Hackers' Pub is a place for software engineers to share their knowledge and experience with each other. It's also an ActivityPub-enabled social network, so you can follow your favorite hackers in the fediverse and get their latest posts in your feed.
やほ
軽い頭痛
やほ
やほ
@eri@mk.moth.zoneeri
@wyatt@soc.megatokyo.moe also the fact that this doesn't require a proprietary dongle means that these are actually not worthless, because nobody has the dongle for the PCMCIA adapters.
@eri@mk.moth.zoneeri
@wyatt@soc.megatokyo.moe There's also the Fujitsu oragami ethernet jack. only uses about the same space as a USB port when closed.
@wyatt@soc.megatokyo.moe holy shit LMAO
아니 일본정부가 "독도가 일본땅인이유"라고 죽어라 강조하는게 "독도를 한국땅으로 반환한다 는 말이 없어서"인것가지고는 그렇게 억지다 하시는분들이 대체왜 "차금법은 일단 만들고 나중에 수정하면된다"에는 고개를 끄덕이고앉았어???
@stefanoStefano Marinelli I believe that Docker overuse is another symptom of wanting to trade some short term speed gains for understanding.
In this period I'm migrating my self hosted setup to FreeBSD and that means that I cannot longer rely on Docker to install and manage applications.
Initially I was worried that I was making a bad move in leaving Linux behind and Docker with it, why waste time configuring services manually when tweaking the "docker run" command published on the official documentation was faster? But then these same services had to be customized, updated and fixed and at that point working on the "black box" which is a Docker Container you haven't made was often a much more cumbersome process compared to a Jail or a simple service defined in rc.d
성적 지향 들어간지 몰랐다는 얘기가 너무 모욕적이어서 지금 아직도 화가 씩씩 난상태임
성적 지향 들어간지 몰랐다는 얘기가 너무 모욕적이어서 지금 아직도 화가 씩씩 난상태임
제 생각엔 리박스쿨을 시작으로 다른 댓글부대 전수조사 하려면 차별금지법 필요한 거 같아요. 차별 발언 주로 하는 분탕 계정 찾아가면 거대 업체 드러날 거 같음.
구했어요..!
#OnThisDay, 5 Jun 1833, Ada Lovelace meets Charles Babbage, triggering their collaboration on the Analytical Engine and writing the first published program.
Image by Sydney Padua
#WomenInHistory #OTD #History #WomensHistory #WomenInSTEM #Histodons
リクエストありがとうございました
ここに、うまそうなカレーパンの写真があるじゃろ……?
あとでたべるんじゃよ……。
これ、近所の激ウマのカレー屋さんが、隣の美味しいパン屋さんの協力を得て、火曜と木曜に数量限定で売ってるやつで、中に入ってるのは本格的なポークビンダルーなんじゃよ……。 
@BreadClubパン部🍞
あぢ
블스 명언 줄리(스팸계) 가니 릴리 온다
아니 일본정부가 "독도가 일본땅인이유"라고 죽어라 강조하는게 "독도를 한국땅으로 반환한다 는 말이 없어서"인것가지고는 그렇게 억지다 하시는분들이 대체왜 "차금법은 일단 만들고 나중에 수정하면된다"에는 고개를 끄덕이고앉았어???
시드니 등 오스트레일리아 동남부 도시에 서식하는 큰유황앵무는 영리하기로 유명합니다. 지난 2021년 앵무 일부가 쓰레기통 뚜껑 여는 법을 터득한 뒤 서로 이 행동을 모방해 쓰레기 뒤지기를 ‘유행’ 시키더니, 이번에는 공공 음수대의 꼭지를 돌려 신선한 물을 마시는 모습이 포착됐습니다.
쓰레기통 뚜껑 열던 앵무새들, 음수대 꼭지 돌려서 물도...
病院で血を抜かれてへろへら
#OnThisDay, 5 Jun 1833, Ada Lovelace meets Charles Babbage, triggering their collaboration on the Analytical Engine and writing the first published program.
