What is Hackers' Pub?

Hackers' Pub is a place for software engineers to share their knowledge and experience with each other. It's also an ActivityPub-enabled social network, so you can follow your favorite hackers in the fediverse and get their latest posts in your feed.

0
0
0
Honič Péra 24 hodin @honicpera@snac.lab8.cz
Public

Nová humanitární nadace pro Gazu pozastavila kvůli přestavbě areálů i přístupových cest na jeden den aktivity. Tamní úřady hlásily v posledních třech dnech desítky mrtvých po střelbě do lidí v blízkosti míst pro výdej potravin. Izrael i USA to vyšetřují, varují ale před spoléháním se na informace publikované z oblastí kontrolovaných Hamásem. Eskalace války ovlivňuje i dvoumilionovou arabskou menšinu v Izraeli.

0
0
0
0
0
0
0
0
0
0
0
0
1
0
0
0
22
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
Elena Rossini ⁂ @_elena@mastodon.social
Public
Shared by @reiver ⊼ (Charles) :batman:

Please move along, nothing to see here 🙈

But yes I just uploaded my Fediverse promo video to my self-hosted in case tomorrow I encounter technical glitches and need to share a link. The video is set to private (for now!), I will change its status to public on Monday. Sooo excited, it's finally happeniiiiiing.

Thank you @samaabergSamuel Aaberg @TheLifeofTarzanRiyen P for your help with this!

a screenshot from the "Publish" screen of my self-hosted PeerTube instance that shows a green line with 100% uploaded status of a video titled: "Introducing the Fediverse: a New Era of Social Media" with privacy settings as "unlisted"
0
0
0
1
0
0
에스텔 뉴스계정 @transborder.bsky.social@bsky.brid.gy
Public

'계엄 비판' 비평 뺀 서울시립미술관, 왜?... "정치적 검열" 입력2025.06.04 16:3022면 서울시립미술관 '계엄 비판' 비평 제외 논란 해당 글쓴 남웅 평론가 "정치적 검열" 반발 평론가 8인 "나쁜 선례... 부정적 영향 우려" m.hankookilbo.com/News/Read/Am...

'계엄 비판' 비평 뺀 서울시립미술관, 왜?... "정...

'계엄 비판' 비평 뺀 서울시립미술관, 왜?... "정치적 검열" | 한국일보

서울시립미술관이 전시 도록 제작 과정에서 12·3 불법 계엄을 비판한 평론가의 글을 제외해 논란이다. 평론가들은 미술관의 정치적 검열 의혹을 제기하며 거세게 비판했다. 서울시립미술관의 세마(SeMA)-하나상 수상자 8명은 지난 1일 '비평과 검열은 함께 갈 수 없다'는 연대 성명에서 "이번 사태가 용인된다면 미술인들은 앞으로도 미술관의 안위를 위해 도대

m.hankookilbo.com · 한국일보

0
0
0
dansup @dansup@mastodon.social
Public
Shared by @reiver ⊼ (Charles) :batman:

The new Pixelfed webUI solves almost every reported issue, your feedback has been pivotal to the evolution in so many respects.

Best of all, we're adopting a new design system by our talented lead designer and custom (nuxt inspired) frontend to supercharge development.

It's beautiful, but also way more resilient, with better offline/network connectivity support, webpush integration and client caching for faster loads

It's way more open and features new discovery tools to find friends + topics

0
0
0
0
0
0
1
0
0
0
0
0
0
0
0
dansup @dansup@mastodon.social
Public
Shared by @reiver ⊼ (Charles) :batman:

The new Pixelfed UI uses our next generation APIs that better fit our platform.

The MastoAPI has been useful to Pixelfed so we could support 3rd party apps, however it's not quite suited for our use case.

That being said, we don't plan on dropping MastoAPI support anytime soon, and if we do, will give a 1 year phase out warning.

0
0
0
에스텔 뉴스계정 @transborder.bsky.social@bsky.brid.gy
Public
Shared by 시아란 🌌 Private

尹 파면에 짐 싼 대통령실 직원들…줄줄이 공기업 이직 2025.06.05 오후 12:00 5월 퇴직공직자 취업심사 67건 결과 발표 www.news1.kr/politics/pre...

