Search results

0

🎉 Huge shoutout to two amazing contributors from Korea's program who've made excellent contributions to !

👏 @gaebalgom개발곰 tackled a tricky terminal compatibility issue in PR #282, fixing the fedify node command's favicon display on terminal emulators without truecolor support (#168). His solution elegantly detects terminal capabilities and falls back to 256-color mode when needed—ensuring a great experience across different environments.

🌟 @joonnotnotJoon enhanced Fedify's functionality in PR #281 by adding a configurable maxRedirection option to the lookupWebFinger() function (#248). He transformed a hardcoded limitation into a flexible, user-customizable parameter while maintaining perfect backward compatibility.

Both delivered thoughtful, well-implemented solutions that showcase the quality of contributions coming from the OSSCA program. Welcome to the Fedify community! :fedify:

Side-by-side comparison of `fedify node` command output showing terminal favicon display. Left side shows broken display on terminal without truecolor support with corrupted color blocks. Right side shows proper display after the fix with clean, correctly rendered favicon and NodeInfo output including mastodon.social server information and statistics.
1
0
0

🎉 Big thanks to @2chanhaeng이찬행 for his first contribution to ! He implemented the new fedify webfinger command in PR #278, which allows isolated lookups for testing configurations. This addresses the need for developers to test WebFinger functionality without performing comprehensive object retrieval.

The contribution includes:

  • A new fedify webfinger <handle> command that accepts @user@domain format handles or URIs
  • Clean JSON output of WebFinger JRD results
  • Proper error handling for invalid handles and lookup failures
  • Complete integration with help text and usage examples

This was originally filed as issue #260 and marked as a good first issue—perfect for newcomers to learn the codebase structure while contributing meaningful functionality. The PR has been merged and will be included in the upcoming Fedify 1.8.0 release.

We appreciate all first-time contributors who help make Fedify better for the entire community. Welcome aboard, ChanHaeng!

6
0
0
0

Excited to share that I've joined (Open Source Software Contribution Academy) as a mentor for the @fedifyFedify: an ActivityPub server framework project!

OSSCA is a national program run by South Korea's NIPA (National IT Industry Promotion Agency) through their Open Source Software Support Center, aimed at fostering the next generation of open source contributors.

We're currently in the process of selecting around 20 mentees who will start contributing to once the selection is complete. I've been busy preparing good first issues to help them get started on their open source journey.

Looking forward to working with these new contributors and seeing what amazing things we can build together!

And just finished writing a comprehensive contributor guide for the mentees!

You can check it out here—it's Korean though: https://hackers.pub/@hongminhee/2025/ossca-fedify-contributors-guide.

It covers everything from setting up the accounts and development environment to finding good first issues. While it's primarily for the OSSCA participants, anyone interested in contributing to @fedifyFedify: an ActivityPub server framework is welcome to use it as a reference.

Ready to onboard the next wave of developers!

0
1

I've just deployed the first set of changes to have proper activitypub quotes on bird.makeup, those exemples should (in theory) work on Mastodon 4.4 and others implementations that support those:

bird.makeup/users/davidfowl/st

bird.makeup/users/bigtechalert

bird.makeup/users/nntaleb/stat

Can you all test and report back? I will fix any incompatibilty with any implementation

0

Excited to share that I've joined (Open Source Software Contribution Academy) as a mentor for the @fedifyFedify: an ActivityPub server framework project!

OSSCA is a national program run by South Korea's NIPA (National IT Industry Promotion Agency) through their Open Source Software Support Center, aimed at fostering the next generation of open source contributors.

We're currently in the process of selecting around 20 mentees who will start contributing to once the selection is complete. I've been busy preparing good first issues to help them get started on their open source journey.

Looking forward to working with these new contributors and seeing what amazing things we can build together!

6
5
0

We're pleased to share that Encyclia has joined our success stories.

@encyclia bridges academic research to the by making researcher profiles and publications discoverable through —built with for seamless interoperability across Mastodon and other fediverse platforms.

This demonstrates Fedify's versatility beyond traditional social networking, helping specialized domains connect to the federated web.