Image by Sydney Padua
#WomenInHistory #OTD #History #WomensHistory #WomenInSTEM #Histodons
다른 혐오표현에 대해 명시하고, 성적 지향과 성 정체성에 대한 혐오표현만 제외된 정통법 개정이 이루어지면 어떻게 될까요? 혐오세력이 온라인에서 그걸로만 욕할겁니다. 그건 법이 허락한 혐오 표현으로 이해할거거든요. 실제 재판으로 가더라도 법조항에 명시가 안되었다는 것으로 혐오표현이 아닌 개인 의사표현의 자유라 주장 할겁니다. 그들이 그 자유를 어디에서 쓸까요? 거리, 학교, 교회, 공공장소, 광장. 모든곳에서 쓰겠죠.
We're excited to announce Hollo 0.6.0, a significant release that brings enhanced security, better user experience, and important infrastructure improvements to your single-user microblogging setup.
This release prioritizes security with comprehensive OAuth 2.0 improvements that align with current best practices. We've implemented several critical RFC standards that significantly strengthen the authorization process:
OAuth 2.0 Authorization Code Flow with Access Grants — We've overhauled the OAuth implementation to properly separate authorization codes from access token issuance, providing better security isolation throughout the authentication process.
RFC 7636 PKCE (Proof Key for Code Exchange) Support — Hollo now supports PKCE with the S256 code challenge method, which prevents authorization code interception attacks. This is particularly important for public clients and follows the latest OAuth 2.0 security recommendations outlined in RFC 9700 (OAuth 2.0 Security Current Best Practices).
RFC 8414 OAuth Authorization Server Metadata — We've added support for OAuth Authorization Server metadata endpoints, allowing clients to automatically discover Hollo's OAuth capabilities and configuration. This makes integration smoother and helps clients adapt to your server's specific OAuth setup.
Enhanced Profile Scope Support — The new /oauth/userinfo endpoint and expanded profile scope support provide applications with standardized ways to access user profile information, improving compatibility with a wider range of OAuth-compliant applications.
These OAuth improvements not only make Hollo more secure but also position it at the forefront of federated social media security standards. We encourage other fediverse projects to adopt these same standards to ensure the entire ecosystem benefits from these security enhancements.
Special thanks to Emelia Smith (
@thisismissemEmelia 👸🏻) for spearheading these critical OAuth security improvements and ensuring Hollo stays ahead of the curve on authentication best practices.
We've significantly improved how Hollo handles media storage configuration, making it more flexible and future-ready:
New Environment Variables — The storage system now uses STORAGE_URL_BASE (replacing the deprecated ASSET_URL_BASE) and FS_STORAGE_PATH for local filesystem storage (replacing FS_ASSET_PATH). These changes provide clearer naming and better organization.
Improved Security Requirements — The SECRET_KEY environment variable now requires a minimum of 44 characters, ensuring sufficient entropy for cryptographic operations. You'll need to update your configuration if your current secret key is shorter.
Network Binding Control — The new BIND environment variable lets you specify exactly which network interface Hollo should listen on, giving you more control over your server's network configuration.
Thanks to Emelia Smith (@thisismissemEmelia 👸🏻) for leading these infrastructure improvements.
Customizable Profile Themes — You can now personalize your profile page with different theme colors. Choose from the full range of Pico CSS color options to make your profile uniquely yours.
Enhanced Administration Dashboard — The dashboard now displays the current Hollo version at the bottom, making it easier to track which version you're running. You can also sign out directly from the dashboard for better session management.
Improved Post Presentation — Shared posts on profile pages now have better visual separation from original content, and the sharing timestamp is clearly displayed. This makes it much easier to distinguish between your original thoughts and content you've shared from others.
Better Image Accessibility — Alt text for images is now displayed within expandable details sections, improving accessibility while keeping the interface clean.
Syntax Highlighting — Code blocks in Markdown posts now feature beautiful syntax highlighting powered by Shiki, supporting a comprehensive range of programming languages. This makes technical discussions much more readable.
