Search results

洪 民憙 (Hong Minhee) :nonbinary: @hongminhee@hollo.social
Public

After months of struggling with the “zombie post” issue on Hackers' Pub—where deleted posts wouldn't disappear from remote servers—I had a sudden hypothesis today. As I dug into it, I realized it's a structural issue with Fedify's MessageQueue system: Create(Note) and Delete(Note) activities can be delivered out of order, causing remote instances to receive Delete(Note) before Create(Note).

The fix will likely require API changes, so this will probably need to wait for 2.0.0.

https://planet.moe/@jihyeok@hackers.pub/115388410800303298 (deleted post) https://planet.moe/@jihyeok@hackers.pub/115388418630081723 (current post) I reproduced this against planet.moe.

Notes deleted at Hackers' Pub is not deleted in remote Mastodon instances · Issue #162 · hackers-pub/hackerspub

https://planet.moe/@jihyeok@hackers.pub/115388410800303298 (deleted post) https://planet.moe/@jihyeok@hackers.pub/115388418630081723 (current post) I reproduced this against planet.moe.

github.com · GitHub

2
1
0
0
0
0

upcoming fediverse events

Liaizon Wakest @wakest@hackers.pub

Jan 26th, online

  • Fediverse-Sprechstunde (in German)

Jan 31st, Brussels

  • FOSDEM: Fediverse Integration into (EU) Public Administration

  • FOSDEM: Social Web Devroom (25 presentations)

February 1st, Berlin

  • Digital Independence Day: Punk Tour of the Fediverse (in German/English)

February 1st, Brussels

  • FOSDEM: Shaping the Future of Events and Calendars in the Fediverse
  • FOSDEM: The Fediverse and the EU's DSA: solving the challenges of modern social media?

February 3rd, Berlin

  • BERLIN FEDERATED NETWORK EXPLORATION CIRCLE: Fedify

February 4th + 5th, London

  • Protocols for Publishers

February 22nd, Vancouver

  • FediCollective: Co-Creating the Web

February 24th, Montreal

  • FediMTL: digital sovereignty and the social web

March 2nd, online

  • Growing the Open Social Web: An Online FediForum Un-Workshop

March 19th + 20th, Amsterdam

  • Nodes on a Web: The Fediverse in/for Public Institutions

July 8th to the 12th, Germany

  • DWeb Camp 2026
Read more →
5
0
0
@reiver ⊼ (Charles) :batman: @reiver@mastodon.social
Public

Fediverse & AI Coding Tools & Vibe Coding

...

I noticed 2 or 3 people lately using AI coding tools to create Fediverse software.

2 of them even seemed to be Vibe Coding.

...

I have been programming for over 30 years. I am probably not going to Vibe Code, but —

I wonder if we should help them.

There are tools we (Fediverse developers) could create to make it so others could Vibe Code Fediverse apps.

0
0
0
@reiver ⊼ (Charles) :batman: @reiver@mastodon.social
Public

Fediverse & AI Coding Tools & Vibe Coding

...

I noticed 2 or 3 people lately using AI coding tools to create Fediverse software.

2 of them even seemed to be Vibe Coding.

...

I have been programming for over 30 years. I am probably not going to Vibe Code, but — I do recognize that it can be empowering to non-programmers

mastodon.social/@reiver/115639

...

@reiver ⊼ (Charles) :batman: (@reiver@mastodon.social)

Content warning: vibe coding

mastodon.social · Mastodon

0
0
0
0
0
0
@reiver ⊼ (Charles) :batman: @reiver@mastodon.social
Public

2/

To handle public-key cryptography safely, often a user should be able to have multiple public-keys.

For example, a user might have a different public-key on each device, rather than sharing public-keys.

A user might delegate to a 3rd party — and there may be a delegated versus non-delegated public-key distinction.

Key-rotation is also often necessary for safety reasons.

Etc.

...