We're also grateful for 's sponsorship support, which helps make Fedify's development possible.

Learn more about Encyclia at https://encyclia.pub/. 📚

0
1
0

We are pleased to announce the release of 1.7.0. This release was expedited at the request of the Ghost team, who are actively using Fedify for their implementation. As a result, several features originally planned for this version have been moved to Fedify 1.8.0 to ensure timely delivery of the most critical improvements.

This release focuses on enhancing message queue functionality and improving compatibility with ActivityPub servers through refined HTTP signature handling.

Native retry mechanism support

This release introduces support for native retry mechanisms in message queue backends. The new MessageQueue.nativeRetrial property allows queue implementations to indicate whether they provide built-in retry functionality, enabling Fedify to optimize its retry behavior accordingly.

When nativeRetrial is set to true, Fedify will delegate retry handling to the queue backend rather than implementing its own retry logic. This approach reduces overhead and leverages the proven retry mechanisms of established queue systems.

Current implementations with native retry support include:

  • DenoKvMessageQueue — utilizes Deno KV's automatic retry with exponential backoff
  • WorkersMessageQueue — leverages Cloudflare Queues' automatic retry and dead-letter queue features
  • AmqpMessageQueue — can now be configured to use AMQP broker's native retry mechanisms

The InProcessMessageQueue continues to use Fedify's internal retry mechanism, while ParallelMessageQueue inherits the retry behavior from its wrapped queue.

AMQP message queue improvements

Alongside Fedify 1.7.0, we have also released @fedify/amqp 0.3.0. This release adds the nativeRetrial option to AmqpMessageQueueOptions, enabling you to leverage your AMQP broker's built-in retry mechanisms. When enabled, this option allows the AMQP broker to handle message retries according to its configured policies, rather than relying on Fedify's internal retry logic.

Configurable double-knocking

The new FederationOptions.firstKnock option provides control over the HTTP Signatures specification used for the initial signature attempt when communicating with previously unknown servers.

Previously, the first knock for newly encountered servers always used RFC 9421 (HTTP Message Signatures), falling back to draft-cavage-http-signatures-12 if needed. With this release, you can now configure which specification to use for the first knock when communicating with unknown servers, with RFC 9421 remaining the default.

Summary

This release maintains Fedify's commitment to reliability and compatibility while laying the groundwork for more efficient message processing. The native retry mechanism support will particularly benefit applications using queue backends with sophisticated retry capabilities, while the double-knocking mechanism addresses real-world compatibility challenges in the ActivityPub ecosystem.

For detailed technical information about these changes, please refer to the changelog in the repository.

0
0
0
0
0
0

Le silence du .

Quand le protocole lui même donne une partie d'une conversation au lieu de tous les posts répondant au billet initial.

Réflexion sur comment y remédier:
hackers.pub/@hongminhee/2025/q

By @hongminhee洪 民憙 (Hong Minhee)

,

“조용한 연합우주” 문제를 해결하는 두 가지 접근법: 대화 백필링 메커니즘

이 글은 연합우주(fediverse)에서 발생하는 "조용한 연합우주" 문제, 즉 대화의 일부만 보이는 현상의 원인과 해결책을 탐구합니다. ActivityPub 프로토콜의 분산 특성으로 인해 대화가 여러 서버에 분산되어 저장되면서 발생하는 이 문제를 해결하기 위해, 답글 트리 크롤링과 컨텍스트 소유자 기반 방식이라는 두 가지 주요 접근법을 제시합니다. 답글 트리 크롤링은 모든 답글을 순차적으로 가져오는 방식이지만 네트워크 취약성과 작업량 증가의 단점이 있고, 컨텍스트 소유자 방식은 대화의 원 작성자가 대화 내용을 관리하는 중앙화된 접근법이지만 컨텍스트 소유자에 대한 의존성이 높다는 단점이 있습니다. 또한, 모더레이션 패러다임의 충돌과 상위 전파 누락 문제와 같은 논쟁점을 지적하며, 주기적 크롤링, 사용자 트리거, 멘션 기반 백필과 같은 추가적인 백필 메커니즘을 소개합니다. 마지막으로, FEP 수렴 논의와 구현체 간 협력 현황을 통해 향후 개발 방향으로 하이브리드 접근법의 표준화를 제시하며, 다중 전략 구현, 리소스 관리, 모니터링 및 로깅의 모범 사례 가이드라인을 제시합니다. 이 글은 연합우주가 더욱 풍부하고 연결된 소셜 네트워크로 발전하기 위한 노력과 사용자 경험 개선의 중요성을 강조합니다.