Enhanced Character Limit — The maximum post length has been increased from 4,096 to 10,000 characters, giving you more space to express your thoughts in detail.
Thanks to RangHo Lee (
@rangho_220우주스타 아이도루 랭호 🌠) for the version display feature and Okuto Oyama (
@yamanoku) for the image accessibility improvements.
EXIF Metadata Removal — Hollo now automatically strips EXIF metadata from uploaded images before storing them, protecting your privacy by removing potentially sensitive location and device information.
Public API Endpoints — Following Mastodon's approach, certain API endpoints are now publicly accessible without authentication, making Hollo more compatible with various client applications and improving the overall federation experience.
Thanks to NTSK (
@ntekNTSK) for the privacy-focused EXIF metadata stripping implementation.
Node.js 24+ Requirement — This release requires Node.js 24.0.0 or later. We've also upgraded to Fedify 1.5.3 and @fedify/postgres 0.3.0 for improved performance and compatibility.
Test Coverage & Quality Assurance — The codebase now includes comprehensive testing infrastructure and test coverage. We're committed to expanding this coverage and integrating testing more deeply into our development and release workflows. This also provides an excellent opportunity for first-time contributors to get involved by writing tests.
Cross-Origin Request Support — OAuth and well-known endpoints now properly support cross-origin requests, aligning with Mastodon's behavior and improving client compatibility.
Cleaner Token Endpoint — The scope parameter is now properly optional for the OAuth token endpoint, clarifying that it only affects client credentials flows (not authorization code flows, where it was already ignored).
This release represents a major step forward in making Hollo not just a great single-user microblogging platform, but also a leader in federated social media security standards. The OAuth improvements we've implemented should serve as a model for other fediverse projects.
We're particularly excited about the OAuth security enhancements, which demonstrate our commitment to staying ahead of security best practices. As the federated web continues to evolve, we believe these standards will become increasingly important for maintaining user trust and ensuring secure interactions across the fediverse.
Upgrading to Hollo 0.6.0 is straightforward, but there are a few important considerations:
しゅいろ
MJ+
Sara Joy 
Chee Aun 🤔docker pull ghcr.io/fedify-dev/hollo:latestgit pullpnpm installpnpm run prodEnvironment Variables: Update your configuration if you're using deprecated variables:
ASSET_URL_BASE with STORAGE_URL_BASEFS_ASSET_PATH with FS_STORAGE_PATHSECRET_KEY is at least 44 characters longSession Reset: Due to the OAuth security improvements, existing user sessions may be invalidated during the upgrade. You'll likely need to log in again through your client apps (like Phanpy, Moshidon, etc.) after upgrading. This is a one-time inconvenience that ensures you benefit from the enhanced security features.
Thank you to everyone who contributed to this release, and to the community for your continued support. Hollo 0.6.0 brings significant improvements to security, usability, and the overall experience of running your own corner of the fediverse.
[Pic]김혜경 여사 머리에 카메라 부딪히고 밀친 MBN 기자놈,팔도 꼬집었음(신상 확인) - 사커라인
https://soccerline.kr/board/17922629
그냥 앞에 잘 안보여서 부딪친건 줄 알았는데
진짜 꼬집었네?
하나님 나라가 그리 좋대드니, 아직 안 간겨?
여성·성소수자 단체들이 이재명 대통령을 향해 포괄적 차별금지법 제정을 비롯한 소수자 인권 보장 정책에 적극 나서달라고 촉구했습니다.
“이재명 대통령, 여성·소수자 배제 않는 국정 운영 바...
팔로워 알림은 안 오는데 팔로워 숫자는 많아진다....? 아무래도 Julie나 Lily가 몇 명 끼어있나보다 (다중계정이 많은 스팸섹계입니다.)
SSR SSRI 違い 検索🔍️
여성·성소수자 단체들이 이재명 대통령을 향해 포괄적 차별금지법 제정을 비롯한 소수자 인권 보장 정책에 적극 나서달라고 촉구했습니다.