@reiver ⊼ (Charles) :batman: @reiver@mastodon.social
Public

3/

All that requires that a Fediverse user can have multiple public-keys specified for them.

...

Although w3id.org/security/v1 seems to allow for multiple public-keys —

I wonder how much Fediverse software could actually handle multiple public-keys (rather than just one)?

(And, don't just assume one public-key?)

How mucg Fediverse software could handle public-keys changing over time?

Etc?

0
0
0
@reiver ⊼ (Charles) :batman: @reiver@mastodon.social
Public

2/

To handle public-key cryptography safely, often a user should be able to have multiple public-keys.

For example, a user might have a different public-key on each device, rather than sharing public-keys.

A user might delegate to a 3rd party — and there may be a delegated versus non-delegated public-key distinction.

Key-rotation is also often necessary for safety reasons.

Etc.

...

0
0
0
0
0
0
洪 民憙 (Hong Minhee) :nonbinary: @hongminhee@hollo.social
Public

While working on , I noticed something about how handles object access. When a remote server requests a followers-only post or DM with a valid HTTP Signatures (draft-cavage) from an authorized actor, Misskey still returns 404 instead of the content. It seems Misskey only checks the visibility field (public/home) without verifying the signature at all.

takes a different approach—when is enabled, it validates the HTTP Signatures and returns the content if the requesting actor has permission. I think it would be beneficial if Misskey could adopt a similar mechanism, since it would better respect the access control semantics that ActivityPub intends. Has anyone else run into this, or are there specific reasons Misskey handles it this way?

洪 民憙 (Hong Minhee) :nonbinary: @hongminhee@hollo.social
Public

Fedifyを開発していて気づいたことなんですが、MisskeyのActivityPubオブジェクトへのアクセス処理について少し疑問があります。リモートサーバーから、アクセス権限のあるアクターの有効なHTTP Signaturesを含むリクエストでフォロワー限定投稿やDMにアクセスしようとしても、Misskeyは内容を返さずに404を返すようです。どうやらMisskeyはHTTP Signaturesを検証せず、visibilityフィールド(publicとhome)だけを確認しているようです。

Mastodonの場合、authorized fetchを有効にすると、HTTP Signaturesを検証して、リクエストしているアクターに権限があれば内容を返します。MisskeyもMastodonのような仕組みを採用してくれたら、ActivityPubが意図しているアクセス制御のセマンティクスをより適切に尊重できるんじゃないかと思います。他の方も同じようなことに気づかれたことはありますか?それとも、Misskeyがこのような処理をしている特別な理由があるのでしょうか?

0
1
0
洪 民憙 (Hong Minhee) :nonbinary: @hongminhee@hollo.social
Public

While working on , I noticed something about how handles object access. When a remote server requests a followers-only post or DM with a valid HTTP Signatures (draft-cavage) from an authorized actor, Misskey still returns 404 instead of the content. It seems Misskey only checks the visibility field (public/home) without verifying the signature at all.

takes a different approach—when is enabled, it validates the HTTP Signatures and returns the content if the requesting actor has permission. I think it would be beneficial if Misskey could adopt a similar mechanism, since it would better respect the access control semantics that ActivityPub intends. Has anyone else run into this, or are there specific reasons Misskey handles it this way?

0
4
1
0
0
0
wakest ⁂ @liaizon@social.wake.st
Public

RE: varese.social/@emanuelecariati

André Menrath (@linosAndré Menrath) did a great talk called [Interoperability of Events in the Fediverse] that I only just now got a chance to watch. This is an area of the that really doesn't get enough attention, and the work that André is doing with event-federation.eu is super excellent.

Anyway watch the presentation here vimeo.com/1137648835 and let's get events fully federating with all their depth and nuance intact!

A video still of André Menrath presenting the issues with federated events at SFCON
0
0
0
0
0
0
0
0
1
Fedify: ActivityPub server framework @fedify@hollo.social
Public

Fedify 1.10.0: Observability foundations for the future debug dashboard

Fedify is a framework for building servers that participate in the . It reduces the complexity and boilerplate typically required for ActivityPub implementation while providing comprehensive federation capabilities.

