This action will delete this post on this instance and on all federated instances, and it cannot be undone. Are you certain you want to delete this post?
This action will block this actor and hide all of their past and future posts. Are you certain you want to block this actor?
This action will block this object. Are you certain you want to block this object?
Are you sure you want to delete the OAuth client [Client Name]? This action cannot be undone and will revoke all access tokens for this client.
Are you sure you want to revoke the OAuth token [Token ID]? This action cannot be undone and will immediately revoke access for this token.
Epiktistes is my home in the Fediverse. It is an instance of Ktistec, a single-user ActivityPub server like Mastodon, but with fewer users and fewer commits. Here's my introduction (last updated early-2025).
I wrote a series of posts about optimizing the performance of the Ktistec server, its build time, and its executable size: part 1, part 2, part 3, part 4, and part 5.
Some things I regularly write about, organized by hashtag:
I also wrote some #pointfreeverse.
Release v3.3.7 of Ktistec fixes several bugs and introduces two enhancements.
Security is a focus in this release. Every gap in input sanitization or escaping is a potential vulnerability, and I've been systematically closing them. I am also carefully, and maybe conservatively, restricting things like supported URL schemes and uploaded file types.
The two enhancements improve compatibility with Mastodon-compatible clients. Mastodon's OAuth tokens don't expire, and Mastodon clients don't know how to handle tokens that do. Sliding expiration ensures that tokens in active use stay alive, while unused tokens eventually expire.
Here's the full changelog:
Added
/api/v1/accounts/update_credentials endpoint.Fixed
href attributes with unsafe schemes from sanitized HTML.X-Content-Type-Options: nosniff.publicKey and scrub Tag.href.I'm working on performance improvements for the next release. A rewrite of the Slang template library looks like it will cut both build time and executable size by around 10%!
馃摗 Stay tuned!
east village, manhattan, nyc
floodgates
i鈥檝e been writing lexers and parsers for most of my career. i still don鈥檛 feel i鈥檓 very good at it.
east village, manhattan, nyc
still one of my favorite places
surprisingly quiet evening
A new patch release Crystal 1.20.1 fixes some regressions and disables Kernel TLS (added in 1.20.0), due to instability.
Read more at https://crystal-lang.org/2026/04/29/1.20.1-released/
i learned to program so that i could write text-based adventure games, so i'm particularly excited about this: 50 Years of Text Games
We released Crystal 1.19.2 to fix the request smuggling vulnerability (already fixed in 1.20.0) and a regression in Range#sample that could eventually lose randomness.
I鈥檓 working on handling OAuth token expiry as part of #ktistec Mastodon API support. Is my understanding that Mastodon issues OAuth tokens with no expiration correct?!?
does anyone use GNU Cash? any free (software) alternatives anyone recommends?
This release is a maintenance update: a few bug fixes, a security mitigation worth paying attention to, and some performance improvements for users on slow connections.
It's worth updating to pick up the SSRF (Server-Side Request Forgery) mitigation.
Fixed
Changed