hackers.pub · Hackers' Pub

Link author: 洪 民憙 (Hong Minhee)@hongminhee@hackers.pub

0

“조용한 연합우주” 문제를 해결하는 두 가지 접근법: 대화 백필링 메커니즘

洪 民憙 (Hong Minhee) @hongminhee@hackers.pub

이 글은 연합우주(fediverse)에서 발생하는 "조용한 연합우주" 문제, 즉 대화의 일부만 보이는 현상의 원인과 해결책을 탐구합니다. ActivityPub 프로토콜의 분산 특성으로 인해 대화가 여러 서버에 분산되어 저장되면서 발생하는 이 문제를 해결하기 위해, 답글 트리 크롤링과 컨텍스트 소유자 기반 방식이라는 두 가지 주요 접근법을 제시합니다. 답글 트리 크롤링은 모든 답글을 순차적으로 가져오는 방식이지만 네트워크 취약성과 작업량 증가의 단점이 있고, 컨텍스트 소유자 방식은 대화의 원 작성자가 대화 내용을 관리하는 중앙화된 접근법이지만 컨텍스트 소유자에 대한 의존성이 높다는 단점이 있습니다. 또한, 모더레이션 패러다임의 충돌과 상위 전파 누락 문제와 같은 논쟁점을 지적하며, 주기적 크롤링, 사용자 트리거, 멘션 기반 백필과 같은 추가적인 백필 메커니즘을 소개합니다. 마지막으로, FEP 수렴 논의와 구현체 간 협력 현황을 통해 향후 개발 방향으로 하이브리드 접근법의 표준화를 제시하며, 다중 전략 구현, 리소스 관리, 모니터링 및 로깅의 모범 사례 가이드라인을 제시합니다. 이 글은 연합우주가 더욱 풍부하고 연결된 소셜 네트워크로 발전하기 위한 노력과 사용자 경험 개선의 중요성을 강조합니다.

Read more →
7
0
0

Fedilab users, vote on for these issues on my quality-of-life fixes wishlist! :blobwobble:

Add support for quoted posts: codeberg.org/tom79/Fedilab/iss

Make server announcements more visible: codeberg.org/tom79/Fedilab/iss

Implement grouping of boosts in timeline to a similar degree as Mastodon web client: codeberg.org/tom79/Fedilab/iss

Improve the UX of timeline refreshment: codeberg.org/tom79/Fedilab/iss

Support filters in Pleroma (and Akkoma): codeberg.org/tom79/Fedilab/iss

0

We're excited to announce the release of 1.6.1, which marks the beginning of the 1.6 series following the retraction of version 1.6.0. This release introduces significant new capabilities that expand Fedify's deployment options and enhance security compatibility across the .

🌐 Cloudflare Workers support

Fedify 1.6 introduces first-class support for Cloudflare Workers, enabling deployment of applications at the edge.

New components

Key features

  • Seamless integration with 's serverless runtime
  • Automatic handling of queue message processing through Workers' queue() method
  • Support for Node.js compatibility flag required for Fedify's cryptographic operations
  • Manual queue processing via Federation.processQueuedTask() method

For a complete working example, see the Cloudflare Workers example in the Fedify repository.

🏗️ Federation builder pattern

Fedify 1.6 introduces the FederationBuilder class and createFederationBuilder() function to support deferred federation instantiation. This pattern provides several benefits:

  • Deferred instantiation: Set up dispatchers and listeners before creating the federation object
  • Better code organization: Avoid circular dependencies and improve project structure
  • Cloudflare compatibility: Accommodates binding-based architectures where resources are passed as arguments rather than globals
  • Modular setup: Build complex federations piece by piece before instantiation

The builder pattern is particularly useful for large applications and environments like Cloudflare Workers where configuration data is only available at runtime.