“이재명 대통령, 여성·소수자 배제 않는 국정 운영 바...
We're excited to announce Hollo 0.6.0, a significant release that brings enhanced security, better user experience, and important infrastructure improvements to your single-user microblogging setup.
This release prioritizes security with comprehensive OAuth 2.0 improvements that align with current best practices. We've implemented several critical RFC standards that significantly strengthen the authorization process:
OAuth 2.0 Authorization Code Flow with Access Grants — We've overhauled the OAuth implementation to properly separate authorization codes from access token issuance, providing better security isolation throughout the authentication process.
RFC 7636 PKCE (Proof Key for Code Exchange) Support — Hollo now supports PKCE with the S256 code challenge method, which prevents authorization code interception attacks. This is particularly important for public clients and follows the latest OAuth 2.0 security recommendations outlined in RFC 9700 (OAuth 2.0 Security Current Best Practices).
RFC 8414 OAuth Authorization Server Metadata — We've added support for OAuth Authorization Server metadata endpoints, allowing clients to automatically discover Hollo's OAuth capabilities and configuration. This makes integration smoother and helps clients adapt to your server's specific OAuth setup.
Enhanced Profile Scope Support — The new /oauth/userinfo endpoint and expanded profile scope support provide applications with standardized ways to access user profile information, improving compatibility with a wider range of OAuth-compliant applications.
These OAuth improvements not only make Hollo more secure but also position it at the forefront of federated social media security standards. We encourage other fediverse projects to adopt these same standards to ensure the entire ecosystem benefits from these security enhancements.
Special thanks to Emelia Smith (@thisismissemEmelia 👸🏻) for spearheading these critical OAuth security improvements and ensuring Hollo stays ahead of the curve on authentication best practices.
We've significantly improved how Hollo handles media storage configuration, making it more flexible and future-ready:
New Environment Variables — The storage system now uses STORAGE_URL_BASE (replacing the deprecated ASSET_URL_BASE) and FS_STORAGE_PATH for local filesystem storage (replacing FS_ASSET_PATH). These changes provide clearer naming and better organization.
Improved Security Requirements — The SECRET_KEY environment variable now requires a minimum of 44 characters, ensuring sufficient entropy for cryptographic operations. You'll need to update your configuration if your current secret key is shorter.
Network Binding Control — The new BIND environment variable lets you specify exactly which network interface Hollo should listen on, giving you more control over your server's network configuration.
Thanks to Emelia Smith (@thisismissemEmelia 👸🏻) for leading these infrastructure improvements.
Customizable Profile Themes — You can now personalize your profile page with different theme colors. Choose from the full range of Pico CSS color options to make your profile uniquely yours.
Enhanced Administration Dashboard — The dashboard now displays the current Hollo version at the bottom, making it easier to track which version you're running. You can also sign out directly from the dashboard for better session management.
Improved Post Presentation — Shared posts on profile pages now have better visual separation from original content, and the sharing timestamp is clearly displayed. This makes it much easier to distinguish between your original thoughts and content you've shared from others.
Better Image Accessibility — Alt text for images is now displayed within expandable details sections, improving accessibility while keeping the interface clean.
Syntax Highlighting — Code blocks in Markdown posts now feature beautiful syntax highlighting powered by Shiki, supporting a comprehensive range of programming languages. This makes technical discussions much more readable.
Enhanced Character Limit — The maximum post length has been increased from 4,096 to 10,000 characters, giving you more space to express your thoughts in detail.
Thanks to RangHo Lee (@rangho_220우주스타 아이도루 랭호 🌠) for the version display feature and Okuto Oyama (@yamanoku) for the image accessibility improvements.
EXIF Metadata Removal — Hollo now automatically strips EXIF metadata from uploaded images before storing them, protecting your privacy by removing potentially sensitive location and device information.
Public API Endpoints — Following Mastodon's approach, certain API endpoints are now publicly accessible without authentication, making Hollo more compatible with various client applications and improving the overall federation experience.
