Many years ago, when I was younger and more foolish, I worked for an advertising startup. Things seemed to be going pretty well! The office was expanding, the sales team was screaming into phones, the budget for servers was rising. Growth had been healthy, but now looked to be plateauing. One day we were summoned into a large conference room. Our CEO was on the speakerphone (I told you this was…
Continue reading →
Vague thoughts as they enter my brainbox. The BlueSky social network has introduced "Reply Gating" - it looks like this: You can write your hot take on Taylor Swift and not be inundated by weirdos replying to you. Nifty! This is nothing new. Twitter has it. Facebook has the concept of "audiences" to restrict who your post is visible to. And, of course, blogging has this! There is a comment …
Continue reading →
I didn't realise this, so I'm documenting it to stop other people making the same silly mistake that I did. Messages in ActivityPub have two distinct ID strings. Here's a (truncated) view of what happens when I send a new message on Mastodon: "id": "https://mastodon.social/users/Edent/statuses/1234567890/activity", "type": "Create", …
Continue reading →
Mastodon makes heavy use of HTTP Message Signatures. They're a newish almost-standard which allows a server to verify that a request made to it came from the person who sent it. This is a quick example to show how to verify these signatures using PHP. I don't claim that it covers every use-case, and it is no-doubt missing some weird edge cases. But it successfully verifies messages sent by…
Continue reading →
Any computer program can be designed to run from a single file if you architect it wrong enough! I wanted to create the simplest possible Fediverse server which can be used as an educational tool to show how ActivityPub / Mastodon works. The design goals were: Upload a single PHP file to the server. No databases or separate config files. Single Actor (i.e. not multi-user). Allow the Actor to…
Continue reading →
We live in the future now. It is OK to use Unicode everywhere. It seems bizarre to me that modern Internet services sometimes "forget" that there's a world outside the Anglosphere. Some people have the temerity to speak foreign languages! And some of those languages have accents on their letters!! Even worse, some don't use English letters at all!!! A decade ago, I was miffed that GitHub only…
Continue reading →
I've written an ActivityPub server which only allows you to post messages to your followers. That's all it does. It won't record favourites or reposts. There's no support for following other accounts or receiving replies. It cannot delete or update posts nor can it verify signatures. It doesn't have a database or any storage beyond flat files. But it will happily send messages and allow…
Continue reading →
I remember seeing the original "A new decentralized microblogging platform" on HackerNews back in October 2016. A few weeks later, I joined - becoming the 7,112th user. As the years went on, my use of it waxed and waned. I started cross-posting to both Mastodon and Twitter. Gradually, I started spending more time on the Fediverse. Once Elon shat the bed on Twitter, I moved over completely. And, …
Continue reading →
I've responsibly disclosed a small security issue with Mastodon (GHSA-8982-p7pm-7mqw). It allows a sufficiently determined attacker to use any Mastodon instance to redirect unwary users to a malicious site. What do you think happens if you visit: https://mastodon.social/@PasswordReset/111285045683598517/admin? If you aren't logged in to that instance, it will redirect you to a 3rd party site.…
Continue reading →
I wrote a moderately popular post on Mastodon. Lots of people shared it. Is it possible to find out how many different ActivityPub servers it went to? Yes! As we all know, the Fediverse is one big chain mail. I don't mean that in a derogatory way. When I write a post, it appears on my server (called an "instance" in Mastodon-speak). Everyone on my instance can see my post. My instance looks …
Continue reading →
You can now have this blog federated to your social media site by following @blog@shkspr.mobi If you're on Mastodon, it should look something like this: You should be able to follow it on Lemmy, kBin, PixelFed, and some cool social network I've never heard of. How This blog runs on WordPress. Thanks to the tireless work of Matthias Pfefferle, there's now an official WordPress ActivityPub…
Continue reading →
The latest version of Mastodon includes search functionality. It's early days, but seems to work pretty well. Here are some of the interesting things I found when using it. Search is complex - expectations I don't mean the act of searching a database - that's routine - but I mean it is socially complex. Lots of people left Twitter because it was too easy to search for them. For example, if…
Continue reading →