🔐 HTTP Message Signatures (RFC 9421)

Fedify 1.6 implements the official HTTP Message Signatures standard (RFC 9421) specification, the final revision of the HTTP Signatures specification.

Double-knocking mechanism

To ensure maximum compatibility across the fediverse, Fedify 1.6 introduces an intelligent double-knocking mechanism:

  1. Primary attempt: RFC 9421 (HTTP Message Signatures) for modern implementations
  2. Fallback: Draft cavage version for legacy compatibility
  3. Adaptive caching: The system remembers which version each server supports to optimize future requests

This approach ensures seamless communication with both modern and legacy ActivityPub implementations while positioning Fedify at the forefront of security standards.

Interoperability testing

The RFC 9421 implementation has been thoroughly tested for interoperability with existing ActivityPub implementations that support RFC 9421 signature verification:

  • Mitra 4.4.0: Successfully verified Fedify-generated RFC 9421 signatures
  • Mastodon 4.4.0 development version: Tested RFC 9421 signature verification against Fedify's implementation (refer to Mastodon PR #34814, though Mastodon 4.4.0 has not yet been released)

These tests confirm that other ActivityPub implementations can successfully verify RFC 9421 signatures generated by Fedify, ensuring proper federation as the ecosystem gradually adopts the official specification. While these implementations currently support verification of RFC 9421 signatures, they do not yet generate RFC 9421 signatures themselves—making Fedify one of the first ActivityPub implementations to support both generation and verification of the modern standard.

🔍 WebFinger enhancements

Dedicated WebFinger lookup

The new Context.lookupWebFinger() method provides direct access to WebFinger data, offering developers more granular control over account discovery and resource resolution beyond the higher-level Context.lookupObject() method.

🛠 Context API improvements

Context data replacement

The new Context.clone() method enables dynamic context data replacement, providing greater flexibility in request processing and data flow management. This is particularly useful for middleware implementations and complex request routing scenarios.

🚀 Migration considerations

Backward compatibility

Fedify 1.6 maintains full backward compatibility with existing applications. The new HTTP Message Signatures and double-knocking mechanisms work transparently without requiring any code changes.

Node.js version requirement

Important: Fedify 1.6 requires Node.js 22.0.0 or later for Node.js environments. This change does not affect applications using Deno or Bun runtimes. If you're currently using Node.js, please ensure your environment meets this requirement before upgrading.

New deployment options

For new deployments, consider leveraging Cloudflare Workers support for:

  • Global edge deployment with low latency
  • Serverless scaling and automatic resource management
  • Integration with Cloudflare's ecosystem of services

🎯 Looking forward

Fedify 1.6 represents a significant expansion of deployment possibilities while maintaining the framework's commitment to broad compatibility across the fediverse. The addition of Cloudflare Workers support opens new architectural patterns for federated applications, while the RFC 9421 implementation ensures Fedify stays current with emerging ActivityPub security standards.


For detailed migration guides, API documentation, and examples, please visit the Fedify documentation. Join our community on Matrix or Discord for support and discussions.

2
0
2

Did you know? provides optimized for LLMs through the llms.txt standard.

Available endpoints:

Useful for training assistants on / development, building documentation chatbots, or -powered dev tools.

0

1.6 is approaching with three major enhancements: RFC 9421 HTTP Message Signatures support with double-knocking for seamless backward compatibility, a new builder pattern for better code organization in large applications, and native support for serverless deployments. These additions strengthen Fedify's standards compliance while expanding deployment flexibility across different environments. Stay tuned for the official release! 🚀

2
0
0

Good news! We've officially added support to the roadmap. We've created a detailed issue to track our implementation plan: https://github.com/fedify-dev/fedify/issues/233.