尹 파면에 짐 싼 대통령실 직원들…줄줄이 공기업 이직

Og Image Alt

尹 파면에 짐 싼 대통령실 직원들…줄줄이 공기업 이직

5월 퇴직공직자 취업심사 67건 결과 발표 윤석열 전 대통령이 탄핵으로 파면된 뒤 윤석열 정부 대통령실에 몸담았던 직원들이 줄줄이 새 직장을 찾고 있다.정부공직자윤리위원회는 5일 '2025년 5월 퇴직공직 …

www.news1.kr · 뉴스1

0
0
0
에스텔 뉴스계정 @transborder.bsky.social@bsky.brid.gy
Public
Shared by 시아란 🌌 Private

[이재명시대] 새 정부, ‘게관위 폐지’ 칼 빼든다...게임 거버넌스 전면 개편 입력 2025.06.04 19:19 www.ftoday.co.kr/news/article...

[이재명시대] 새 정부, ‘게관위 폐지’ 칼 빼든다.....

[이재명시대] 새 정부, ‘게관위 폐지’ 칼 빼든다...게임 거버넌스 전면 개편

최형주 기자 · 제21대 대통령 선거를 통해 이재명 더불어민주당 후보가 당선되며 그가 내세웠던 게임 관련 공약들이 재차 주목받고 있다. 그동안 게임업계 전반에 뿌리내린 게임 전담 조직에 대한 불신을 씻어낼 수 있을지 관심이 쏠리고 있다.이재명 대통령은 선거 전 당 내에 ‘게임특별위원회(이하 게임특위)

www.ftoday.co.kr · 파이낸셜투데이

0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
에스텔 뉴스계정 @transborder.bsky.social@bsky.brid.gy
Public

尹 파면에 짐 싼 대통령실 직원들…줄줄이 공기업 이직 2025.06.05 오후 12:00 5월 퇴직공직자 취업심사 67건 결과 발표 www.news1.kr/politics/pre...

尹 파면에 짐 싼 대통령실 직원들…줄줄이 공기업 이직

Og Image Alt

尹 파면에 짐 싼 대통령실 직원들…줄줄이 공기업 이직

5월 퇴직공직자 취업심사 67건 결과 발표 윤석열 전 대통령이 탄핵으로 파면된 뒤 윤석열 정부 대통령실에 몸담았던 직원들이 줄줄이 새 직장을 찾고 있다.정부공직자윤리위원회는 5일 '2025년 5월 퇴직공직 …

www.news1.kr · 뉴스1

0
0
0
0
0
0
0
0
0
Bonfire @bonfire@indieweb.social
Public

Join us at today — an unconference about the ActivityPub ecosystem. We’ll be doing a live demo and proposing a session:

Behind the Bonfire: building a fediverse app in public

Curious how a fediverse app actually gets made? We’ll share the journey to Bonfire 1.0, talk about deployment, governance, and what building in public really looks like — the good, the hard, and the weird.

1/2

Bonfire @bonfire@indieweb.social
Public
Shared by @reiver ⊼ (Charles) :batman:

This is a chance to poke at the process, challenge assumptions, and have an open conversation. Bring your curiosity, hard questions, and ideas about co-design, funding, burnout, moderation, and the messy realities of open-source work.

Let’s dig into how fediverse apps get built, maintained, and shaped by their communities.

See you there! 🔗 fediforum.org

FediForum logo

FediForum

FediForum: moving the Open Social Web forward

fediforum.org · FediForum

0
0
0
dansup @dansup@mastodon.social
Public

As Pixelfed adopts webpush in a future release, it will open up push notifications to 3rd party apps!

We love our vibrant app ecosystem, and want to give them the same access as our official apps.

Let the people pick ✨

0
0
0
Bonfire @bonfire@indieweb.social
Public
Shared by @reiver ⊼ (Charles) :batman:

Join us at today — an unconference about the ActivityPub ecosystem. We’ll be doing a live demo and proposing a session:

Behind the Bonfire: building a fediverse app in public

Curious how a fediverse app actually gets made? We’ll share the journey to Bonfire 1.0, talk about deployment, governance, and what building in public really looks like — the good, the hard, and the weird.

1/2

0
0
0
Creative Code Berlin @creativeCodeBLN@genart.social
Public

💻 🎹 🕹️ ✏️ Creative Code Stammtisch 📷 🔬💃 🎛️

First Friday of every month.