We're excited to announce 1.10.0, a focused release that lays critical groundwork for future debugging and observability features. Released on December 24, 2025, this version introduces infrastructure improvements that will enable the upcoming debug dashboard while maintaining full backward compatibility with existing Fedify applications.

This release represents a transitional step toward Fedify 2.0.0, introducing optional capabilities that will become standard in the next major version. The changes focus on enabling richer observability through OpenTelemetry enhancements and adding prefix scanning capabilities to the key–value store interface.

Enhanced OpenTelemetry instrumentation

Fedify 1.10.0 significantly expands OpenTelemetry instrumentation with span events that capture detailed ActivityPub data. These enhancements enable richer observability and debugging capabilities without relying solely on span attributes, which are limited to primitive values.

The new span events provide complete activity payloads and verification status, making it possible to build comprehensive debugging tools that show the full context of federation operations:

  • activitypub.activity.received event on activitypub.inbox span — records the full activity JSON, verification status (activity verified, HTTP signatures verified, Linked Data signatures verified), and actor information
  • activitypub.activity.sent event on activitypub.send_activity span — records the full activity JSON and target inbox URL
  • activitypub.object.fetched event on activitypub.lookup_object span — records the fetched object's type and complete JSON-LD representation

Additionally, Fedify now instruments previously uncovered operations:

  • activitypub.fetch_document span for document loader operations, tracking URL fetching, HTTP redirects, and final document URLs
  • activitypub.verify_key_ownership span for cryptographic key ownership verification, recording actor ID, key ID, verification result, and the verification method used

These instrumentation improvements emerged from work on issue #234 (Real-time ActivityPub debug dashboard). Rather than introducing a custom observer interface as originally proposed in #323, we leveraged Fedify's existing OpenTelemetry infrastructure to capture rich federation data through span events. This approach provides a standards-based foundation that's composable with existing observability tools like Jaeger, Zipkin, and Grafana Tempo.

Distributed trace storage with FedifySpanExporter

Building on the enhanced instrumentation, Fedify 1.10.0 introduces FedifySpanExporter, a new OpenTelemetry SpanExporter that persists ActivityPub activity traces to a KvStore. This enables distributed tracing support across multiple nodes in a Fedify deployment, which is essential for building debug dashboards that can show complete request flows across web servers and background workers.

The new @fedify/fedify/otel module provides the following types and interfaces:

import { MemoryKvStore } from "@fedify/fedify";
import { FedifySpanExporter } from "@fedify/fedify/otel";
import {
  BasicTracerProvider,
  SimpleSpanProcessor,
} from "@opentelemetry/sdk-trace-base";

const kv = new MemoryKvStore();
const exporter = new FedifySpanExporter(kv, {
  ttl: Temporal.Duration.from({ hours: 1 }),
});

const provider = new BasicTracerProvider();
provider.addSpanProcessor(new SimpleSpanProcessor(exporter));

The stored traces can be queried for display in debugging interfaces:

// Get all activities for a specific trace
const activities = await exporter.getActivitiesByTraceId(traceId);

// Get recent traces with summary information
const recentTraces = await exporter.getRecentTraces({ limit: 100 });

The exporter supports two storage strategies depending on the KvStore capabilities. When the list() method is available (preferred), it stores individual records with keys like [prefix, traceId, spanId]. When only cas() is available, it uses compare-and-swap operations to append records to arrays stored per trace.

This infrastructure provides the foundation for implementing a comprehensive debug dashboard as a custom SpanExporter, as outlined in the updated implementation plan for issue #234.