Thanks to NTSK (@ntekNTSK) for the privacy-focused EXIF metadata stripping implementation.
Node.js 24+ Requirement — This release requires Node.js 24.0.0 or later. We've also upgraded to Fedify 1.5.3 and @fedify/postgres 0.3.0 for improved performance and compatibility.
Test Coverage & Quality Assurance — The codebase now includes comprehensive testing infrastructure and test coverage. We're committed to expanding this coverage and integrating testing more deeply into our development and release workflows. This also provides an excellent opportunity for first-time contributors to get involved by writing tests.
Cross-Origin Request Support — OAuth and well-known endpoints now properly support cross-origin requests, aligning with Mastodon's behavior and improving client compatibility.
Cleaner Token Endpoint — The scope parameter is now properly optional for the OAuth token endpoint, clarifying that it only affects client credentials flows (not authorization code flows, where it was already ignored).
This release represents a major step forward in making Hollo not just a great single-user microblogging platform, but also a leader in federated social media security standards. The OAuth improvements we've implemented should serve as a model for other fediverse projects.
We're particularly excited about the OAuth security enhancements, which demonstrate our commitment to staying ahead of security best practices. As the federated web continues to evolve, we believe these standards will become increasingly important for maintaining user trust and ensuring secure interactions across the fediverse.
Upgrading to Hollo 0.6.0 is straightforward, but there are a few important considerations:
Esuriodocker pull ghcr.io/fedify-dev/hollo:latestgit pullpnpm installpnpm run prodEnvironment Variables: Update your configuration if you're using deprecated variables:
ASSET_URL_BASE with STORAGE_URL_BASEFS_ASSET_PATH with FS_STORAGE_PATHSECRET_KEY is at least 44 characters longSession Reset: Due to the OAuth security improvements, existing user sessions may be invalidated during the upgrade. You'll likely need to log in again through your client apps (like Phanpy, Moshidon, etc.) after upgrading. This is a one-time inconvenience that ensures you benefit from the enhanced security features.
Thank you to everyone who contributed to this release, and to the community for your continued support. Hollo 0.6.0 brings significant improvements to security, usability, and the overall experience of running your own corner of the fediverse.
小学校ぶりの受験勉強が必要かもしれない
We're excited to announce Hollo 0.6.0, a significant release that brings enhanced security, better user experience, and important infrastructure improvements to your single-user microblogging setup.
This release prioritizes security with comprehensive OAuth 2.0 improvements that align with current best practices. We've implemented several critical RFC standards that significantly strengthen the authorization process:
OAuth 2.0 Authorization Code Flow with Access Grants — We've overhauled the OAuth implementation to properly separate authorization codes from access token issuance, providing better security isolation throughout the authentication process.
RFC 7636 PKCE (Proof Key for Code Exchange) Support — Hollo now supports PKCE with the S256 code challenge method, which prevents authorization code interception attacks. This is particularly important for public clients and follows the latest OAuth 2.0 security recommendations outlined in RFC 9700 (OAuth 2.0 Security Current Best Practices).
RFC 8414 OAuth Authorization Server Metadata — We've added support for OAuth Authorization Server metadata endpoints, allowing clients to automatically discover Hollo's OAuth capabilities and configuration. This makes integration smoother and helps clients adapt to your server's specific OAuth setup.
Enhanced Profile Scope Support — The new /oauth/userinfo endpoint and expanded profile scope support provide applications with standardized ways to access user profile information, improving compatibility with a wider range of OAuth-compliant applications.
These OAuth improvements not only make Hollo more secure but also position it at the forefront of federated social media security standards. We encourage other fediverse projects to adopt these same standards to ensure the entire ecosystem benefits from these security enhancements.
Special thanks to Emelia Smith (@thisismissemEmelia 👸🏻) for spearheading these critical OAuth security improvements and ensuring Hollo stays ahead of the curve on authentication best practices.
