Piero Bosio Social Web Site Personale

@hongminhee@hollo.social ah yes, implements would be a good thing to support. It would allow you to cache the value temporarily (maybe a quick recheck every 7 days or so) so as to avoid needing a double knock at all. Caching based on first knock success also works. I wonder if sending HTTP 426 is doable too... 🤔 https://developer.mozilla.org/en-US/docs/Web/HTTP/Reference/Status/426

👋 @hongminhee@hollo.social maybe @admin@spark.box464.social can provide an account? @mayel@sunbeam.city ​@_elena@mastodon.social

"Fedify 2.0.0 está aqui!Esta é a maior atualização da história do Fedify. Destaques:**Arquitetura modular** – O pacote monolítico `@fedify/fedify` foi dividido em pacotes independentes e focados: `@fedify/vocab`, `@fedify/vocab-runtime`, `@fedify/vocab-tools`, `@fedify/webfinger` e outros. Pacotes menores, imports mais limpos e a possibilidade de estender o ActivityPub com tipos de vocabulário personalizados.**Painel de depuração em tempo real** – O novo pacote `@fedify/debugger` oferece um dashboard ao vivo em `/__debug__/` que mostra todo o tráfego de federação: traces, detalhes das atividades, verificação de assinaturas e logs correlacionados. Basta envolver seu objeto `Federation` e pronto.**Suporte a relay do ActivityPub** – Suporte nativo a relays via `@fedify/relay` e o comando CLI `fedify relay`. Compatível com os protocolos Mastodon-style e LitePub-style (FEP-ae0c).**Entrega ordenada de mensagens** – A nova opção `orderingKey` resolve o problema do "post zumbi", quando um `Delete` chega antes do seu `Create`. Atividades com a mesma chave são entregues garantidamente na ordem FIFO.**Tratamento de falhas permanentes** – `setOutboxPermanentFailureHandler()` permite reagir quando uma inbox remota retorna 404 ou 410, possibilitando limpar seguidores inacessíveis em vez de tentar reenviar indefinidamente.Outras novidades incluem negociação de conteúdo no nível do middleware, `@fedify/lint` para regras compartilhadas de linting, `@fedify/create` para scaffolding rápido de projetos, arquivos de configuração para a CLI, suporte nativo à CLI em Node.js/Bun e diversos fixes de bugs.Esta versão conta com contribuições significativas de participantes do OSSCA da Coreia. Agradecemos imensamente a todos envolvidos!Trata-se de uma release major com breaking changes. Consulte o guia de migração antes de atualizar.Notas completas da release: https://github.com/fedify-dev/fedify/discussions/580#Fedify #ActivityPub #fediverso #fedidev #TypeScript"@fediverse @tecnologia @academicos @internet (pode seguir para acompanhar os assuntos ou marcar para amplificar a postagem até no #lemmy tb)@fedify https://hollo.social/@fedify/019c8521-92ef-7d5f-be4d-c50eae575742

@stefan@stefanbohacek.online Thanks!

According to @tchambers@indieweb.social's My 2026 Open Social Web Predictions: Fedify will power the federation layer for at least one mid-sized social platform (500K+ users) that adds ActivityPub support in 2026. The “build vs. buy” calculation for federation shifts decisively toward “just use Fedify.” We're honored by this recognition and will keep working hard to make #ActivityPub adoption easier for everyone. Thank you, Tim! #Fedify #fediverse #fedidev

🚨 Security Advisory: CVE-2025-68475 A ReDoS (Regular Expression Denial of Service) vulnerability has been discovered in Fedify's HTML parsing code. This vulnerability could allow a malicious federated server to cause denial of service by sending specially crafted HTML responses. CVE ID CVE-2025-68475 Severity High (CVSS 7.5) Affected versions ≤1.9.1 Patched versions 1.6.13, 1.7.14, 1.8.15, 1.9.2 If you're running Fedify in production, please upgrade to one of the patched versions immediately. For full details, see the security advisory: https://github.com/fedify-dev/fedify/security/advisories/GHSA-rchf-xwx2-hm93 Thank you to Yue (Knox) Liu for responsibly reporting this vulnerability. #Fedify #ActivityPub #security #fediverse #fedidev

BotKitは、ActivityPubボットを作るためのTypeScriptフレームワークです。既存のMastodon/Misskeyボットとの違いは、ボット自体が独立したサーバーとして動作すること。プラットフォームのアカウントは不要です。 文字数制限もなければ、APIレート制限に悩まされることもありません。 bot.onMention = async (session, message) => { await message.reply(text`こんにちは、${message.actor}さん！`); }; フェデレーション、HTTP Signatures、配送キューといったActivityPub周りの処理はFedifyがすべて引き受けます。ボットのロジックを書くだけです。 DenoでもNode.jsでも動きます。 https://botkit.fedify.dev/ #BotKit #Fedify #ActivityPub #TypeScript #Deno #NodeJS

It's alive! 🧟After a bit of trial-error, got fediverse comments showing on a #nextjs site running #fedify. My personal fediverse-connected youtube mirror is now mostly feature complete. (The video post in the screenshot is over here: https://watch.hayes.software/video/16)#fediverse

Exciting news for #Fedify developers! We've just landed a major milestone for Fedify 2.0—the #CLI now runs natively on #Node.js and #Bun, not just #Deno (#456). If you install @fedify/cli@2.0.0-dev.1761 from npm, you'll get actual JavaScript that executes directly in your runtime, no more pre-compiled binaries from deno compile. This is part of our broader transition to Optique, a new cross-runtime CLI framework we've developed specifically for Fedify's needs (#374). This change means a more natural development experience regardless of your #JavaScript runtime preference. Node.js developers can now run the CLI tools directly through their familiar ecosystem, and the same goes for Bun users. While Fedify 2.0 isn't released yet, we're excited to share this progress with the community—feel free to try out the dev version and let us know how it works for you!

@hongminhee It's a place where our loosey goosey style goes into nondeterminism. We should tighten it up in the next version. My main answer would be: publishers, don't do that.