Optional list() method for KvStore interface

Fedify 1.10.0 adds an optional list() method to the KvStore interface for enumerating entries by key prefix. This method enables efficient prefix scanning, which is useful for implementing features like distributed trace storage, cache invalidation by prefix, and listing related entries.

interface KvStore {
  // ... existing methods
  list?(prefix?: KvKey): AsyncIterable<KvStoreListEntry>;
}

When the prefix parameter is omitted or empty, list() returns all entries in the store. This is useful for debugging and administrative purposes. All official KvStore implementations have been updated to support this method:

  • MemoryKvStore — filters in-memory keys by prefix
  • SqliteKvStore — uses LIKE query with JSON key pattern
  • PostgresKvStore — uses array slice comparison
  • RedisKvStore — uses SCAN with pattern matching and key deserialization
  • DenoKvStore — delegates to Deno KV's built-in list() API
  • WorkersKvStore — uses Cloudflare Workers KV list() with JSON key prefix pattern

While list() is currently optional to give existing custom KvStore implementations time to add support, it will become a required method in Fedify 2.0.0 (tracked in issue #499). This migration path allows implementers to gradually adopt the new capability throughout the 1.x release cycle.

The addition of list() support was implemented in pull request #500, which also included the setup of proper testing infrastructure for WorkersKvStore using Vitest with @cloudflare/vitest-pool-workers.

NestJS 11 and Express 5 support

Thanks to a contribution from Cho Hasang (@crohasang크롸상), the @fedify/nestjs package now supports NestJS 11 environments that use Express 5. The peer dependency range for Express has been widened to ^4.0.0 || ^5.0.0, eliminating peer dependency conflicts in modern NestJS projects while maintaining backward compatibility with Express 4.

This change, implemented in pull request #493, keeps the workspace catalog pinned to Express 4 for internal development and test stability while allowing Express 5 in consuming applications.

What's next

Fedify 1.10.0 serves as a stepping stone toward the upcoming 2.0.0 release. The optional list() method introduced in this version will become required in 2.0.0, simplifying the interface contract and allowing Fedify internals to rely on prefix scanning being universally available.

The enhanced instrumentation and FedifySpanExporter provide the foundation for implementing the debug dashboard proposed in issue #234. The next steps include building the web dashboard UI with real-time activity lists, filtering, and JSON inspection capabilities—all as a separate package that leverages the standards-based observability infrastructure introduced in this release.

Depending on the development timeline and feature priorities, there may be additional 1.x releases before the 2.0.0 migration. For developers building custom KvStore implementations, now is the time to add list() support to prepare for the eventual 2.0.0 upgrade. The implementation patterns used in the official backends provide clear guidance for various storage strategies.

Acknowledgments

Special thanks to Cho Hasang (@crohasang크롸상) for the NestJS 11 compatibility improvements, and to all community members who provided feedback and testing for the new observability features.

For the complete list of changes, bug fixes, and improvements, please refer to the CHANGES.md file in the repository.

Fedify

Fedify is a TypeScript library for building federated server apps powered by ActivityPub and other standards, so-called fediverse.

fedify.dev

Link author: Fedify: ActivityPub server framework@fedify@hollo.social

0
0
0
洪 民憙 (Hong Minhee) :nonbinary: @hongminhee@hollo.social
Public

Found this helpful resource by Ben Boyter (@boyter): a collection of sequence diagrams explaining how / works in practice—covering post creation, follows, boosts, deletions, and user migration.

If you're trying to implement ActivityPub, the spec can be frustratingly vague, and different servers do things differently. This aims to be a “clean room” reference for getting federation right.

https://github.com/boyter/activitypub

Sequence diagrams of how ActivityPub works. Contribute to boyter/activitypub development by creating an account on GitHub.

GitHub - boyter/activitypub: Sequence diagrams of how ActivityPub works

Sequence diagrams of how ActivityPub works. Contribute to boyter/activitypub development by creating an account on GitHub.

github.com · GitHub

2
2
0
Fedify: ActivityPub server framework @fedify@hollo.social
Public

According to @tchambersTim Chambers's My 2026 Open Social Web Predictions:

Fedify will power the federation layer for at least one mid-sized social platform (500K+ users) that adds ActivityPub support in 2026. The “build vs. buy” calculation for federation shifts decisively toward “just use Fedify.”

