As you may have read, BotsIn.Space is closing down, I have lots of automated bot accounts living on the Fediverse - and I want them to continue posting. Installing and maintaining an entire Mastodon instance sounds like hard work. Paying people to host my stuff feels like putting my fate in someone else's hands. Say… didn't I write my own ActivityPub server? Why, yes! Yes I did! I took the code and stripped it down to the bare essentials. All you need to do is upload two files - index.php a…
Continue reading →
What does it mean to block someone on a social media site? Way back in the mists of time, we dealt with trolls on Usenet with the almighty PLONK - PLaced On Newsgroup Killfile. It meant your newsreader never downloaded their posts. They could rant at you all day long, and you'd never hear from them. It's what we would nowadays call "Mute". But, whether you're on Usenet or a modern social network, muting someone doesn't actually stop them replying to you. The miscreant can still see your…
Continue reading →
Several years ago, I posted this poll on Twitter. Terence Eden is on Mastodon@edentIf the recent Twitter hack had exposed they way you voted on every Twitter poll, how would you feel?(There is no suggestion that this has happened, I'm just curious about people's relationships to voting and privacy.)Meh. So what?: (167)167Hmph. That's annoying.: (68)68Umm… This could be bad!: (32)32Delete account & run away: (8)8❤️ 0💬 8🔁 005:55 - Thu 23 July 2020 Most of the tech world that I interact with has …
Continue reading →
Vague thoughts as they enter my brainbox. The BlueSky social network has introduced "Reply Gating" - it looks like this: You can write your hot take on Taylor Swift and not be inundated by weirdos replying to you. Nifty! This is nothing new. Twitter has it. Facebook has the concept of "audiences" to restrict who your post is visible to. And, of course, blogging has this! There is a comment form at the bottom of this page - and I moderate it. If you post something stupid, I don't have to…
Continue reading →
One of the most frustrating things in modern technology is the effort spent trying to artificially restrict abundance. Take, for example, this tale from museum-worker Aaron Cope: I was out with a friend who worked for Twitter and I asked them whether it would be possible for the museum to “create 200,000 Twitter accounts, one for each object in the Cooper Hewitt’s collection”. My friend looked at me for a moment, laughed, and then simply said: No. In that blog post, Aaron reveals that the…
Continue reading →
I didn't realise this, so I'm documenting it to stop other people making the same silly mistake that I did. Messages in ActivityPub have two distinct ID strings. Here's a (truncated) view of what happens when I send a new message on Mastodon: "id": "https://mastodon.social/users/Edent/statuses/1234567890/activity", "type": "Create", "actor": "https://mastodon.social/users/Edent", "published":…
Continue reading →
It's never great to find out you're wrong, but that's how learning and personal growth happens. HTTP Message Signatures are hard. There are lots of complex parts and getting any aspect wrong means certain death. In a previous post, I wrote A simple(ish) guide to verifying HTTP Message Signatures in PHP. It turns out that it was too simple. And far too trusting. An HTTP Message Signature is a header which is separate to the message it signs. You might receive a JSON message like this: { …
Continue reading →
A few weeks ago, I built an ActivityPub Server in a Single PHP File. It's a proof of concept showing how easy it is to turn a website into a full-featured Fediverse participant. After a bunch of feedback and testing, I've added a some features to make it slightly more useful. A single PHP file - 45KB of no-library goodness. Just add your details, upload, and done. No databases. Everything stored as JSON files on disk. Be followed. External users can discover and follow you. Send messages.…
Continue reading →
Mastodon makes heavy use of HTTP Message Signatures. They're a newish almost-standard which allows a server to verify that a request made to it came from the person who sent it. This is a quick example to show how to verify these signatures using PHP. I don't claim that it covers every use-case, and it is no-doubt missing some weird edge cases. But it successfully verifies messages sent by multiple Fediverse servers. Let's step through it with an example of a message sent from Mastodon to my…
Continue reading →
I'm trying to get my head round HTTP Signatures as they're used extensively in the Fediverse. Conceptually, they're relatively straightforward. You send me a normal HTTP request. For example, you want to POST something to https://example.com/data You send me these headers: POST /data Host: example.com Date: Sat, 24 Feb 2024 14:43:48 GMT Accept-Encoding: gzip Digest: SHA-256=aaC57TDzM0Wq+50We2TkCsdMDvdqON92edg7KI+Hk8M= Content-Type: application/activity+json Signature:…
Continue reading →
Any computer program can be designed to run from a single file if you architect it wrong enough! I wanted to create the simplest possible Fediverse server which can be used as an educational tool to show how ActivityPub / Mastodon works. The design goals were: Upload a single PHP file to the server. No databases or separate config files. Single Actor (i.e. not multi-user). Allow the Actor to be followed. Post plain-text messages to followers. Be roughly standards compliant. And those…
Continue reading →
We live in the future now. It is OK to use Unicode everywhere. It seems bizarre to me that modern Internet services sometimes "forget" that there's a world outside the Anglosphere. Some people have the temerity to speak foreign languages! And some of those languages have accents on their letters!! Even worse, some don't use English letters at all!!! A decade ago, I was miffed that GitHub only supported some ASCII characters in its project names. There's no technical reason why your repo can't …
Continue reading →
