Ein neuer Forumbeitrag: https://linux-nerds.org/topic/1708/nodebb-4.4.3-security-release #nodebb #linux
Le silence du #fediverse.
Quand le protocole #ActivityPub lui même donne une partie d'une conversation au lieu de tous les posts répondant au billet initial.
Réflexion sur comment y remédier:
https://hackers.pub/@hongminhee/2025/quiet-fediverse-two-approaches
By @hongminhee
#fediverse #fedidev #Mastodon #Pixelfed #conversations #NodeBB #Discourse, #WordPress #Frequency #Mitra #Streams #Lemmy #Piefed
Fun with Federation: Lemmy edition
It all started with a report about federation breaking between Lemmy and NodeBB. I was subconsciously aware that something was going on, but had chalked it up to network issues.
Observed behaviour showed that some remote categories would be receiving content in spurts, with long gaps in between.
I spent the next 3-4 days looking into it, but came up empty. Whatever was happening wasn't throwing any obvious errors, and along the way, I found what I thought was related (it was), but I wasn't sure why: against some Lemmy servers, the "follow"/"unfollow" mechanic would simply stop working, and this would often coincide with gaps in content. In some egregious cases, the flow of content stopped completely!
Unable to make headway, I had to reach out to the folks at Lemmy to figure out what the issue was. NodeBB occasionally sends non-200 level responses depending on the activity. Specifically, the following scenarios:
HTTP 500 Internal Server Error.Dislike activity, which is not currently handled by NodeBB. In these cases, NodeBB would send an HTTP 501 Not ImplementedWhen encountering either of these responses, Lemmy would return the activity back to the queue for later delivery and mark a delivery failure. If enough of these (~40) happened within 24 hours, Lemmy would give the instance a time-out and pause delivery completely.
That was it — a quick pair of code updates later, and we started working through Lemmy's backlog of 4.1M activities.
As of 4am this morning, community.nodebb.org is no longer behind lemmy.world.
Fun week. Let's not do that again LOL.
Topic thumbnails, uploads, and media display
There have been some scattered feedback on a change I made for v4.0.0 that caught some people off-guard: Uploaded media is now shown in addition to topic thumbnails.
I'll start with why this change was made, and then solicit feedback.
The why
v4.0.0 introduced ActivityPub integration into NodeBB. This added dimension meant that content was consumed in a manner that was similar, but unfamiliar to NodeBB, and so much of the work involved normalizing that data into a format that made sense. (As an aside, I tell people that that's pretty much 99% of my job — glueing together APIs. I jest, but it's also basically true.)
One of those unfamiliar aspects was uploaded media in the form of attachments. NodeBB had discrete concepts of inline media and topic thumbnails, but attachments were something different entirely. Attachments were not inlined in the text (they tended to be added before or after the main content), and thumbnails were images only, while attachments could be lots of other things.
The second part was that a lot of the content I received relied on media to do the heavy lifting. Oftentimes the text would be minimal and in response to the attachment. After all, a picture's worth a thousand words.
Given those two things, I allowed NodeBB to consume and store attachments separately, and updated the topic thumbnail retrieval logic to pull media from both post attachments and inline media. That retrieval logic is what governs what you see next to the title. I also decided on the all-in approach because while NodeBB has multiple ways of slotting media, majority of ActivityPub software generally only uses attachments. This means both inline media and topic thumbnails were unceremoniously shoved into attachments when federating outward. There is movement toward changing this, and so this rationale may no longer make sense today.
I initially did have concerns that perhaps this would dilute the meaning and specificity of the "topic thumbnail", but I also wagered that the UX improvement of promoting any and all media found would be of greater benefit.
Your turn — feedback!
Maybe I'm wrong!
@fedidb well done and a good new contact point for interested people 
Good advice is certainly not possible on the basis of a single question, but it is a good start.