The effort will be tackled in phases, including compatibility assessment, core adaptations for Workers' environment, KV store and message queue implementations, and finally integration with Cloudflare's ecosystem. This will be a substantial project that we'll break down into several sub-issues.

If you're interested in contributing to any specific aspect of Workers support, please comment on the main issue to coordinate efforts.

🎉 support is now complete! After implementing the test infrastructure, core module, examples, and comprehensive documentation, can now run on Cloudflare Workers.

What's included:

Try it now: Available in the development release v1.6.1-dev.876+7b07d213:

This will be included in the upcoming Fedify 1.6 stable release. Thank you to everyone who requested this feature and provided feedback throughout the implementation!

1
0

If you're interested in building your own server but don't know where to start, I recommend checking out 's Creating your own federated microblog. It provides a comprehensive, step-by-step guide that walks you through building a fully functional federated application. Perfect for developers who want to dive into the !

0
3
0

This is how I am thinking about pointing to the GreatApe WebSocket API in the activity file.

The GreatApe WebSocket API — ActivitySocket ? — is sending ActivityPub activities over a WebSocket, along with some other stuff (such a queries, and commands).

Right now, I am using the "endpoints" field with the sub-field "inoutbox" to point to the WebSockets API end-point.

RE: mastodon.social/@reiver/114590

    {
      "type": "Conference",
      "actor": "acct:reiver@mastodon.social",
      "endpoints": {
        "inoutbox": "wss://greatape.social/@reiver@mastodon.social/conf"
      },
      "id": "https://greatape.social/@reiver@mastodon.social/conf",
      "name": "@reiver@mastodon.social — GreatApe"
    }
0

1/

GreatApe is a conferencing platform for the Fediverse and the Social Web — where an audience can listen & watch live, and can be invited to join the speakers on the stage.

GreatApe makes use of a WebSocket for communications.

I am working on turning the WebSocket API that @muhammadzaidali and @benyamin0Ben created into something more ActivityPub / ActivityStreams like.

Interestingly —

RE: mastodon.social/@reiver/114585

0

1/

GreatApe is a conferencing platform for the Fediverse and the Social Web — where an audience can listen & watch live, and can be invited to join the speakers on the stage.

GreatApe makes use of a WebSocket for communications.

I am working on turning the WebSocket API that @muhammadzaidali and @benyamin0Ben created into something more ActivityPub / ActivityStreams like.

Interestingly —

RE: mastodon.social/@reiver/114585

0

We're planning to reorganize our labels to better reflect 's project structure! 🏷️

Currently using GitHub's default labels, but we want something more tailored to our needs—like component-specific labels (vocab, federation, actor, etc.), runtime tags (Deno/Node/Bun), and compatibility tracking.

The proposal includes hierarchical labeling with categories like:

  • type/ for bug, feature, documentation
  • component/ for different parts of Fedify
  • activitypub/ for interop issues with Mastodon, Misskey, etc.

We'd love your thoughts! What labels would be most helpful for contributors and maintainers?

Check out the full proposal: https://github.com/fedify-dev/fedify/issues/238.

0

While 's API provides comprehensive support for and major vendor extensions, its code-generation approach makes runtime extensions challenging. However, the project welcomes contributions to expand the supported types and properties.

Fedify accepts vocabulary contributions when they meet any of these criteria:

  • Documented in FEP (Fediverse Enhancement Proposals) or equivalent specification
  • Already adopted by widely-used implementations like Mastodon or Pleroma
  • Thoroughly discussed within the Fedify community (Discord, Matrix, GitHub Discussions)

Contributing new vocabulary is straightforward. The vocabulary definitions live in YAML files within the fedify/vocab/ directory. To add a new type, create a new .yaml file. To add properties to existing types, extend the properties section in the relevant .yaml file.

This approach ensures Fedify's vocabulary coverage grows with the fediverse ecosystem while maintaining type safety and comprehensive documentation. If you're working with custom ActivityPub extensions, consider contributing them upstream to benefit the entire community.

For detailed guidance on the contribution process, see the Extending the vocabulary section in Fedify's docs.

