Within the context of threaded discussions, contexts (aka "topics", "posts", "threads", etc.) are associated with an audience (aka "forum", "category", "community", etc.).

What happens currently when a context is moved from one audience to another? How does ActivityPub enabled software communicate this?

I recently moved this topic from one category to another, and in doing so, realized that I have absolutely no idea what happens to the group association as seen by other software.

@rimu@piefed.social also said in the other thread:

Also moving what NodeBB calls a topic (a post in Lemmy/PieFed) from what NodeBB calls a category (community in Lemmy/PieFed) into a different category (without spawning a new topic or leaving the old copy behind) is much needed but not implemented in Lemmy/PieFed/Mbin.

One solution would be to federate an Update activity, though this is problematic because audience, the relevant field in question, is on its way out.

Another solution would involve the Move activity, which would be an explicit signal that something moved somewhere. In this case, the Move would indicate the context moved to the new audience, or in AP software that have not implemented FEP 7888, then the top-level object will have moved to the new audience.

cc @andrew_s@piefed.social @melroy@kbin.melroy.org @bentigorlich@gehirneimer.de @nutomic@lemmy.ml

Pixelfed before v0.12.5 has a vulnerability where it could leak your private posts, regardless of whether you are a Pixelfed user or not.
Admins should update ASAP.

When following someone from a different server on the Fediverse, the remote server decides whether you are allowed to do that. This enables features like locked accounts. Due to an implementation mistake, Pixelfed ignores this and allows anyone to follow even private accounts on other servers. If a legitimate user from a Pixelfed instance follows you on your locked account, anyone on that Pixelfed instance can read your private posts.

I wrote a blog post about how I found the vulnerability, how disclosure coordination went and general ramblings about Fediverse safety:
https://fokus.cool/2025/03/25/pixelfed-vulnerability.html

I just discovered why some of my followers from larger #Mastodon instances (like mastodon.social) would mysteriously unfollow me after a while!

A pull request was just merged in Mastodon that fixes a critical bug in their follower synchronization mechanism.

Turns out Mastodon implements the FEP-8fcf specification (Followers collection synchronization across servers), but it expected all followers to be in a single page collection. When followers were split across multiple pages, it would only see the first page and incorrectly remove all followers from subsequent pages!

This explains so much about the strange behavior I've been seeing with #Hollo and other #Fedify-based servers over the past few months. Some people would follow me from large instances, then mysteriously unfollow later without any action on their part.

Thankfully this fix has been marked for backporting, so it should appear in an upcoming patch release rather than waiting for the next major version. Great news for all of us building on #ActivityPub!

This is why I love open source—we can identify, understand, and fix these kinds of interoperability issues together. 😊

Happy Tuesday!

Today we've updated the NodeBB community forum onto the remote-categories testing branch, which means that users on the open social web that identify themselves as "Groups" will be rendered in NodeBB as categories. Prior to this, they looked like users.

Here are some examples of remote categories:

• Comic Strips (on lemmy.ml)
• Star Trek Social Club (on startrek.website)
• Social Web Foundation (a WordPress blog)

ActivityPub "groups" and forum categories have quite a few things in common — they don't usually post topic themselves, they "contain" topics, and they are usually administered by a separate group of users (moderators!) In many ways, these groups lend themselves to categories much more easily than they do as users.

Notes:

• We will likely be releasing this as v4.3.0-alpha this Wednesday. Probably this means you don't want this on a live forum just yet.
• A lot of the backend logic is complete, but a lot of the frontend UX will be worked on.
• You can "search" for categories (via "in categories" in the search page), paste the full handle in order to instruct NodeBB to pull a new category in.
• You can now no longer mention a remote category. Instead, create your topic right in that category itself. As it should be :smirk_cat: .
• Remote content coming in that is slotted into a remote category will still show up in your "world" feed. That is still intended to be where discovery of content outside the local NodeBB instance will take place.
• Report any bugs or confusing behaviours (and there will be some) here.

Screenshots

@infinite love ⴳ

we might not ever be able to repay the technical debt

Saddling small sites with the same duties as huge platforms means many will shut down in a hammer blow to net plurality.

We'll be left with the Sophie’s choice of monopoly services; the incubators of online harms.

