By @edent · ActivityPub mastodon Social Media · 19 comments · 250 words
Vague thoughts as they enter my brainbox. The BlueSky social network has introduced "Reply Gating" - it looks like this: You can write your hot take on Taylor Swift and not be inundated by weirdos replying to you. Nifty! This is nothing new. Twitter has it. Facebook has the concept of "audiences" to restrict who […]
Continue reading →By @edent · ActivityPub fediverse IoT Social Networks · 14 comments · 550 words · read ~2,790 times.
One of the most frustrating things in modern technology is the effort spent trying to artificially restrict abundance. Take, for example, this tale from museum-worker Aaron Cope: I was out with a friend who worked for Twitter and I asked them whether it would be possible for the museum to “create 200,000 Twitter accounts, one […]
Continue reading →By @edent · ActivityPub mastodon · 2 comments · 400 words · read ~112 times.
I didn't realise this, so I'm documenting it to stop other people making the same silly mistake that I did. Messages in ActivityPub have two distinct ID strings. Here's a (truncated) view of what happens when I send a new message on Mastodon: "id": "https://mastodon.social/users/Edent/statuses/1234567890/activity", "type": "Create", "actor": "https://mastodon.social/users/Edent", "published": "2024-03-10T16:13:49Z", […]
Continue reading →By @edent · ActivityPub CyberSecurity http security · 5 comments · 400 words · read ~103 times.
It's never great to find out you're wrong, but that's how learning and personal growth happens. HTTP Message Signatures are hard1. There are lots of complex parts and getting any aspect wrong means certain death2. In a previous post, I wrote A simple(ish) guide to verifying HTTP Message Signatures in PHP. It turns out that […]
Continue reading →By @edent · ActivityPub php · 4 comments · 450 words · read ~341 times.
A few weeks ago, I built an ActivityPub Server in a Single PHP File. It's a proof of concept showing how easy it is to turn a website into a full-featured Fediverse participant. After a bunch of feedback and testing, I've added a some features to make it slightly more useful. A single PHP file […]
Continue reading →By @edent · ActivityPub cryptography http mastodon security · 3 comments · 1,150 words · read ~135 times.
Mastodon makes heavy use of HTTP Message Signatures. They're a newish almost-standard which allows a server to verify that a request made to it came from the person who sent it. This is a quick example to show how to verify these signatures using PHP. I don't claim that it covers every use-case, and it […]
Continue reading →By @edent · ActivityPub CyberSecurity encryption fediverse http · 10 comments · 500 words
I'm trying to get my head round HTTP Signatures as they're used extensively in the Fediverse. Conceptually, they're relatively straightforward. You send me a normal HTTP request. For example, you want to POST something to https://example.com/data You send me these headers: POST /data Host: example.com Date: Sat, 24 Feb 2024 14:43:48 GMT Accept-Encoding: gzip Digest: […]
Continue reading →By @edent · ActivityPub mastodon php · 8 comments · 2,200 words · read ~2,361 times.
Any computer program can be designed to run from a single file if you architect it wrong enough! I wanted to create the simplest possible Fediverse server which can be used as an educational tool to show how ActivityPub / Mastodon works. The design goals were: Upload a single PHP file to the server. No […]
Continue reading →By @edent · ActivityPub fediverse i18n mastodon unicode · 35 comments · 650 words · read ~256 times.
We live in the future now. It is OK to use Unicode everywhere. It seems bizarre to me that modern Internet services sometimes "forget" that there's a world outside the Anglosphere. Some people have the temerity to speak foreign languages! And some of those languages have accents on their letters!! Even worse, some don't use […]
Continue reading →By @edent · ActivityPub fediverse mastodon php Symfony · 10 comments · 850 words · read ~633 times.
I've written an ActivityPub server which only allows you to post messages to your followers. That's all it does. It won't record favourites or reposts. There's no support for following other accounts or receiving replies. It cannot delete or update posts nor can it verify signatures. It doesn't have a database or any storage beyond […]
Continue reading →