1

Had a wonderful time today at our second FediDev KR (@sprints.fedidev.kr한국 페디버스 개발자 모임) gathering at Turing's Apple (@TuringAppleDev튜링의 사과) in !

We spent the day contributing to various open source projects including @fedifyFedify: an ActivityPub server framework, @holloHollo :hollo:, and Hackers' Pub. It was fantastic to see the community come together to build and improve tools for the decentralized social web.

Our participants made some great contributions, and you can read all about what we accomplished in today's blog post.

Looking forward to our next sprint!

A hand holding a 3D-printed keychain featuring the Fedify dinosaur mascot logo in blue and white colors. The keychain is packaged in a clear plastic bag with Korean text indicating it's from the FediDev KR Second Sprint on May 24, 2025. The background shows laptops and stickers on a table, suggesting a coding workspace at the sprint event.A bright green poster for FediDev KR #2 sprint event, showing the date 2025-05-24 Sat 13:00–18:00. The poster features Korean text announcing a FediDev KR sprint session, with the Turing's Apple logo and a circular blue logo with wave-like design. The poster is displayed on a TV at the entrance of the venue.
3
0
0

Exciting update 👉 We're inviting a handful of select users to Channel.org now 🎉

Channel.org aims to bring together knowledge across the open social web, whilst offering organisations the ability to build a social home instead of renting from Big Tech dictators.

If you'd like to join the beta waitlist, let us know at support@channel.org

A graphic alert reading: Channel.org BETA release. Invite only access now live
0

I've been thinking about adding a debug dashboard to that shows all activities being sent and received in real-time. This would include filters by activity type, detailed inspection of JSON-LD content, signature verification details, and retry management for failed deliveries.

As a , would you find this useful for troubleshooting federation issues? Any other features that would be helpful in such a debugging tool?

1
0
0

I've been thinking about client-server interactions in the . isn't widely used, and most clients rely on Mastodon-compatible APIs instead.

What if we created a new standardized API based on GraphQL + Relay for client-server communication, while keeping ActivityPub for server-to-server federation?

The Mastodon-compatible API lacks formal schema definitions for code generation and type checking, which hurts developer productivity. And ActivityPub C2S is honestly too cumbersome to use directly from client apps.

would give us type safety, efficient data fetching (only get what you need), and the ability to evolve the API without breaking clients. 's features for pagination, caching, and optimistic updates seem perfect for social apps.

Would this be valuable to our community? What challenges do you see? How might we handle backward compatibility? And should this be formalized as an FEP?

Curious what others think about this approach.

3
8
0

Looking for implementations with support! 🔍

As mentioned in the Fedify announcement below, I've implemented RFC 9421 (HTTP Message Signatures) and need to verify its interoperability with other ActivityPub implementations.

The challenge is that most major ActivityPub projects don't seem to have full RFC 9421 implementations in production yet. If you're working on an ActivityPub project that:

  • has implemented RFC 9421 (even in a development branch)
  • is currently implementing it
  • has plans to implement it soon

Please reach out! I'd love to collaborate on interoperability testing to ensure our implementations work properly with each other before merging this into 's main branch.

Any leads or connections would be greatly appreciated! 🙏

Okay, I've just deployed a bleeding edge , which implements both RFC 9421 and double-knocking, to Hackers' Pub. If you'd like to test your implementations against a real server, please give it a try! (If you want to create an account, let me know—I can invite you.)

2

Looking for implementations with support! 🔍

As mentioned in the Fedify announcement below, I've implemented RFC 9421 (HTTP Message Signatures) and need to verify its interoperability with other ActivityPub implementations.

The challenge is that most major ActivityPub projects don't seem to have full RFC 9421 implementations in production yet. If you're working on an ActivityPub project that:

  • has implemented RFC 9421 (even in a development branch)
  • is currently implementing it
  • has plans to implement it soon

Please reach out! I'd love to collaborate on interoperability testing to ensure our implementations work properly with each other before merging this into 's main branch.

Any leads or connections would be greatly appreciated! 🙏

1
5
1

We're excited to announce that we've implemented RFC 9421 (HTTP Message Signatures) in , complete with our double-knocking mechanism to maintain backward compatibility with the draft cavage version.