URGENT: The UK government must change the Online Safety Act to protect safe, non-commercial blogs, forums and fediverse.

Write to your MP to #SaveOurSites 🌐

https://action.openrightsgroup.org/save-our-sites-write-your-mp

Hi @andrew_s@piefed.social/@freamon and @nutomic@lemmy.ml —I'm working (not-so-secretly) on refactoring NodeBB so that it is able to "browse" remote audiences/group actors, and that would include things like PieFed and Lemmy communities.

N.B. Given varied nomenclature (group/category/community/subforum), the ForumWG calls this structure an "audience".

Where I am at now is working through the logic for slotting an object into a category.

The most obvious choice here would be to look at as:audience. It's even specified in 1b12, and the majority of threaded implementations follow 1b12.

I am making this post because nutomic explicitly removed the audience from being served in Lemmy (as of January this year), so I don't think relying on that property would be wise.

I asked in that issue whether Lemmy finds community via to/cc (it does). Does PieFed do the same?

Would this also open up the possibility of a topic/context being part of multiple audiences/communities? Interesting...

@hamishcampbell@mastodon.social recently made a statement that got me thinking about our place in the open social web, and the direction it's going.

He says to @deadsuperhero@social.wedistribute.org and @evan@cosocial.ca re: SXSW

#FediverseHouse this feels like an irrelevant echo chamber, I really miss the grassroots #DIY that built this space in the first place. This #maistreaming is too much noise vs signal... currently the grassroots #DIY space is a hollow shell

(two posts combined)

That immediately got me on edge as someone new to ActivityPub in 2024. Does this mean I'm "mainstream", and somehow "bad"?

Mainstream adoption is good and a step in the right direction. I personally think ActivityPub isn't ready for general mainstream consumption, but we as a group are rapidly closing the gap and I'd much rather continue building momentum instead of waiting for the opportune moment.

Here's the hot take that I was going to originally write, but thought came off as too combative:

It sounds like you feel like ActivityPub development only counts when you're toiling away in obscurity.

As someone who's hacking away on a platform that hasn't been "mainstream" for over a decade (forum/BBS software), I bristle at the notion that what I do doesn't count as grassroots or DIY. You don't have to be the perpetual underdog to do good in the world.

I might be wrong, but it sounds like Hamish feels like big players are coming in and taking the ball away... that big players' clout and presence takes away from the attention that smaller DIY projects receive.

Maybe... but if the fediverse is 100x larger with a big player, and they take 99% of the eyeballs, have they really taken anything away from you?

@newyorktimes's veteran tech reporter John Markoff interviewed some of #TeamFediverse including @Gargron, @reckless1280 and our CEO @mike for a feature on the rise of decentralized social media. “It goes back to the original principles where the internet started out as decentralized,” Eugen Rochko told Markoff. Here's the full story [may be paywalled].

We're so excited to develop these conversations further at SXSW this weekend — check out the itinerary and sign up to join us at #FediverseHouse at the second link.

https://flip.it/NcjhLL

https://lu.ma/xbve5fa0

I'm finally unveiling the #ActivityPub project that has been consuming my weekends: Encyclia, an #ORCID bridge that will make ORCID records followable and interactable on the fediverse. 🙂

It's early-stage and the ORCID following function is not publicly available yet. We're seeking community feedback on functionality and safety aspects. Read more at https://encyclia.pub or follow @encyclia for news!

Wanted to start a convo with @johnonolan@mastodon.xyz from Ghost and @angus@socialhub.activitypub.rocks from Discourse about AP resource discovery.

A common use case from fediverse users is to be linked out to a site, and attempt to "bring it in" to their local instance/app of choice. This is done by taking the browser URL and pasting it into their site/app's search bar, or equivalent.

For example:

• Ghost: https://activitypub.ghost.org/warp-factor-5-mr-sulu/
• Discourse: any forum topic

For context, last night I discovered that Ghost's latest blog post didn't make it into NodeBB, due to a bug on my end. I attempted to resolve it via URL but there was no AP resource at that URL. I ended up having to query the instance actor (which I happened to already know), and looking at the outbox.

To my knowledge there is no way to find a Discourse post or topic's AP resource ID without having a local Discourse account.

Would it be possible for you to send back an HTTP 301 Moved Permanently (or similar) if the Accepts header contains one of the AP-related types?