A free event that is part casual hangout, part show-and-tell. We are open and welcoming to everyone interested in using code for creative self-expression. Folks of all backgrounds and skill levels are welcome!

meetup.com/creativecodeberlin/

[Artwork by @action_ioNuño de la Serna]

Poster by https://creativecode.berlin announcing the Creative Code Stammtisch #134 on June 6th 2025 at 19:30 in co.up, Berlin (Adalbertstr. 6 - 8, next to Kottbusser Tor) The image has a red banner with the information on top of a grayscale foggy picture of some buildings with power lines above them, all of it glitched with rich colors at the bottom of the photo.
0
0
0
에스텔 뉴스계정 @transborder.bsky.social@bsky.brid.gy
Public

[이재명시대] 새 정부, ‘게관위 폐지’ 칼 빼든다...게임 거버넌스 전면 개편 입력 2025.06.04 19:19 www.ftoday.co.kr/news/article...

[이재명시대] 새 정부, ‘게관위 폐지’ 칼 빼든다.....

[이재명시대] 새 정부, ‘게관위 폐지’ 칼 빼든다...게임 거버넌스 전면 개편

최형주 기자 · 제21대 대통령 선거를 통해 이재명 더불어민주당 후보가 당선되며 그가 내세웠던 게임 관련 공약들이 재차 주목받고 있다. 그동안 게임업계 전반에 뿌리내린 게임 전담 조직에 대한 불신을 씻어낼 수 있을지 관심이 쏠리고 있다.이재명 대통령은 선거 전 당 내에 ‘게임특별위원회(이하 게임특위)

www.ftoday.co.kr · 파이낸셜투데이

0
0
0
0
0
0
0
0
0
Julian Fietkau @julian@fietkau.social
Quiet public

@holloHollo :hollo: @thisismissemEmelia 👸🏻 Congratulations!

I'm still kind of obsessed with the idea of turning the profile color into a federatable actor property and creating an FEP to let server platforms (and ultimately clients) display people's profiles with visual accents in their chosen color.

It's not MySpace level of customization, but giving people a sense of ownership of "their" space is nice.

Would that be a waste of time or would any other platform want to buy in? @julian@community.nodebb.org @dansup @renchapRenaud Chaput @rimu

Rimu @rimu@mastodon.nzoss.nz
Quiet public
Shared by @reiver ⊼ (Charles) :batman:

@julian@fietkau.socialJulian Fietkau @holloHollo :hollo: @thisismissemEmelia 👸🏻 @julian@community.nodebb.org @dansup @renchapRenaud Chaput It'd need to be two colors - one for light mode and another for dark.

...maybe you'd need a corresponding text color too, for when the accent is used as a button background, etc. A light and a dark mode text color.

...and then again, many clients have multiple themes with different color schemes. It'd be hard to ensure the custom accent looks ok on all of them.

0
0
0
0
0
0
Hollo :hollo: @hollo@hollo.social
Public

We're excited to announce Hollo 0.6.0, a significant release that brings enhanced security, better user experience, and important infrastructure improvements to your single-user microblogging setup.

Enhanced OAuth Security with Modern Standards

This release prioritizes security with comprehensive OAuth 2.0 improvements that align with current best practices. We've implemented several critical RFC standards that significantly strengthen the authorization process:

OAuth 2.0 Authorization Code Flow with Access Grants — We've overhauled the OAuth implementation to properly separate authorization codes from access token issuance, providing better security isolation throughout the authentication process.

RFC 7636 PKCE (Proof Key for Code Exchange) Support — Hollo now supports PKCE with the S256 code challenge method, which prevents authorization code interception attacks. This is particularly important for public clients and follows the latest OAuth 2.0 security recommendations outlined in RFC 9700 (OAuth 2.0 Security Current Best Practices).

RFC 8414 OAuth Authorization Server Metadata — We've added support for OAuth Authorization Server metadata endpoints, allowing clients to automatically discover Hollo's OAuth capabilities and configuration. This makes integration smoother and helps clients adapt to your server's specific OAuth setup.

Enhanced Profile Scope Support — The new /oauth/userinfo endpoint and expanded profile scope support provide applications with standardized ways to access user profile information, improving compatibility with a wider range of OAuth-compliant applications.

These OAuth improvements not only make Hollo more secure but also position it at the forefront of federated social media security standards. We encourage other fediverse projects to adopt these same standards to ensure the entire ecosystem benefits from these security enhancements.

Special thanks to Emelia Smith (@thisismissemEmelia 👸🏻) for spearheading these critical OAuth security improvements and ensuring Hollo stays ahead of the curve on authentication best practices.

