Skip to content
  • Categories
  • Recent
  • Popular
Skins
  • Light
  • Brite
  • Cerulean
  • Cosmo
  • Flatly
  • Journal
  • Litera
  • Lumen
  • Lux
  • Materia
  • Minty
  • Morph
  • Pulse
  • Sandstone
  • Simplex
  • Sketchy
  • Spacelab
  • United
  • Yeti
  • Zephyr
  • Dark
  • Cyborg
  • Darkly
  • Quartz
  • Slate
  • Solar
  • Superhero
  • Vapor

  • Default (No Skin)
  • No Skin
Collapse

NodeBB-ActivityPub Bridge Test Instance

thisismissem@hachyderm.ioT

thisismissem@hachyderm.io

@thisismissem@hachyderm.io
About
Posts
33
Topics
1
Shares
0
Groups
0
Followers
0
Following
0

View Original

Posts

Recent Best Controversial

  • Today I discovered an interesting inconsistency in Activity Streams specs while investigating [a Fedify issue].
    thisismissem@hachyderm.ioT thisismissem@hachyderm.io

    @mariusor @oranadoz @hongminhee right, but here a description of the icon isn't the same as the binary of the icon itself.

    The binary gives you very different data to the description of it, e.g., fetching the binary doesn't indicate where to send replies to or how to interact with it; where as html <-> json-ld generally gives you similar enough representations.

    Generally con-neg suggests the same data just in different formats; what you're giving here is different data in different formats.

    Uncategorized fedify fedidev activitypub specifications activitystreams

  • Today I discovered an interesting inconsistency in Activity Streams specs while investigating [a Fedify issue].
    thisismissem@hachyderm.ioT thisismissem@hachyderm.io

    @mariusor @oranadoz @hongminhee the document describing a resource and the resource itself are not necessarily the same thing. So the response for json-ld for the icon isn't necessarily equivalent to the icon itself.

    This has been a long-standing thing in json-ld for ages: is the document describing the resource or is the document the same as the resource.

    This is perhaps best described by a document about a person, that's not the same as the person themselves, though that document may be used by that person to describe themselves.

    Uncategorized fedify fedidev activitypub specifications activitystreams

  • This is a program that I've been championing within @nivenly over the past year, after we noticed that security vulnerabilities weren't being disclosed responsibly, and not enough research was going into the security of Fediverse software.
    thisismissem@hachyderm.ioT thisismissem@hachyderm.io

    @esk @julian do you wanna adjust? because we can ^_^

    AP Test (community.nodebb.org) fediverse security nivenly fediversesecuri

  • This is a program that I've been championing within @nivenly over the past year, after we noticed that security vulnerabilities weren't being disclosed responsibly, and not enough research was going into the security of Fediverse software.
    thisismissem@hachyderm.ioT thisismissem@hachyderm.io

    @julian we'll see how the fund goes, but we can always change the terms as necessary to get the right output, that's why this is an experiment.

    AP Test (community.nodebb.org) fediverse security nivenly fediversesecuri

  • This is a program that I've been championing within @nivenly over the past year, after we noticed that security vulnerabilities weren't being disclosed responsibly, and not enough research was going into the security of Fediverse software.
    thisismissem@hachyderm.ioT thisismissem@hachyderm.io

    @julian yes, that's exactly what needs to happen. Like, it's CVE + the fix merged into the project. And we'll actually verify that before paying out. Definitely don't want those low quality reports for stuff that isn't actually a CVE

    AP Test (community.nodebb.org) fediverse security nivenly fediversesecuri

  • This is a program that I've been championing within @nivenly over the past year, after we noticed that security vulnerabilities weren't being disclosed responsibly, and not enough research was going into the security of Fediverse software.
    thisismissem@hachyderm.ioT thisismissem@hachyderm.io

    @julian so the reports don't come from Nivenly, the reports come from researchers and contributors and go directly to you. Once you accept & fix, and publish the advisory, the researcher/contributor can come to us and we'll pay them for their responsible disclosure.

    They could also still collect from your bounty program as well, so rather than them getting just $256 or $512 from your program, they could get $506 or $1012 in total, because they can claim both bounties (if your program allows it)

    (I mean, it's better than Fediverse Security Bounty — FSB 😂)

    AP Test (community.nodebb.org) fediverse security nivenly fediversesecuri

  • This is a program that I've been championing within @nivenly over the past year, after we noticed that security vulnerabilities weren't being disclosed responsibly, and not enough research was going into the security of Fediverse software.
    thisismissem@hachyderm.ioT thisismissem@hachyderm.io

    @julian you're still receiving the vulnerability reports directly with the Fediverse Security Fund; we pay *after* you've confirmed & patched.

    I wasn't aware of your bug bounty program, but could list that alongside your project.

    AP Test (community.nodebb.org) fediverse security nivenly fediversesecuri

  • This is a program that I've been championing within @nivenly over the past year, after we noticed that security vulnerabilities weren't being disclosed responsibly, and not enough research was going into the security of Fediverse software.
    thisismissem@hachyderm.ioT thisismissem@hachyderm.io

    @miah @nivenly thank you!

    AP Test (community.nodebb.org) fediverse security nivenly fediversesecuri

  • This is a program that I've been championing within @nivenly over the past year, after we noticed that security vulnerabilities weren't being disclosed responsibly, and not enough research was going into the security of Fediverse software.
    thisismissem@hachyderm.ioT thisismissem@hachyderm.io

    @quillmatiq @nivenly it's something I'm really proud of, and hopefully it can help do some good.