N.B. This probably has some overlap with @evan@cosocial.ca's HTTP Discovery Task Force, a 308 is recommended there.

Even before the arrival of #atproto was the question of what #decentralization of the web means quite murky, with multiple competing protocols at different abstraction layers. As frequently said, at one level the web is already decentralized so envisaging pure #p2p is also conceivable, why the need for #activitypub (or whatever) "servers"?

We come to realize that the problem is not well defined. First of all it does matter what you assume about the distribution of silicon and networks...

1/

Yes, of course Peertube sends hashtags without the #, why would I expect otherwise? :laughing:

Just wrapped up a call with @pfefferle@mastodon.social and @jesseplusplus@mastodon.social to review their implementations of FEP 7888, specifically in relation to conversational backfill.

:heavy_check_mark: individual objects serve a context property
:heavy_check_mark: that context property is a URL that resolves

One of the concerns raised was related to the OrderedCollection of items served by the context. Specifically, if the items presented in the collection were not in chronological order, NodeBB failed at importing some of the items as the inReplyTo referenced an object that did not exist.

The solution to this was to ensure that the collection items were in chronological order from oldest to newest. Once fixed:

:heavy_check_mark: the context resolved to an OrderedCollection containing objects
:heavy_check_mark: NodeBB was able to pull in the entire conversation

NodeBB used to guard against this by ordering all received items by chronological order, but I realized that while this worked 99%+ of the time, there are some fun (ahem...) individuals who send objects with timestamps way in the future.

Personally I think removing the sorting just to fix one edge case was premature. At the same time, I think specifying that the OrderedCollection be sorted in chronological order should be a requirement.

cc @trwnh@mastodon.social

How to subscribe to a thread?

Several days ago FEP-efda: Followable objects was published. I don't like this solution because ActivityPub spec only talks about "following" in the context of actors, and the proposed "proxy-following" mechanism forces us to change some well-established practices.

So here is an alternative: FEP-f06f: Object observers.

Object observer is an actor that can be followed to receive object updates. If conversation thread is a collection, its observer will broadcast Add and Remove activities that have thread collection as their target. Observer's followers will have an up-to-date view of the thread.

does a preview object have to have it's own unique ID: https://www.w3.org/TR/activitystreams-vocabulary/#dfn-preview ???

/cc @evan @trwnh @johnonolan

After a long silence, Tumblr confirms it is still planning to join the fediverse.

> The migration is still a work in progress, as we’ve previously detailed here, but we can say for sure that it will include support for WordPress’s existing ActivityPub plugins. We hope this comes as good news.

In other words, what’s the best #ActivityPub software for a single-user instance?

Movie where an ActivityPub author has retreated to a hermit life in the woods and some organization is trying to get then back

(Author, outside a wood cabin, gardening)
"Hey, I'm here to talk about ActivityPub v3"
"Bring that leaf bin over there will ya"
(Grizzled author fetches it themselves)
"So, would you be open to talking?"
"I need a chock for this here woodsaw table, split one of them logs"
"Is that a no?"
(Author approaches the city slicker, fatigued)
"If they want me to invent protocol extensions, (huff) they gotta send someone better than you"
(City slicker turns as they depart inside)

#ActivityPub @cwebber

Today's the day! :tada:

After nearly a full year in development, NodeBB v4.0.0 has landed, bringing federation between NodeBB instances (and a connection to the wider fediverse of social media) to forum software.

Fedi-what?

Fediverse! Here's a TechCrunch primer about it, but at the end of the day, it doesn't really matter. All you need to know is that NodeBB plugs in to a wider social network so that you don't have to cultivate an audience, they're already there.

The genesis

It was back in mid-2023 when I had the initial idea of interconnecting NodeBB forums. Back then, I had far smaller ambitions... I wanted a singular NodeBB to be able to communicate with other forums running NodeBB. To do that, we'd need to build out a centralized service to act as a bridge between instances, and corresponding slim clients on individual installs to consume the relayed data. At the time, concept like decentralization were not even part of my thought process.

It was during this period when I was doing my research that I stumbled on Mastodon, and later, ActivityPub, the protocol that powers it all. Since then, it's been one wild ride getting NodeBB to speak the same language.