Revamped Media Storage Configuration

We've significantly improved how Hollo handles media storage configuration, making it more flexible and future-ready:

New Environment Variables — The storage system now uses STORAGE_URL_BASE (replacing the deprecated ASSET_URL_BASE) and FS_STORAGE_PATH for local filesystem storage (replacing FS_ASSET_PATH). These changes provide clearer naming and better organization.

Improved Security Requirements — The SECRET_KEY environment variable now requires a minimum of 44 characters, ensuring sufficient entropy for cryptographic operations. You'll need to update your configuration if your current secret key is shorter.

Network Binding Control — The new BIND environment variable lets you specify exactly which network interface Hollo should listen on, giving you more control over your server's network configuration.

Thanks to Emelia Smith (@thisismissemEmelia 👸🏻) for leading these infrastructure improvements.

Better User Experience

Customizable Profile Themes — You can now personalize your profile page with different theme colors. Choose from the full range of Pico CSS color options to make your profile uniquely yours.

Enhanced Administration Dashboard — The dashboard now displays the current Hollo version at the bottom, making it easier to track which version you're running. You can also sign out directly from the dashboard for better session management.

Improved Post Presentation — Shared posts on profile pages now have better visual separation from original content, and the sharing timestamp is clearly displayed. This makes it much easier to distinguish between your original thoughts and content you've shared from others.

Better Image Accessibility — Alt text for images is now displayed within expandable details sections, improving accessibility while keeping the interface clean.

Syntax Highlighting — Code blocks in Markdown posts now feature beautiful syntax highlighting powered by Shiki, supporting a comprehensive range of programming languages. This makes technical discussions much more readable.

Enhanced Character Limit — The maximum post length has been increased from 4,096 to 10,000 characters, giving you more space to express your thoughts in detail.

Thanks to RangHo Lee (@rangho_220우주스타 아이도루 랭호 🌠) for the version display feature and Okuto Oyama (@yamanoku) for the image accessibility improvements.

Privacy and Content Improvements

EXIF Metadata Removal — Hollo now automatically strips EXIF metadata from uploaded images before storing them, protecting your privacy by removing potentially sensitive location and device information.

Public API Endpoints — Following Mastodon's approach, certain API endpoints are now publicly accessible without authentication, making Hollo more compatible with various client applications and improving the overall federation experience.

Thanks to NTSK (@ntekNTSK) for the privacy-focused EXIF metadata stripping implementation.

Technical Foundation

Node.js 24+ Requirement — This release requires Node.js 24.0.0 or later. We've also upgraded to Fedify 1.5.3 and @fedify/postgres 0.3.0 for improved performance and compatibility.

Test Coverage & Quality Assurance — The codebase now includes comprehensive testing infrastructure and test coverage. We're committed to expanding this coverage and integrating testing more deeply into our development and release workflows. This also provides an excellent opportunity for first-time contributors to get involved by writing tests.

Cross-Origin Request Support — OAuth and well-known endpoints now properly support cross-origin requests, aligning with Mastodon's behavior and improving client compatibility.

Cleaner Token Endpoint — The scope parameter is now properly optional for the OAuth token endpoint, clarifying that it only affects client credentials flows (not authorization code flows, where it was already ignored).

Looking Forward

This release represents a major step forward in making Hollo not just a great single-user microblogging platform, but also a leader in federated social media security standards. The OAuth improvements we've implemented should serve as a model for other fediverse projects.

We're particularly excited about the OAuth security enhancements, which demonstrate our commitment to staying ahead of security best practices. As the federated web continues to evolve, we believe these standards will become increasingly important for maintaining user trust and ensuring secure interactions across the fediverse.

Upgrading

Upgrading to Hollo 0.6.0 is straightforward, but there are a few important considerations:

Railway Deployment

  1. Go to your Railway dashboard
  2. Select your Hollo project and service
  3. In the deployments tab, click the three-dot menu and select Redeploy

Docker Deployment

  1. Pull the latest image: docker pull ghcr.io/fedify-dev/hollo:latest
  2. Stop your current container
  3. Start with the new image using your existing configuration

Manual Installation

  1. Pull the latest code: git pull
  2. Install dependencies: pnpm install
  3. Restart the service: pnpm run prod

Important Upgrade Notes

Environment Variables: Update your configuration if you're using deprecated variables:

  • Replace ASSET_URL_BASE with STORAGE_URL_BASE
  • Replace FS_ASSET_PATH with FS_STORAGE_PATH
  • Ensure your SECRET_KEY is at least 44 characters long

Session Reset: Due to the OAuth security improvements, existing user sessions may be invalidated during the upgrade. You'll likely need to log in again through your client apps (like Phanpy, Moshidon, etc.) after upgrading. This is a one-time inconvenience that ensures you benefit from the enhanced security features.