The details certainly need to be improved, for example:
If you select ‘Forum Discussions’ for ‘What type of content do you want to see or share?’, #NodeBB, Lemmy, mbin, #Piefed and #Lotide are then recommended. That fits well.
But if you select ‘Social Media Post + ’Forum Discussions", #Mastodon , #Misskey and other microblogging services are recommended, as well as #Lemmy. But not #mbin, which actually offers exactly this combination, and also not #Friendica, which can do micro-/macroblogging, but also offers forums/groups and events and federates best with both directions.
One thing everyone should realize when they go on to those places is that these are **not** centrally managed by a corporation which also means that these **cost money to run**
That means that you will have to fork money for it you won't get it for quote unquote free or you pay for it with your data, or your usage patterns
You will have to pay actual USD or EUR for them!
@imdavidpierce Its dramatically under-reported that the newly federated forum software #nodebb went from zero to 2.7 million federated users, and jumped. tobe the 2nd biggest platform on #ActivityPub after Mastodon shortly after launch..
Destroying Autocracy – May 01, 2025
Welcome to this week’s “Destroying Autocracy”.
It’s your source for curated news affecting democracy in the cyber arena with a focus on protecting it. That necessitates an opinionated Butlerian jihad against big tech as well as evangelizing for open-source and the Fediverse. Since big media’s journalism wing is flailing and failing in its core duty to democracy, this is also a collection of alternative reporting on the eternal battle between autocracy and democracy. We also cover the cybersecurity world. You can’t be free without safety and privacy.
DA comes out on Thursday and is updated through the end of day on Friday. Then we start over. So take your time in perusing it and check back in over the weekend.
FYI, my opinions will be in bold. And will often involve cursing. Because humans. Especially tech bros. And fascists. Fuck ’em.
Happy May Day! Cast off your chains.
Featured Item(s)
Cory Doctorow writes:
The point of AI isn’t to make workers more productive, it’s to make them weaker when they bargain with their bosses.
Tech workers are workers, and they once held the line against enshittification, refusing to break the things they’d built for their bosses in meaningless all-nighters motivated by vocational awe. Long after tech bosses were able to buy all their competitors, capture their regulators, and expand IP law to neutralize the threat of innovative, interoperable products like alternative app stores, ad-blockers and jailbreaking kits, tech workers held the line.
There’ve been half a million US tech layoff since 2023. Tech workers’ scarcity-derived power has been vaporized. Tech workers can avoid the fate of the factory, warehouse and delivery workers their bosses literally work to death — but only by unionizing.
In other words, the workers in re-shored factories and tech workers need the same thing. They are class allies — and tech bosses are their class enemies. This is class war.
The enshittification of tech jobs
We start and end with good news to make the middle bearable.
The response to Russia’s War Crimes, TechnoFeudalism, and other douchebaggery
Tech Policy reports:
Labor Unions Can Counterbalance the Big Tech Oligarchy, But Only If They Rediscover Their Power
Expats Czechia reports:
Court rules that Czechia collects phone data illegally in landmark decision
Mashable reports:
Elon Musk’s X lost 11 million users in the EU over the past 5 months
The Electronic Frontier Foundation reports:
Calyx Institute: A Case Study in Grassroots Innovation
EFF Leads Prominent Security Experts in Urging Trump Administration to Leave Chris Krebs Alone
EuroNews reports:
EU governments discuss action on disinformation over climate policy
Fast Company reports:
How Big Tech’s Faustian bargain with Trump backfired
Framablog has:
The Verge reports:
A judge just blew up Apple’s control of the App Store
The Register reports:
Cook’d: Judge says Apple lied to court in Epic case, asks Feds to mull criminal charges
Double awesome.