We've significantly improved how Hollo handles media storage configuration, making it more flexible and future-ready:
New Environment Variables — The storage system now uses STORAGE_URL_BASE (replacing the deprecated ASSET_URL_BASE) and FS_STORAGE_PATH for local filesystem storage (replacing FS_ASSET_PATH). These changes provide clearer naming and better organization.
Improved Security Requirements — The SECRET_KEY environment variable now requires a minimum of 44 characters, ensuring sufficient entropy for cryptographic operations. You'll need to update your configuration if your current secret key is shorter.
Network Binding Control — The new BIND environment variable lets you specify exactly which network interface Hollo should listen on, giving you more control over your server's network configuration.
Thanks to Emelia Smith (@thisismissemEmelia 👸🏻) for leading these infrastructure improvements.
Customizable Profile Themes — You can now personalize your profile page with different theme colors. Choose from the full range of Pico CSS color options to make your profile uniquely yours.
Enhanced Administration Dashboard — The dashboard now displays the current Hollo version at the bottom, making it easier to track which version you're running. You can also sign out directly from the dashboard for better session management.
Improved Post Presentation — Shared posts on profile pages now have better visual separation from original content, and the sharing timestamp is clearly displayed. This makes it much easier to distinguish between your original thoughts and content you've shared from others.
Better Image Accessibility — Alt text for images is now displayed within expandable details sections, improving accessibility while keeping the interface clean.
Syntax Highlighting — Code blocks in Markdown posts now feature beautiful syntax highlighting powered by Shiki, supporting a comprehensive range of programming languages. This makes technical discussions much more readable.
Enhanced Character Limit — The maximum post length has been increased from 4,096 to 10,000 characters, giving you more space to express your thoughts in detail.
Thanks to RangHo Lee (@rangho_220우주스타 아이도루 랭호 🌠) for the version display feature and Okuto Oyama (@yamanoku) for the image accessibility improvements.
EXIF Metadata Removal — Hollo now automatically strips EXIF metadata from uploaded images before storing them, protecting your privacy by removing potentially sensitive location and device information.
Public API Endpoints — Following Mastodon's approach, certain API endpoints are now publicly accessible without authentication, making Hollo more compatible with various client applications and improving the overall federation experience.
Thanks to NTSK (@ntekNTSK) for the privacy-focused EXIF metadata stripping implementation.
Node.js 24+ Requirement — This release requires Node.js 24.0.0 or later. We've also upgraded to Fedify 1.5.3 and @fedify/postgres 0.3.0 for improved performance and compatibility.
Test Coverage & Quality Assurance — The codebase now includes comprehensive testing infrastructure and test coverage. We're committed to expanding this coverage and integrating testing more deeply into our development and release workflows. This also provides an excellent opportunity for first-time contributors to get involved by writing tests.
Cross-Origin Request Support — OAuth and well-known endpoints now properly support cross-origin requests, aligning with Mastodon's behavior and improving client compatibility.
Cleaner Token Endpoint — The scope parameter is now properly optional for the OAuth token endpoint, clarifying that it only affects client credentials flows (not authorization code flows, where it was already ignored).
This release represents a major step forward in making Hollo not just a great single-user microblogging platform, but also a leader in federated social media security standards. The OAuth improvements we've implemented should serve as a model for other fediverse projects.
We're particularly excited about the OAuth security enhancements, which demonstrate our commitment to staying ahead of security best practices. As the federated web continues to evolve, we believe these standards will become increasingly important for maintaining user trust and ensuring secure interactions across the fediverse.
Upgrading to Hollo 0.6.0 is straightforward, but there are a few important considerations:
洪 民憙 (Hong Minhee) 
docker pull ghcr.io/fedify-dev/hollo:latestgit pullpnpm installpnpm run prodEnvironment Variables: Update your configuration if you're using deprecated variables:
ASSET_URL_BASE with STORAGE_URL_BASEFS_ASSET_PATH with FS_STORAGE_PATHSECRET_KEY is at least 44 characters longSession Reset: Due to the OAuth security improvements, existing user sessions may be invalidated during the upgrade. You'll likely need to log in again through your client apps (like Phanpy, Moshidon, etc.) after upgrading. This is a one-time inconvenience that ensures you benefit from the enhanced security features.