We're honored by this recognition and will keep working hard to make adoption easier for everyone. Thank you, Tim!

Tim Chambers - My 2026 Open Social Web Predictions

Predictions for 2026 include growth forecasts for various social media platforms, advancements in federated technologies, and anticipated shifts in how organizations and governments engage with decentralized networks.

www.timothychambers.net · Tim Chambers

0
0
0
0
0
0
Fedify: ActivityPub server framework @fedify@hollo.social
Public

🚨 Security Advisory: CVE-2025-68475

A ReDoS (Regular Expression Denial of Service) vulnerability has been discovered in Fedify's HTML parsing code. This vulnerability could allow a malicious federated server to cause denial of service by sending specially crafted HTML responses.
CVE ID CVE-2025-68475
Severity High (CVSS 7.5)
Affected versions ≤1.9.1
Patched versions 1.6.13, 1.7.14, 1.8.15, 1.9.2

If you're running Fedify in production, please upgrade to one of the patched versions immediately.

For full details, see the security advisory: https://github.com/fedify-dev/fedify/security/advisories/GHSA-rchf-xwx2-hm93

Thank you to Yue (Knox) Liu for responsibly reporting this vulnerability.

Hi Fedify team! 👋 Thank you for your work on Fedify—it's a fantastic library for building federated applications. While reviewing the codebase, I discovered a Regular Expression Denial of Servic...

ReDoS Vulnerability in HTML Parsing Regex

Hi Fedify team! 👋 Thank you for your work on Fedify—it's a fantastic library for building federated applications. While reviewing the codebase, I discovered a Regular Expression Denial of Servic...

github.com · GitHub

0
1
0
洪 民憙 (Hong Minhee) @hongminhee@hackers.pub
Public

Calling all developers for help: I'm currently trying to implement a () feature for Hackers' Pub, an -enabled community for software engineers. Is there a formal specification for how cross-instance reporting should work in ActivityPub? Or, is there any well-documented material that explains how the major implementations handle it?

Hackers' Pub

Hackers' Pub is a place for software engineers to share their knowledge and experience with each other. It's also an ActivityPub-enabled social network, so you can follow your favorite hackers in the fediverse and get their latest posts in your feed.

hackers.pub

2
0
0
0
0
0
0
0
0
0
0
0
@reiver ⊼ (Charles) :batman: @reiver@mastodon.social
Public

A story of Fediverse UX problems

by @lunaluna, only carbon now

pony.social/@luna/111677040345

luna, friend of eggbug (@luna@pony.social)

In 2009, I join Twitter. I make friends there. I can see their posts. Twitter has a Nazi problem. I pre-emptively join Mastodon. But I don’t really use it yet. Elon Musk buys Twitter. My friends start leaving. I no longer see their posts. I want to see my friends’ posts. - I find my friends again on Mastodon. Now I have two apps to keep track of. But I can see my friends’ posts again. My instance admins get in a fight. Friends’ instances defederate from mine. I can no longer follow them, nor they me. I am told about this by a friend who noticed. There is no indication given by the software. I am not notified of the connections I’ve lost. I want to see my friends’ posts. - A friend invites me to their instance. I accept, and migrate my profile across. I re-follow missing friends I can remember. And I can see my friends’ posts again. A friend posts photos on her instance. But those photos are not visible on mine. Her profile appears, to me, devoid of images. My new instance seemingly media-blocks hers. There is no indication given by the software. - I just want to see my friends’ posts. Am I wrong to want that? - https://moonbase.lgbt/blog/i-want-to-see-my-friends-posts/

pony.social · Ponies on Mastodon

0
0
0
0
0
0
@reiver ⊼ (Charles) :batman: @reiver@mastodon.social
Public

8/

[Fediverse BackUp]

Also — what about comments / replies —

Someone people (including me) would want at least some of the comments / replies to be included in a BackUp for a post.

