more responsibilities, so it's up to someone else to merge it.
#snac #MacPorts #OpenSource #ActivityPub #Mastodon #NoDatabaseNeeded
#NoJavaScript #NoCookiesEither #NotMuchBullShit #snacAnnounces
Added Spanish (default, Argentina and Uruguay) translation (contributed by gnemmi).
Added Czech translation (contributed by pmjv).
Added Brazilian Portuguese translation (contributed by daltux).
Added Finnish translation (contributed by inz).
Added French translation (contributed by Popolon).
Added Russian translation (contributed by sn4il).
Added Chinese translation (contributed by mistivia).
Added German translation (contributed by zen and Menel).
Added Greek translation (contributed by uhuru).
Added Italian translation (contributed by anzu).
Mastodon API: added support for /api/v1/custom_emojis (contributed by violette).
Improved Undo+Follow logic (contributed by rozenglass).
Reverted (temporarily) the Markdown code that converted text between underscores to italics, because it was causing more problems that what it was worth.
Fixed bug in bookmark CSV import.
Don't indent Twitter-like "threads" (i.e. chains of short posts from the same author that are self-replies).
If you find #snac useful, please consider contributing via LiberaPay: https://liberapay.com/grunfink/
@Plasticbluemusic 👆👆👆(maybe this will help)
New: Fediverse Report #108
This week's news:
- Ghost's (@index) connection to the #fediverse is now availabe in public beta for Ghost Pro users, with both an #ActivityPub connection to send long-form posts into the fediverse, and a reader app to read/comment/interact with the fediverse
- @anewsocial , the organisation that manages the bridge between the fediverse and #bluesky shared their upcoming plans
Who are the finest #community builders in the #activitypub ecosystem, in your opinion?
Notifications are now shown in a more compact way (i.e. all reactions are shown just above your post, instead of repeating the post ad nauseam for every reaction).
New command-line option unmute
to, well, no-longer-mute an actor.
The private timeline now includes an approximate mark between new posts and "already seen" ones.
Fixed a spurious 404 error in the instance root URL for some configurations.
If you find #snac useful, please consider contributing via LiberaPay: https://liberapay.com/grunfink/
This release has been inspired by the song The Answers to the Questions by #Christabell and #DavidLynch.
What kind of issues or concerns might I have if I shut down one kind of AP server software and then set up a different AP server on the domain previously occupied by the now decommissioned first AP server?
(I don’t think the soon-to-be-shutdown server has a self-destruct.)
The only way to make sure you don’t contribute to things like this is to not participate in public internet social media services.
Added a new user option to collapse top level threads by default.
Added a new disable_block_notifications
boolean field to server.json
to disable the notifications of Block activities.
Added a new strict_public_timelines
boolean field to server.json
to only show an account's posts and boosts (no trees) in public timelines.
Fixed repeated images in posts from some implementations (those that include an image both as an attachment and as an <img>
tag inside the post content).
Added a small HTML/CSS tweak to improve post previews from some implementations (contributed by nyanide).
Notifications for EmojiReact
activities now show the emoji.
New command-line action insert
, to insert a post by its URL in a user's timeline.
Fixed bad processing/rendering of URLs with two or more @ symbols.
If you find #snac useful, please consider contributing via LiberaPay: https://liberapay.com/grunfink/donate
This release has been inspired by the song Subways Of Your Mind by #FEX.
Anyone got an idea?
Anyone got an idea?
Support for custom Emojis has been added; they are no longer hardcoded, but read from the emojis.json
file at the server base directory. Also, they are no longer limited to string substitutions, but images as external URLs are also supported (see snac(8)
for more information).
Fixed a bug that caused some notifications to be lost when coming from a user in the same instance.
Added an additional check for blocked instances (sometimes, posts from blocked sites that were ancestors of legit posts were 'leaking' into the timeline).
On OpenBSD, if the disable_email_notifications
server flag is set to true
, unveil()
is not called for the execution of the /usr/sbin/sendmail
binary and pledge()
doesn't set the exec
promise.
If you find #snac useful, please consider buying grunfink a coffee: https://ko-fi.com/grunfink
This release has been inspired by the album Eternal Embers by #Meltt.
Incoming posts can now be filtered out by content using regular expressions on a server level (these regexes are written in the filter_reject.txt
file at the server base directory; see snac(5)
and snac(8)
).
Improved page position after hitting the Hide
or MUTE
buttons (for most cases).
Use a shorter maximum conversation thread level (also, this maximum value is now configurable at compilation level with the MAX_CONVERSATION_LEVELS
define).
Fixed a bug where editing a post made the attached media or video to be lost.
The way of refreshing remote actor data has been improved.
Posting from the command-line now allows attachments.
Added defines for time to enable MacOS builds (contributed by andypiper).
If you find #snac useful, please consider buying grunfink a coffee: https://ko-fi.com/grunfink
This release has been inspired by the song The Raven by #CarolineLavelle.
Speaking of ActivityPub, anyone have some concise and simple breakdown documentation links handy? There’s kind of an overwhelming amount or information out there.