Thank you to everyone who contributed to this release, and to the community for your continued support. Hollo 0.6.0 brings significant improvements to security, usability, and the overall experience of running your own corner of the fediverse.
横浜家系⇔川崎職場系
We're excited to announce Hollo 0.6.0, a significant release that brings enhanced security, better user experience, and important infrastructure improvements to your single-user microblogging setup.
This release prioritizes security with comprehensive OAuth 2.0 improvements that align with current best practices. We've implemented several critical RFC standards that significantly strengthen the authorization process:
OAuth 2.0 Authorization Code Flow with Access Grants — We've overhauled the OAuth implementation to properly separate authorization codes from access token issuance, providing better security isolation throughout the authentication process.
RFC 7636 PKCE (Proof Key for Code Exchange) Support — Hollo now supports PKCE with the S256 code challenge method, which prevents authorization code interception attacks. This is particularly important for public clients and follows the latest OAuth 2.0 security recommendations outlined in RFC 9700 (OAuth 2.0 Security Current Best Practices).
RFC 8414 OAuth Authorization Server Metadata — We've added support for OAuth Authorization Server metadata endpoints, allowing clients to automatically discover Hollo's OAuth capabilities and configuration. This makes integration smoother and helps clients adapt to your server's specific OAuth setup.
Enhanced Profile Scope Support — The new /oauth/userinfo endpoint and expanded profile scope support provide applications with standardized ways to access user profile information, improving compatibility with a wider range of OAuth-compliant applications.
These OAuth improvements not only make Hollo more secure but also position it at the forefront of federated social media security standards. We encourage other fediverse projects to adopt these same standards to ensure the entire ecosystem benefits from these security enhancements.
Special thanks to Emelia Smith (@thisismissemEmelia 👸🏻) for spearheading these critical OAuth security improvements and ensuring Hollo stays ahead of the curve on authentication best practices.
We've significantly improved how Hollo handles media storage configuration, making it more flexible and future-ready:
New Environment Variables — The storage system now uses STORAGE_URL_BASE (replacing the deprecated ASSET_URL_BASE) and FS_STORAGE_PATH for local filesystem storage (replacing FS_ASSET_PATH). These changes provide clearer naming and better organization.
Improved Security Requirements — The SECRET_KEY environment variable now requires a minimum of 44 characters, ensuring sufficient entropy for cryptographic operations. You'll need to update your configuration if your current secret key is shorter.
Network Binding Control — The new BIND environment variable lets you specify exactly which network interface Hollo should listen on, giving you more control over your server's network configuration.
Thanks to Emelia Smith (@thisismissemEmelia 👸🏻) for leading these infrastructure improvements.
Customizable Profile Themes — You can now personalize your profile page with different theme colors. Choose from the full range of Pico CSS color options to make your profile uniquely yours.
Enhanced Administration Dashboard — The dashboard now displays the current Hollo version at the bottom, making it easier to track which version you're running. You can also sign out directly from the dashboard for better session management.
Improved Post Presentation — Shared posts on profile pages now have better visual separation from original content, and the sharing timestamp is clearly displayed. This makes it much easier to distinguish between your original thoughts and content you've shared from others.
Better Image Accessibility — Alt text for images is now displayed within expandable details sections, improving accessibility while keeping the interface clean.
Syntax Highlighting — Code blocks in Markdown posts now feature beautiful syntax highlighting powered by Shiki, supporting a comprehensive range of programming languages. This makes technical discussions much more readable.
Enhanced Character Limit — The maximum post length has been increased from 4,096 to 10,000 characters, giving you more space to express your thoughts in detail.
Thanks to RangHo Lee (@rangho_220우주스타 아이도루 랭호 🌠) for the version display feature and Okuto Oyama (@yamanoku) for the image accessibility improvements.
EXIF Metadata Removal — Hollo now automatically strips EXIF metadata from uploaded images before storing them, protecting your privacy by removing potentially sensitive location and device information.