Neutral
The Register reports:
DARPA to ‘radically’ rev up mathematics research. And yes, with AI
The Journal of Online Trust and Safety has:
Science and Causality in Technology Litigation
The Evil Empire Strikes Back
TechDirt has:
Congress Moving Forward On Unconstitutional Take It Down Act
Ars Technica reports:
Trump’s hasty Take It Down Act has “gaping flaws” that threaten encryption
The Register reports:
DOGE may help Elon Musk’s biz empire dodge $2.4B in liabilities – Senate probe
Framablog looks at:
L’État artificiel : la vie civique automatisée
Pariah States
BleepingComputer reports:
France ties Russian APT28 hackers to 12 cyberattacks on French orgs
Pro-Russia hacktivists bombard Dutch public orgs with DDoS attacks
DarkReading has:
Putin’s Cyberattacks on Ukraine Rise 70%, With Little Effect
Adversaries Are Toying With US Networks & DC Is Short on Answers
Billbug Expands Cyber-Espionage Campaign in Southeast Asia
The Register reports:
China now America’s number one cyber threat – US must get up to speed
Open source text editor poisoned with malware to target Uyghur users
Big Media
NPR reports:
Corporation for Public Broadcasting sues Trump after he tries to fire board members
The Daily Beast reports:
MAGA Billionaire Leads L.A. Times to Lose $50 Million
Ars Technica reports:
CBS owner Paramount reportedly intends to settle Trump’s $20 billion lawsuit
Big Tech
Semafor reports:
The group chats that changed America
The Guardian reports:
Meta faces Ghana lawsuits over impact of extreme content on moderators
Meta slowest to remove scam content, says City watchdog
TechCrunch reports:
Report finds Meta’s celebrity-voiced chatbots could discuss sex with minors
OpenAI is fixing a ‘bug’ that allowed minors to generate erotic conversations
404 Media has:
Researchers Secretly Ran a Massive, Unauthorized AI Persuasion Experiment on Reddit Users
Mbin or PieFed, peeps.
This Is Palantir’s Justification for Building ICE’s Master Database
Instagram’s AI Chatbots Lie About Being Licensed Therapists
The Markup reports:
Kids should avoid AI companion bots—under force of law, assessment says
The Center for Democracy and Technology reports:
Report – In Deep Trouble: Surfacing Tech-Powered Sexual Harassment in K-12 Schools
Cybersecurity/Privacy
Lawfare covers:
Advancing Secure by Design through Security Research
404 Media reports:
The Age of Realtime Deepfake Fraud Is Here
The Markup reports:
How California sent residents’ personal health data to LinkedIn
BleepingComputer reports:
Hackers ramp up scans for leaked Git tokens and secrets
FBI shares massive list of 42,000 LabHost phishing domains
Tech Policy Press reports:
Reverse Keyword Search Warrants and the Threat to Online Privacy
The Jacobin reports:
Big Tech Wants Free Rein to Sell Your Data
Fediverse
The Fediverse Report has:
Fosstodon has more on its drama:
ActivityPub for WordPress announces:
V5.8.0 – If it’s on the Fediverse, you can embed it.
ActivityPods shares:
Key learnings from building social apps with ActivityPods
Forgejo has:
Forgejo monthly update – April 2025
The Social Web Foundation has:
Steps Forward in Long-form Text
Mastodon is:
Matthew Tift has:
Finding an Ethical Path Through Social Media: Why I Choose Mastodon
PieFed has:
PieFed development update Apr 2025 – S3, OAuth, Federation retry queue, Stripe
NodeBB has:
NodeBB v4.3.0 — Remote Categories are a go!
Other Slightly Federated Social Media
WinBuzzer reports:
Bluesky’s Decentralized Network Faces Major Outage Caused by Centralized Servers
The Internet Review asks:
Where Does Bluesky Go from Here? What is the Bluesky of 2036?
CTAs (aka show us some free love)
Keep fighting!
Ringleader, Battalion
Reuben Walker
Follow me on the Fediverse
#114 #ActivityPub #AI #ATProtocol #Autocracy #BigJournalism #BigTech #Bluesky #Democracy #Fascism #Fediverse #Mastodon #NodeBB #PieFed #StopChina #StopRedAmerica #StopRussia #SupportUkraine #WordPress
NodeBB v4.3.0 — Remote Categories are a go!