So, for an Activity File to be a "good" format for a BackUp, a single Activity File would also need to contain (all or selected) the comments / replies to the post.

...

@reiver ⊼ (Charles) :batman: @reiver@mastodon.social
Public

9/

[Fediverse BackUp]

So, I think an (ActivityPub / ActivityStreams) Activity File COULD be a "good" format for backing-up a single post on the Fediverse, but —

Most (maybe all) extant Fediverse software would need to change a bit. Fediverse software would need to support embedding "everything" in a single Activity File (rather than referring to "everything" else by URLs).

.

0
0
0
@reiver ⊼ (Charles) :batman: @reiver@mastodon.social
Public

7/

[Fediverse BackUp]

Also — we would need to consider Threads / Storms —

Where people reply to their own post to make a larger post made up of smaller posts.

(I.e., what I have been doing here 🙂 )

For an Activity File to be a "good" format for a BackUp, a single Activity File would need to contain all the posts in the Thread / Storm.

Also —

...

@reiver ⊼ (Charles) :batman: @reiver@mastodon.social
Public

8/

[Fediverse BackUp]

Also — what about comments / replies —

Someone people (including me) would want at least some of the comments / replies to be included in a BackUp for a post.

So, for an Activity File to be a "good" format for a BackUp, a single Activity File would also need to contain (all or selected) the comments / replies to the post.

...

0
0
0
@reiver ⊼ (Charles) :batman: @reiver@mastodon.social
Public

6/

[Fediverse BackUp]

Also — we would need to consider Threads / Storms —

Where people reply to their own post to make a larger post made up of smaller posts.

(I.e., what I have been doing here 🙂 )

for an Activity File to be a "good" format for a BackUp, a single Activity File would need to contain all the posts in the Thread / Storm.

Also —

...

@reiver ⊼ (Charles) :batman: @reiver@mastodon.social
Public

7/

[Fediverse BackUp]

Also — we would need to consider Threads / Storms —

Where people reply to their own post to make a larger post made up of smaller posts.

(I.e., what I have been doing here 🙂 )

For an Activity File to be a "good" format for a BackUp, a single Activity File would need to contain all the posts in the Thread / Storm.

Also —

...

0
0
0
@reiver ⊼ (Charles) :batman: @reiver@mastodon.social
Public

6/

[Fediverse BackUp]

Also — we would need to consider Threads / Storms —

Where people reply to their own post to make a larger post made up of smaller posts.

(I.e., what I have been doing here 🙂 )

for an Activity File to be a "good" format for a BackUp, a single Activity File would need to contain all the posts in the Thread / Storm.

Also —

...

0
0
0
@reiver ⊼ (Charles) :batman: @reiver@mastodon.social
Public

4/

[Fediverse BackUp]

Now, having said that, I don't think there is anything about ActivityPub / ActivityStreams that "prevents" Fediverse software from not embedding (non-text) media (such as images, audio, video, etc) into an Activity File —

For example, an "Image" Object can contain a ("mediaType" and a) "content" field (rather than an "href" field).

But —

...

0
0
0
@reiver ⊼ (Charles) :batman: @reiver@mastodon.social
Public

4/

[Fediverse BackUp]

Now, having said that, I don't think there is anything about ActivityPub / ActivityStreams that "prevents" Fediverse software from not embedding (non-text) media (such as images, audio, video, etc) into an Activity File —

For example, an "Image" Object can contain a ("mediaType" and a) "content" field (rather than an "href" field).

But —

...

0
0
0
@reiver ⊼ (Charles) :batman: @reiver@mastodon.social
Public

2/

[Fediverse BackUp]

I think one challenge, in practice, with using an Activity File as a BackUp Format is that — a lot of Fediverse software does NOT embed (non-text) media (such images, audio, video, etc) in the Activity File.

But, instead references them using URLs.