Funding

Soon after dipping my toes into all that Mastodon had to offer, I discovered the NLNet Foundation, and their corresponding fund — NGI Zero Core. With the promise of funding, NodeBB could fully commit to implementing the protocol in short order, instead of piece by piece over time. We sent in an application and were delighted to be approved for the August 2023 call.

Their funding was instrumental in providing the financial stability to experiment with ActivityPub and to participate in developer circles, such as the SWICG, FediForum, and much more.

The fund continues to operate, perhaps you could benefit, or donate to the cause. It has certainly made a difference to NodeBB.

Federate, or not, it's your choice

NodeBB v4 comes shipped with the capability to interact with other NodeBB forums and any other ActivityPub-speaking software, right out of the box. We opted to make this a core feature instead of a plugin, since there were many changes made to core to support even the concept of accepting content from outside itself.

To that end, any users upgrading from v3.x will automatically have federation disabled, in order to reduce surprise. Any new forums will federate automatically.

You can turn federation on and off (and adjust some other fun toggles) directly from ACP > Settings > Federation (ActivityPub).

Even after turning federation on, how you use it shapes how well connected you will be. There is no centralized authority artificially boosting your content, so the name of the game is establishing two-way follow relationships to other sites.

The ActivityPub Equalizer

We're not alone in this journey to interoperate with other decentralized services. We're not even the only forum software to attempt to do so.

• Discourse has a working plugin.
• Ghost is building out in the open.

I specifically highlight these two because they both started in the early 2010s, same as NodeBB. It's always been a bit of an informal competition between us, and we always checked in on what the others were doing (growth-wise, pricing-wise, etc.) Truth be told, I don't think the ghost team ever really noticed NodeBB, but I digress...

The funny thing about ActivityPub is that at the end of the day, the overarching goal of seamless communication breaks down any barriers between competing organizations.

NodeBB and Discourse have been vying for the exact same market share (forums, community-building, self-started or enterprise) for over 10 years, and it was only after ActivityPub came around that the dev teams even started talking to one another.

Funny how that works.

So how does it all work?

Our documentation portal has been updated with the latest information about the ActivityPub functionality in v4.

If you have any questions about how it works or how to configure some aspect of it, please don't hesitate to reach out in the corresponding v4 support thread.

If you run NodeBB, the quickest way to see this in action is to upgrade to v4, and then paste this post's URL into your search bar. It should show up automatically, and you should be able to read and reply to it, directly from your own forum. Neat!

@trwnh

I was just talking about this here. I think I even mentioned you.

https://fedia.io/m/fediverse@lemmy.world/t/1437745

Is there any future where we could see this being the future of #activitypub?

The https://freeourfeeds.com/ FAQ is missing one question that's actually being asked frequently: How does this approach relate to existing nonprofit, open source, standards-based efforts centered around #ActivityPub?

@elipariser @wearenew_public Can you fix that? It's a bit tone-deaf to promote this effort here without speaking to how it intersects.

#activitypub thonk: delivering to a Collection is nonsensical because a Collection could be an actor. but so can a Group

basically you have implicit behavior "the Collection needs to be expanded to its items which are assumed to all be actors" just like a Group might expand to all its members (except the assumption there is a bit stronger, you can generally expect a Group's members to all be individuals?)

whereas something like WAC makes a distinction between agent, agentGroup, agentClass

The end of an era?

RE: https://misskey.io/notes/a2o2aj7zb81f05g3

MastodonはMastodon、MisskeyはMisskeyとだけ連合する方が幸せになる可能性がある​:nullcatchan_goodnight:​
機能差によるトラブルは日常茶飯時だし、連合相手に合わせて挙動を変えたり機能の制限・対応をしたりする実装も結構コストがかかる(そもそも連合相手がどのような実装なのかを予め知る術も限られている)し​:nullcatchan_goodnight:​

@Gargron @mosseri

eugen it's good news, but only in the scope of championing #activitypub

i don't think when you made #mastodon 8 yrs ago you thought "yes! i get to work with #facebook someday!"

i'm happy you're happy but i step back and see #threads #interop as sad

what you and your team built is amazing and i appreciate all you've done

because it is #decentralized

it's not #centralized #socialmedia hell that is eating our psychology, our societies, our politics

it should stay that way