Public API Endpoints — Following Mastodon's approach, certain API endpoints are now publicly accessible without authentication, making Hollo more compatible with various client applications and improving the overall federation experience.
Thanks to NTSK (@ntekNTSK) for the privacy-focused EXIF metadata stripping implementation.
Node.js 24+ Requirement — This release requires Node.js 24.0.0 or later. We've also upgraded to Fedify 1.5.3 and @fedify/postgres 0.3.0 for improved performance and compatibility.
Test Coverage & Quality Assurance — The codebase now includes comprehensive testing infrastructure and test coverage. We're committed to expanding this coverage and integrating testing more deeply into our development and release workflows. This also provides an excellent opportunity for first-time contributors to get involved by writing tests.
Cross-Origin Request Support — OAuth and well-known endpoints now properly support cross-origin requests, aligning with Mastodon's behavior and improving client compatibility.
Cleaner Token Endpoint — The scope parameter is now properly optional for the OAuth token endpoint, clarifying that it only affects client credentials flows (not authorization code flows, where it was already ignored).
This release represents a major step forward in making Hollo not just a great single-user microblogging platform, but also a leader in federated social media security standards. The OAuth improvements we've implemented should serve as a model for other fediverse projects.
We're particularly excited about the OAuth security enhancements, which demonstrate our commitment to staying ahead of security best practices. As the federated web continues to evolve, we believe these standards will become increasingly important for maintaining user trust and ensuring secure interactions across the fediverse.
Upgrading to Hollo 0.6.0 is straightforward, but there are a few important considerations:
docker pull ghcr.io/fedify-dev/hollo:latestgit pullpnpm installpnpm run prodEnvironment Variables: Update your configuration if you're using deprecated variables:
ASSET_URL_BASE with STORAGE_URL_BASEFS_ASSET_PATH with FS_STORAGE_PATHSECRET_KEY is at least 44 characters longSession Reset: Due to the OAuth security improvements, existing user sessions may be invalidated during the upgrade. You'll likely need to log in again through your client apps (like Phanpy, Moshidon, etc.) after upgrading. This is a one-time inconvenience that ensures you benefit from the enhanced security features.
Thank you to everyone who contributed to this release, and to the community for your continued support. Hollo 0.6.0 brings significant improvements to security, usability, and the overall experience of running your own corner of the fediverse.
might try a new thing where i discipline myself into using hashtags as a pseudo-category thing at the beginning of my posts here so as to make better use of the featured hashtags feature... if i can keep up doing that
the thing that bothers me though is that i don't particularly want to opt-in to the other behaviors of the hashtag for my public posts. i just want categories like how Google+ Collections worked, but i don't want to make one account per feed/category
충격!!!
계란빵이 2개에 6000원이고
4개에 10000원이야!!! 
오늘부터 목 궤양 약을 먹기 시작했는데(어제는 장염 약이랑 충돌 일어날까봐 안 먹었는데 알아서 잘 약 타줬겠거니 생각하고 다 처먹기로 했음)
나아지는 건 없는 것 같음
그나마 잠깐 통증 줄여주는 건 가글...
충격!!!
계란빵이 2개에 6000원이고
4개에 10000원이야!!!
そうだ!
ちなみに直近の娘たちだとどの子のが好み?
1枚目から順にならべてるよ!
RE: https://misskey.io/notes/a8mmzebj7hf40cyg
집이다
Besonders Dachdecker brauchen ja den Feierabend, um richtig runterzukommen
Golang Backend + SvelteKit SPA Frontend
https://github.com/joelseq/go-svelte-spa
Discussions: https://discu.eu/q/https://github.com/joelseq/go-svelte-spa
If there's one thing that life has taught me about alarmist left-wing crackpots it's that they are consistently right about basically everything.
Maybe we should call the left wing right wing and the right wing wrong wing, that would make things a lot clearer for the uninitiated.
switch2ほしい
불가사리 소년 
맹꽁이
Quincy