(And, by "URL" I mean "URI", "IRI", etc.)

Usually this is probably a good thing, but —

...

0
0
0
@reiver ⊼ (Charles) :batman: @reiver@mastodon.social
Public

2/

[Fediverse BackUp]

I think one challenge, in practice, with using an Activity File as a BackUp Format is that — a lot of Fediverse software does NOT embed (non-text) media (such images, audio, video, etc) in the Activity File.

But, instead references them using URLs.

(And, by "URL" I mean "URI", "IRI", etc.)

Usually this is probably a good thing, but —

...

0
0
0
0
0
0
0
0
0
@reiver ⊼ (Charles) :batman: @reiver@mastodon.social
Public

3/

[Fediverse CDN]

Once you have Fediverse Caching servers — you have the basis to create a Fediverse content-distribution-network (CDN).

A (Fediverse-native) Fediverse content-distribution-network (CDN) could bring a new level of robustness and scalability to the Fediverse — while still maintaining the properties of decentralization, federation, and localization.

0
0
0
@reiver ⊼ (Charles) :batman: @reiver@mastodon.social
Public

RE: mastodon.social/@reiver/114009

1/

[Fediverse CDN]

One thing that crashes Fediverse servers (maybe the most) is — caching.

And, in particular, their storage drivers filling up (due to caching), which crashes the server.

Fediverse servers cache profiles, posts, images, and other servers on the Fediverse.

...

0
0
0
@reiver ⊼ (Charles) :batman: @reiver@mastodon.social
Public

RE: mastodon.social/@reiver/114009

1/

[Fediverse CDN]

One thing that crashes Fediverse servers (maybe the most) is — caching.

And, in particular, their storage drivers filling up (due to caching), which crashes the server.

Fediverse servers cache profiles, posts, images, and other servers on the Fediverse.

...

0
0
0
0
0
1
洪 民憙 (Hong Minhee) :nonbinary: @hongminhee@hollo.social
Public

A while back I mentioned the idea of “Fedify Studio”—a web-based toolkit for debugging and development. I've been quietly working on shaping that idea into something more concrete.

Nothing to announce yet, but it's looking like this might become a team effort rather than a solo project, which would be nice. We'll see how it goes.

2
1
0
marius @mariusor@metalhead.club
Public

I forgot how tedious it is to chase code coverage when writing tests.

However this was part of the reason that made me include the "boring" parts of building a robust library into the goals set for the grant.

So after a couple of days of work I finally got the first of the storage backends for the library go past 80% test coverage.

I hope I can reuse some of the test logic in the other backends, as they need to perform identically.

0
0
0
Julian Fietkau @julian@fietkau.social
Public

RE: fietkau.software/daily_rucks/a

I have added Mastodon-style (FEP-044f) quote post compatibility to my @DailyRucksDaily Rucks from Bastion bot. You can now quote post the daily voice lines as much as you want! 🥳

This would be noteworthy on its own if there weren't already a bunch of non-Mastodon implementations, but I'm actually late to the party. WordPress, Bonfire, micro.blog, dotmakeup, and ActivityBot all got there before I did.

However, I think my approach is novel for being *stateless*. Thread incoming.

🧵 1/6

0
0
1
洪 民憙 (Hong Minhee) :nonbinary: @hongminhee@hollo.social
Public

Just opened an issue for a major new task for : building an smoke test suite.

To ensure Fedify-built servers federate correctly with the wider , we're planning to run automated E2E tests in against live instances of Mastodon, Misskey, and more. This is crucial for a framework's reliability.

You can see the full plan and discussion here:

https://github.com/fedify-dev/fedify/issues/481

Summary As a server framework, Fedify's core value lies in its ability to correctly interoperate with other ActivityPub implementations in the Fediverse. Currently, we rely on unit tests and manual...