    AP Test (community.nodebb.org) fediverse security nivenly fediversesecuri

  • This is a program that I've been championing within @nivenly over the past year, after we noticed that security vulnerabilities weren't being disclosed responsibly, and not enough research was going into the security of Fediverse software.
    thisismissem@hachyderm.ioT thisismissem@hachyderm.io

    aaand aaah, TechCrunch have covered the announcement! Thanks @Sarahp!

    https://techcrunch.com/2025/04/02/a-new-security-fund-opens-up-to-help-protect-the-fediverse/

    AP Test (community.nodebb.org) fediverse security nivenly fediversesecuri

  • This is a program that I've been championing within @nivenly over the past year, after we noticed that security vulnerabilities weren't being disclosed responsibly, and not enough research was going into the security of Fediverse software.
    thisismissem@hachyderm.ioT thisismissem@hachyderm.io

    @Sbectol oh, good catch! My brains' off in the clouds today, I swear 😅

    AP Test (community.nodebb.org) fediverse security nivenly fediversesecuri

  • This is a program that I've been championing within @nivenly over the past year, after we noticed that security vulnerabilities weren't being disclosed responsibly, and not enough research was going into the security of Fediverse software.
    thisismissem@hachyderm.ioT thisismissem@hachyderm.io

    We also know that GitHub Sponsors isn't super ideal for payments, but it's a way for us to test the program and ensure compliance with KYC/AML and various other legal requirements.

    Hopefully in the future we'll be able to offer more ways to pay the bounties out, if the program continues.

    AP Test (community.nodebb.org) fediverse security nivenly fediversesecuri

  • This is a program that I've been championing within @nivenly over the past year, after we noticed that security vulnerabilities weren't being disclosed responsibly, and not enough research was going into the security of Fediverse software.
    thisismissem@hachyderm.ioT thisismissem@hachyderm.io

    One of the interesting clauses on the program is that we expect researchers and contributors to follow the Nivenly Covenant when reporting security vulnerabilities to be eligible for the program.

    We want to encourage positive contributions, after we've seen several announcements of security vulnerabilities where the reporter treated the project with disregard or insulted the team behind it. That isn't cool.

    We can together all make a safer fediverse.

    AP Test (community.nodebb.org) fediverse security nivenly fediversesecuri

  • This is a program that I've been championing within @nivenly over the past year, after we noticed that security vulnerabilities weren't being disclosed responsibly, and not enough research was going into the security of Fediverse software.
    thisismissem@hachyderm.ioT thisismissem@hachyderm.io

    @janl told y'all I was announcing something this week that I'm incredibly proud of!

    AP Test (community.nodebb.org) fediverse security nivenly fediversesecuri

  • This is a program that I've been championing within @nivenly over the past year, after we noticed that security vulnerabilities weren't being disclosed responsibly, and not enough research was going into the security of Fediverse software.
    thisismissem@hachyderm.ioT thisismissem@hachyderm.io

    This is a program that I've been championing within @nivenly over the past year, after we noticed that security vulnerabilities weren't being disclosed responsibly, and not enough research was going into the security of Fediverse software.

    You might remember my Pixelfed vulnerability from last year, where OAuth scopes weren't checked allowing for privilege escalation via the API (CVE-2024-25108), that was our very first test-case of this program.

    I'm incredibly proud to be involved in launching the Fediverse Security Fund from Nivenly Foundation (a 501(c)4 not-for-profit cooperative)

    #fediverse #security #nivenly #FediverseSecurityFund

    RE: https://hachyderm.io/@nivenly/114268491892140498

    AP Test (community.nodebb.org) fediverse security nivenly fediversesecuri

  • We're organizing a NGI Zero network meetup at #FOSDEM.
    thisismissem@hachyderm.ioT thisismissem@hachyderm.io

    @NGIZero @julian will hopefully see you both there.

    AP Test (community.nodebb.org) fosdem foss ngi0 ngi

  • Question re: PeerTube's pubkey IDs
    thisismissem@hachyderm.ioT thisismissem@hachyderm.io

    @julian iirc, that hash fragment part isn't exactly spec behavior?

    AP Test (community.nodebb.org) peertube activitypub

  • User-Agent header for AP requests
    thisismissem@hachyderm.ioT thisismissem@hachyderm.io

    @julian @hongminhee@todon.eu @hongminhee@fosstodon.org yeah, it helps with federation for instances sitting behind like Cloudflare and similar.

    AP Test (community.nodebb.org) activitypub gotosocial fedify

  • Question re: @context and JSON-LD
    thisismissem@hachyderm.ioT thisismissem@hachyderm.io

    @julian depends on if your property conflicts with any other defined properties. (see the schema.org problem)

    AP Test (community.nodebb.org) activitypub mastodon jsonld

  • Quoted posts
    thisismissem@hachyderm.ioT thisismissem@hachyderm.io

    @julian so perhaps more an advocacy thing than a feature change?

    AP Test (community.nodebb.org) blockquotes activitypub
  • Login

  • Login or register to search.
Powered by NodeBB Contributors
  • First post
    Last post
0
  • Categories
  • Recent
  • Popular