Thank you to everyone who contributed to this release, and to the community for your continued support. Hollo 0.6.0 brings significant improvements to security, usability, and the overall experience of running your own corner of the fediverse.

Logo of the IETF

RFC 7636: Proof Key for Code Exchange by OAuth Public Clients

OAuth 2.0 public clients utilizing the Authorization Code Grant are susceptible to the authorization code interception attack. This specification describes the attack as well as a technique to mitigate against the threat through the use of Proof Key for Code Exchange (PKCE, pronounced "pixy").

datatracker.ietf.org · IETF Datatracker

Julian Fietkau @julian@fietkau.social
Quiet public
Shared by @reiver ⊼ (Charles) :batman:

@holloHollo :hollo: @thisismissemEmelia 👸🏻 Congratulations!

I'm still kind of obsessed with the idea of turning the profile color into a federatable actor property and creating an FEP to let server platforms (and ultimately clients) display people's profiles with visual accents in their chosen color.

It's not MySpace level of customization, but giving people a sense of ownership of "their" space is nice.

Would that be a waste of time or would any other platform want to buy in? @julian@community.nodebb.org @dansup @renchapRenaud Chaput @rimu

0
0
0
0
0
0
1
0
0
Hollo :hollo: @hollo@hollo.social
Public
Shared by @reiver ⊼ (Charles) :batman:

We're excited to announce Hollo 0.6.0, a significant release that brings enhanced security, better user experience, and important infrastructure improvements to your single-user microblogging setup.

Enhanced OAuth Security with Modern Standards

This release prioritizes security with comprehensive OAuth 2.0 improvements that align with current best practices. We've implemented several critical RFC standards that significantly strengthen the authorization process:

OAuth 2.0 Authorization Code Flow with Access Grants — We've overhauled the OAuth implementation to properly separate authorization codes from access token issuance, providing better security isolation throughout the authentication process.

RFC 7636 PKCE (Proof Key for Code Exchange) Support — Hollo now supports PKCE with the S256 code challenge method, which prevents authorization code interception attacks. This is particularly important for public clients and follows the latest OAuth 2.0 security recommendations outlined in RFC 9700 (OAuth 2.0 Security Current Best Practices).

RFC 8414 OAuth Authorization Server Metadata — We've added support for OAuth Authorization Server metadata endpoints, allowing clients to automatically discover Hollo's OAuth capabilities and configuration. This makes integration smoother and helps clients adapt to your server's specific OAuth setup.

Enhanced Profile Scope Support — The new /oauth/userinfo endpoint and expanded profile scope support provide applications with standardized ways to access user profile information, improving compatibility with a wider range of OAuth-compliant applications.

These OAuth improvements not only make Hollo more secure but also position it at the forefront of federated social media security standards. We encourage other fediverse projects to adopt these same standards to ensure the entire ecosystem benefits from these security enhancements.

Special thanks to Emelia Smith (@thisismissemEmelia 👸🏻) for spearheading these critical OAuth security improvements and ensuring Hollo stays ahead of the curve on authentication best practices.

Revamped Media Storage Configuration

We've significantly improved how Hollo handles media storage configuration, making it more flexible and future-ready:

New Environment Variables — The storage system now uses STORAGE_URL_BASE (replacing the deprecated ASSET_URL_BASE) and FS_STORAGE_PATH for local filesystem storage (replacing FS_ASSET_PATH). These changes provide clearer naming and better organization.

Improved Security Requirements — The SECRET_KEY environment variable now requires a minimum of 44 characters, ensuring sufficient entropy for cryptographic operations. You'll need to update your configuration if your current secret key is shorter.

Network Binding Control — The new BIND environment variable lets you specify exactly which network interface Hollo should listen on, giving you more control over your server's network configuration.

Thanks to Emelia Smith (@thisismissemEmelia 👸🏻) for leading these infrastructure improvements.

Better User Experience

Customizable Profile Themes — You can now personalize your profile page with different theme colors. Choose from the full range of Pico CSS color options to make your profile uniquely yours.

