Pinned toot

Pinafore is now on Mastodon! (How meta is that?)

Follow this account for updates on, and toot at us to report bugs or ask for features.

Proof this is us:

Pinafore boosted
@galaxis @jk @pinafore pinafore is what I use on my 2009 Thinkpad and it's truly wonderful; can't say enough good things about it.
Pinafore boosted

Whoohoo, a shiny new version of @pinafore ! With a new Emoji picker! 😄 And totally accessible! 👍️

There are also some bugfixes in this release, notably for iOS Safari. See the full release notes for details:

Typically, the only thing you need to do to update is to press the refresh button. See to check your version number.

Show thread

Thanks to @charlag, Pinafore also now properly paginates the Favorites page! You can see your full list of favorited toots, beyond the first 20. In the future, this should also help unlock bookmark support. Thanks charlag!

Show thread

Emoji update! Pinafore has a new emoji picker (, which is faster and lower-memory than the previous one. It also supports more emoji, up to the latest (v13) if your OS supports it.

You can also type things like ":grin" to search for both native emoji and custom emoji. Mouse users may also hover the emoji to see the shortcodes.

Show thread
Pinafore boosted

BTW for those wondering, this will probably land in Pinafore main soon, but I'm going to keep it in dev for a while just in case there are bugs: if you want to test out the new emoji picker

Show thread
Pinafore boosted

For the next Global Accessibility Awareness day, I hope that Mastodon, or @pinafore at least, has all images only show their Alt-Text and not the image, so at least for that day only, people will at least describe their images somewhat, or just write text. Maybe too drastic, I know. #a11y

Pinafore v1.17.0 

The main feature of this release is that the focus ring (i.e. the glowing outline around buttons and links) should be less prominent for mouse users. If you prefer to use the keyboard to navigate, then nothing should change. This follows a new web standard called "focus-visible."

If you prefer the old behavior, you can enable "Always show focus ring" in the settings.

Loading threads when clicking on statuses should also be faster.


Pinafore boosted

@nolan It is nice to see that Pinafore supports use of Markdown codes in post for GlitchSoc instances --

* doesn't strip the inserted codes from the post.
* and displays the result later as it would appear on the GS instance

...where MarkDown is selected in user preferences as default Toot Format option.

Lovely client. Thanks again.

(screenshot taken from inside Pinafore, at

Pinafore v1.16.0 

This release adds a Docker compose for self-hosters (thanks @shadow8t4!) and fixes a bug where polls weren't properly hidden on toots with content warnings. Enjoy!

Pinafore boosted

For my first post today, I want to send a bouquet to Nolan, the developer of the Pinafore web app for Mastodon and Pleroma. Thanks for creating such a brilliant freedom-respecting UX!

#Pinafore # Mastodon #Pleroma #UX

Pinafore boosted

And while I still have media on my mind, here's a friendly reminder that if you post images to your timeline, give them descriptions. Blind people like myself really appreciate them. One really awesome thing about the fediverse is that in my experience most people actually do this, which is just amazing.

Show thread
Pinafore boosted

Looks like the @pinafore update that came out today to patch a security issue also incorporates some improvements to how toots that include media are presented to screen readers which I suggested some time ago. It's not perfect, but finding out if a toot has media and what kind it is is much easier now, so it's very much appreciated! :)

(Worth noting is that Mastodon by default will sanitize all HTML, so you don't have to worry about malicious instances federating content to well-behaved instances.)

Show thread

Here's an example attack vector that CSP blocks: if you sign into a malicious instance, that instance might include <script> tags in the HTML content of a toot. Since Pinafore directly injects this HTML into the page, these scripts could read your locally-stored data, even if it belonged to *another* instance you were logged into.

However, Pinafore's CSP disallows arbitrary inline scripts, so this attack vector is impossible.

Show thread

In practice, Pinafore is unlikely to have serious security vulnerabilities because it's deployed as a static site that doesn't run any server-side logic. (The flagship site uses Vercel's "static build," and for self-hosters it's a basic Express.js app.)

The main source of potential vulnerabilities is therefore client-side, which is why Pinafore has very strict CSP (Content Security Policy) headers. On Mozilla Observatory, Pinafore earns an A+ security score.

Show thread

🕫 For those who self-host Pinafore: a vulnerability was discovered in Sapper (Pinafore's UI framework).

However, it does *not* affect Pinafore, because Pinafore only runs Sapper in dev mode, not prod mode. Just to safe, though, Pinafore v1.15.9 contains the security fix.

Show thread

Pinafore v1.15.9 

This releases contains some performance fixes, accessibility fixes, and bug fixes. Enjoy!

Show more
Mastodon for Tech Folks

This Mastodon instance is for people interested in technology. Discussions aren't limited to technology, because tech folks shouldn't be limited to technology either!