#Misskey

Sharkey project Security Announcement

The recent CVE-2024-29510 vulnerability (Remote Code Execution in Ghostscript) has been found to be exploitable against Sharkey and other Misskey-based software under specific environments. This is not a vulnerability in Sharkey itself, but in an optional dependency that may be installed as a system library. The official Sharkey docker images are not vulnerable, but bare-metal installations may be affected.

An instance may be vulnerable if:
- libgs and imagemagick are both installed.
- libgs is older than 10.02.1, 10.01.2, 9.55.0, or 9.50.

To check the version of libgs:
- Execute dpkg -l | grep -P "ii\s+libgs\d".
- If no results are found, then libgs is not installed and not vulnerable.
- If the third column starts with 10.02.1, 10.01.2, 9.55.0, or 9.50, then libgs is patched and not vulnerable.
- Otherwise, libgs is vulnerable.

To patch the vulnerability:
- Update libgs to the latest available version. The instructions will vary between environments.

#⁠Sharkey #Misskey #FediAdmin #FediAdmins #SecurityAnnouncement

There is a new Brazilian #Misskey fork called @kookie (https://kookie.app)
It was started by @lucas, and they are about to launch an app for it in the Google Play store (https://play.google.com/store/apps/dev?id=5860055272606206369) and iOS afterwards.

Threads implements #Misskey's `_misskey_quote` standard and gives them a shutout in the Facebook Engineering blog and then *blocks them* for "No publicly accessible feed" which is a completely baseless reason for blocking a server.

"We chose _misskey_quote because its naming makes it clear that it’s not an official ActivityPub method, and because we know that it’s supported by Misskey, Firefish, and potentially other servers that use quote posts." https://engineering.fb.com/2024/03/21/networking-traffic/threads-has-entered-the-fediverse #fediverse #threads

Threads released a public list of blocked instances:

👉🏾 https://www.threads.net/moderated_servers

Many #Mastodon & #Misskey instances are mistakenly blocked for not having a publicly accessible feed.

I wanted to appeal on their behalf, but #Threads requires admins to appeal.

👉🏾 https://help.instagram.com/contact/1574148669814359

List of notable blocked instances with admin:

👉🏾 https://Misskey.io | @syuilo
👉🏾 https://Mastodon.cloud & https://mstdn.jp | @Sujiyan

I am just letting the #Fediverse know!

What is your ninja-technique to convince people to join the #Fediverse ?

#Mastodon #pleroma #peertube #pixelfled #frendica #lemmy #kbin #fedtips #misskey #Hubzilla #activitypub #diaspora #funkwhale #socialmedia

Just gave a talk to Japanese @w3c member companies, presenting about the #Fediverse and encouraging some more engagement between W3C Japan and local communities & projects that are working with #ActivityPub. Already, one person on the call said they are active on #Misskey and will reach out to them. 💗

Improved compatibility with #Misskey in #Hollo! Fixed issues where post contents were invisible and hashtags were rendered as regular links.

Federated single user microblogging software through activitypub that is also compatible with mitra

Interact with users on Mastodon, Pixelfed, Misskey, etc

Github repo here: https://github.com/dahlia/hollo

#hollo #microblogging #federated #activitypub #opensource #foss #mastodon #fediverse #mitra #mastodon #pixelfed #misskey

It almost feels like Mastodon do not want us to self host. There is no direct link on the main webpage to install on server. Digging through the docs, finally found documentation and there is no Docker container or a package for any OS for easy installation. They require us to install from source along with all the dependencies. I don't mean to bad mouth it but they do not do enough to encourage self hosting (if not discourage).

Would like to know your opinions or ideas on how to self host it easily with minimum maintenance (auto upgrades, etc).

Source: Mastodon server install docs: https://docs.joinmastodon.org/admin/install/

#Mastodon #SelfHost #SelfHosting #SelfHosted #ActivityPub #Fedi #Docker #NixOS #Linux #Pleroma #MissKey

#Misskey throws an error when a remote actor has multiple public keys, so I sent a patch to fix this bug.

This is my first patch for Misskey!

https://github.com/misskey-dev/misskey/pull/13950

#fedidev #ActivityPub

Version 0.9.0 of #Fedify, an #ActivityPub server framework, has been released! Here are the main changes:

• Added Tombstone, Hashtag, and Emoji classes.
• Added normalizeActorHandle() function to normalize an actor handle. This is needed when the domain of the actor handle is an IDN, or when the domain contains capital letters.
• Added an option to the sendActivity() function, excludeBaseUris, to exclude specified servers from sending activities. This can be used when you don't want to send activities to your own server.
• Added Context.parseUri(), a method to parse actor, object, inbox, and collection URIs.
• The time window for HTTP Signatures verification is now configurable.
• The @fedify/fedify/httpsig module has been renamed to . This is in preparation for implementing additional object integrity proofs other than HTTP Signatures.
• Improved interoperability with #Misskey.

#fedidev

https://github.com/dahlia/fedify/releases/tag/0.9.0