Enhanced Administration Dashboard — The dashboard now displays the current Hollo version at the bottom, making it easier to track which version you're running. You can also sign out directly from the dashboard for better session management.

Improved Post Presentation — Shared posts on profile pages now have better visual separation from original content, and the sharing timestamp is clearly displayed. This makes it much easier to distinguish between your original thoughts and content you've shared from others.

Better Image Accessibility — Alt text for images is now displayed within expandable details sections, improving accessibility while keeping the interface clean.

Syntax Highlighting — Code blocks in Markdown posts now feature beautiful syntax highlighting powered by Shiki, supporting a comprehensive range of programming languages. This makes technical discussions much more readable.

Enhanced Character Limit — The maximum post length has been increased from 4,096 to 10,000 characters, giving you more space to express your thoughts in detail.

Thanks to RangHo Lee (@rangho_220우주스타 아이도루 랭호 🌠) for the version display feature and Okuto Oyama (@yamanoku) for the image accessibility improvements.

Privacy and Content Improvements

EXIF Metadata Removal — Hollo now automatically strips EXIF metadata from uploaded images before storing them, protecting your privacy by removing potentially sensitive location and device information.

Public API Endpoints — Following Mastodon's approach, certain API endpoints are now publicly accessible without authentication, making Hollo more compatible with various client applications and improving the overall federation experience.

Thanks to NTSK (@ntekNTSK) for the privacy-focused EXIF metadata stripping implementation.

Technical Foundation

Node.js 24+ Requirement — This release requires Node.js 24.0.0 or later. We've also upgraded to Fedify 1.5.3 and @fedify/postgres 0.3.0 for improved performance and compatibility.

Test Coverage & Quality Assurance — The codebase now includes comprehensive testing infrastructure and test coverage. We're committed to expanding this coverage and integrating testing more deeply into our development and release workflows. This also provides an excellent opportunity for first-time contributors to get involved by writing tests.

Cross-Origin Request Support — OAuth and well-known endpoints now properly support cross-origin requests, aligning with Mastodon's behavior and improving client compatibility.

Cleaner Token Endpoint — The scope parameter is now properly optional for the OAuth token endpoint, clarifying that it only affects client credentials flows (not authorization code flows, where it was already ignored).

Looking Forward

This release represents a major step forward in making Hollo not just a great single-user microblogging platform, but also a leader in federated social media security standards. The OAuth improvements we've implemented should serve as a model for other fediverse projects.

We're particularly excited about the OAuth security enhancements, which demonstrate our commitment to staying ahead of security best practices. As the federated web continues to evolve, we believe these standards will become increasingly important for maintaining user trust and ensuring secure interactions across the fediverse.

Upgrading

Upgrading to Hollo 0.6.0 is straightforward, but there are a few important considerations:

Railway Deployment

  1. Go to your Railway dashboard
  2. Select your Hollo project and service
  3. In the deployments tab, click the three-dot menu and select Redeploy

Docker Deployment

  1. Pull the latest image: docker pull ghcr.io/fedify-dev/hollo:latest
  2. Stop your current container
  3. Start with the new image using your existing configuration

Manual Installation

  1. Pull the latest code: git pull
  2. Install dependencies: pnpm install
  3. Restart the service: pnpm run prod

Important Upgrade Notes

Environment Variables: Update your configuration if you're using deprecated variables:

  • Replace ASSET_URL_BASE with STORAGE_URL_BASE
  • Replace FS_ASSET_PATH with FS_STORAGE_PATH
  • Ensure your SECRET_KEY is at least 44 characters long

Session Reset: Due to the OAuth security improvements, existing user sessions may be invalidated during the upgrade. You'll likely need to log in again through your client apps (like Phanpy, Moshidon, etc.) after upgrading. This is a one-time inconvenience that ensures you benefit from the enhanced security features.

Thank you to everyone who contributed to this release, and to the community for your continued support. Hollo 0.6.0 brings significant improvements to security, usability, and the overall experience of running your own corner of the fediverse.

Logo of the IETF

RFC 7636: Proof Key for Code Exchange by OAuth Public Clients

OAuth 2.0 public clients utilizing the Authorization Code Grant are susceptible to the authorization code interception attack. This specification describes the attack as well as a technique to mitigate against the threat through the use of Proof Key for Code Exchange (PKCE, pronounced "pixy").

datatracker.ietf.org · IETF Datatracker

1
2
1
0
0
0
1
0
0
0
0
0
0
0
0
1
0
0
1
0
0
0
0
0