Interoperability smoke test suite · Issue #481 · fedify-dev/fedify

Summary As a server framework, Fedify's core value lies in its ability to correctly interoperate with other ActivityPub implementations in the Fediverse. Currently, we rely on unit tests and manual...

github.com · GitHub

1
4
0
Chee Aun 🤔 @cheeaun@mastodon.social
Public

To know what software an instance is running (Mastodon, Pleroma, Akkoma, Firefish, Friendica, etc), have to make 2 calls:

1. `/.well-known/nodeinfo` - get the `href` for a nodeinfo link e.g. mastodon.social/.well-known/no
2. `/nodeinfo/2.0` (possibly 1.0 or 2.1 too) - get the `software.name` e.g. mastodon.social/nodeinfo/2.0

And… both are not CORS-enabled (again) for web apps to request 😅😢

Reference: github.com/h3poteto/megalodon/

0
0
1
洪 民憙 (Hong Minhee) :nonbinary: @hongminhee@hollo.social
Public

Been thinking about fediverse wiki after @2chanhaeng초무 mentioned it today. Some ideas:

  • Cross-instance page linking: [[Page Title@other-instance.wiki]]
  • Edit pages on other instances with your home account
  • Fork pages across instances: [[Page@instance-a.wiki]][[Page@instance-b.wiki]], sharing edit history up to the fork point
  • Merge forked pages later when needed

The fork/merge model feels natural for federated collaboration. Thoughts?

3
2
0

Interesting new DID method: "did:self"

FenTiger @fentiger@zotum.net

One consequence of trying to separate identity hosting from the other components of the system is that it makes the other components harder to bootstrap. If I run just one component of my instance in isolation, how can I authenticate to it in order to configure/manage/test it, if I don't have an identity that I can use?

The answer might be to use a did:self identifier. The flow would look something like

  • Management CLI tool generates a JWT describing a did:self identifier, and stores the private key locally
  • Admin uses scp or something to copy this JWT to the right place on the server
  • The server now has the ID's public key and so the CLI tool can prove that it "owns" the identifier

Which seems like a reasonable fix for the classic problem of "how do you create the first user", and also a useful fallback for when the system is too badly borked to be able to look up real identities.

Another interesting property of did:self is that seems to be possible to add extra metadata, such as a human-readable name, to the ID, by using standard JWT claims - without needing the data to appear in the DID document.

Of course these identities will only be visible to the server they're copied to, not to the whole network, but that shouldn't be a major problem.

(Cue the peanut gallery, with their suggestions of "it's easy, just do so-and-so", because everything looks easy when you take it out of context...)

#ActivityPubDev #FediDev
Read more →
0
0
0
jonny (good kind) @jonny@neuromatch.social
Public

RE: neuromatch.social/@jonny/11534

Rumors that the fediverse can't do mobile identity have been greatly exaggerated: is now in draft status - codeberg.org/fediverse/fep/src

This is a proposal for how to migrate all your stuff along with you when you move instances.

The gist:

  • Send a request to move along with a set of stuff you'd like to bring with you. Moderators (optionally) can, approve, send back a change request, or deny. If the changes look ok, start the move, if not, hey you avoided incompatible moderation. Should be possible to layer in any kind of bulk actions you might want: "everything except my DMs," "strip attachments," "only my favorite posts," "nothing," etc.
  • keep a public collection of move events signed by both the source and target for durable, portable proof that you are the same person as the old account
  • the new instance crawls your old account and grabs whatever you specified, and then posts a mapping from old URIs to new URIs.
  • other instances can then immediately remap the URIs so e.g. future interactions get sent to the right place, and then gradually update their local versions over time, spacing out traffic.

Just using existing ActivityPub mechanisms. There are 6 new terms.

Bonus: lays the next steps to migrate to content addressed URIs, decouple accounts from instances, and merge and split accounts.

It being a draft means that there is a 60 day (or longer) public comment period, and feedback/edits/etc. Are very much welcome.
Issue: codeberg.org/fediverse/fep/iss
Discussion: socialhub.activitypub.rocks/t/

0
0
0