This implementation includes both signature generation and verification, meaning is used when both sending and receiving activities. While we haven't merged the RFC 9421 implementation branch yet, we're currently conducting interoperability tests with development versions of Mastodon and other implementations. Once these tests confirm compatibility, we'll proceed with the merge.

As noted in the attached docs, although RFC 9421 is the final and official standard for HTTP Signatures, the draft cavage version remains widely used across the . Our double-knocking mechanism ensures maximum compatibility by trying the RFC 9421 version first, then falling back to draft cavage if needed.

Currently, we support RSA-PKCS-v1.5 key pairs for generating HTTP Message Signatures, with plans to expand to other signature types in future releases.

We look forward to contributing to a more standardized and secure fediverse!

HTTP Message Signatures

This API is available since Fedify 1.6.0.

RFC 9421, also known as HTTP Message Signatures, is the final revision of the HTTP Signatures specification. Although it is the official standard, it is not widely used in the fediverse yet. As of May 2025, major ActivityPub implementations, such as Mastodon, et al., still rely on the draft cavage version of HTTP Signatures for signing portable activities.

Fedify automatically signs activities with the sender's private key if the actor keys dispatcher is set and the actor has any RSA-PKCS#1-v1.5 key pair. If there are multiple key pairs, Fedify selects the first RSA-PKCS#1-v1.5 key pair among them.

NOTE

Although HTTP Message Signatures support other than RSA-PKCS#1-v1.5, Fedify currently supports only RSA-PKCS#1-v1.5 key pairs for generating HTTP Message Signatures. This limitation will be lifted in the future releases.Double-knocking HTTP Signatures

This API is available since Fedify 1.6.0.

As you read above, there are two revisions of HTTP Signatures: the draft cavage version and the RFC 9421 version. The draft cavage version is declared as obsolete, but it is still widely used in the fediverse, and many ActivityPub implementations still rely on it. On the other hand, the RFC 9421 version is the official standard, but it is not widely used yet.

To support both versions of HTTP Signatures, Fedify uses the double-knocking mechanism: trying one version, then falling back to another if rejected. If it's the first encounter with the recipient server, Fedify tries the RFC 9421 version first, and if it fails, it falls back to the draft cavage version. If the recipient server accepts the RFC 9421 version, Fedify remembers it and uses the RFC 9421 version for the next time. If the recipient server rejects the RFC 9421 version, Fedify falls back to the draft cavage version and remembers it for the next time.
1
0
1

2/

I remember some people years ago saying that — they wanted to "subscribe" to the "server live feeds" on community servers different from the one that they are on

This is a way of following & perhaps even joining a community without necessarily being on that server

Which for example is useful if you wanted to be part of more than one community but use the same account

0

2/

I remember some people years ago saying that — they wanted to "subscribe" to the "server live feeds" on community servers different from the one that they are on

This is a way of following & perhaps even joining a community without necessarily being on that server

Which for example is useful if you wanted to be part of more than one community but use the same account

0
0

Great news for the wafrn app !!

As a culmination of the big journey of the past weeks, the Wafrn App is now listed in the official @unifiedpush documentation as one of the apps that support UnifiedPush

