How updates work in ActivityPub / Mastodon


Logo for ActivityPub.

I didn't realise this, so I'm documenting it to stop other people making the same silly mistake that I did. Messages in ActivityPub have two distinct ID strings. Here's a (truncated) view of what happens when I send a new message on Mastodon:   "id": "https://mastodon.social/users/Edent/statuses/1234567890/activity",   "type": "Create",   "actor": "https://mastodon.social/users/Edent",   "published": "2024-03-10T16:13:49Z", […]

Continue reading →

A simple(ish) guide to verifying HTTP Message Signatures in PHP


Screenshot of JSON. As described in text.

Mastodon makes heavy use of HTTP Message Signatures. They're a newish almost-standard which allows a server to verify that a request made to it came from the person who sent it. This is a quick example to show how to verify these signatures using PHP. I don't claim that it covers every use-case, and it […]

Continue reading →

ActivityPub Server in a Single PHP File


Logo for ActivityPub.

Any computer program can be designed to run from a single file if you architect it wrong enough! I wanted to create the simplest possible Fediverse server which can be used as an educational tool to show how ActivityPub / Mastodon works. The design goals were: Upload a single PHP file to the server. No […]

Continue reading →

Internationalise The Fediverse


Translation icon. By Linh Nguyen.

We live in the future now. It is OK to use Unicode everywhere. It seems bizarre to me that modern Internet services sometimes "forget" that there's a world outside the Anglosphere. Some people have the temerity to speak foreign languages! And some of those languages have accents on their letters!! Even worse, some don't use […]

Continue reading →

A (tiny, incomplete, single user, write-only) ActivityPub server in PHP


Screenshot of a map. There is a pop-up containing an image of me drinking a pint.

I've written an ActivityPub server which only allows you to post messages to your followers. That's all it does. It won't record favourites or reposts. There's no support for following other accounts or receiving replies. It cannot delete or update posts nor can it verify signatures. It doesn't have a database or any storage beyond […]

Continue reading →

Seven Years On Mastodon


Cartoon of a tusked mastodon holding a phone.

I remember seeing the original "A new decentralized microblogging platform" on HackerNews back in October 2016. A few weeks later, I joined - becoming the 7,112th user. As the years went on, my use of it waxed and waned. I started cross-posting to both Mastodon and Twitter. Gradually, I started spending more time on the […]

Continue reading →

An open(ish) redirect on Mastodon


Cartoon of a tusked mastodon holding a phone.

I've responsibly disclosed a small security issue with Mastodon (GHSA-8982-p7pm-7mqw). It allows a sufficiently determined attacker to use any Mastodon instance to redirect unwary users to a malicious site. What do you think happens if you visit: https://mastodon.social/@PasswordReset/111285045683598517/admin? If you aren't logged in to that instance, it will redirect you to a 3rd party site. […]

Continue reading →

How far did my post go on the Fediverse?


Cartoon of a tusked mastodon holding a phone.

I wrote a moderately popular post on Mastodon. Lots of people shared it. Is it possible to find out how many different ActivityPub servers it went to? Yes! As we all know, the Fediverse is one big chain mail. I don't mean that in a derogatory way. When I write a post, it appears on […]

Continue reading →

This blog is now on the Fediverse!


Setting screen showing the blog being enabled.

You can now have this blog federated to your social media site by following @blog@shkspr.mobi If you're on Mastodon, it should look something like this: You should be able to follow it on Lemmy, kBin, PixelFed, and some cool social network I've never heard of. How This blog runs on WordPress. Thanks to the tireless […]

Continue reading →

Some thoughts on Mastodon search


Cartoon of a tusked mastodon holding a phone.

The latest version of Mastodon includes search functionality. It's early days, but seems to work pretty well. Here are some of the interesting things I found when using it. Search is complex - expectations I don't mean the act of searching a database - that's routine - but I mean it is socially complex. Lots […]

Continue reading →