We're happy to announce the release of NodeBB v4.3.0, which contains native support for remote categories, bringing better integration with other NodeBB forums, WordPress, Lemmy, PieFed, mbin, and other "group-based" implementors on the ActivityPub network!
What does this mean? 
It means that starting with this release, you will be able to "browse" to other categories simply by searching for them in your /world page. Just like with regular categories, you can "track" or "watch" remote categories — the former will show up in your /unread page, and the latter will also send notifications on new topics.
Prior to this change, remote categories were rendered just like regular users, and there was some confusion over who was a user and who was a publisher.
The integration with blog platforms like WordPress also mean you'll be able to use NodeBB kind of like a feed reader, with built-in notifications when new content is received. We're hoping to also extend this to support Ghost as well 
Some examples of categories loaded remotely in this NodeBB:
@fediverse@piefed.social@protocol@socialhub.activitypub.rocks@blog@vivaldi.com@news@community.openbeta.io@fedimemes@feddit.ukOther notable changes in v4.3.0
Chat allow/deny list 
There was some desire for more fine-grained support for allow/deny lists for the chat system. This is now available in v4.3.0. Per @baris:
Leaving allow list empty would mean anyone who is not in deny list can message you.
Leaving deny list empty would mean anyone who is in allow list can message you.
If both are empty everyone can message you.
Current restrictChat toggle can be turned into a toggle to disable chat completely.
Upgrade script can add the users following to the allow list if they have restrictChat turned on.
Show number of topic watchers 
You are now able to see the number of users watching a specific topic alongside the existing stats (posts, views, etc.)
Accessibility updates
... and of course
Ah cool @baris fixed one of the #NodeBB bugs I filed in February!
https://github.com/NodeBB/NodeBB/issues/13205#event-17094664390
tl;dr — you can now find remote categories and see your tracked/watched categories in /world.
A new alpha version of NodeBB was tagged today: v4.3.0-alpha.3. The biggest change is to the /world route, which up until now showed a list of topics from outside of the local NodeBB instance.
New to this alpha release:
At this time we're continuing to look for stability issues with the remote category integration. We'll be working on QoL fixes as we move into the beta phase this/next week.
Eigentlich wollte ich keine ActivityPub Software mehr testen!
Eigentlich wollte ich keine #ActivityPub Software mehr testen, aber dann habe ich gesehen das #NodeBB jetzt auch das #ActivityPub Protokoll unterstützt. Also werde ich das wohl mal die nächsten Tage testen.
Für die, die auch mal die Anbindung testen wollen habe ich an eine Test-Kategorie angelegt
Die Kategorie funktioniert wie eine Friendica Gruppen !fediverse-verbindung-test@nodebb.sekbaer.de
Today I learned that #PieFed has RSS feeds for at least Topics and Communities.
That community one is a hoot - PieFed, serving up a #NodeBB forum as an RSS feed. ActivityPub is bonkers.
https://piefed.social/topic/fediverse.rss
https://piefed.social/community/activitypub@community.nodebb.org/feed
Exciting community updates! 2TonWaffle is evolving with a clearer focus for both our main site and Indie Creator Hub. We're fully embracing the #Fediverse with #ActivityPub integration through #NodeBB and #Ghost platforms, making our content more accessible and connected than ever. Learn about our streaming plans on #Moonbeam and our vision for a more streamlined 2025!
https://2tonwaffle.com/platform-clarity-streamlining-the-2tonwaffle-ecosystem/
#IndieGaming #CreatorCommunity #CommunityBuilding
We concluded that for practical reasons I'd need to mention the "general-discussion" @ community.nodebb.org (so I'll do that)
unless someone was following me on mastodon.social.
The theory is this:
If nobody follows me from here(community.nodebb.org) then my messages won't appear here because nobody on community.nodebb.org asked for them. To me this makes sense.
Exactly how it works in detail though, I don't know.