Check it at https://unifiedpush.org/users/apps/


#WafrnDev #FediDev #UnifiedPush #Degoogle #FreeServices

Apps using UnifiedPush

This is a non-exhaustive list of the first few end-user applications that use UnifiedPush. Android Name Description Date Since version Docs¹ FluffyChat Matrix chat January 2021 v0.26.1 FluffyChat push notifications² Fedilab Mastodon/Fediverse March 2021 v2.39.0 Fedilab push notifications² Tox Push Message App Tox chat May 2021 v1.0.3 generic SchildiChat Matrix chat September 2021 v1.2.0.sc42 generic FindMyDevice Find your device November 2021 v0.2.2 generic Element Matrix chat June 2022 v1.4.26 generic Tusky Mastodon/Fediverse July 2022 v19.0 generic Neon Nextcloud July 2022 Unreleased generic Jami Jami March 2023 v361 generic Goguma IRC client March 2023 v0.5.0 generic Circles Social Network (matrix) June 2023 v1.0.11 generic Databag Messaging Service July 2023 v1.5.0 generic Podverse (beta) Podcast Manager July 2023 v4.13.1 generic Moshidon Mastodon August 2023 v2.0.3+fork.98 generic Träwelldroid Traewelling client September 2023 v2.0.0 generic Pachli Mastodon September 2023 v1.0.0 generic Molly Signal client October 2023 v6.35.3-1.up1 mollysocket Amethyst Nostr client October 2023 v0.80.1 generic Ltt.rs Mail (JMAP) client December 2023 0.4.0 generic Mercurygram Telegram client December 2023 v10.3.2.1 generic Element-X Matrix chat January 2024 v0.4.2 generic SchildiChat Next Matrix chat January 2024 v0.4.2.sc1 generic Nagram Telegram client April 2024 10.9.1.1165 generic DAVx⁵ CalDAV/CardDAV/WebDAV September 2024 v4.4.2-ose Nextcloud extension for WebDAV-Push Momogram Telegram client December 2024 v11.4.2-1 generic FOSS Warn Emergency alerts December 2024 1.0.0 alpha0 FOSS Warn Wiki Wafrn App Social Network (Fediverse + Bluesky) May 2025 v1.3.0 generic ¹ App-specific documentation should not be needed. Compatible apps should just work after installing a UnifiedPush distributor.

unifiedpush.org · UnifiedPush

0
0

After reviewing FEP-5624: Per-object reply control policies and GoToSocial's interaction policy spec, I find myself leaning toward the latter for long-term considerations, though both have merit.

FEP-5624 is admirably focused and simpler to implement, which I appreciate. However, 's approach seems to offer some architectural advantages:

  1. The three-tier permission model (allow/require approval/deny) feels more flexible than binary allow/deny
  2. Separating approval objects from interactions appears more secure against forgery
  3. The explicit handling of edge cases (mentioned users, post authors) provides clearer semantics
  4. The extensible framework allows for handling diverse interaction types, not just replies

I wonder if creating an that extracts GoToSocial's interaction policy design into a standalone standard might be worthwhile. It could potentially serve as a more comprehensive foundation for access control in .

This is merely my initial impression though. I'd be curious to hear other developers' perspectives on these approaches.

4

So… I did a thing: https://github.com/juandjara/expo-unified-push
This library will help everybody developing React Native apps to use the Unified Push Android library, so they can have native notifications without depending on Google and Firebase systems.

Next step, integrating it into wafrn


#wafrnDev #fediDev #react-native
0

Hey fedi devss! (Hints & boosts appreciated)

Mastodon API question — which instance/server API says where the URL redirects when there is no signed in user?

For example:
1. social.ayco.io goes to my profile; but
2. fosstodon.org goes to the explore tab

I am looking for the info via REST API

0

I'm exploring a new idea called FediOTP (codename): an authentication system that uses DMs to deliver one-time passwords, allowing any account to authenticate with web services. Unlike current solutions that rely on specific APIs (, ), this would work with any ActivityPub-compatible server, increasing interoperability across the fediverse. Would love to hear your thoughts on potential challenges or use cases for this approach.

For those skeptical of DMs in : I'm also considering an alternative verification approach using ActivityPub's Question feature. Instead of sending numeric codes, the system could send a poll with several emoji options, and the user would select the one that matches what's displayed on their login screen. This visual authentication method might offer better security against certain automated attacks while still leveraging federation rather than platform-specific APIs. Would this approach address some of the privacy concerns around DM-based verification?

0

I'm exploring a new idea called FediOTP (codename): an authentication system that uses DMs to deliver one-time passwords, allowing any account to authenticate with web services. Unlike current solutions that rely on specific APIs (, ), this would work with any ActivityPub-compatible server, increasing interoperability across the fediverse. Would love to hear your thoughts on potential challenges or use cases for this approach.

1
5
0